Privacy policy

Privacy Policy Grof Cycling

The following privacy information brings together key information about the protection of personal data at Kovego d.o.o. (Kovego Ltd.) in one place - what personal information is collected and why it is processed, to whom it is shared, what your personal data rights are, and how you can use them.


The data controller is Kovego doo, Čeplje 12, 3305 Vransko.


If you visit our website, we only collect data using cookies. If you are a service user or a subscriber of the services provided by the company, we also collect other personal information that we need so we can provide the services you ordered or the service you are using already. This personal information is

  • Personal information for booking (first and last name, date of birth, gender, citizenship, number, and type of identification document, email address, telephone number, home address)
  • Credit card information (card type, card number, name on card, expiration date, and security code)
  • Guest information (Arrival and departure date, special service requirements, and preferences)
  • Event information (first and last name, company date and time of start and end of the event, duration of the event, number of participants)
  • Information about advertising preferences (during surveys, contests, or promotions)



Personal information is collected and processed for the purpose of providing services in accordance with the registration of Kovego d.o.o. The extent of data collection and processing depends on the individual activity of the company.

Kovego d.o.o. - Grof Cycling collects and processes personal information on the basis of a legal basis. The legal basis depends on the purpose for which the information was obtained. We use them for the following purposes:

3.1. Statutory Legal Basis

  • to conclude a contract with an individual for the smooth provision of accommodation and catering services
  • for the purposes of communication-related to any changes in reservation
  • for checking credit card payments for accounting purposes
  • for resolving disputes or complaints
  • to communicate with customers to improve our services
  • for purposes of statistical analysis
  • for processing with the intention of identification, prevention of errors, and fraud

3.2. Guest personal consent

  • for direct marketing of the Company's products
  • to inform individuals about special action offers
  • for notification of sweepstakes
  • to participate in surveys

Giving personal consent is entirely voluntary and is not a condition for entering a contract. In these cases, the processing takes place in the context of a statement of the intended purpose and agreed on means of communication, until cancellation.


We want to earn and maintain your trust, so we handle your information with the utmost care. In principle, your personal data are processed only by our employees who are committed to confidentiality and are regularly educated and trained to handle data safely.

We do not share your personal information with anyone unless we are required to do so by law, if you explicitly allow us to do so or if you authorize a third party to provide your personal information, respectively.

Due to a legal obligation, we provide some information about your overnight stay to AJPES (Agency of the Republic of Slovenia for Public Legal Records and Related Services) and (on the basis of a reasoned written request) also to other state bodies, which require it for conducting specific procedures.

If necessary, we will authorize other companies and individuals to perform certain works that contribute to our services. In such a case, the company may also transfer personal data to such carefully selected external processors that will enter into a personal data processing agreement with the company, or in substance the same agreement or other binding documents (hereinafter:  »processing contract«). For external processors, such data will be transmitted or made accessible only to the extent required by a specific purpose. Such data may not be used by external processors for any other purpose, meeting at least all the processing standards of personal data provided for in the applicable law. External processors are contractually committed to the company to respect the confidentiality of your personal information.


We use strict security procedures to protect your personal information in order to protect it from accidental loss, destruction, or misuse.

The premises of physical storage media, hardware, and software are protected by organizational and technical measures that prevent unauthorized persons from accessing the data. The premises are locked and personal data lists are protected by passwords on the devices.


The data retention period is determined according to the category of individual data. The data shall be kept for as long as necessary to achieve the purpose for which they were collected or further processed or until the expiration of the limitation periods for the fulfillment of the obligation or the statutory retention period.

For the purpose of fulfilling contractual obligations, the accounting data and the associated contact information on individuals may be kept until the full payment of the service or at the latest until the expiration of the limitation period in relation to an individual claim, which can be statutory from one to five years. Accounts are kept for 10 years after the expiration year to which the bill relates in accordance with the law governing value-added tax.

Other information that we obtain on the basis of your consent is kept for the duration of the business relationship and for 5 years after the termination unless the law provides for a longer retention period. If the individual who gave his consent to the processing of personal data has not entered into a business relationship with us, his consent is valid for 2 years from the date of his or her cancellation.

After the expiry of the retention period, the data is deleted, destroyed, blocked, or anonymized, unless the law specifies otherwise for the particular type of data.


We provide the following rights regarding the processing of your personal information:

  • right to access personal data: You may familiarize yourself with all of your personal data collected in connection with you and with their processing and verify its legality;
  • right for correction or addition to personal data: will be corrected immediately or missing data will be filled in;
  • right to delete personal information: without undue delay, we will delete personal information concerning you, to the extent permitted by applicable law (the information we need to perform the contract you have entered with us and the information we need to carry out our legal obligations, we will not be able to be deleted, despite your request);
  • right to restrict processing of personal data: you can request that we restrict the processing of your personal information (when you dispute the accuracy of personal information, when the processing is illegal, in cases where Kovego d.o.o. no longer requires your data to process, but you need to use it to enforce, execute or defend legal claims, or if you raised an objection to process, based on the legitimate interests of the business until it is verified that our legitimate reasons outweigh your reasons);
  • right to transfer personal data: You have the right to receive the personal information that you have provided in a structured, widely used, and machine-readable form, and the right to forward this information to another controller without being hindered in cases where the processing is based on your consent and is carried out by automated means. At your request, where technically feasible, personal data may be transferred directly to another controller.
  • right of objection: You may also object to the processing of your personal data at any time when it is processed for direct marketing purposes, including the creation of profiles if it is related to such direct marketing.

The rights regarding your personal information may be asserted only by you personally, and the other person on your behalf solely by virtue of your written authorization.

Requests can be sent to the e-mail address or to Kovego, Čeplje 12, 3305 Vransko.

Any complaint regarding the processing of your personal information can be sent to the email address or in writing to Kovego, Čeplje 12, 3305 Vransko, Slovenia.

You also have the right to file a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU regulations in the field of personal data protection.


The privacy policy is published on the Grof Cycling website. It shall take effect on 1.2.2020 and shall be valid until revoked and may be amended or supplemented at any time.


Use of Cookies

The website uses cookies to ensure you get the best experience on our website. By continuing to browse this site, the user agrees to the cookies policy of this website, which is stated below.

What are cookies?

Cookies are short text files that the website sends to your browser upon your visit.

What do cookies do?

With the help of cookies, unique but anonymous data about the user or the settings that the user has chosen on the individual website are stored on the user's device (for example, language selection, number of displayed results, font size, etc.). Cookies help in the implementation of online services (registration, contents of the shopping basket, subscription to e-news, video viewing, etc.), help in collecting data about the habits of online users (number of visits, the content of interest to users, etc.), with which we help to improve your user experience and evaluate the effectiveness of the website design.

None of the cookies we use on our websites collect any information that could be used to identify you personally.

The decision is yours, but cookies have a purpose.

Cookies make the interaction between users and websites faster and easier. The user has full control over cookies, as he can delete, limit, or completely disable them at any time in the browser of his computer or mobile device. It can also delete cookies that the browser has already stored on your device.

As a user, you decide for yourself whether to allow cookies to be stored on your device. If you disable cookies, some website options may be disabled.

The process of changing cookie settings differs from browser to browser. You can find information about this using the "Help" function, visit, which clearly explains the process in all modern browsers.

Which cookies are used on this website?

The website uses absolutely necessary (system) cookies, which help us to display the content properly and enable the functioning of forms, the shopping cart, and other essential elements of the website. These types of cookies are active only during the session and are automatically deleted from your disk when you close the browser.

Used cookies:



Google Analytics

Google Analytics is a web analytics service. It provides us with information about user behavior on our website and thus helps us create a better user experience, display relevant content, etc. When analyzing this data, we cannot identify you personally. The lifespan of these cookies is up to 2 years.
Examples of cookies used: _ga, __utma, __utmb,__utmc, __utmz in __utmv.

Google maps

We use cookies belonging to Google Maps to display a user-friendly map and location markings. The lifespan of these cookies is up to 10 years.
Examples of used cookies: SID, SAPISID, APISID, SSID, HSID, NID, PREF