Section title

Mogotel Ljubljana d.o.o.

Privacy Notice


In connection with its business, MOGOTEL Ljubljana d.o.o., Miklošičeva cesta 9, Ljubljana ("Mogotel"), as the controller of your personal data collects, uses, shares or otherwise processes your personal data in the manner described in more detail in this Privacy Notice. 

Mogotel will process your personal data in accordance with the General Data Protection Regulation ("GDPR") and other applicable law.


What categories of personal data do we process and what is the purpose of processing? 

Depending on whether you are guest or potential guest of our hotel, visitor of our web sites or our social media sites, a representative or contact person of our business partner or potential business partner, a visitor to our premises or we have some other relationship with you, we collect and process some of the following personal data about you: 

  • name and surname,
  • e-mail address,
  • telephone number,
  • country and address of residence,
  • bank or credit card account no.,
  • age and gender,
  • date of birth,
  • preferred language,
  • other contact and identification data (including data from personal ID card or passport),
  • job title,
  • the company you work for,
  • video recording, time of entry and exit from the premises,
  • IP address, operational hardware used during your web site visits, browser type, resources on website etc.,
  • location data during web site visits,
  • data about the use of our web sites,
  • your interests,
  • data on your past visits in our hotels and other orders,
  • data on our communication, in particular traffic data.

We collect your personal data for the following purposes:

  • the conclusion and execution of contracts,
  • implementation of the franchise agreement,
  • communication for the purpose of marketing of our services and carrying out Loyalty Programs,
  • compliance with tax and other legal obligations, and
  • ensuring the security of property, people, and information.

Do we carry out profiling and/or automated decision-making concerning individuals?

We do not carry out profiling or other automated decision-making.


How did we obtain your personal data? 

The personal data we process about you has been obtained from you directly or from publicly available sources, in particular information published on websites.

Franchisor[1] may share guest personal data which it has collected through reservations systems and sales and marketing programs operated by franchisor or third party service providers on its behalf. 


What is the legal basis for collecting your personal data? 

The legal basis for collecting and processing your personal data is:

  • performance of a contract (Article 6(1)(b) GDPR), if you have a contract with us or franchisor: the above applies to name and surname, personal identity number or date of birth, address of permanent or temporary residence, email address, telephone number, bank account number and tax number, data of the identification document, list and date of carried out and/or planned services, payment administration information, phone, electronic communication information, photo images, accommodation data and special accommodation demands of guests (which way include possible food allergies and/or disabling or mental medical conditions); or
  • your consent (Article 6(1)(a) of the GDPR), if you give your consent to us or the franchisor:
    this applies to name and surname, personal identity number or date of birth, email address, telephone number, photo images, list of planned services, data publicly available on social media;
  • compliance with a legal obligation (Article 6(1)(c) GDPR): name and surname, personal identity number or date of birth, temporary or permanent residence, e-mail address, phone number, tax number, data of the identification document, list of received and planned services, bank account numbers, payment administration information.
  • legitimate interest (Article 6(1)(f) GDPR): name and surname, personal identity number or date of birth, e-mail address, phone number, title, and contact details of companies and sole entrepreneurs in the course of their business activities and other business partners; details of the company you are employed at, your place of work, video, time of entry and exit from our premises list of received and planned services, data regarding website visits, auditing records of access control devices and alarm devices with the data of employees, visitors, or subcontractors, payment administration information, phone, electronic communication information; in relation to the  processing of the said personal data performance of the company's core business and providing security of persons, property and information.

Do we share your personal data with third parties?

Due to the organization of our company or in order to comply with our legal obligations, we will disclose and share some of your personal data to the following categories of recipients: 

  • partners based on contractual relations and ensuring compliance with regulatory requirements,
  • franchisor based on contractual relations and ensuring compliance with regulatory requirements,
  • the Financial Administration,
  • Police unit in Ljubljana
  • the Information Commissioner,
  • Inspection or supervisory authorities,
  • other administrative and public authorities,
  • certain professional groups who are bound to protect the secrecy of personal data, as well as to protect the secrecy of matters entrusted to them and of facts of which they otherwise become aware in the course of their professional activities by virtue of legal professional secrecy (e.g., lawyers, notaries, tax advisors, auditors),
  • to the courts,
  • banks,
  • insurance companies.

The legal basis for disclosure and sharing is as follows: 

  • legitimate interest (Article 6(1)(f) GDPR): due to ensuring the security of property, people, and information; based on a franchise agreement;
  • to comply with legal obligations arising from data protection, tax and other regulations (Article 6(1)(c) GDPR);
  • conclusion or performance of a contract with you (Article 6(1)(f) GDPR);
  • your consent (6(1)(a) GDPR).


Will we disclose your personal data to data processors? 

We will disclose your personal data to our data processors: franchisor, accounting service, marketing agencies, software or IT service providers and maintainers, cloud service providers and other data processors. Data processors will process your personal data on our behalf and in accordance with our instructions. We have concluded specific personal data processing agreements with them, under which our contractual partners are obliged to process your personal data only for a specific purposes predefined by us and to implement appropriate technical and organizational measures to provide security of your personal data.


Will we transfer your personal data to users outside the EU/EEA?

As you may expect, some of the recipients we may share your personal data with may be located in countries outside of Europe. In some cases, this may include countries located outside the European Union (“EU”) and / or European Economic Area ("EAA").

Some countries where recipients are located have already been assessed by the European Commission as ensuring an adequate level of protection for this data (including those within the EEA), whereas others are not deemed to ensure an adequate level of protection according to GDPR.

If recipients are located in other countries that are not deemed to ensure adequate protections for personal data, Mogotel will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. This could include (without limitation) using appropriate safeguards such as the Standard Contractual Clauses which the European Commission has assessed as providing an adequate level of protection for personal data. You can ask for a copy of the appropriate safeguards by contacting us as set out below.


How long will we keep your personal data? 

We will keep your personal data for as long as is necessary to fulfil the purposes set out above, but at the latest until you are acting in areas related to Mogotel's business or until the expiration of the period prescribed by law or limitation periods; or, in case of a contract, for as long as is necessary to comply with tax, accounting or other regulations or until the expiration of any limitation periods.


Voluntary or mandatory provision of personal data

In certain cases, in particular where it is necessary to comply with tax obligations in connection with the performance of a contract, we collect details of your personal data (for example, your bank account number or tax identification number) because it is necessary for the performance of the contract or to comply with the law. If you do not provide personal data, the consequence is that the contract cannot be concluded, or the contractual obligations cannot be fulfilled.


Your rights

Subject to certain exceptions and limitations set out in relevant regulations, you have the following rights in relation to your personal data.

1.1 Right of access

You have the right to request information about what personal data we are processing about you.

You have the right to obtain a copy of the personal data we process about you, generally free of charge and by electronic means, if the individual makes the request by electronic means that are commonly used.  

1.2 Right to rectification

If, in your opinion, we are processing incomplete or inaccurate personal data, you may at any time request completion or rectification of that personal data.

1.3 Right to erasure (right to be forgotten)

Under certain conditions, you may request erasure of the personal data we process about you, in particular if the purpose of the processing has been fulfilled or if the legal basis for the processing no longer exists.

In certain cases, you may not be able to successfully request erasure, for example due to our legal obligation to retain data, pending legal proceedings, due to claims of damages etc. 


1.4 Right to restriction of processing

Under certain conditions, you have the right to request restriction of processing of your personal data: (i) if you contest the accuracy of your personal data (for a period enabling the controller to verify the accuracy of personal data), (ii) if processing of your personal data is unlawful and you oppose the erasure of personal data and request the restriction of their processing instead, or (iii) if you have objected to processing of your personal data - pending the verification whether the legitimate grounds of the controller override those of the data subject.


1.5 Right to data portability 

In cases where we process your personal data on the basis of your consent or on the basis of an employment contract, and where the processing is carried out by automated means, you may request that we make the personal data you have provided to us available to you in a structured, commonly used and machine-readable format and that we transmit this data to another controller.


1.6 Right to object

Where we process your data on the basis of a legitimate interest, you have the right to object to processing, unless we demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or where we need the data for the establishment, exercise or defense of legal claims.


1.7 Right to a complaint 

If you wish to make a complaint about the processing of your personal data, you can contact us using the contact details below and we will provide you with adequate explanation. If your complaint is not resolved to your satisfaction, you may contact the Information Commissioner.


1.8 Withdrawal of consent

If we collect your PD on the basis of your consent, you have the right to withdraw your consent at any time. The withdrawal does not affect the lawfulness of processing before the withdrawal.


Contact details

If you have any questions about the protection of your personal data or if you wish to exercise any of your rights, please contact our data protection officer on the following contact details:

ibis Styles Ljubljana Centre hotel, Miklošičeva cesta 9, 1000, Ljubljana 

or

dpo@mogotel.com


Amendments of the Privacy Notice

In the event of a change in the law or an actual change in the processing of personal data, we will update this notice and inform you accordingly.


28 SEPTEMBER 2022


[1] Accor Services Poland sp. z o.o., office in Warsaw, ul. Złota 59, 00-120 Warsaw, KRS 0000785725, NIP 5252789366, and Accor Group (Privacy notice - https://all.accor.com/information/legal/data-protection.en.shtml).