Privacy Policy

Last updated: 06.03.2026

This Privacy Policy explains how MS Sparrow Hostel ("we", "us", "our") collects, uses, and protects your personal data when you visit mssparrowstay.com or contact us directly. This policy is in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Slovenian Personal Data Protection Act (ZVOP-2).

1. Who Is Responsible for Your Data?

Data Controller:

MS SPARROW GROUP d.o.o.
Dunajska cesta 103, 1000 Ljubljana
Ljubljana, Slovenia
Email: groups@mssparrowstay.com

2. What Data We Collect

When you use our contact enquiry form, we collect:

  • First and last name
  • Email address
  • Phone number (optional)
  • Check-in and check-out dates
  • Number of guests
  • Room preference
  • Any message or special requests you provide

When you visit our website, we may also collect:

  • IP address (anonymised)
  • Browser type and version
  • Pages visited and time spent (via cookies, only with your consent)

3. Why We Collect Your Data (Legal Basis)

We process your personal data on the following legal bases under GDPR Article 6:

  • Legitimate interests — to respond to your enquiry and help arrange your stay
  • Legitimate interests — to improve our services and communicate with you about your visit
  • Consent — for cookies and any optional marketing communications

4. How We Use Your Data

We use your data exclusively to:

  • Respond to your enquiry sent to groups@mssparrowstay.com
  • Follow up about your planned visit and provide relevant information (check-in times, directions, etc.)
  • Send you relevant information about your stay (check-in times, directions, etc.)
  • Comply with legal obligations (e.g. tourism registration requirements)

We do NOT sell, rent, or share your data with third parties for marketing purposes.

5. Who We Share Your Data With

Your data may be shared only with:

  • Our email service provider (for delivering your enquiry to our inbox)
  • Slovenian authorities if required by law (e.g. tourist registration — Slovenian law requires hostels to report guest data to the police register)
  • Booking platforms (Booking.com, Hostelworld, Google) only if you book through them directly — their own privacy policies apply. This website does not process direct bookings.

6. How Long We Keep Your Data

We retain your personal data for the following periods:

  • Booking enquiry data: up to 2 years from your stay or last contact
  • Financial/invoicing records: 10 years as required by Slovenian tax law
  • Cookie data: as specified in our Cookie Policy

After these periods, your data is securely deleted.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure ("right to be forgotten") — request deletion of your data
  • Right to restriction — request we limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — withdraw consent for cookies or marketing at any time

To exercise any of these rights, contact us at: groups@mssparrowstay.com

We will respond within 30 days. You also have the right to lodge a complaint with the Slovenian Information Commissioner (Informacijski pooblaščenec): www.ip-rs.si

8. Data Security

We take the security of your personal data seriously. We use appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. Our website uses HTTPS encryption (SSL/TLS certificate via Let's Encrypt).

9. Transfers Outside the EU

We do not transfer your personal data outside the European Union or EEA. If this changes, we will update this policy and ensure appropriate safeguards are in place.