2Alfa d.o.o. 2Alfa d.o.o.
Legal

Privacy Policy

Last updated: 8 May 2026 · Effective from publication date

This Privacy Policy explains how 2Alfa d.o.o. (VAT: SI37315374, Slovenia — "we", "us" or "our") collects, uses and protects your personal data when you visit 2alfa.org, book one of our apartments, schedule an appointment at our manicure studio, or use our mobile applications.

We are the data controller within the meaning of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Slovenian Personal Data Protection Act (ZVOP-2).

1. What we collect

1.1 Website

This website is intentionally minimal. We do not use analytics cookies, advertising trackers or third-party fingerprinting. The web server may log standard request data (IP address, user-agent, requested URL, timestamp) for security and diagnostic purposes, retained for up to 30 days.

1.2 Apartment bookings

When you book through a third-party platform (Airbnb, Booking.com), the platform shares with us the minimum information required to host you: your first name, the booking reference, dates and the number of guests. Direct bookings additionally require your full name, email, phone number and, where required by Slovenian law, identity-document data for guest registration with the police (eTurizem).

1.3 Manicure studio

For appointments we record only your first name, contact (phone or email), and appointment time, in a paper or simple digital calendar. We do not maintain medical records.

1.4 Mobile applications

Our applications (ZTL Italia, ZTL Navi) are designed to be privacy-first:

  • Location data is processed entirely on your device. It is never transmitted to our servers, because we operate no servers that receive location data. Real-time location is used to detect proximity to a Zona a Traffico Limitato and is discarded immediately after use.
  • App settings (chosen language, alert radius, saved cities) are stored locally on your device.
  • In-app purchases are processed by the application store (Google Play, Apple App Store). We do not see your payment data; we receive only the fact of a purchase from the store, in anonymous form.
  • Crash reports and basic install metrics may be collected by the application store and made available to us in aggregated, non-identifying form.

The applications request the following Android permissions: ACCESS_FINE_LOCATION and ACCESS_BACKGROUND_LOCATION (to detect ZTL zones while driving, including in the background), POST_NOTIFICATIONS (to deliver alerts), FOREGROUND_SERVICE (to keep location monitoring running while driving) and, optionally, REQUEST_IGNORE_BATTERY_OPTIMIZATIONS for reliable background operation.

The applications use the following third-party services: Mapbox for map rendering (subject to Mapbox Privacy Policy); Google Play Billing / Apple App Store for in-app purchases; and OpenStreetMap / Overpass API for finding parking locations (no personal data is sent).

2. Why we process your data — and on what legal basis

  • To provide the service you requested (apartment booking, salon appointment, app functionality) — Article 6(1)(b) GDPR, performance of a contract.
  • To comply with legal obligations — for example guest registration with the Slovenian police, tax invoicing — Article 6(1)(c) GDPR.
  • To protect our legitimate interests — for example basic web-server logs to defend against abuse — Article 6(1)(f) GDPR.

3. Who we share data with

We share data only with:

  • The booking platform, for apartment reservations made through it;
  • Slovenian public authorities, where required by law (eTurizem registration, tax authority);
  • Our accountant, bound by professional confidentiality;
  • The application store (Google, Apple) in the limited way described above.

We do not sell your personal data. We do not transfer it outside the European Economic Area, except to the extent that Apple Inc. (United States) and Google LLC (United States) process data as part of their app-store services, under the safeguards they have in place.

4. How long we keep it

  • Web-server logs: up to 30 days.
  • Booking and salon-appointment records: 5 years for tax and accounting purposes (mandatory retention period under Slovenian law).
  • Guest-registration data submitted to the police: as required by the Slovenian Foreigners Act.
  • Email correspondence: as long as needed to handle the matter, then archived for up to 24 months.

5. Your rights under GDPR

You have the right to:

  • request access to the personal data we hold about you;
  • request that we correct inaccurate data;
  • request that we delete your data, subject to our legal retention obligations;
  • request that we restrict or object to processing;
  • request data portability where applicable;
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with the Slovenian Information Commissioner (Informacijski pooblaščenec) — www.ip-rs.si.

To exercise any of these rights, write to info@2alfa.org. We will respond within 30 days.

6. Cookies

This website uses no tracking cookies and no analytics cookies. The only cookies that may be set are essential, functional cookies required for the site to display correctly (for example, language preference if applicable). No consent banner is shown because no consent is required.

7. Security

We protect personal data with industry-standard measures: encrypted email transport (TLS), strong passwords on all accounts, regularly updated software, and the principle of "as little data as possible". No method of transmission over the internet is 100% secure, but we do our reasonable best.

8. Children

Our services are not directed to children under 14 (the digital consent age in Slovenia under ZVOP-2). We do not knowingly collect personal data from children. If you are a parent and believe your child has provided us with personal data, please contact us and we will delete it.

9. Changes to this policy

We may update this Privacy Policy when our services change or when legal requirements evolve. The latest version is always at 2alfa.org/privacy.html, with the "Last updated" date at the top.

10. Contact

2Alfa d.o.o.
Podbreg 32
4280 Kranjska Gora
Slovenia
Email: info@2alfa.org
VAT: SI37315374

The privacy policy specific to the ZTL Italia mobile application is published separately at github.com/2Alfadoo/ztl-italia-privacy, as referenced in the application's Google Play listing. Where the two documents could differ on app-specific points, the app-specific policy takes precedence.