We provide this privacy statement to inform you on how we may collect, use, share, and otherwise process your personal information. As a private customer, an employee of one of our corporate clients or other individual to whom we offer or provide our services – overnight stays, meetings and events, and related products and services – via our websites, mobile applications, email communications or other online and offline means. We have a strong commitment to respecting our users’ concerns about privacy and process all personal information in compliance with the European and Slovenian data protection law. Personal information provided by you when making a request regarding data protection is used exclusively for the purpose of processing your request.
The user is any legal or natural person who uses or visits the www.vanderhotel.com website.
The Policy may occasionally be amended or updated. To be notified about the changes affecting your personal data, we advised you to visit this website on a regular basis.
1. PERSONAL DATA PROTECTION
a) THE PERSONAL DATA CONTROLLER
The personal data controller is the company VANDER HOTEL, hotelske in gostinske storitve, d.o.o, Krojaška ulica 6-8, 1000 Ljubljana, Slovenia.
b) THE PERSONAL DATA PROCESSOR
The personal data controller works with outsourced service providers that process data solely on the behalf of the controller. This procedure serves the purposes of allowing bookings and booking payments, supporting analytical and marketing services, improving the service and user experience etc.
The personal data controller and processors have defined their relationships and obligations. The personal data processors are not allowed to share the personal data for their own or foreign purposes or to transmit the data to third parties or third countries.
The personal data controller may disclose personal data to law enforcement agencies and other government authorities, if this is conditioned by law or if it is strictly necessary for prevention, detection or prosecution of criminal offenses and fraud.
c) PERSONAL DATA COLLECTION
The types of personal data collected by us include:
user's first name, surname, email address, and country;
credit card details (credit card type, card holder name, credit card number, expiration date);
the data related to the guest's stay, including the date of arrival and departure, special requirements, service preferences (including preferences regarding the room, service or other services used);
event-related data (first name, surname, company, email address, telephone number, country, event start and end time, duration of the event, number of participants);
the data provided by the user in pre-arrival form, including the user's IP address;
an email address to be used for sending information about promotions and special offers via an e-mail.
All the data received will be used solely for communication regarding the provision of our services, for managing and editing online bookings, for providing customer support and for advertising activities within the framework of legislation.
d) PERSONAL DATA PROTECTION
In order to ensure the protection of personal data, we carry out all the necessary legal, organizational and appropriate logistical-technical procedures and measures.
We make sure unauthorized persons are prevented access to the personal data, the premises, the equipment and the software where the data is stored.
We guarantee an effective way of blocking, disposing of, erasing or anonymizing personal data.
We allow for subsequent determination of when individual items of personal data were used and entered into the database, and who this was done by. This applies to the period during which individual items of data are stored.
e) PERSONAL DATA RETENTION PERIOD
Individuals' personal data can be processed and stored in accordance with the lawful basis, i.e. for as long as there is a purpose for its processing and storage, or until the individual's consent has been withdrawn. Based on the user's written consent withdrawal, the data is erased. All the personal data retained is part of this Privacy Notice.
f) INDIVIDUAL’S RIGHTS
In accordance with the applicable legislation governing personal data protection, the individual is entitled to withdraw the given consent at any time, to request access, rectification, restriction of personal data processing or erasure of personal data by informing us about this in writing by mail to VANDER HOTEL, hotelske in gostinske storitve, d.o.o, Krojaška ulica 6-8, 1000 Ljubljana, Slovenia, or by emailing email@example.com. The individual may also make a complaint concerning the processing of his/her personal data and address it to the above address.
The individual may also lodge a complaint concerning the processing of his/her personal data directly with the competent supervisory authority, i.e. the Information Commissioner of the Republic of Slovenia.
g) DEALING WITH VIOLATIONS
In the event of personal data protection violations, we will promptly implement all internal and external measures (technical, organizational) for the protection of individual's rights and interests. We will inform each of the affected persons, as well as the competent supervisory authority in the Republic of Slovenia about this.
The Policy is published on the www.vanderhotel.com website; it came into effect on 26 October 2019.
If you have questions regarding the processing of your personal data, or if you would like to exercise any of the rights guaranteed by this Privacy Notice, you can contact us by emailing firstname.lastname@example.org.
VANDER HOTEL, hotelske in gostinske storitve, d.o.o
Krojaška ulica 6-8
1000 Ljubljana, Slovenia
+386 1 200 9000
+386 40 200 900