Contact
EN

Privacy policy.

What personal data this website collects, why we collect it, and how we protect your privacy in line with the GDPR and Slovenian law.

ControllerZavod Novi Effective from15 April 2026 Version1.0

Data controller

The controller of personal data collected through novikolesarski.si is Zavod Novi, an institute for sustainable tourism and sport in Hoče, Hočko Pohorje 15E, 2311 Hoče.

Contact for privacy questions Email: info@novikolesarski.si
Address: Hočko Pohorje 15E, 2311 Hoče, Slovenia

What data we collect

On this website we collect only the data necessary to run the site and to communicate with you:

  • Contact form: the name, email address and message content you send us.
  • Server logs: IP address, time of access, browser type and the page requested. Used to keep the service secure and stable.
  • Technically necessary cookies: needed for the site to function and to remember basic settings (e.g. language).
  • Analytics cookies and usage data: with your consent, we collect anonymised or pseudonymised data about visits (e.g. pages viewed, time on page, device type, approximate IP-based location) to understand how the site is used and to improve it.

Purpose of processing and legal basis

We process data only for the following purposes, on the following legal bases under the General Data Protection Regulation (GDPR) and the Slovenian Personal Data Protection Act (ZVOP-2):

  • Responding to your enquiry — Article 6(1)(b) GDPR (steps prior to entering a contract) or 6(1)(f) (legitimate interest in establishing a business contact).
  • Operating and securing the website — Article 6(1)(f) GDPR (legitimate interest).
  • Analysing site usage and improving content — Article 6(1)(a) GDPR (your consent via the cookie notice).
  • Legal obligations (e.g. retention of business correspondence) — Article 6(1)(c) GDPR.

Retention period

Messages received through the contact form are kept for up to 24 months from the last communication, unless they give rise to a business relationship subject to a longer statutory retention period. Server logs are kept for up to 90 days and then deleted automatically.

Data sharing

We do not sell your personal data and do not pass it to third parties for their own marketing. Data may be processed only by our contracted processors (e.g. hosting and email providers), with whom we have entered into data-processing agreements under Article 28 GDPR. As a rule we do not transfer data outside the EU or EEA; where we exceptionally do, we put appropriate safeguards in place in line with the GDPR.

Cookies and analytics

The site uses two kinds of cookies:

  • Technically necessary cookies — required for the basic operation of the site (e.g. remembering language preferences, session security). These do not require consent under Article 157 of the Slovenian Electronic Communications Act (ZEKom-2).
  • Analytics cookies — used to understand how visitors use the site and to improve content and user experience. These are set only after your explicit consent via the cookie notice shown on first visit. You can withdraw consent at any time via the link in the footer.

Analytics are run on pseudonymised data (anonymised or truncated IP address), without profiling individuals and without combining data from other services. We may use a contracted processor for the analytics, with whom we have a data-processing agreement under Article 28 GDPR.

We do not use advertising cookies, cross-site tracking cookies or social-network cookies.

Your rights

In relation to your personal data you have the following rights:

  • the right to access the data and to receive a copy;
  • the right to rectification of inaccurate or incomplete data;
  • the right to erasure ("right to be forgotten");
  • the right to restrict processing;
  • the right to data portability;
  • the right to object to processing based on legitimate interest;
  • the right to withdraw consent where processing is based on consent.

To exercise these rights, send a written request to info@novikolesarski.si. We will respond within one month at the latest. If you believe we process your data contrary to the regulations, you may file a complaint with the Slovenian Information Commissioner (www.ip-rs.si).

Data security

We apply reasonable technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure or destruction. Only authorised people who need it for their work have access. The website uses encrypted HTTPS connections.

Changes to this policy

We may update this policy from time to time to reflect changes in legislation or our services. Every update is signalled by the effective date at the top of the document. We recommend reviewing the content occasionally.