Privacy
# Privacy Policy
*In accordance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Slovenian Personal Data Protection Act (Zakon o varstvu osebnih podatkov – ZVOP-2)*
---
## 1. Data Controller
The controller responsible for the processing of personal data on this website is:
**2nd Station Hostel**
[Full registered company name]
Bohinjska Bela 133
4263 Bohinjska Bela
Slovenia
Phone: +386 31 768 900
E-mail: moc.liamg%40letsohnoitatsdn2
For any questions regarding data protection, please contact us by e-mail at any time.
---
## 2. General Information on Data Processing
We process personal data of our users only to the extent necessary to provide a functional website and our content and services. Processing takes place only with the consent of the data subject or in cases where prior consent cannot be obtained for factual reasons and processing of the data is permitted by law (in particular Art. 6 GDPR).
---
## 3. What Data We Collect
### 3.1 Server log files
When you access our website, the hosting provider (Weblium) automatically collects information transmitted by your browser:
- IP address (anonymised)
- date and time of access
- page accessed / URL
- referrer URL
- browser, operating system and language settings
**Purpose:** ensuring a smooth connection, stability and security of the website.
**Legal basis:** Art. 6 (1) (f) GDPR (legitimate interest).
**Storage period:** maximum 30 days, unless security-related incidents require longer storage.
### 3.2 Contact form and e-mail enquiries
When you contact us via the contact form or by e-mail, we process the data you provide:
- first and last name
- e-mail address
- phone number (optional)
- content of your message
**Purpose:** processing your enquiry, handling bookings, correspondence.
**Legal basis:** Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (a) GDPR (consent).
**Storage period:** until your enquiry has been fully processed; for booking contracts, in accordance with Slovenian tax and commercial retention periods (generally 10 years).
### 3.3 Booking and guest data
When you make a booking, we additionally collect:
- address, date of birth, nationality, ID details (mandatory guest registration under the Slovenian *Zakon o prijavi prebivališča*)
- payment details (handled by third-party providers, see below)
**Purpose:** performance of the accommodation contract and statutory reporting obligations.
**Legal basis:** Art. 6 (1) (b) and (c) GDPR.
**Storage period:** in accordance with statutory retention periods (in particular tax and registration laws).
---
## 4. Cookies
This website uses cookies. Cookies are small text files stored in your browser.
**Technically necessary cookies** are used on the basis of Art. 6 (1) (f) GDPR and are required for the operation of the website.
**Optional cookies** (e.g. for statistics or comfort functions) are only set with your consent (Art. 6 (1) (a) GDPR, Art. 158 ZEKom-2). You can withdraw your consent at any time via the cookie settings.
Through your browser settings you can restrict or prevent the setting of cookies. Cookies that have already been set can be deleted at any time.
---
## 5. Recipients of Data / Processors
We share your data only with the following recipients, and only to the extent required for the respective processing:
### 5.1 Hosting / website platform: Weblium
The website is hosted on the Weblium platform. Provider:
Weblium FZ-LLC or affiliated group companies – data processing takes place within the EU or on the basis of EU standard contractual clauses.
Privacy Policy: https://weblium.com/privacy-policy
### 5.2 Google Maps
A Google Maps map is embedded on the "How to get here" page. Provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When the map is loaded, your IP address may be transmitted to Google.
Privacy Policy: https://policies.google.com/privacy
### 5.3 E-mail provider (Google / Gmail)
E-mails sent to `moc.liamg%40letsohnoitatsdn2` are processed via Google.
Privacy Policy: https://policies.google.com/privacy
### 5.4 Booking platforms
If a booking is made via third-party platforms (e.g. Booking.com, Hostelworld), their privacy policies apply additionally.
---
## 6. Transfer to Third Countries
Your data is transferred to countries outside the EU/EEA only insofar as this is required for the services mentioned above (e.g. Google). In such cases, the transfer takes place on the basis of EU standard contractual clauses and/or other appropriate safeguards under Art. 46 GDPR.
---
## 7. Your Rights as a Data Subject
You have the right at any time to:
- **access** the data we store about you (Art. 15 GDPR)
- **rectification** of inaccurate data (Art. 16 GDPR)
- **erasure** of your data (Art. 17 GDPR), provided no statutory retention obligations apply
- **restriction of processing** (Art. 18 GDPR)
- **data portability** (Art. 20 GDPR)
- **object** to the processing (Art. 21 GDPR)
- **withdraw** any consent given, with effect for the future (Art. 7 (3) GDPR)
To exercise these rights, an informal message to **moc.liamg%40letsohnoitatsdn2** is sufficient.
---
## 8. Right to Lodge a Complaint with the Supervisory Authority
You have the right to lodge a complaint with the competent data protection supervisory authority:
**Informacijski pooblaščenec Republike Slovenije**
(Slovenian Information Commissioner)
Dunajska cesta 22, 1000 Ljubljana
E-mail: is.sr-pi%40pi.pg
Web: https://www.ip-rs.si
---
## 9. Data Security
Transmission takes place via an SSL/TLS-encrypted connection (recognisable by the padlock symbol and https:// in the address bar). We use technical and organisational measures to protect your data against manipulation, loss and unauthorised access.
---
## 10. Changes to this Privacy Policy
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to reflect changes to our services. The current version will apply to your next visit.
---
*Last updated: [insert date of the latest update]*