The purpose of the personal data protection policy is to familiarize individuals, service users, associates, employees and other persons (hereinafter SNAPGUEST d.o.o.) about the purpose, legal basis, security measures and the rights of our data processed by our individuals.

We appreciate your privacy, so we always keep your information carefully.

Personal data are processed in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data on the movements of such data (hereinafter: General Regulation), the applicable Slovenian legislation in the field of personal data protection and other legislation which provides us the basis for the processing of personal data.

The personal data protection policy contains information, in a way that our company, as manager, processes personal data received from an individual, on the basis of a legal basis.

  • Operator

Personal data operator is

SNAPGUEST d.o.o., Grajska cesta 24, 4260 Bled

e-mail Slovenia:

e-mail Croatia:

tax number: SI24511617

  • Authorized person for the protection of personal data

In accordance with the decision of Article 37 of the General Regulation, we have appointed as the authorized person for data protection:


Tržaška cesta 85, SI-2000 Maribor


phone: + 386 (0) 2 620 4 300

  • Personal Information

Personal data is all information relating to an individual whose identity has been identified or whose identity can be identified; a particular individual is that can be directly or indirectly identified, such as name, personal identification number (OIB), location information, network identifier, or culturally significant for that individual or more physical factors, which are economically relevant;

  • Purpose of processing and data processing grounds

The company shall store and process your personal data on the following legal grounds:

  • the processing is necessary for the fulfilment of a legal obligation applicable to the manager;
  • the processing is necessary for the performance of a contract to which the contractual client is an individual to whom the personal data relates, or for the execution of measures at the request of that individual prior to the conclusion of the contract;
  • the processing is necessary for legal interests pursued by the manager or a third party;
  • the individual to whom the personal data relates agrees to the processing of his or her personal data for one or more specified purposes;
  • the processing is necessary for the protection of the life interests of the individual to whom the personal data relates or of other natural persons.

  • Performance of a legal duty

On the basis of the provisions of the law, the company process data on its employees, as permitted by labor and social security legislation. On the basis of a legal obligation, the company for the intentions of employment process primarily the following types of personal data: name, sex, date of birth, OIB, tax number, place, municipality and country of birth, citizenship, residence, etc.

  • Implementation of the contract

For example, when an individual concludes a contract with a company, this constitutes the legal basis for the processing of personal data. Personal data can be processed for the conclusion and execution of contracts, such as sale of products and services, membership of a convenience club, participation in events, education, promotions, etc. If the individual does not transmit personal data, the company cannot conclude a contract, it cannot perform the service or provide a service in accordance with the concluded contract. The company may, on the basis of legal activity, individuals and users of its services on their e-mail.

  • Legitimate interest

A company can process personal data on the basis of a legitimate interest behind which it stands. The latter shall not be permitted if such interests are outweighed by the interests or fundamental rights and freedoms of the individual to whom personal data relate and which require the protection of personal data. In the case of the use of legal data, the company always makes a judgment in accordance with the General Conditions. The processing of individuals’ personal data for the indirect marketing intent shall be treated as having been done in a legal interest. An undertaking may process data which it has collected from publicly available sources or in the legal exercise of activities, also for the purpose of offering products, services, employment, convenience notices, events, etc. To achieve this, a company may use normal mail, telephone calls, e-mail and other means of telecommunications. For direct marketing intentions, the company may process the following data: name of the individual, permanent or temporary residence address, telephone number and e-mail addresses. These personal data may be processed for direct marketing purposes without the explicit consent of the individual. An individual may at any time request the termination of such communication and processing of personal data and cancel the receipt of messages via the check-out link in the received message or on request by e-mail or by regular mail to the address of the company.

  • Processing on the basis of consent or consent

If the company has no legal basis proven by law, contractual obligation or legitimate interest, the individual may request consent or consent. In this way, it may process certain personal data of an individual as well as from the following intention, when an individual requests such consent:

  • residence and e-mail addresses for notification and communication intentions;
  • photographs, videos and other content relating to the individual (for example publication of photographs of the individual on the company’s website) for the purpose of documenting activities and informing the public about the work and events of the company;
  • other intentions, to which the individual agrees.

If an individual agrees to the processing of personal data but at some point, does not want any more, he may request the processing of personal data with a request via e-mail in Slovenia or in Croatia, or with regular mail to the company address.

  • Processing is essential to protect the vital interests of the individual

A company may process the personal data of the individual to whom the personal data relates where this is necessary for the protection of his/her vital interests. In emergencies, the company may request an individual’s personal document, to verify that person exists in the database, “examine a history” or establish contact with his or her closest persons, for which the company does not need the consent of the individual. This applies in cases where this is absolutely necessary to protect the vital interests of the individual.

  • Storage and deletion of personal data

The company will retain personal data only for as long as is necessary to achieve the purposes for which personal data were collected and processed. If the company process data on the basis of the law, it will retain it for the period prescribed by law. In doing so, some data are retained for the duration of cooperation with the company, and some data must be retained permanently. Personal data processed by the company on the basis of a contractual relationship with an individual shall be retained by the company for the period necessary to perform the contract and for a further 6 years after its termination, except in cases where there is a dispute between individuals and the company. In this case, the company will retain the data for 10 years after the final decision of the court, arbitration or court settlement or, if there was no dispute, 5 years from the date of the peaceful settlement. Those personal data processed by the company on the basis of an individual’s consent or a legitimate interest shall be retained by the company until the consent is revoked or until a request for deletion of the data. Upon receipt of a recall or a request for deletion, the data shall be deleted within 15 days at the latest. The company may delete such data even before revocation, when the purpose of the processing of personal data has been achieved or provided for by law.

Exceptionally, a company may refuse a request for deletion under the General Regulation, such as: exercise of the right to freedom of expression and information, fulfilment of a legal obligation to process, public interest reasons for public health, intentions to archive in the public interest, scientific or historical research purposes or requests or implementation purposes or statistical purposes. After a storage period, the company must effectively and permanently delete or anonymize personal data so that they can no longer be associated with a particular person.

  • Contractual processing of personal data and amount of data

An undertaking may entrust individual processing of personal data on the basis of a contractual processing to a contractual processor. Contractors may process confidential data solely on behalf of the processor, within the limits of his or her authority, which is enshrined in a written contract, another legal act, and in accordance with the purposes defined in this privacy policy.

Contractual processors with which the undertaking is involved shall in particular:

  • accounting services and other bidders for legal and business advice;
  • infrastructure maintenance workers (protection);
  • IT system maintainers;
  • e-mail and software, cloud service providers (Microsoft, Google);
  • social networking and online advertising providers (Google, Facebook, Instagram, etc.);
  • tied tax bidders or channel management.

In order to improve the supervision and supervision of contractors and to regulate the contractual relationship, the company also maintains a list of contractors, listing all the specific processors with which the company cooperates.

In no case shall an undertaking forward the personal data of individuals to unauthorized third parties. Contractual processors may only process personal data in the framework of company instructions and personal data shall not be used for any other purpose.

The company as a manager and its employees do not export personal data to third countries (outside European Economic Area Member States – EU Member States and Iceland, Norway and Liechtenstein) and to international organizations except in the USA, as the relationship with US contractors is governed by standard contractual clauses (type contractual contract, as accepted by EU rules) and accepted by the European Commission (asight) and accepted by the European Commission.

  • Cookies

You are informed that when reading our website cookies can be set onto your Internet search engine, primarily for reasons, in order to benefit from an optimal search. Cookies are data stored on the terminal equipment of the Internet user. More about cookies and cookie management can be found at

  • Data protection and accuracy

The company takes care of information security and infrastructure security (space and application software). Our information systems are among others protected with an antiviral program and a firewall. We have introduced appropriate organizational technical security measures designed to protect personal data against accidental or illegal destruction, loss, washing, unauthorized disclosure or access, as well as against other illegal and unauthorized forms of processing. In the case of passing specific types of personal data, we forward them in encrypted form and password-protected.

The individual is responsible for transmitting his or her personal data safely and that the data forwarded is accurate and true. The company will endeavor to ensure that the personal data it processes, accurate and updated, if necessary, we may occasionally contact an individual for confirmation of the accuracy of the personal data.

  • Individual rights with regard to data processing

In accordance with the General Conditions, an individual has the following rights relating to the security of personal data:

he has the right to request information on whether we have his/her personal data and, if so, on what basis we have it and on what basis we use them;

he has the right to request access to his personal data, which enables him to obtain a copy of the company’s personal data held by the company; and to verify that he will legally,

has the right to require corrections of personal data, such as the correction of incomplete or inaccurate personal data; it has the right to request the annulment of personal data where there is no reason for further processing, when it takes into account its right to a contract for further processing of personal data; where the undertaking relates a legal example of an individual business interest, where there exists a third person;

a reason (also the reasons) has the right to lodge a complaint at any time if the undertaking processes personal data for the purpose of indirect marketing; it may require a restriction on the processing of its personal data, which means interruption of the processing of personal data, for example, if an individual wishes, that the undertaking to know the accuracy or to verify the reasons for further processing of personal data; may be verified;

it may require the transfer of its personal data from another electronic form to a structured; the consent it has given for the storage, processing and transfer of personal data for a specific purpose; upon receipt of notification that it has withdrawn its consent, the undertaking will cease to process personal data for the purposes to which it first agreed, unless the undertaking has another legal basis to do so legally.

If an individual wishes to respect any of the above-mentioned rights, he can send the request by e-mail to in Slovenia and in Croatia or by regular mail to the address of the company. A request relating to individual rights shall be replied by the undertaking without undue delay and in any case within one month after receipt of the request. For example, in order to extend this time limit for compliance and numerous requirements (by a maximum of two additional months), you will be informed. Access to the individual’s personal data and the exercise of the rights shall be free of charge for the individual.

However, an undertaking may charge a reasonable payment if the request of the individual to whom the personal data relates is manifestly unfounded or excessive, in particular if it is repeated. In such an example, the company may refuse the application. In the case of exercising the right referred to in that point, it is possible that an undertaking may require certain information from an individual to help it verify the identity of the individual, which is a security measure, which ensures that personal data are not disclosed to unauthorized persons.

In respecting the rights under this point, an individual may use the form of the Information Powers of the Republic of Slovenia, which is available on their website.

In the event that an individual believes that his or her rights have been infringed, he shall turn to the supervisory authority (Commissioner for Information of the Republic of Slovenia) for protection and assistance. Link to the website: www.ip-rs.s.

If an individual has any questions regarding the processing of their personal data, they can always contact our company by e-mail at or or by regular mail to the address of the company.

  • Announcement of changes

Any changes to our Personal Data Protection Policy will be published on the company’s website: By using the website, the individual confirms that he accepts and agrees with the entire content of this personal data protection policy.

The personal data protection policy was adopted by the responsible person of the company on 15.7.2021.

Bled, 15.7.2021.

Klemen Smolej, director

Izberite jezik: