Privacy Policy

In this Privacy Policy, we would like to help you understand which data we collect, why we collect it, and how you can update, manage, export, and delete it, all because we value your privacy and security.

This Privacy Policy applies to the website https://intercontinental-ljubljana.si and its subpages. It determines the principles of processing and storage for personal data provided to us by users in relation to the use of the services provided by Hotel InterContinental Ljubljana. 

Please read the document carefully in order to help you understand the processing of your personal data. If you do not agree with the Privacy Policy, please do not use our services, and do not contact our company. By using the website, the user confirms that he/she agrees with the Privacy Policy.

We are committed to respecting your privacy and processing your personal data safely in accordance with the legislation governing the protection of personal data (Regulation (EU) 2016/679 (GDPR) and the Personal Data Protection Act – ZVOP-2). We use the collected data solely for purposes related to our business.

PERSONAL DATA CONTROLLER

The personal data controller for the data collected on this website is the company BAVARSKI STOLP d.o.o., Slovenska cesta 59, 1000 Ljubljana, Slovenia (hereinafter: “Bavarski stolp”).

HOW WE COLLECT YOUR DATA

We collect your personal data when you identify yourself while using our services or when making a purchase, contact us by e-mail, telephone, in writing or through social media, when you fill out any input forms, order our services, when you use our website and its functions, or in any other manner through which you provide personal data to us. 

We do not link IP addresses to persons and every user of our website is anonymous. Anonymous data related to your use of our website is collected with the help of cookies and similar technologies. Further information regarding how we use those technologies to collect data related to you can be found in cookie policy.

We manage your data with the utmost possible care. All personal data collected from website users is private and confidential.

WHAT PERSONAL DATA IS COLLECTED, PURPOSE, AND LEGAL BASIS

We process your data only within the framework of legal bases and selected purposes. The table below explains in more detail how we process individual data and for what purpose.

Your name, surname, and contact information (address, e-mail address, telephone number)

* When the payer of the service is a legal entity, we also process the legal entity’s tax and company registration number

PurposeExplanation and legal basis
Preparation of offers and conclusion of contracts. Direct communication with you regarding purchases of our services and inquiries we receive from youIn order for us to perform the obligations under the contract between the two of us – we will send you an offer, the confirmation of the offer, the ordered product (e.g. gift voucher) and contact you for all matters related to the execution of the purchase or use of services. Without this information, we cannot conclude or perform a contract with you or offer the products or services that you have requested to you. The legal basis is the contract for accommodation, i.e. the use of services – Article 6/I(b) of the General Data Protection Regulation.
Sending e-mails before and after your stayIn order to remind you of the booked accommodation and inform you of the details of the booking before you arrive and after your stay, to check whether you were satisfied with the performed service. The legal basis is the legitimate interest of the company Bavarski stolp d.o.o. to provide a complete service to its guests and to present other services to you that you can use during your stay, as well as to respond appropriately in cases where you are not satisfied with our services – Article 6/I(f) of the General Data Protection Regulation.
Sending letters, e-mails, or text messages with actual offers and newsIn order to keep you updated about our offer. In accordance with the legislation in force, we send letters to all existing customers on the basis of legitimate interest – (Article 6/I(f) of the General Data Protection Regulation) or on the basis of consent, while pursuant to the Electronic Communications Act, we only send e-mails and text messages in case you have given us your consent for this purpose. You can object to the use of your data for such purposes at any given moment. The legal basis is legitimate interest, Article 226/2 of ZEKom-2 (e-mail), consent (text message).
Sending personalised offers (via mail, e-mail, or text messages) based on your expressed interests or previous purchases/use of our servicesIn order for you to receive a limited number of offers that are most relevant to you – we shall do this only in case you have given your consent, which you can withdraw at any given moment, or if you are a member of our loyalty programme. The legal basis is the consent – Article 6/I(a) of the General Data Protection Regulation. For members of the loyalty programme, the legal basis is the performance of the contract pursuant to Article 6/I(b) of the General Data Protection Regulation.

Information regarding your birth

PurposeExplanation and legal basis
Registration of temporary residence in case you are staying with us; verification of age/age of majorityIn order for us to carry out the mandatory legal obligation of daily reporting on guests and overnight stays to AJPES (Agency of the Republic of Slovenia for Public Legal Records and Related Services) and for the purpose of additional protection and restriction of use in case of minors. The legal basis is the Permanent Residence Registration Act in conjunction with Article 6/I(c) of the General Data Protection Regulation.

Sex, nationality, identification document type and number

PurposeExplanation and legal basis
Registration of temporary residence in case you are staying with usIn order for us to carry out the mandatory legal obligation of daily reporting on guests and overnight stays to AJPES (Agency of the Republic of Slovenia for Public Legal Records and Related Services). The legal basis is the Permanent Residence Registration Act in conjunction with Article 6/I(c) of the General Data Protection Regulation.
We can also use the information regarding your sex to send personalised offers, e.g., on special holidays (Women’s Day etc.)In order for you to receive a limited number of offers that are most relevant to you – we shall do this only in case you have given your consent, which you can withdraw at any given moment, or if you are a member of our loyalty programme. The legal basis is the consent – Article 6/I(a) of the General Data Protection Regulation and the Loyalty Club Membership Contract – Article 6/I(b) of the General Data Protection Regulation.

Payment information 

* This includes your credit card information if you provide it to us

PurposeExplanation and legal basis
Payment and refund arrangementsIn order for us to perform our obligation under the contract between the two of us. Without this information, we cannot conclude or perform a contract with you or offer the products or services that you have requested to you. The legal basis is the contract for accommodation, i.e., the use of services – Article 6/I(b) of the General Data Protection Regulation. We must also store personal data for account purposes pursuant to the Value Added Tax Act, the Anti-Money Laundering and Terrorist Financing Act, the Payment Services, Electronic Money Issuing Services and Payment Systems Act and the Tax Procedure Act – Article 6/I(c) of the General Data Protection Regulation.

Your contact history with us

* The contents of your communications with us, e.g. during a telephone conversation (without recording telephone conversations), to our employees in person, or in written communication.

PurposeExplanation and legal basis
Ensuring optimal service and supportIn order for us to perform the services you want because you expect the best from us. For example, this is how we record your wishes regarding the type of room, floor, view, or any other special preferences, as well as potential negative experiences. Without this information, we cannot conclude or perform a contract with you or offer the products or services that you have requested to you. The legal basis is the contract for accommodation, i.e., the use of services – Article 6/I(b) of the General Data Protection Regulation. We further process your reviews so that they may serve to improve our services under legitimate interest (Article 6/I(f) of the General Data Protection Regulation).

Information about your bookings, stays, and purchases

PurposeExplanation and legal basis
Full performance of the use of services or purchaseIn order for us to perform our obligation under the contract between the two of us – to ensure adequate performance of ordered services, delivery of the correct product, or provide the selected stay with us. Without this information, we cannot conclude or perform a contract with you or offer the products or services that you have requested to you. The legal basis is the contract for accommodation, i.e., the use of services – Article 6/I(b) of the General Data Protection Regulation.
Complaint resolutionIn order for us to check the circumstances and details of the allegations in your complaint and to resolve it effectively. The legal basis is the legitimate interest of the company Bavarski stolp d.o.o. and third parties to prevent the occurrence of property damage and misuse of debit and credit cards – Article 6/I(f) of the General Data Protection Regulation.
Sending personalised offers (via mail, e-mail, or text messages) based on your expressed interests or previous purchases/use of our servicesIn order for you to receive a limited number of offers that are most relevant to you – we shall do this only in case you have given your consent or if you are a member of our loyalty programme. The legal basis is the consent – Article 6/I(a) of the General Data Protection Regulation and the Loyalty Club Membership Contract – Article 6/I(b) of the General Data Protection Regulation. Of course, you can withdraw your consent at any given moment. 
(Anonymised) analyses of purchases and used services* *In such a manner that it is not possible to discern or recognise the identity of individual personsIn order for us to better understand the wishes and needs of our customers and guests, and to adapt our services and offer accordingly. The legal basis is the legitimate interest of the company Bavarski stolp d.o.o. to optimise its business and continuously improve its services – Article 6/I(f) of the General Data Protection Regulation.

Your name and surname, license plate number of your vehicle, and accommodation room number

PurposeExplanation and legal basis
Opening gates for entering and exiting the area of marked parking areas where parking fees or parking restrictions are imposedIn order to provide you with an efficient and fast system of entering or exiting the parking areas. The legal basis is the contract concluded with an individual person (Article 6(I), point (b) of the General Data Protection Regulation. The individual shall conclude the contract in the form of a contract for accommodation or by receiving the permit. The controller’s legitimate interest (Article 6/I, point (f) of the General Data Protection Regulation).

Information you provide to us in giveaways or special promotional activities

PurposeExplanation and legal basis
Conducting giveaways and promotional activitiesIn order for us to check whether you meet the conditions to participate in the giveaway or promotional activity and to contact you regarding the giveaway or promotion – in the case that you agree, as well as to send further messages with our company’s promotional content. Pursuant to the General Terms and Conditions and the rules of a particular giveaway, we also process the personal data of winners for the purpose of fulfilling mutual rights and obligations under the giveaway. The legal basis is the consent – Article 6/I(a) of the General Data Protection Regulation and regarding the tax number, it is the Tax Procedure Act – Article 6/I(c) of the General Data Protection Regulation. In the case of your consent to receive our offers, the legal basis is the consent that you can withdraw at any given moment – Article 6/I(a) of the General Data Protection Regulation

EXCEPTIONS

There are also exceptions when the hotel stores guests’ data for the protection of its own legitimate interest and the legitimate interest of companies in the group to prevent property damage and to protect employees and other guests. These cases are defined by the following criteria:

  • Guests who did not settle the invoice after leaving. 
  • Guests that have destroyed hotel property. 
  • Guests that were aggressive to other guests and hotel staff.

In the case of non-payment of the invoice, the related information is recorded with the individual in our central booking system, and on the next visit, he/she is required to pay and if he/she fails to do so, the use of accommodation shall be denied. The information shall also be forwarded to the competent court or the public prosecutor and the police.

The information is stored until the obligation is settled and in the event of incidents and aggressiveness, for 3 years or at the latest until the conclusion of the potential misdemeanour or criminal proceedings.

PERSONAL DATA PROCESSING

In principle, your personal data is processed only by our employees, who are committed to confidentiality and are regularly educated and trained in the safe handling of data.

When necessary for the effective performance of our services, the information is also forwarded to InterContinental Hotel Group PLC (hereinafter “IHG Group”), a hotel chain to which the InterContinental Hotel in Ljubljana also belongs.

In some cases, however, your data is processed on our behalf and according to our instructions by our external contractors. We always conclude an adequate data processing contract with our external contractors, thus binding them to an equal or higher level of security for your data. The external contractors do not process your personal data for their own purposes.

In particular, the external contractors provide us with the following:

  • Providing electronic communication tools. 
  • Providing online services and other information technology services for our smooth operation (website hosting, providers of professional hotel information systems, online advertising agencies, etc.).
  • Professional data analysis in order for us to better understand the wishes and needs of our customers and guests, and to adapt and form our services and offer accordingly.

Due to a legal obligation, we provide certain information about your overnight stay to AJPES, on the basis of a substantiated written request, as well as to other national authorities who require us to do so for the purpose of conducting specific proceedings.

PERSONAL DATA RETENTION PERIOD

We store personal data for as long as necessary to achieve a specific purpose for which it was collected or processed further. The retention period depends on the basis on which we have processed data and the purpose of processing.

We store most of your personal data collected for the purpose of using our services or products for the duration of the business relationship, including the period during which legal claims can be exercised in connection with the business relationship (this usually means a period of 5 years, such as the general limitation period under the Code of Obligations). When your information is stated on the issued invoice, we store them for 10 years from the invoice date due to tax regulations.

In cases where you have given us your explicit consent to the processing, we store your personal data for the period for which you have consented to the processing of your data or until you withdraw your consent.

In cases of legitimate interest, where possible, we also immediately anonymise the personal data. When this is not possible, we delete your personal data immediately after the legitimate purpose expires (Article 5/I(e) of the General Data Protection Regulation).

Exceptionally, we may process your personal data for longer if this is required by the applicable regulations in the Republic of Slovenia and/or the EU. 

YOUR RIGHTS

Bavarski stolp provides you with the following rights:

  • The right to know your own personal data: you can familiarise yourself with all your personal data collected in connection with you, as well as with its processing, and check its legality. 
  • The right to correction or completion of personal data: we will correct your inaccurate personal data without undue delay. 
  • The right to deletion of personal data: we will delete personal data related to you without undue delay and to the extent permitted by applicable law (we will not be able to delete the data we need to perform the contract you have concluded with us and the data we need to perform our legal obligations, despite your request).
  • The right to restriction of personal data: you can request that we restrict the processing of your personal data (when you dispute the accuracy of personal data, when the processing is unlawful and in cases where the company Bavarski stolp d.o.o. no longer needs your data for processing, but you need them to pursue, exercise, or defend your legal claims). 
  • The right to portability: at your request, we will send you the personal data that you have provided to Bavarski stolp d.o.o. in electronic form or in another structured, commonly used and machine-readable format, or we will forward it to another controller of your choice (the latter only if technically feasible) – you can exercise this right only in cases where you have provided us with personal data through your personal consent or contract. 
  • The right to object: you can object to the processing of your personal data at any given moment when it is performed in order to fulfil legitimate interests of Bavarski stolp d.o.o. or a third party. You may also object to the processing of your personal data at any given moment when it is being processed for direct marketing purposes, including profiling, insofar as this is related to such direct marketing.

In accordance with the applicable legislation governing the protection of personal data, an individual has the right to withdraw the given consent at any given moment, request access, correction, restriction of personal data processing or deletion of personal data, by notifying us in writing via post at BAVARSKI STOLP, d.o.o., Slovenska cesta 59, 1000 Ljubljana, Slovenia or by e-mail at ljuha.info@ihg.com. The individual may also complain about the processing of their personal data and address it to the above-mentioned address.

Whenever you exercise any of your rights, you must provide us with your name and sufficient information to enable us to unequivocally identify you in connection with the exercise of your right (e.g., if you have asked us to provide you with information about your stay with us, we will (if we still have it) forward this information to your home or email address that you provided to us during your stay. If you would like to receive the data at a different address, we will request that you identify yourself with a personal document.

Only you, in person, can exercise your rights in relation to your personal data, while another person can do it on your behalf solely on the basis of your written power of attorney.

You can submit a request to exercise your rights only in writing, namely via post to BAVARSKI STOLP, d.o.o., Slovenska cesta 59, 1000 Ljubljana, Slovenia or via e-mail to ljuha.info@ihg.com. We will respond to you without undue delay or within one month at the latest.

If you believe that Bavarski Stolp d.o.o. has not adequately addressed your request, you can appeal within 15 days of receiving a response. You also have the right to lodge a complaint with the supervisory authority, which on the territory of the Republic of Slovenia is the Information Commissioner (address: Republic of Slovenia, Information Commissioner, Dunajska cesta 22, 1000 Ljubljana).

PERSONAL DATA PROTECTION

We use various measures to protect your personal data to prevent breach, loss, unauthorised or prohibited use or destruction. These security measures include, among other things, storing data in an encrypted database, protecting our information systems with anti-virus programs and a firewall, regularly updating, and testing our security technologies, and training our employees on the importance and means of ensuring data security.

TRANSFER OF YOUR PERSONAL DATA

Your data is stored in databases within the EU and is consequently subject to the provision of appropriate security and rights in accordance with the General Data Protection Regulation. When we transfer data outside the EU, we do so only if that country also provides a satisfactory level of protection and adequate security mechanisms and provided that they guarantee the rights of individuals and legal liability towards individuals. Before submitting the data, we assess the level of protection provided for personal data and, if necessary, take additional protective measures to ensure that the level of protection of personal data remains in accordance with the GDPR and Slovenian legislation.

PRIVACY POLICY AMENDMENTS

Any amendments to the Privacy Policy shall be published on this website and, where appropriate, notified via e-mail. Please check this website regularly for updates and amendments to the Privacy Policy.

OTHER WEBSITES

Our website may sometimes contain links to and from the websites of our partner networks, advertisers, or affiliate companies. If you follow a link to any of these websites, please note that each of these websites may have its own privacy policy and that we do not accept any responsibility or liability for these privacy policies. Before you provide any data to these websites, we recommend that you check their privacy policy.

In particular, we highlight the following:

  • In order to book a table at the restaurant we use the “Open Table” reservation system. In the case of a reservation via Open Table, please read the privacy policy of the service provider before booking to learn how they process your data.
  • To book a treatment at the wellness centre, you will be redirected to the website of Lepotni Studio Serenity. Please read the privacy policy of the service provider before booking to learn how they process your data.

VALIDITY

The date when this Privacy Policy enters into force is 15.11.2023. This document is subject to change without prior notice.

OUR CONTACT

Questions, comments, and requests regarding this Privacy Policy are always welcome and can be sent to the following e-mail address: ljuha.info@ihg.com.