Privacy Policy Hotel Grof

The following privacy information brings together key information about the protection of personal data at Kovego d.o.o. (Kovego Ltd.) in one place - what personal information is collected and why it is processed, to whom it is shared, what your personal data rights are, and how you can use them.


The data controller is Kovego doo, Čeplje 12, 3305 Vransko.


If you visit our website, we only collect data using cookies. If you are a service user or a subscriber of the services provided by the company, we also collect other personal information that we need so we can provide the services you ordered or the service you are using already. This personal information is

  • Personal information for booking (first and last name, date of birth, gender, citizenship, number and type of identification document, email address, telephone number, home address)
  • Credit card information (card type, card number, name on card, expiration date and security code)
  • Guest information (Arrival and departure date, special service requirements and preferences)
  • Event information (first and last name, company date and time of start and end of event, duration of event, number of participants)
  • Information about advertising preferences (during surveys, contests or promotions)


Personal information is collected and processed for the purpose of providing services in accordance with the registration of Kovego d.o.o. The extent of data collection and processing depends on the individual activity of the company.

Kovego d.o.o. - Hotel Grof collects and processes personal information on the basis of a legal basis. The legal basis depends on the purpose for which the information was obtained. We use them for the following purposes:

3.1. Statutory Legal Basis

  • to conclude a contract with an individual for smooth providing of accommodation and catering services
  • for the purposes of communication related to any changes in reservation
  • for checking credit card payments for accounting purposes
  • for resolving disputes or complaints
  • to communicate with customers to improve our services
  • for purposes of statistical analysis
  • for processing with the purpose of identification, prevention of errors and fraud

3.2. Guest personal consent

  • for direct marketing of the Company's products
  • to inform individuals about special action offers
  • for notification of sweepstakes
  • to participate in surveys

Giving personal consent is completely voluntary and is not a condition for entering a contract. In these cases, the processing takes place in the context of a statement of the intended purpose and agreed means of communication, until cancellation.


We want to earn and maintain your trust, so we handle your information with the utmost care. In principle, your personal data are processed only by our employees who are committed to confidentiality and are regularly educated and trained to handle data safely.

We do not share your personal information with anyone unless we are required to do so by law, if you explicitly allow us to do so or if you authorize a third party to provide your personal information, respectively.

Due to a legal obligation, we provide some information about your overnight stay to AJPES (Agency of Republic of Slovenia for Public Legal Records and Related Services) and (on basis of a reasoned written request) also to other state bodies, which require it for conducting specific procedures.

If necessary, we will authorize other companies and individuals to perform certain works that contribute to our services. In such a case, the company may also transfer personal data to such carefully selected external processors that will enter into a personal data processing agreement with the company, or in substance the same agreement or other binding document (hereinafter:  »processing contract«). For external processors, such data will be transmitted or made accessible only to the extent required by a specific purpose. Such data may not be used by external processors for any other purpose, meeting at least all the processing standards of personal data provided for in the applicable law. External processors are contractually committed to the company to respect confidentiality of your personal information.


We use strict security procedures to protect your personal information in order to protect it from accidental loss, destruction or misuse.

The premises of physical storage media, hardware and software are protected by organizational and technical measures that prevent unauthorized persons from accessing the data. The premises are locked and personal data lists are protected by passwords on the devices.


The data retention period is determined according to the category of individual data. The data shall be kept for as long as necessary to achieve the purpose for which they were collected or further processed or until the expiration of the limitation periods for fulfillment of the obligation or the statutory retention period.

For the purpose of fulfilling contractual obligations, the accounting data and the associated contact information on individuals may be kept until the full payment of the service or at the latest until the expiration of the limitation period in relation to an individual claim, which can be statutory from one to five years. Accounts are kept for 10 years after the expiration year to which the bill relates in accordance with the law governing value added tax.

Other information that we obtain on the basis of your consent is kept for duration of the business relationship and for 5 years after the termination, unless the law provides for a longer retention period. If the individual who gave his consent to the processing of personal data has not entered into a business relationship with us, his consent is valid for 2 years from the date of his or her cancellation.

After the expiry of the retention period, the data is deleted, destroyed, blocked or anonymized, unless the law specifies otherwise for the particular type of data.


We provide the following rights regarding the processing of your personal information:

  • right to access personal data: You may familiarize yourself with all of your personal data collected in connection with you and with their processing and verify its legality;
  • right for correction or addition to personal data: will be corrected immediately or missing data will be filled in;
  • right to delete personal information: without undue delay, we will delete personal information concerning you, to the extent permitted by applicable law (the information we need to perform the contract you have entered with us and the information we need to carry out our legal obligations, we will not be able to be deleted, despite your request);
  • right to restrict processing of personal data: you can request that we restrict processing of your personal information (when you dispute the accuracy of personal information, when the processing is illegal, in cases where Kovego d.o.o. no longer requires your data to process, but you need to use it to enforce, execute or defend legal claims, or if you raised an objection to processing, based on the legitimate interests of the business until it is verified that our legitimate reasons outweigh your reasons);
  • right to transfer personal data: You have the right to receive your personal information that you have provided in a structured, widely used and machine-readable form, and the right to forward this information to another controller without being hindered in case where the processing is based on your consent and is carried out by automated means. At your request, where technically feasible, personal data may be transferred directly to another controller.
  • right of objection: You may also object to the processing of your personal data at any time when it is processed for direct marketing purposes, including the creation of profiles, if it is related to such direct marketing.
The rights regarding your personal information may be asserted only by you personally, and the other person on your behalf solely by virtue of your written authorization.

Requests can be sent to the e-mail address hotel@grof.eu or to Hotel Grof, Čeplje 12, 3305 Vransko.

Any complaint regarding the processing of your personal information can be sent to the email address hotel@grof.eu  or in writing to Hotel Grof, Čeplje 12, 3305 Vransko, Slovenia.

You also have the right to file a complaint directly with the Information Commissioner if you believe that processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.


The privacy policy is published on the Hotel Grof website. It shall take effect on 1.2.2020 and shall be valid until revoked and may be amended or supplemented at any time.


Newsletter subscription

Stay informed - subscribe to our newsletter.
The subscriber's email address.