Urban Group d.o.o. is fully committed to compliance with the requirements of the GDPR.
Your privacy and the protection of your personal data are a priority for us, so we commit to processing your personal data in strict compliance with the Regulation and applicable national legislation.
This policy, along with the terms and conditions and other related documents, form the basis for the processing of all your personal data that we obtain from you when you use our products or services or contact us in any other way. Therefore, please read this document carefully to better understand the processing of your personal data. If you do not agree with this policy, do not use our services and do not contact our company.
By booking a room on our website or on other websites managed by Urban Group d.o.o., you accept and consent to the processing of personal data described in this policy. Furthermore, you guarantee that all individuals whose personal data you provide to us in connection with your reservation are informed of this policy, accept and consent to the processing of the data described in this policy, and are willing to provide evidence of their consent upon the request of the Data Protection Officer.
DATA WE COLLECT:
Data you provide to us: We collect data that we obtain directly from you or receive from our partner when you make a reservation for our services or accommodations. Data we obtain in the context of your reservation or your stay may include:
Your first name, last name, email address, home or business address, phone number, nationality, date and place of birth, type and number of personal identification, and payment card information.
Information about accommodation, preferences, and specific requests during your stay, such as accommodation preferences (e.g., smoking room), vegetarian menu, allergies, bed preferences, pillows, etc.
If you provide us with data about other individuals, such as family members or friends, in the context of your reservation, please ensure that these individuals are informed of this policy, accept and consent to the processing of the data described in this policy, and are willing to provide evidence of their consent upon the request of the Data Protection Officer.
Data we obtain from other sources: We also obtain data about you from other individuals, companies, tourist agencies, online portals not owned by us, individuals who make a reservation on your behalf (e.g., family members, company representatives), your employees, or other individuals or companies. We may also obtain information about you from our partners or airlines, such as your exact arrival time, so that we can prepare for your arrival and make the necessary arrangements. We may obtain your data from social networks, especially when you comment on our social media or leave comments about us on social media. We collect this information to improve our services to all our customers.
Security and technical measures: During your stay in our property, we implement security and technical measures, such as video surveillance in public areas of the property, which may record you to protect you and your property, other guests and their property, and our employees and their property. Security and technical measures in our property cannot be requested by individual guests.
PURPOSE OF DATA COLLECTION
We will primarily use your data for the purpose of fulfilling the service from the reservation, i.e., providing accommodation or other activities you have requested, and for compliance with legal requirements related to it. This may include sending a confirmation email, sending a satisfaction survey about the accommodation, and other matters related to accommodation.
Occasionally, when we have your consent or when allowed by law, we will send you emails with marketing content (e.g., about products or services that we believe will be of interest to you).
We will use your data, along with the data of other guests, to identify trends and statistics that will help us assess and improve our products or services, plan new activities and locations, and conduct other marketing research.
Finally, we will use your data to protect our legitimate business interests and rights when we are compelled to do so in connection with complaints, compliance monitoring tasks, regulatory and audit purposes, and in the case of disclosures about a takeover, merger, or sale of the company.
We will also use your data to provide marketing services, primarily sending occasional emails with special offers, additional benefits, and news related to the services or products we offer when we have your consent.
DISCLOSURE OF YOUR PERSONAL DATA
We may disclose your data to:
Authorized personnel of Urban Group d.o.o. to perform the contract or services you have booked with us.
Companies that are part of Urban Group d.o.o. to allow them to operate smoothly and provide services.
Selected third parties or business partners, suppliers, subcontractors (within the European Economic Area), to allow them to smoothly provide accommodation or other reservations that we have entered into with them or with you, such as IT specialists, software solution providers, and other partners who help us provide the best services. We will share data with them based on your reservation, consent, or legal basis. We may also entrust your data to business partners for marketing activities.
In choosing third parties with whom we share your personal data, Urban Group d.o.o. strictly adheres to all security measures and verifies that the business of the organizations to whom we entrust data complies with privacy legislation.
We may disclose your data to selected third parties:
If we sell or buy a business or property; in this case, we may disclose your personal data to a potential buyer or seller of that business or property.
If we are required to disclose or transmit your data to fulfill legal obligations and other agreements; or for the purpose of protecting the rights, property, or safety of Urban Group d.o.o., customers, or others. This also includes sharing information with other companies and organizations to prevent fraud and reduce credit risk.
Urban Group d.o.o. is aware of the importance of your personal data and therefore takes this matter very seriously, acting with great care. Therefore, we only disclose data to partners who ensure the protection of your data. We do not disclose data to anyone, neither to third parties nor international organizations, unless we are obligated to do so to meet legal obligations or the requirements of government or supervisory bodies or to fulfill our contractual obligations, for which we have obtained permission from the individual to whom the personal data relates. If government or regulatory authorities wish to obtain data from us, they must do so through the legally prescribed channels and obtain appropriate and binding decisions. We will review such decisions in Urban Group d.o.o., and if they are overly broad or improperly formulated, we will reject them.
Unless the law prohibits it or if there is a justified suspicion of criminal activity related to the use of Urban Group d.o.o. services, we will inform customers in advance about any intention to disclose their contact information, so they can seek appropriate assistance and protect their data from disclosure.
We are also aware of the seriousness of transferring data outside the European Economic Area. Therefore, we undertake not to transfer data outside the EEA, except when that country also provides a satisfactory level of protection and appropriate security mechanisms and ensures the rights of individuals and legal liability to individuals.
BASIS FOR PROCESSING YOUR PERSONAL DATA
We collect your data in accordance with the law and other regulations governing the protection of personal data, as well as the General Data Protection Regulation. We process data when we have a legal basis for it, including:
Consent given by you.
Data required for the performance of the contract you have entered into with us or the services you have reserved with us, including providing accommodation and other related services or products.
Data required to comply with legal requirements.
The use of data for legitimate interests as a business, including operational tasks, improving our services, informing our customers about our services or products and related benefits.
DURATION AND STORAGE
We store your data in accordance with legal deadlines. In the case of data obtained with your consent, we keep them for the duration of that consent. Otherwise, we follow the limitations imposed by the purpose and legal basis. In the case of reservations with contract status, this means that we keep data for five years, and after that period, we delete them. Meanwhile, data from the accounting field are kept for 10 years from the date of the invoice, and this also includes personal data included in it.
In connection with your personal data, you have certain rights under the regulations, which you can check and enforce by contacting us at firstname.lastname@example.org. These rights include:
The right to protect personal data.
The right to information about which data about you is held by Urban Group d.o.o.
The right to access this data and change or supplement it.
The right to restrict data processing.
The right to delete your data (subject to legal requirements).
The right to transfer data to third parties.
The right to refuse the use of your data for marketing purposes.
If you believe you have been a victim of a violation of the provisions, you have the right to complain to the relevant supervisory authority, which in Slovenia is the Information Commissioner.
PROTECTION OF PERSONAL DATA
To protect your personal data, we use various measures to prevent intrusion, loss, unauthorized or unauthorized use or destruction. These security measures include data storage in an encrypted database, protecting our information systems with antivirus and firewalls.
TRANSFER OF YOUR PERSONAL DATA
Your data is stored in databases within the EU and is, consequently, subject to ensuring adequate security and rights in accordance with the General Regulation. If we are compelled to transfer data outside the EU, we do so only when that country also provides a satisfactory level of protection and appropriate security mechanisms and ensures the rights and legal liability of individuals.