A user is any legal entity or natural person that uses or visits the website (hereinafter referred to as the “user”).
A buyer is any legal entity or natural person that enters into a contract in accordance with the General Terms and Conditions of Business and the Use of the VisitLjubljana.com Website (hereinafter referred to as “buyer”).
II. Protection of personal data and privacy
The user shall allow the provider to collect and process the personal data submitted by the user upon registration for the purposes of its operation.
The provider (the Tourism Ljubljana institute) and its contractual processor (Innovatif, d.o.o.) shall protect the personal data to which they gain access for the purpose of or in relation to the realisation of the relationship between the user and the provider in accordance with the Personal Data Protection Act (ZVOP-1).
III. Purpose of personal data collection
The provider and its contractual processor shall collect and process the users’ personal data with the purpose of informing users of news in relation to tourism in Ljubljana.
The following personal data of users is collected through the website:
- their name and surname;
- the street, city and postal code of their place of residence;
- their country of residence;
- their e-mail address.
The following data is also collected when a purchase is made of the services offered on the website:
- the chosen delivery method (personal pick-up or by post);
- any additional instructions given by the user;
- the number of visitors and their age group;
- the language of the tour;
- the place of departure.
The following data on users is also collected upon registration on the website:
- their nickname;
- their e-mail address;
- their application password.
In accordance with the General Terms and Conditions of Business and the Use of the VisitLjubljana.com website, the provider does not collect credit card data, as such data is collected exclusively by credit card payment service providers.
IV. Management, retention period and contractual processing of data
Data will be stored in a database managed in accordance with the editorial policy of the Tourism Ljubljana institute and in accordance with the security policy of Innovatif, d.o.o., for the duration of the relationship between the user and the provider and for five additional years after the termination of the relationship. Data submitted by the user upon registration will be retained while the user is registered at the website and for three additional months after the termination of their account.
The user may request the deletion of their data from the database in writing at any time. After its deletion, data is no longer stored in the database. The provider shall decide on the request within eight working days. The user shall request the deletion of their data by clicking the link to unsubscribe from the list of message recipients in the received newsletter or by sending a request to be removed from the aforementioned list to email@example.com.
Since the ZVOP-1 stipulates that matters in relation to the contractual processing of personal data between the provider and the contractual processor must be set out in a written contract, the provider and the contractual processor shall also set out in these terms and conditions the terms of the relationship between them.
In accordance with the provisions of the ZVOP-1, the provider shall enable the user to inspect the regularity of the protection and processing of their personal data upon request. The user shall inform the provider of the inspection of premises and equipment at least five working days in advance by submitting a request. In order to protect any confidential information and other sensitive data kept by the provider, the inspection will be carried out in the presence of an authorised representative of the provider or in the manner set out in the security policy of the contractual processor.
V. Security of personal data
Innovatif, d.o.o., shall ensure the security of data. The company shall not disclose any data to third parties and shall protect it in accordance with its security policy. The company shall only enter the user’s data into the database when the user confirms their registration by clicking the confirmation link in the e-mail sent to their e-mail address.
Every e-mail sent by the administrators of the Visit Ljubljana website as part of electronic information dissemination activities (newsletter) will contain a link that can be used to unsubscribe from the mailing list.
Innovatif, d.o.o., shall protect personal data in accordance with paragraph 1 of Article 25 of the ZVOP-1. The company shall ensure the security of personal data using the appropriate legal, organisational and logical and technical procedures and measures for the prevention of the accidental or intentional destruction, modification, loss or unauthorised processing of the data, namely by:
- ensuring the security of the premises, equipment and system software, including I/O units;
- ensuring the protection of the application software used to process personal data;
- preventing unauthorised access to personal data during its transmission, including transmission via telecommunications equipment and networks;
- ensuring an effective method for blocking, destroying, deleting or anonymising personal data;
- enabling the subsequent determination of when certain personal data was used and entered into the database and who carried out the operation throughout the period of retention of the data.
The following types of cookies are used to ensure the proper operation of the website:
- cookies used for analytical purposes,
- cookies used to track anonymous users.
Certain content is tailored to the preferences of individual users, and the analysis of website visitors enables us to constantly improve the website.
The user can either allow or reject cookies and can change their cookie settings at any time. If the user chooses to reject cookies, the website will not store any permanent cookies on the computer apart from its own website traffic analysis cookies. In this case, the user will not be able to use all the functionalities of the website.
The table below contains a detailed description of each type of cookie and its validity period:
|_utma||Google Analytics||2 years||Used to identify the user (visit count, first and last visit).|
|_utmb||Google Analytics||30 minutes||Used to log the duration of the visit. It logs the exact time when the user visited the website (started the session).|
|_utmc||Google Analytics||End of session||Used to log the duration of the visit.|
|_utmz||Google Analytics||6 months||Used to log the website from which the user was referred, the search engine and keywords used to find the website and the location from which the user accessed the website.|
|_utmv||Google Analytics||2 years||Used for user segmentation.|
|MyVisit||Visit Ljubljana||1 year||Stores data on anonymous users.|
- Facebook Like buttons;
- Tweet buttons;
- Google +1 buttons.
VII. Final provisions