WOOP!

Ljubljana

|

Maribor
Buy
Buy

Privacy protection

1. Introduction

This privacy policy (hereinafter: the Policy) has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Personal Data Protection Act (Official Gazette of the RS, No. 163/22 – ZVOP-2), and other applicable legislation of the Republic of Slovenia. The purpose of the Policy is to provide transparent and clear information on how WOOP!, zabaviščni parki, d.o.o., processes individuals’ personal data.

The Policy applies to all visitors of the website www.woop.fun, users of online services, and customers or visitors of all WOOP! locations, namely:

  • WOOP! FUN PARK, Leskoškova cesta 2, 1000 Ljubljana,
  • WOOP! KARTING and GLOW GOLF, Moskovska cesta 10, 1000 Ljubljana,
  • WOOP! ARENA, Moskovska ulica 10, 1000 Ljubljana,
  • WOOP! Maribor, Tržaška cesta 7, 4000 Maribor
    (hereinafter collectively: “WOOP! premises”).

At WOOP!, zabaviščni parki, d.o.o. (hereinafter: WOOP!, “we”, “us”) we are aware of the importance of protecting privacy and personal data. We process personal data lawfully, fairly, and transparently, solely for predetermined, legitimate purposes and to the extent necessary for their fulfilment.

With this Policy, we wish to provide individuals with a clear insight into:

  • which types of personal data we process,
  • for what purposes and on what legal bases,
  • how long we store them,
  • to whom we may disclose them,
  • and what rights individuals have regarding the processing of their personal data.

The Policy constitutes an integral part of our commitment to responsible handling of personal data and respect for the right to privacy of all visitors and users of WOOP! services.

2. Personal data controller

The operator of the website www.woop.fun and the personal data controller for customers of WOOP! premises is WOOP!, zabaviščni parki, d.o.o. (hereinafter as “WOOP!”, “we” or “us”):

  • WOOP!, zabaviščni parki, d.o.o.
  • Leskoškova cesta 2, 1000 Ljubljana
  • Registration number: 9951946000, Tax number: SI79159281
  • Contact phone: +386 1 888 94 07, Email: info@woop.fun

3. Designated Data Protection Officer

Contact details of the Data Protection Officer:

  • DPO Name: Štefan Gostič, University Graduate in Law
  • Postal address: WOOP!, zabaviščni parki, d.o.o. – Data Protection Officer (DPO) Leskoškova cesta 2, 1000 Ljubljana / Slovenia
  • Email: dpo@woop.fun

4. Purposes of the processing of personal data

This Policy refers to the collection and processing of personal data of visitors or customers of the WOOP! website and customers of WOOP! premises.

The purposes and legal bases for the processing of personal data are as follows:

a) Registration: for registration purposes, the following personal data are processed: first and last name, or nickname, date of birth, email address. The legal basis for processing personal data for this purpose is a contract – Article 6/I(b) of the General Data Protection Regulation.

b) Visiting WOOP! premises or using services: when purchasing services or registering for summer holidays, the Academy, or a birthday celebration, in addition to personal data collected at registration, data on the service purchase are also processed. The legal basis for processing personal data for this purpose is the general terms and conditions or a contract – Article 6/I(b) of the General Data Protection Regulation. For services intended for children (particularly the Academy, summer camps, and birthday parties), we also process children’s personal data (first and last name, age, and any special needs or medical conditions voluntarily disclosed by a parent or legal guardian for the child’s safety, e.g., allergies). We process this data on the basis of a contract concluded between the child’s legal representative and WOOP! (Art. 6(1)(b) GDPR). Any data regarding health status (a special category of personal data under Art. 9 (1) of the GDPR) is processed exclusively on the basis of the explicit consent of the legal representative (Article 9(2)(a) of the GDPR) or to protect the vital interests of the child (Article 9(2)(c) of the GDPR). In accordance with Article 9 of the Personal Data Protection Act (ZVOP-2) in conjunction with Article 8 of the GDPR, children under the age of 15 cannot independently give valid consent to the processing of personal data in the context of information society services; in such a case, consent is given or approved by the legal representative.

c) Publication of photographs and videos: if you have given consent for the publication of your photographs and videos and your first and last name, or the same data for your children, these will be published on the website woop.fun, our social networks (Facebook, Instagram, YouTube, TikTok and Snapchat in LinkedIn). The legal basis is your consent – Article 6/I(a) of the General Data Protection Regulation.

d) Data analysis: analysis of data on the use of services is carried out on the basis of pseudonymised data, whereby the results are used for making strategic and tactical marketing decisions. The legal basis is legitimate interest – Article 6/I(f) of the General Data Protection Regulation.

e) Direct marketing: direct marketing is carried out to the email address you provided at registration. In this way, we send you notifications about promotions, news, and capacity availability. If you purchased or ordered our service online, we may carry out direct marketing to your email address on the basis of the Act on Electronic Communications – Electronic Communications Act (ZEKom-2, Official Gazette of the Republic of Slovenia, No. 130/22, as amended), Article 226. You may always object to such processing by following the instructions in the footer of each such message or by sending a message to dpo@woop.fun.

f) Targeted marketing: in preparing a personalised offer, we process your personal data from registration and your use of services at WOOP! premises. The legal basis is your consent – Article 6/I(a) of the General Data Protection Regulation.

g) Prize draws: when you participate in any of the prize draws organised by WOOP!, zabaviščni parki, d.o.o., you provide your personal data as part of your entry to participate. We process this data for the purpose of running the prize draw and for the award of prizes within the prize draw. The data collected are first and last name, address, email address, telephone number, year of birth, and tax number (only in the case of a prize being won). By participating in a prize draw, you accept the general terms and conditions of the prize draw. The legal basis for processing personal data for the purpose of running the prize draw is a contract – Article 6/I(b) of the General Data Protection Regulation. In the event that we wish to use your data for the purpose of direct marketing, we will do so solely on the basis of your consent – Article 6/I(a) of the General Data Protection Regulation.

h) Visiting the website: we also collect data on your use of our website through cookies and similar technologies. More information on how we use these technologies to collect information about you can be found in the Cookie Policy.

i) Video surveillance of business premises: We conduct video surveillance for the purposes of protecting property, ensuring the safety of visitors and employees, and determining the circumstances of any accidents or incidents on WOOP! premises. The legal basis is the controller’s legitimate interest—Article 6(1)(f) of the General Data Protection Regulation (GDPR) in conjunction with Articles 76–80 of the Personal Data Protection Act (ZVOP-2). More detailed information on video surveillance, including information provided before entering the monitored area and the retention periods for recordings, is available in a separate Video Surveillance Notice, accessible at webiste.

j) Recording of injuries, accidents, and complaints: For the purposes of ensuring safety, handling potential claims for damages, and mandatory cooperation with the insurance company, we maintain records of any injuries, accidents, and complaints from visitors. The legal basis is a legal obligation—Article 6(1)(c) of the GDPR (legislation regarding occupational health and safety and consumer protection) and the controller’s legitimate interest in defending against legal claims—Article 6(1)(f) of the GDPR. For any health data (a special category of personal data), the legal basis is Articles 9(2)(c) and 9(2)(f) of the GDPR.

5. Categories of users of personal data

Recipients of personal data are employees of WOOP!, contractual partners, and personal data processors who are bound by employment law or data processing agreements to respect and protect the personal data of individuals. 

Our contractual partners process personal data for:

  • the purpose of maintaining software for customer management, 
  • the reservation system for karting,
  • hosting and maintenance of websites and online stores,
  • sending emails and mass newsletters (cloud-based email platform),
  • web analytics and advertising (e.g., Google Analytics, Google Ads, Meta/Facebook Pixel),
  • processing payments through payment service providers,
  • external accounting services,
  • management of the video surveillance system for business premises,
  • social media platforms for the purpose of sharing posts and advertising,
  • legal and consulting service providers, when necessary for the establishment, exercise, or defense of legal claims.

WOOP! also discloses personal data to third parties if required to do so by law (e.g. the Police, the Office for the Prevention of Money Laundering, the Tax Administration of the Republic of Slovenia, the Court, etc.).

6. Transfers of personal data to third countries

WOOP! uses a cloud-based solution for sending email messages, whereby a transfer of personal data (email addresses) to the USA is possible. A contract for the processing of personal data has been concluded with the service provider, and the transfer of data is carried out in accordance with the provisions of Chapter V of the General Data Protection Regulation (GDPR), specifically on the basis of one or more of the following safeguards: (i) Standard Contractual Clauses (SCCs) for the transfer of personal data to third countries, adopted by the European Commission by Decision (EU) 2021/914, and/or (ii) in the event that the provider is certified in accordance with the European Commission’s adequacy decision regarding the EU-US Data Privacy Framework (Decision (EU) 2023/1795 of July 10, 2023), on the basis of the aforementioned adequacy decision in accordance with Article 45 of the GDPR.

We do not transfer any other personal data to third countries. 

Further information on the measures taken when transferring personal data to third countries can be obtained by an individual upon a written request to the Data Protection Officer at the email address dpo@woop.fun

7. Storage period

We retain personal data only for as long as necessary to achieve the individual purpose of processing, or in accordance with the retention periods determined by law or our internal document management policy, which sets out the retention periods for individual types of personal data in more detail.

Upon expiry of the retention period, personal data are deleted, destroyed, or anonymised, unless applicable legislation requires longer retention or if it is necessary for the exercise, enforcement, or defence of legal claims.

The following retention periods for personal data apply as examples:

  1. Website registration:
    5 years from the last activity or visit by the registered user;
  2. Visiting WOOP! premises or using services:
    5 years from the last visit or use of services;
  3. Photographs and videos (published on the basis of consent):
    until the individual withdraws consent, whereby unpublished videos are stored for a maximum of 30 days from the date of creation, unless the law stipulates otherwise;
  4. Data analysis (in pseudonymised or anonymised form):
    up to 2 years after the conclusion of an individual analysis, or shorter if the purpose is achieved earlier;
  5. Direct marketing:
    up to 1 year from the last communication sent, or until the individual withdraws consent or objects, if done earlier;
  6. Targeted or personalised marketing:
    until the individual withdraws consent;
  7. Prize draws:
    up to 2 months after the conclusion of the prize draw; in the case of prizes awarded that give rise to a tax or other statutory obligation, the data are retained for 10 years from the date of the prize payment, in accordance with tax and accounting legislation.

8. Your rights

When the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time, either by a written statement or message sent to the email address dpo@woop.fun, or by making the appropriate setting in your user profile on the website (e.g. by selecting the option “I do not consent”).

Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal, nor does it affect the ability to use services at WOOP! premises. Withdrawal may only mean a limitation or cessation of activities related to personalised offers, targeted, or direct marketing.

Individuals to whom the personal data relate have, in accordance with the GDPR and ZVOP-2, a number of rights regarding the processing of their personal data. The company WOOP!, zabaviščni parki, d.o.o., shall verify the identity of the applicant before exercising any given right, in a manner that does not disproportionately intrude upon their privacy.

A request to exercise any right in the field of personal data protection can be submitted to the email address dpo@woop.fun

With regard to your personal data, we guarantee you the following rights:

  • Right of access to personal data:
    you have the right to obtain confirmation of whether your personal data are being processed, and access to those data and information about their processing, including the purposes of processing, the categories of personal data, and the recipients;
  • Right to rectification or completion of personal data:
    you have the right to request the rectification of inaccurate personal data or the completion of incomplete personal data without undue delay;
  • Right to erasure of personal data (“right to be forgotten”):
    you have the right to request the erasure of personal data when there is no longer a lawful basis for their processing, subject to the limitations set out in applicable law (e.g. when retention is necessary to fulfil statutory obligations or to enforce legal claims);
  • Right to restriction of processing:
    you may request the restriction of the processing of personal data, particularly when you dispute their accuracy, when the processing is unlawful, or when we no longer need the data for the purposes of processing but you need them for the exercise, enforcement, or defence of legal claims;
  • Right to data portability:
    you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request their transfer to another controller, where technically feasible. This right applies only to processing that is based on consent or a contract and is carried out by automated means;
  • Right to object:
    you have the right to object at any time to the processing of personal data when the processing is based on the legitimate interests of WOOP! or a third party, including processing for the purposes of direct marketing;
  • The right not to be subject to a decision based solely on automated processing, including profiling: In accordance with Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. WOOP! does not, however, engage in automated decision-making that would have legal or similarly significant effects on an individual; in the event that we were to carry out such processing, we will inform the individual accordingly and ensure the right to human intervention, to express an opinion, and to challenge the decision;
  • Right to lodge a complaint:
    if you believe that the processing of your personal data is unlawful, you may lodge a complaint with the personal data controller or directly with the Information Commissioner of the Republic of Slovenia (Dunajska cesta 22, 1000 Ljubljana, www.ip-rs.si).

For any questions, clarifications, or to exercise rights in the field of personal data protection, you may at any time contact the Data Protection Officer at the email address dpo@woop.fun.

9. Protection of your personal data

WOOP! employs technical and organisational security measures to protect your personal data against unlawful or unauthorised access or use, as well as against unintentional loss or impairment of their integrity, in accordance with the internal regulation on the protection of personal data. All measures are designed taking into account its own IT infrastructure, the potential impact on your privacy and costs, and in accordance with current industry standards and practices. Contractual processors will process your personal data only if they comply with these technical and organisational security measures.

10. Final provisions

WOOP! reserves the right to amend or supplement this Policy in order to ensure compliance with applicable regulations in the field of personal data protection. The current version of the privacy policy is available at the registered office of WOOP!, on its website, or from the Data Protection Officer, who can be reached at the email address dpo@woop.fun. For everything not explicitly set out in this privacy policy, the provisions of applicable regulations in the field of personal data protection shall apply.

This privacy policy is in force and applies from 15.05.2026 onwards.

Scroll to Top

OBVESTILO!

WOOP! atrakcije se decembra hitro zapolnijo, zato vam priporočamo, da si termin pravočasno rezervirate preko spleta!

Rezerviraj termin