Privacy Policy

Last updated: August 2, 2025

1. Introduction

Welcome to the Service at https://plezanje.zanrutar.com (the “Site”). You can browse crags, sectors and routes without an account; to log climbs you select a route from our database and must register a free user account. This Site is operated by Zan Rutar (“I”, “me”, “my”). I respect your privacy and process your data under the EU General Data Protection Regulation (GDPR).

2. Data Controller & Contact

• Data Controller: Zan Rutar
• Contact email: policy@zanrutar.com

3. Data Collected

Account Data (only if you register):

• Name (first name only)
• Email address
• Username
• Password (hashed & encrypted)

Climb-Log (“Ascent”) Data (only when you log a climb):

• Route ID (pre-defined in our database)
• Date climbed (as entered by you)
• Ascent type (one of predefined)
• Number of tries (integer)
• Rating (1-5 stars)

Technical & Usage Data (automatic):

• IP address
• User-Agent (browser/device string)
• Timestamps (login, climb-log submissions, etc.)

Cookies (strictly necessary):

• Session cookies
• Error-message cookies
• Routing cookies

4. Legal Basis for Processing

• Performance of contract - to create/manage your account and record your logged climbs.
• Legitimate interest - to maintain security, prevent fraud, and ensure Site functionality.

5. Use of Your Data

• Authenticate and protect your account (HTTPS-only, encrypted passwords)
• Store and display your logged climb entries
• Operate, maintain, and secure the Site
• Respond to support inquiries you send

6. Data Sharing & Disclosure

• No sale or distribution - I do not sell, rent, or share your personal data.
• Service providers - hosting providers only store/process data under my instruction.
• Legal compliance - I disclose data only if required by law (e.g. valid court order).

7. Data Retention

Account Data:

• Retained for as long as your account exists.
• When you delete your account, all personal account information is permanently removed immediately, and any backups are purged within 30 days.

Climb-Log Entries:

• Stored while linked to your account so you can view and manage your logged ascents.
• If you delete an ascent, all included data is permanently removed immediately, and any backups are purged within 30 days.
• Upon account deletion, all links between you and your logged ascents are removed, and those ascent records remain only in fully anonymized form for aggregate statistics and route-popularity insights.

Technical & Usage Data:

• IP address, User-Agent string and session timestamps are stored while your session is active and for up to 30 days after its last use.
• User-create timestamp (account creation timestamp) remains part of your account data for as long as your account exists.

8. Your GDPR Rights

You have the right to:

• Access your personal data
• Correct inaccuracies
• Erase your data (“right to be forgotten”)
• Restrict or object to processing
• Port your data in a structured, machine-readable format

To exercise any right, email me at the provided contact. If unsatisfied, you may lodge a complaint with your EU Member State supervisory authority.

9. Security Measures

I implement technical and organizational measures - HTTPS encryption, hashed & encrypted passwords, least-privilege access - to protect your data. No system is 100% secure.

10. Cookies

Only strictly necessary session, error-message and routing cookies are used. Disabling cookies may prevent login and/or use of certain Site features.

11. Changes to This Policy

I may update this Policy to reflect changes to the Site or legal requirements. The “Last updated” date will indicate the revision.