Privacy Policy and Cookies
Effective date: 22. april 2026 | Last updated: april 2026
PART 1: PRIVACY POLICY
1. Data Controller
The data controller for personal data collected through the website www.thehotel.si is: Cesta v Hrib 20, 1210 Ljubljana-Šentvid, Slovenia
P.E.: The Hotel LJ, Cankarjevo nabrežje 29, 1000 Ljubljana, Slovenia
Tax number: 23758872 | Registration number: 8149763000
Email: info@thehotel.si | Phone: +386 (0)1 5883 200
For any questions regarding the processing of your personal data or to exercise your rights, please contact us at the above address or email.
2. Personal Data We Collect
2.1 Reservation System (Rentlio)
When making a reservation through the website or the Rentlio booking system, the following data is collected:
First and last name
E-mail address
Phone number
Country of residence
Stay details (arrival and departure date, room type, special requests)
Company details (for corporate reservations only)
Payment card data – processed exclusively by Rentlio through a secure payment system; the data controller does not store this data
2.2 Contact Form
Through the general contact form on the website, we collect:
First and last name
Email address
Subject and content of the message
2.3 Newsletter Subscription Form
When subscribing to our newsletter via the subscription form or by checking the opt-in box in the reservation form, we collect:
– Name and surname
Email address
Preferred language
Date, time and IP address of subscription (as proof of consent)
2.4 Event Enquiry Form
When enquiring about the organisation of events, meetings or conferences, we collect:
First and last name, email address
Company name and address
Event details (date, duration, number of attendees, special requirements)
2.5 Hotel Check-in (Reception)
Upon physical check-in at the hotel, we collect data required to fulfil legal obligations (guest registration, tourist tax):
First and last name, date of birth, permanent address
Identity document number and nationality
2.6 Technical Data
The website automatically collects technical data through cookies and analytics tools (Google Analytics 4, Meta Pixel). Details are provided in Part 2 of this document.
3. Purpose of Processing and Legal Basis
We process your personal data exclusively for the following purposes and on the following legal bases:
Purpose of processing | Legal basis (GDPR Art. 6) | Storage period |
Processing reservations and providing accommodation | Art. Article 6(1)(b) – implementation of the contract | 3 years after the guest’s departure |
Communication regarding booking | Art. Article 6(1)(b) – implementation of the contract | Booking duration + 1 year |
Guest register and tourist tax | Art. 6(1)(c) – legal obligation | In accordance with applicable regulations (5-10 years) |
Sending newsletters and promotional material | Art. 6(1)(a) – consent | Until withdrawal of consent |
Answering general enquiries | Art. 6(1)(f) – legitimate interest | 1 year after last contact |
Preparing offers for events | Art. 6(1)(b) – performance of contract | 1 year on demand |
Website analytics and improvement | Art. 6(1)(a) – consent (consent to cookies) | In accordance with Part 2 of this document |
4. Data Processors (Third Parties)
For certain services, we engage external providers acting as data processors, who may only process data in accordance with our instructions:
Rentlio (Booking System)
Rentlio d.o.o., Heinzelova ulica 62a, 10000 Zagreb, Croatia. Processes reservation data and payment transactions within the EU. Privacy policy: https://rentl.io/privacy-policy
MailerLite (Email Marketing)
UAB MailerLite, Paupio g. 46, 11341 Vilnius, Lithuania. Processes newsletter subscriber data on servers within the EU. Privacy policy: https://www.mailerlite.com/legal/privacy-policy
Google LLC (Analytics 4, Ads, reCAPTCHA)
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Processes analytics and advertising data. Transfer to the USA is secured by Standard Contractual Clauses (SCC). Privacy policy: https://policies.google.com/privacy
Meta Platforms Ireland Limited (Meta Pixel)
4 Grand Canal Square, Dublin 2, Ireland. Collects visit data for advertising on Facebook and Instagram. Transfer to the USA is secured by SCC. Privacy policy: https://www.facebook.com/privacy/policy/
External Service Providers
When you order additional third-party services (transport, laundry, excursion organisation, etc.), we share your contact details with the service provider only to the extent necessary for the execution of the requested service.
We have concluded data processing agreements with all processors in accordance with Art. 28 GDPR.
5. Transfer of Data to Third Countries
Rentlio and MailerLite store data exclusively within the EU. Google and Meta are based in the USA – the transfer of personal data is secured by Standard Contractual Clauses (SCC) approved by the European Commission (Art. 46 GDPR).
6. Your Rights
Under the GDPR, you have the following rights:
Right of access – you may request a copy of your personal data.
Right to rectification – you may request correction of inaccurate or incomplete data.
Right to erasure (‘right to be forgotten’) – you may request deletion of data when it is no longer necessary.
Right to restriction of processing – you may request restriction of processing in certain cases.
Right to data portability – you will receive your data in a structured, machine-readable format.
Right to object – you may object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise your rights, please send a written request to The Hotel LJ d.o.o., Cesta v Hrib 20, 1210 Ljubljana-Šentvid, or by email to info@thehotel.si. We will respond to your request within 30 days.
You may also lodge a complaint with the Information Commissioner of the Republic of Slovenia:
Website: www.ip-rs.si
Email: gp.ip@ip-rs.si
Phone: +386 (0)1 230 97 30
7. Data Security
We use appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration or destruction, including SSL/TLS encryption and restricted access to data.
8. Children’s Personal Data
Our services are not intended for persons under the age of 16. We do not knowingly collect personal data from children. If we discover that we have inadvertently collected data from a child, we will delete it immediately.
9. Dispute Resolution and Governing Law
This policy is governed by Slovenian law. Any disputes shall be subject to the exclusive jurisdiction of Slovenian courts.
In accordance with Regulation (EU) 524/2013, we inform you of the online dispute resolution (ODR) platform for consumer disputes:
https://ec.europa.eu/consumers/odr
10. Changes to the Privacy Policy
We may update this privacy policy to reflect changes in our data processing practices or applicable legislation. In the event of significant changes, we will notify you by email (if we hold your address) or by a notice on the website. The date of the last update is shown at the top of this document.
PART 2: COOKIE POLICY
11. What Are Cookies?
Cookies are small text files that a website stores on your device when you visit it. They help ensure the proper functioning of the website, improve security, enable analytics and the display of personalised content. Cookie storage is controlled by the browser you use – you can restrict or delete cookies at any time.
12. How We Use Cookies
The website www.thehotel.si uses first-party cookies and third-party cookies. First-party cookies are necessary for the operation of the website. Third-party cookies (Google, Meta, DoubleClick) help us understand how the website is used, measure the effectiveness of advertising campaigns and display relevant advertisements.
We obtain your prior consent for the installation of analytical, functional and advertising cookies through the CookieYes tool. Consent is voluntary and can be withdrawn or changed at any time.
13. Types of Cookies and List
13.1 Necessary Cookies (always active)
These cookies are essential for the basic functioning of the website and do not require your consent.
Cookie name | Provider | Duration | The purpose of |
PHPSESSID | thehotel.si | Session | PHP system cookie for managing user sessions. Deleted when the browser is closed. |
cookieyes-consent | thehotel.si | 1 year | Saves your cookie consent settings (CookieYes). |
wordpress_test_cookie | thehotel.si | Session | WordPress checks whether your browser supports cookies. |
wp-wpml_current_language | thehotel.si | Session | Shranjuje trenutno izbrani jezik (WPML večjezični vtičnik). |
rc::a / rc::c | google.com | Session / permanent | Google reCAPTCHA – zaščita pred avtomatiziranimi napadi in spam sporočili. |
13.2 Functional Cookies
These cookies enable additional functionality such as saving preferences and social media integration.
Cookie name | Provider | Duration | The purpose of |
c_user | facebook.com | 1 month | Facebook plugin – identifies the logged-in Facebook user. |
xs | facebook.com | 1 month | Facebook plugin – session security token. |
presence | facebook.com | Session | Facebook plugin – user presence status. |
fr | facebook.com | 1 month | Facebook plugin – stores advertising preferences. |
sb | facebook.com | 2 years | Facebook plugin – browser identification. |
wd | facebook.com | 1 week | Facebook plugin – stores screen resolution. |
13.3 Analytical Cookies
These cookies collect anonymous data about how visitors use the website and help analyse traffic and improve content.
Cookie name | Provider | Duration | The purpose of |
_ga | thehotel.si | 1 year 1 month | Google Analytics 4 – distinguishes between individual users with an anonymous ID. |
_ga_ENYEMY32G1 | thehotel.si | 1 year 1 month | Google Analytics 4 – stores session state for this website. |
_gid | gravatar.com | 1 day | Google Analytics – distinguishes between users and sessions. |
_gcl_au | thehotel.si | 3 months | Google Ads – measures the conversion effectiveness of advertising campaigns. |
_ga_ZK2E2B4FHH | gravatar.com | 1 year 1 month | Google Analytics – session tracking from external sources. |
13.4 Advertising Cookies
These cookies are used to display personalised advertisements based on your online activity and to measure the effectiveness of advertising campaigns.
Cookie name | Provider | Duration | The purpose of |
_fbc | thehotel.si | 1 year | Meta Pixel – records a click on a Facebook ad to measure conversions. |
_fbp | thehotel.si | 3 months | Meta Pixel – tracks visitors to display ads on Facebook and Instagram. |
IDE | doubleclick.net | 1 year 24 days | Google DoubleClick – tracks clicked ads to measure effectiveness. |
NID | google.com | 6 months | Google – limits ad repetition and measures ad effectiveness. |
ar_debug | doubleclick.net | 1 day | Google Ads – advertising campaign diagnostics. |
test_cookie | doubleclick.net | 15 minutes | DoubleClick – checks whether the browser supports cookies. |
ADS_VISITOR_ID | google.com | 2 months | Google Ads – anonimna identifikacija obiskovalca za oglaševanje. |
AEC | google.com | 6 months | Google – protection against CSRF attacks and request security. |
datr | facebook.com | 2 years | Facebook – browser identification for security and service integrity. |
act | facebook.com | Session | Facebook – records user actions within the Facebook plugin. |
14. Managing Cookie Settings
You can change your cookie consent settings at any time by clicking the ‘Cookie Settings’ button in the website footer. This will open the CookieYes window where you can accept or reject individual cookie categories.
You can also manage cookies directly in your browser settings:
- Chrome: https://support.google.com/accounts/answer/32050
- Firefox: https://support.mozilla.org/kb/clear-cookies-and-site-data-firefox
- Safari: https://support.apple.com/guide/safari/sfri11471/mac
- Edge: https://support.microsoft.com/help/4027947
Please note that rejecting or deleting certain cookies may affect the functionality of the website.
The Hotel LJ d.o.o. | info@thehotel.si | www.thehotel.si
