Privacy policy
This Privacy Policy explains how Marble Mansion Hotel SRL processes personal data when you use our website, booking flow, support channels, and related guest services.
Last updated: 22 April 2026
1) Data controller and contact
Data controller: Marble Mansion Hotel SRL, Rruga Zagrebi 142/1, 10000 Prishtina, Kosovo. For privacy requests, contact us at stay@marblemansion.com or +383 49 288 221.
2) Data we collect
- Account data: full name, email, phone number, encrypted password.
- Booking data: check-in/check-out dates, room, number of guests, payment preference, and guest notes.
- Reception/PMS data (staff-only): passport/ID references, uploaded scans, internal service notes, and extras/purchases.
- Technical and usage data: session tokens, security logs, and selected analytics/marketing cookie preferences when consented.
3) Why we process data (legal basis)
- Contract performance: handling bookings, guest communication, and stay operations.
- Legitimate interest: fraud prevention, service reliability, and support quality.
- Legal obligation: accounting records and required guest identity documentation according to applicable hospitality regulations.
- Consent: optional analytics/marketing tracking via cookie settings.
4) Sharing and processors
We share data only when needed to operate services: hosting and database providers, transactional communications, and technical support systems. We do not sell personal data. Data is shared with third parties only under contractual or legal safeguards.
5) Retention
- Account data is retained while your account is active.
- Booking and invoice-related records are retained according to legal and accounting requirements.
- Reception/PMS notes and identity references are retained only as long as operationally or legally required.
- Cookie preferences can be changed at any time from Cookie policy/settings.
6) Your rights
You can request access, correction, deletion, portability, or restriction/objection of processing where applicable. Use /privacy-choices for the full request workflow and links to manage your data directly.
7) Security
We use access controls, encrypted password storage, role-based admin permissions, and operational safeguards to protect data. No internet system is risk-free, but we continuously improve security and monitor abuse.
8) Policy changes
We may update this policy as operations or legal requirements evolve. Material changes will be reflected on this page with an updated date.