Privacy and Cookie Policy

I. Validity, adoption and application of the Privacy and Cookie Policy

Article 1

This Privacy and Cookie Policy applies to anyone considered a user in accordance with the General Terms and Conditions of Business and the Use of the website and to the entire website, including all its pages.

A user is any legal entity or natural person that uses or visits the website (hereinafter referred to as the “user”).

A buyer is any legal entity or natural person that enters into a contract in accordance with the General Terms and Conditions of Business and the Use of the Website (hereinafter referred to as “buyer”).

By using the website, the user confirms that they accept this Privacy and Cookie Policy.

The provider reserves the right to modify any provision of this Privacy and Cookie Policy at any time without prior notice. By continuing to use the website, the user accepts such modifications.

II. Protection of personal data and privacy

Article 2

The user shall allow the provider to collect and process the personal data submitted by the user upon registration for the purposes of its operation.

The personal data collected through the Visit Ljubljana website is controlled by the Ljubljana Tourism public institute. All data collected through the Visit Ljubljana website is subject to this Privacy and Cookie Policy, which is publicly accessible on the website and enters into force on 1 June 2013.

The provider (the Tourism Ljubljana institute) and its contractual processor (Innovatif, d.o.o.) shall protect the personal data to which they gain access for the purpose of or in relation to the realisation of the relationship between the user and the provider in accordance with the Personal Data Protection Act (ZVOP-1).

III. Purpose of personal data collection

Article 3

The provider and its contractual processor shall collect and process the users’ personal data with the purpose of informing users of news in relation to tourism in Ljubljana.

Article 4

The following personal data of users is collected through the website:

  • their name and surname;
  • the street, city and postal code of their place of residence;
  • their country of residence;
  • their e-mail address.

The following data is also collected when a purchase is made of the services offered on the website:

  • the chosen delivery method (personal pick-up or by post);
  • any additional instructions given by the user;
  • the number of visitors and their age group;
  • the language of the tour;
  • the place of departure.

The following data on users is also collected upon registration on the website:

  • their nickname;
  • their e-mail address;
  • their application password.

In accordance with the General Terms and Conditions of Business and the Use of the website, the provider does not collect credit card data, as such data is collected exclusively by credit card payment service providers.

IV. Management, retention period and contractual processing of data

Article 5

Data will be stored in a database managed in accordance with the editorial policy of the Tourism Ljubljana institute and in accordance with the security policy of Innovatif, d.o.o., for the duration of the relationship between the user and the provider and for five additional years after the termination of the relationship. Data submitted by the user upon registration will be retained while the user is registered at the website and for three additional months after the termination of their account.

The user may request the deletion of their data from the database in writing at any time. After its deletion, data is no longer stored in the database. The provider shall decide on the request within eight working days. The user shall request the deletion of their data by clicking the link to unsubscribe from the list of message recipients in the received newsletter or by sending a request to be removed from the aforementioned list to

Article 6

Since the ZVOP-1 stipulates that matters in relation to the contractual processing of personal data between the provider and the contractual processor must be set out in a written contract, the provider and the contractual processor shall also set out in these terms and conditions the terms of the relationship between them.

In accordance with the provisions of the ZVOP-1, the provider shall enable the user to inspect the regularity of the protection and processing of their personal data upon request. The user shall inform the provider of the inspection of premises and equipment at least five working days in advance by submitting a request. In order to protect any confidential information and other sensitive data kept by the provider, the inspection will be carried out in the presence of an authorised representative of the provider or in the manner set out in the security policy of the contractual processor.

V. Security of personal data

Article 7

Innovatif, d.o.o., shall ensure the security of data. The company shall not disclose any data to third parties and shall protect it in accordance with its security policy. The company shall only enter the user’s data into the database when the user confirms their registration by clicking the confirmation link in the e-mail sent to their e-mail address.

Every e-mail sent by the administrators of the Visit Ljubljana website as part of electronic information dissemination activities (newsletter) will contain a link that can be used to unsubscribe from the mailing list.

Innovatif, d.o.o., shall protect personal data in accordance with paragraph 1 of Article 25 of the ZVOP-1. The company shall ensure the security of personal data using the appropriate legal, organisational and logical and technical procedures and measures for the prevention of the accidental or intentional destruction, modification, loss or unauthorised processing of the data, namely by:

  • ensuring the security of the premises, equipment and system software, including I/O units;
  • ensuring the protection of the application software used to process personal data;
  • preventing unauthorised access to personal data during its transmission, including transmission via telecommunications equipment and networks;
  • ensuring an effective method for blocking, destroying, deleting or anonymising personal data;
  • enabling the subsequent determination of when certain personal data was used and entered into the database and who carried out the operation throughout the period of retention of the data.

VI. Use of cookies

Article 8

The following types of cookies are used to ensure the proper operation of the website:

  • cookies used for analytical purposes,
  • cookies used to track anonymous users.

Certain content is tailored to the preferences of individual users, and the analysis of website visitors enables us to constantly improve the website.

The user can either allow or reject cookies and can change their cookie settings at any time. If the user chooses to reject cookies, the website will not store any permanent cookies on the computer apart from its own website traffic analysis cookies. In this case, the user will not be able to use all the functionalities of the website.

The table below contains a detailed description of each type of cookie and its validity period:

Cookie name Service Validity Description
_utma Google Analytics 2 years Used to identify the user (visit count, first and last visit).
_utmb Google Analytics 30 minutes Used to log the duration of the visit. It logs the exact time when the user visited the website (started the session).
_utmc Google Analytics End of session Used to log the duration of the visit.
_utmz Google Analytics 6 months Used to log the website from which the user was referred, the search engine and keywords used to find the website and the location from which the user accessed the website.
_utmv Google Analytics 2 years Used for user segmentation.
MyVisit Visit Ljubljana 1 year Stores data on anonymous users.

Article 9

The website uses elements provided by third-party providers that also require cookies, the rules for the use of which are set out in the cookie policy of the respective third-party provider. The following third-party elements are used on the website:

  • Facebook Like buttons;
  • Tweet buttons;
  • Google +1 buttons.

VII. Final provisions

Article 10

This Privacy and Cookie Policy enters into force on 1 June 2013.

I agree to the use of cookies I do not accept cookies