Privacy Policy (GDPR)

For this purpose, we have prepared this Privacy Policy to explain how we process personal data obtained from you or about you through visits to our website, our premises, written or verbal communication with you, or from other sources (hereinafter referred to as the “Policy”).

This Policy explains how we collect, use and protect personal data, as well as the rights of data subjects, particularly in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and applicable data protection legislation.

T&H Management, s.r.o.
Štúrova 10, 811 02 Bratislava, Slovak Republic
Company ID (IČO): 53570219
Registered in the Commercial Register of the Municipal Court Bratislava III, Section Sro, File No. 150463/B

(hereinafter referred to as “Roset Hotel & Residence” or the “Controller”)

The scope of personal data processed depends on the services provided and the purposes of processing. Personal data are processed mainly for the following purposes:

• reservation and provision of accommodation services
• guest registration, stay records and compliance with legal obligations
• fulfilment of obligations arising from legal regulations relating to guest registration and reporting obligations
• handling requests, enquiries and communication
• accounting, invoicing and payment processing
• protection of property and persons
• operation of the website and analytical tools

Personal Data of Children

Personal data relating to children are processed solely to the extent necessary for the provision of accommodation services, compliance with legal obligations and guest registration requirements.

Special Categories of Personal Data

Special categories of personal data include, in particular, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, health-related data or data concerning a person’s sex life or sexual orientation.

Special categories of personal data are not processed unless such processing is required by applicable legal regulations or unless such data are voluntarily provided by the data subject.

Health-related information may be processed to the extent necessary to ensure the provision of services or to accommodate specific guest requirements.

Personal data may be collected in particular:

• when making accommodation reservations through our website or reservation system
• through reservations made via online reservation portals and distribution partners (e.g. Booking.com, Expedia, Google Hotels and related partner platforms)
• during guest registration and throughout the check-in / check-out process
• through registration cards, guest records and statutory stay reporting requirements
• through written, telephone or personal communication with guests
• through contact forms, e-mail communication or requests submitted via the website
• when using additional hotel services, including transfer and limousine services
• during visits to our premises through the CCTV system
• through the use of our website, cookies and analytical tools, including Google Analytics (GA4)
• through hotel and reservation systems used by the Controller

Personal data may also be obtained from third parties where necessary for the provision of services or compliance with contractual or legal obligations.

Personal data may be processed for the following purposes in particular:

• provision of accommodation services and reservation processing
• guest registration, stay records and compliance with legal obligations
• fulfilment of obligations arising from legal regulations relating to guest registration and stay reporting requirements
• payment processing, invoicing and accounting
• communication with guests and handling requests, enquiries and complaints
• provision of transfer, limousine and other additional services
• protection of property, guests, visitors and employees through the CCTV system
• operation of the website, analytical tools and improvement of user experience
• ensuring administrative, operational and internal processes of the Controller

Personal data may be processed on the basis of:

• performance of a contract or steps taken prior to entering into a contract
• compliance with legal obligations of the Controller
• legitimate interests of the Controller
• consent of the data subject, where required by applicable legal regulations

Marketing information is sent only where permitted by applicable legal regulations or based on the consent of the data subject. If you no longer wish to receive marketing information, you may contact us at secured e-mail.

Data may also be processed for statistical purposes, analysis of website usage and improvement of the services provided.

We pay maximum attention to the protection of personal data regardless of the manner in which they were obtained and ensure their protection throughout the entire period of processing.

This Privacy Policy and related information on personal data processing are available throughout the entire service process, from reservation and guest stay until the completion of the services provided.

The retention period of personal data may be extended where required by applicable legal regulations or where necessary to protect the rights and legitimate interests of the Controller.

Personal data are retained in particular for the following periods:

• data relating to reservations and guest stays – for the duration of the contractual relationship and subsequent statutory retention periods
• accounting and tax documents – for the periods required by applicable legal regulations
• data obtained through contact forms or communication – for the period necessary to process and respond to the request
• CCTV recordings – for the period necessary to fulfil the purpose of processing and in accordance with the Controller’s internal retention rules
• data processed for marketing purposes – for the duration of consent or until an objection is raised or consent is withdrawn

Upon expiry of the retention period, personal data are securely deleted, anonymised or destroyed in a manner preventing their recovery or further processing.

The data subject has the right to:

• request access to personal data relating to them
• request correction of inaccurate or incomplete personal data
• request erasure of personal data where the conditions under applicable legal regulations are met
• request restriction of processing of personal data
• object to the processing of personal data
• data portability
• withdraw consent where processing is based on consent
• submit a request or complaint to the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic

If you no longer wish to receive marketing information or wish to exercise any of your rights, you may contact us at secured e-mail.

Requests from data subjects shall be handled in accordance with the applicable legal regulations and within reasonable time limits.

The Controller has implemented appropriate technical and organisational measures to ensure that all recipients and processors process personal data in accordance with applicable legal regulations.

Personal data may be processed in particular by the following recipients and processors:

• HORECA GROUP s.r.o. / Ellipse – hotel information system (PMS), channel manager, reservation system (booking engine) and CRM
• Booking.com B.V. and companies belonging to the Booking Holdings Inc. group, including affiliated and partner entities providing reservation, distribution and related services
• Expedia Group, Inc. and companies belonging to the Expedia Group, including affiliated and partner entities providing reservation, distribution and related services
• Google LLC, including Google Analytics (GA4), Google Hotels and Google Ads
• Global Payments s.r.o. – payment processing services
• Microsoft Corporation and related services used by the Controller
• reconline AG – GDS distribution and related reservation services
• Zanex s. r. o. – transfer, limousine and related additional services
• Bolt Operations OÜ – transportation and transfer services used by the Controller
• public authorities and competent authorities of the Slovak Republic to the extent required by applicable legal regulations

Personal data may also be disclosed to other recipients where required by applicable legal regulations or where necessary for the provision of services.

The Controller may update this section of the Privacy Policy from time to time.

Transfers of personal data are carried out solely in accordance with applicable legal regulations and subject to appropriate safeguards ensuring an adequate level of personal data protection.

The Controller may use the services of international providers, including Google LLC, Microsoft Corporation, Booking Holdings Inc., Expedia Group and other related service providers.

Where personal data are transferred outside the European Union or the European Economic Area, the Controller ensures appropriate safeguards in accordance with the GDPR.

Employees, processors and recipients of personal data are required to maintain confidentiality and act in accordance with the adopted security measures.

Personal data are processed in both electronic and paper form with an appropriate level of protection throughout the entire period of processing.

The website may use analytical and marketing tools, including Google Analytics (GA4), Google Ads, Google Hotels and related services.

The use of cookies is governed by separate cookie settings or policies available on the website.

The Controller shall not be responsible for the content, security or personal data processing practices of third-party websites. We recommend reviewing the privacy policies of the respective operators of such websites.

The current version of the Privacy Policy is always published on the Controller’s website.

Any changes shall become effective upon publication unless stated otherwise.

Roset Hotel & Residence
Štúrova 10
811 02 Bratislava
Slovak Republic

E-mail: secured e-mail

This Privacy Policy becomes effective on: 20.05.2026