The website www.penzionhosnar.com is owned by Hosnar Enterprise d.o.o.
Company information
Hosnar Enterprise d.o.o., Kot 57, 5230 Bovec, Slovenia
Company registration number: 9811559000
Tax number: SI14355655
At Penzion Hosnar, we try to ensure the accuracy and up-to-dateness of the data on our website. Still, we do not take any responsibility for their accuracy and completeness. All users use the published content at their own risk. Neither the company Hosnar Enterprise d.o.o. nor any other legal or physical person who participated in the creation of this website is responsible for any damage resulting from access, use, or impossibility of using the information on the website or for any errors or deficiencies in its content.
All information, texts, and images on the Hosnar Pension website are subject to copyright or other forms of intellectual property protection. The content published on the website can only be used with the consent of the website owner or content author.
Penzion Hosnar reserves the right to change the website content at any time, in any way, and for any reason without prior warning. We do not assume responsibility for any consequences of such changes.
Privacy policy
With this privacy policy, Penzion Hosnar informs individuals, guests, visitors, and users of the company’s services, colleagues, employees, and other persons who work with the company Hosnar Enterprise d.o.o. about the purposes, legal bases, security measures, and personal rights regarding the processing of personal data that are carried out by the company.
We carefully protect your data
We process your data following the applicable legislation related to personal data protection and other legislation that gives us a legal basis for processing.
Any changes to this notice will be posted on our website. By using the website, you confirm that you are familiar with the privacy policy content.
Controller of personal data:
Hosnar Enterprise d.o.o.
Kot 57
5230 Bovec, Slovenia
E-mail: info@penzionhosnar.com
Phone: +386 51 395 031
Website: https://www.penzionhosnar.com
Personal data
Personal data means any information related to a specific or identifiable individual. An identifiable individual is an individual who can be directly or indirectly identified, in particular by providing an identifier such as name, identification number, location data, online identifier, or indicating one or more factors that characterize the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
Purposes of processing and basis for data processing
The company collects and processes personal data on the following legal bases:
Video surveillance
In the Hosnar Pension, we implement video surveillance in the entrance area, with which we monitor entry into and exit from the premises (based on Article 77 of ZVOP-2). We carry out video surveillance to protect people (users, employees, and visitors) and company property (based on legitimate interest, as determined by point (f) of paragraph 1 of Article 6 of the General Regulation, in connection with Articles 76 and follow ZVOP-2). Video surveillance is carried out in some workplace areas (around the entrances to the organization, where the work process occasionally takes place), where this is necessary for the safety of people or property or the protection of confidential data or business secrets. Video surveillance will help us detect, deal with, or solve incidents, extraordinary events, criminal acts, compensation, or other claims. Recordings are kept for a maximum of 6 months. The data may be forwarded to contractual processors of the operator and other users who have an appropriate legal basis, e.g., the police. No further processing of personal data or automated decision-making takes place. Data is not forwarded to third countries or international organizations. We do not implement video surveillance in a way that would have special effects on processing. Video surveillance enables live monitoring of events by an authorized person, but live events are not monitored. You can obtain all information regarding the implementation of video surveillance at the phone number or company e-mail address. The individual has the right to information, access to data, correction, deletion, restriction of processing, and objection. Rights are decided in a concrete procedure. The individual also has the right to complain to the Information Commissioner at the address: Dunajska 22, 100 Ljubljana, e-mail: gp.ip@ip-rs.si, phone: 01 2309 730, website: www.ip-rs.si.
Implementation of the concluded contract
In cases where an individual enters into a contract or agreement (reservation) with the company, this constitutes the legal basis for personal data processing. The company may process personal data for the conclusion and implementation of the contract, such as the sale of goods and services, preparation of offers, participation in various programs, etc. If the individual does not provide personal data, the company cannot conclude a contract, nor can the company perform the service or deliver goods or other products following the concluded contract, as it does not have the necessary data for implementation. On this basis, the company processes only and exclusively the personal data necessary for the conclusion and proper performance of contractual obligations.
The legal basis for data processing is the contract. The retention period is until the purpose of the contract is fulfilled or up to 6 years after the termination of the contract, except in cases where there is a dispute between the individual and the company regarding the contract. In such a case, the company keeps the data for 10 years after the finality of the court decision, arbitration, or court settlement or, if there was no court dispute, for 6 years from the date of the peaceful resolution of the dispute.
Legitimate interest
The company may also process personal data based on the legitimate interest it pursues. The latter is not permissible when such interests prevail over the interests or fundamental rights and freedoms of the individual to whom the personal data relates, which require the protection of personal data. In the case of using a legitimate interest, the company assesses according to the law. The processing of personal data for direct marketing is considered to be carried out in a legitimate interest.
The company can process the personal data of individuals collected from publicly available sources or within the framework of the legal performance of activities, as well as offer goods, services, employment, informing about benefits, events, etc. To achieve these purposes, the company may use regular mail, telephone calls, e-mail, and other means of telecommunications. For direct marketing purposes, the company may process the following personal data of individuals: name and surname of the individual, address of permanent or temporary residence, telephone number, and e-mail address. For direct marketing, the company may process the specified personal data even without the consent of the individual. The individual can, at any time, request the termination of this type of communication and processing of personal data and cancel the receipt of messages via the unsubscribe link in the received message or send the request by e-mail or regular mail to the company’s address.
The legal basis for data processing is legitimate interest. The data will be processed until the cancellation of receiving messages or until the purpose of processing is fulfilled. Revocation does not affect the lawfulness of processing based on consent before its revocation.
Processing based on consent
If the company does not have a legal basis, contractual obligation, legitimate interest, or reason to protect the life of an individual, it may ask the individual for consent. Thus, it can process certain personal data of an individual also for the following purposes, when the individual gives his consent:
If an individual gives his consent to the processing of personal data and at some point no longer wishes to do so, he can request the termination of the processing of personal data by e-mail or regular mail to the company’s address. Revocation of consent does not affect the lawfulness of processing based on consent before its revocation. After receiving the cancellation or request for deletion, the data will be deleted within 15 days at the latest. The company can delete this data even before cancellation when the purpose of personal data processing has been achieved or if it is stipulated by law.
Exceptionally, the company may refuse a request for deletion for reasons from the General Regulation in cases of exercising the right to freedom of expression and information, fulfilling the legal obligation of processing, reasons of public interest in the field of public health, purposes of archiving in the public interest, scientific or historical research purposes, statistical purposes, exercising or defending legal claims.
The legal basis for data processing is consent. The data will be processed until cancellation or withdrawal of consent or until the purpose of processing is fulfilled. Revocation of consent does not affect the lawfulness of processing based on consent before its revocation.
Protection of life interests of the individual
The company can process the personal data of the individual to whom the personal data relates insofar as this is necessary to protect his vital interests. In urgent cases, the company can search for an individual’s document, check whether this person exists in its database, study his medical history, or establish contact with his relatives, for which the company does not need the individual’s consent. The above applies in cases where this is necessary to protect the vital interests of the individual.
Storage and deletion of personal data
The company will keep personal data only as long as it is necessary to fulfill the purpose for which the personal data was collected and processed. If the company processes data based on the law, it will keep it for the period prescribed by law. In this case, some data is stored during cooperation with the company, while some data must be stored permanently. Personal data that the company processes based on a contractual relationship with an individual is kept by the company for the period necessary for the execution of the contract and 6 years after its termination, except in cases where a dispute arises between the individual and the company regarding the contract. In such a case, the company keeps the data for 10 years after the finality of the court decision, arbitration, or court settlement or, if there was no court dispute, for 6 years from the date of the peaceful resolution of the dispute. The personal data that the company processes based on the individual’s personal consent or legitimate interest will be kept by the company until the consent is revoked or until the data is deleted. Upon receipt of a cancellation or deletion request, the data will be deleted without undue delay. The company can delete this data even before cancellation when the purpose of personal data processing has been achieved or if it is stipulated by law.
In the case of exercising the rights of an individual, the company keeps the personal data of this individual until a final decision has been made on the matter, following the final decision in the case.
Exceptionally, the company may refuse a request for deletion for reasons such as: exercising the right to freedom of expression and information, fulfilling the legal obligation of processing, reasons of public interest in the field of public health, purposes of archiving in the public interest, scientific or historical research purposes or statistical purposes, exercising or defending legal claims. After the retention period has expired, the company must effectively and permanently delete or anonymize personal data so that it can no longer be linked to a specific individual.
Contractual processing of personal data and data export
The company can entrust the processing of personal data to a contractual processor based on a contractual processing agreement. Contractual processors can process confidential data exclusively on behalf of the controller, within the limits of his authorization, which is written in a contract or other legal act and follows the purposes defined in this privacy policy.
The contract processors with which the Company cooperates are mainly:
For the purposes of better inspection and control over contract processors and regulation of the mutual contractual relationship, the company also maintains a list of contract processors, which lists all specific contract processors with which the company cooperates.
Under no circumstances will the company provide the personal data of an individual to unauthorized third parties. Contractual processors may only process personal data within the framework of the company’s instructions and may not use personal data for any other purposes.
As the operator, the company and its employees do not export personal data to third countries (outside the member states of the European Economic Area – EU members and Iceland, Norway, and Liechtenstein) and to international organizations.
Cookie Policy
Effective Date: 18-07-2025
Last Updated Date: 18-07-2025
What are cookies?
This Cookie Policy explains what cookies are and how we use them, the types of cookies we use, i.e. the information we collect with cookies and how this information is used, and how to manage your cookie settings.
Cookies are small text files used to store small pieces of information. When a website loads in your browser, they are stored on your device. These cookies help us to make the website work properly, make it more secure, provide a better user experience, and understand how the website works and analyze what works and where it needs to be improved.
How do we use cookies?
Like most online services, our website uses its own and third-party cookies for several purposes. The first-party cookies are mostly necessary for the website to function properly and do not collect any of your personal data.
Third-party cookies used on our website are mainly used to understand how the website works, your interaction with our website, ensure the security of our services, deliver advertisements that are relevant to you, and generally provide you with a better and improved user experience and help speed up your future interactions with our website.
Types of cookies we use
Manage cookie settings
You can change your cookie settings at any time by clicking the button above. This will allow you to revisit the cookie consent banner and change your settings or withdraw consent immediately.
Additionally, different browsers offer different methods for blocking and deleting cookies used by websites. You can change your browser settings to block/delete cookies. Below are links to support documents on managing and deleting cookies from the major web browsers.
Chrome: https://support.google.com/accounts/answer/32050Safari: https://support.apple.com/en-in/guide/safari/sfri11471/macFirefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-USInternet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc
If you are using any other web browser, please visit the official browser support documents.
Data security and data accuracy
The company takes care of information security and infrastructure security (premises and application system software). Our information systems are protected by anti-virus programs and a firewall, among other things. We have implemented appropriate organizational and technical security measures aimed at protecting personal data against accidental or illegal destruction, loss, modification, unauthorized disclosure, or access, as well as against other illegal and unauthorized forms of processing. In the case of transmission of special types of personal data, they are transmitted in an encrypted form and protected by a password. The individual is responsible for providing his/her data securely and ensuring that the data provided is accurate and authentic.
Individual rights regarding data processing
The individual to whom the personal data relates has the right to request access to personal data, correction or deletion of personal data, restriction of processing concerning him, the right to object to processing his data, and the right to data transfer. The individual’s request is handled following the provisions of the General Regulation and applicable legislation on the protection of personal data.
All the above-mentioned requests regarding the exercise of rights about personal data can be addressed via the e-mail address info@penzionhosnar.com. For reliable identification, the owner of the website may request additional information from you in the event of exercising rights about personal data and may refuse to take action only if it proves that it cannot reliably identify you. The owner must respond to your request, with which you exercise your rights about the above-mentioned personal data, without undue delay and no later than one month after receiving the request. Exercising these rights is free of charge for the individual, but the company may charge a reasonable fee if the request is manifestly unfounded or excessive, especially if repeated. In such a case, the company can also reject the request. In case of doubt about the identity of an individual, additional information may be requested, which the company needs to establish the identity.
In the decision on the individual’s request, the company will also inform the individual of the reasons for the decision and information about the right to appeal to the supervisory authority within 15 days of being informed of the decision. The right to file a complaint with the supervisory authority can be exercised at: The Information Commissioner of the Republic of Slovenia at the address: Dunajska 22, 1000 Ljubljana (e-mail address: gp.ip@ip-rs.si, website: www.ip-rs.si).
The privacy policy is valid from January 1st, 2025.
Responsible person of the company: Franci Hosnar
