Information on personal data protection
Maistra d.d. Rovinj hereby informs you on the processing of your personal data and your rights based on the applicable rules on personal data protection.
Maistra d.d. Rovinj hereby informs you on the processing of your personal data and your rights based on the applicable rules on personal data protection.
This Information contains amendments to the Privacy Policy based on which Maistra d.d. regulated the protection of your personal data. These amendments are motivated by the entry into force of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: General Regulation - GDPR).
This Information applies to all cases of processing of your personal data by Maistra d.d. Rovinj as the Controller, unless any other Information, Privacy Policy or similar documents irrespective of their name need to be applied in special cases of processing and take precedence over this Information or supplement it (e.g. data processing cases specific to individual Maistra facilities).
Maistra d.d., joint stock company for hotel management and tourism, Rovinj, Obala Vladimira Nazora 6 is the controller of your personal data within the meaning of the General Regulation (GDPR).
Regarding the processing of your personal data, you can contact us through our Data Protection Officer by:
We provide the purposes and legal bases for the processing of your personal data in point 1 of this Information.
We provide more information on the categories of recipients of your personal data in point 2 of this Information.
For more information on the period of storage of your personal data see point 3 of this Information.
We remind you of your rights in point 4 of this Information.
You can read more about the automated decision-making, including profiling, in point 5 of this Information.
We collect, store and in other permitted ways process your personal data for the following purposes.
Booking
Without these data we cannot conclude an agreement for accommodation and other services.
As an exception, when the booking is made on our partners' website, we collect the above-mentioned data and other data that our partner determines to be mandatory and without which the contract cannot be concluded.
Check-in
According to the currently valid regulations, we are obliged to collect the following data: surname and name, place, country and date of birth, citizenship, type and number of identity document, place of residence (temporary residence) and address, date and time of arrival to and departure from the facility, gender, note (basis for exemption from the sojourn tax payment, i.e. for reducing the sojourn tax payment).
We cannot provide the accommodation service without these data.
Booking and check-in
For this purpose, we collect and process data which are marked as optional on our websites and our partners' websites advertising our facilities, such as the flight number, accommodation preferences (e.g. smoking room), vegetarian menu, allergies, bed preferences, pillow preferences, etc.
Without these data, accommodation and other services will be provided, but the provided accommodation and services will not necessarily have additional quality and content that depend on these data.
Technical and security measures
The application of technical and security measures that exist in some of our facilities cannot be discontinued at the request of a particular guest.
Loyalty programmes
Marketing and customer satisfaction surveys
Competitions
Statistical analysis for internal purposes
Legitimate interest
The General Regulation (GDPR) provides for our right (legitimate interest) to process your personal data for the purpose of direct marketing and profiling regarding such marketing, to the extent which is not contrary to your interests, freedoms and rights.
However, in order to ensure a more complete protection of your personal data, rights and interests, before processing your personal data for the purpose of direct marketing, we will seek to ask your explicit consent for such processing.
The personal data we are obliged to collect at the time of a guest’s check-in is sent electronically to the eVisitor system, according to the regulations on the manner of keeping tourist registers and the form of tourist registration.
Your personal data are sent to our contractual processors that provide us with service management computer programs that have access to these data only to the extent necessary for the proper functioning of the program and to other processors that enable us to provide hospitality and tourist services. Also, your data are sent to other Controllers if it is necessary for the provision of accommodation services or other services (e.g. if you have booked a travel transfer service provided by our contracting partner with the accommodation service).
Your personal data are communicated or made available to third parties in other cases as well, but only when we are obliged to do so under the General Regulation (GDPR), for example at the request of a competent judicial or administrative body.
We store your data:
Users of our services have the following rights under the General Regulation (GDPR):
a. RIGHT OF ACCESS
At any time, you can request confirmation of whether your personal data are being processed and, if processed, you have the right to request access to such data and information as referred to in Article 15. of the General Regulation (GDPR).
Upon your request to exercise your right of access, we will provide you with the data and information electronically (via email), unless you did not specify your email address in your request or you explicitly requested postal delivery.
b. RIGHT TO RECTIFICATION
You have the right to ask us to rectify inaccurate personal data and to complete missing personal data without delay.
c. RIGHT TO ERASURE
If you feel that we have collected or otherwise processed your data contrary to the General Regulation (GDPR), you have the right to request erasure of such data. In case the request is well founded, the data will be erased without undue delay.
If there are reasons that prevent us from or limit us in complying with your request, we will notify you in response to your request.
d. RIGHT TO RESTRICTION OF PROCESSING
You have the right to ask us to restrict the processing of your personal data if you dispute the accuracy of these data, for a period enabling the controller to verify the accuracy of the personal dana, if the processing is illegal and you are opposed to erasure of such data, if you have filed an objection against the processing of your data, and if the data are no longer needed but are necessary for the establishment, exercise or defence of legal claims.
e. RIGHT TO DATA PORTABILITY
You have the right to receive the personal data you provided us in a structured, commonly used and machine-readable format and to transfer them to another controller if the processing of these data are based on consent or agreement and is carried out automatically.
f. RIGHT TO WITHDRAW CONSENT
If your data are processed based on your consent, you can withdraw such consent at any time without affecting the legitimacy of the processing that was based on such consent.
g. ADMINISTRATIVE COST
Your rights are exercised free of charge, and only exceptionally an administrative cost is charged.
We will notify you of the administrative cost that we have the right to charge under the General Regulation (GDPR) before it occurs and if the requirements for its payment are met.
h. RIGHT TO COMPLAINE AND OBJECT
Based on your particular situation, you have the right to file an objection at any time against the processing of personal data we conduct based on our legitimate interests under point 2 of this Information, including the right to file an objection against profiling related to such legitimate interests.
If you believe that by processing your personal data we are in violation of the General Regulation (GDPR), please contact us.
You have the right to file a complaint with the supervisory authority if you believe that by processing your personal data we are in violation of the General Regulation (GDPR). You can file a complaint with, for example, a supervisory body in the EU member state of your normal residence or workplace or in the Republic of Croatia (Personal Data Protection Agency).
The controller shall provide information on action taken on a request to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
We use your data (name and surname, email) to personalise our services and marketing materials and tailor them according to your preferences. We personalise services and materials by profiling (e.g. segmentation) that help us better understand your interests. Profiling does not limit your choice of services we provide.
We apply automated decision-making in such a way that, depending on the profiling or data you provide, a computer program sends you an offer and/or promotional (marketing) material without any human intervention. The described automated decision-making does not limit your choice of services we provide.
USE OF COOKIES
Information on the use of cookies
Cookies are very small text files that the server places on the user's computer in order to monitor the selection of individual language variants of our pages, as well as at each interaction with the part of the website that requires a username and a password. Cookies cannot be used to run programs or install viruses on your computer. Some cookies set by our web server are automatically deleted from your computer at the end of the session, i.e. the moment you leave our website. Browsing our pages is also possible without the use of cookies if your web browser is set to enable it.
This website must store a small amount of information (cookies) on your computer in order for it to work properly, and for us to be able to make further improvements to the website, as well as to improve your browsing experience. Over 90% of all websites use this practice, but according to current regulations, especially the Electronic Communications Act and the Personal Data Protection Act, we are obliged to ask you to agree to the use of cookies by using our website before we start storing them. By blocking cookies you will still be able to view the website, but some of the website functionalities will not be available to you.
What are cookies?
A cookie represents information stored on your computer by a website you visit. Cookies usually store your settings and website settings, such as your preferred language or address. Later, when you open the same website again, the web browser sends back the cookies that belong to that website. This allows the website to display information tailored to your needs.
Cookies can store a wide range of information, including personal data (such as your name or e-mail address). However, this information can only be saved if you allow it – websites cannot access information you did not give them, and cannot access other files on your computer. The default cookie saving and sending activities are not visible to you. However, you can change your web browser settings to be able to choose whether to approve or reject requests to save cookies, delete saved cookies automatically when you close your web browser etc.
What types of cookies can be found on our websites?
Cookies by duration
Cookies by source
Who installs data collection systems?
Data collection systems are installed by Maistra d.d. or one of the partners.
The data collection systems we install are:
We may also share with our partners some of the data collected through the data collection system to enable them to conduct research on visitor behaviour.
Data collection systems installed by third parties:
Can I disable cookies?
You can disable cookies by activating a setting in your browser that allows you to refuse to set all or certain cookies. By blocking cookies, you will still be able to browse our pages, but certain functionalities will be limited.
To learn more about cookies, including how to see and manage set cookies, visit www.aboutcookies.org or www.allaboutcookies.org.
To turn off Google Analytics tracking on all websites, visit http://tools.google.com/dlpage/gaoptout.
How long do cookies last?
Cookies can expire at the end of a browser session and are deleted after closing the web browser – these are temporary cookies (“session cookies”). Cookies can last for a long time; they can be stored on your hard drive and remain there even after you close your web browser – these are permanent cookies (“persistent cookies”). The table below indicates whether a particular cookie is temporary or permanent. Except for essential cookies, all cookies will be removed when they are no longer needed or have expired.
How can I change my settings?
By turning off cookies, you decide whether to allow cookies to be stored on your computer or mobile device. Cookie settings can be controlled and configured in your web browser. If you disable cookies, you may not be able to use some of the website functionalities.
You can review or change settings related to data collection systems at any time. In your web browser settings, you can choose whether you sometimes or permanently want to accept or reject data collection systems. Please note that these settings may affect the operation of your web browser and your use of services on the website, which require the use of a data collection system.
Manage your own settings on these websites, depending on your browser:
We use Google Analytics. If you do not want us to collect or use your data through Google Analytics, click on the following link:
https://tools.google.com/dlpage/gaoptout?hl=en
We use AdRoll for advertising and providing ads to change the target audience. For more information on the use of personal data, click on the following link: https://www.adrollgroup.com/privacy
| Type | Name | Source | Description | Type | Link |
|---|---|---|---|---|---|
| Google Analytics | _ga (2 years), _gid (1 day), _gat (1 minute), AMP_TOKEN (30 seconds – 1 year), _gac (3 months), __utma (2 years), __utmb (30 minutes), __utmc (session), __utmt (10 minutes), __utmz (6 months) (permanent or temporary cookies, third-party cookie, marketing cookie) | This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). We use an integration method that anonymises your IP address. Google Analytics uses cookies to analyse your use of the website. In addition to its standard features, this website also uses advanced features of Google Analytics. Google Analytics advertising features implemented on this website include Google Analytics demographics (age, gender) and interest reports. You can prevent your participation in this tracking process by setting your browser software accordingly, or through Google Ad Settings at https://www.google.com/ads/preferences/?hl=hr. Please note that, in this case, you may not be able to fully use all features of this offer. Data retention period: up to 26 months. The information generated by the cookie about your use of this website (including your IP address) is transmitted and stored on a Google server in the United States. Google uses this information to evaluate your use of the website by providing website activity reports to website operators. Google may transfer this information to third parties when required to do so by law, or when such third parties process the information on behalf of Google. Google will not associate your IP address with any other data held by Google. Read the Google Privacy Policy at the following link: http://www.google.com/analytics/learn/privacy.html. Google has developed a browser add-on that allows you to prevent the use of your Google Analytics JavaScript data (ga.js, analytics.js, dc.js). You can download it here: http://tools.google.com/dlpage/gaoptout | These are third-party marketing cookies (Google). | https://policies.google.com/privacy | |
| fr, reg_fb_ref, sb, reg_fb_gate, _js_reg_fb_ref, datr, wd, reg_ext_ref, _js_datr, _js_fr, _js_reg_fb_gate, _js_reg_ext, ref, act, checkpoint, locale, pnl-data2, c_user, xs, pl, spin, dpr, _fbp | These are temporary and permanent cookies that Facebook uses to provide advertising agencies with information about your visit to our website so that they can display ads for products and services of your interest. These cookies also allow us to place links on Facebook pages. | These are third-party functional and marketing cookies (Facebook). | https://www.facebook.com/policies/cookies/ | ||
| Facebook Pixel Cookie | tr | This is a temporary cookie that Facebook uses to track the activities of visitors to the website and to direct future Facebook ads to those users. It allows us to create marketing campaigns. | These are third-party functional and marketing cookies (Facebook). | https://www.facebook.com/policies/cookies/ | |
| Google settings and advertising cookies | DV, NID, 1P_JAR, CONSENT, DSID, IDE | These are temporary and permanent cookies that Google uses to remember your settings and other information in order to personalise your ads. This allows Google to advertise based on what is relevant to the user, improve reports on the performance of marketing campaigns, and select ads to be displayed for users. These cookies allow us to view Google Maps. | These are third-party functional and marketing cookies (Facebook). | https://policies.google.com/privacy | |
| YouTube cookies | VISITOR_INFO1_LIVE, GPS, YSC, PREF, SAPISID | These are temporary and permanent cookies that Google uses to obtain information about visits to videos stored on YouTube. | These are third-party marketing cookies (Google). | https://policies.google.com/privacy | |
| HotJar | _hjTLDTest | HotJar | When the Hotjar script is executed, we try to determine the cookie path we should use, instead of the site's hostname. This is done so that cookies can be shared between subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for various URL subset alternatives until it fails. After this check, the cookie is removed. | These are third-party marketing cookies (HotJar). | https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookie-Information |
| The Hotels Network | _gid, thn_id | The Hotels Network | A unique ID is generated for the purpose of anonymously identifying browsers and devices in order to provide product-specific recommendations based on statistics and navigation. | These are third-party marketing cookies (The Hotels Network). | |
| Session | PHPSESSID | Internal | This is a temporary cookie that we use to maintain a visitor session in accordance with the requirements of the website. | This is an internal session cookie. | |
| Security | _csrf | Internal | Cross-site request forgery cookie disables vulnerabilities such as cross-site scripting (XSS). | “Cross-site request forgery” internal cookie. | |
| Settings | cookies_potvrda | Internal | This cookie is used to record the user's decision to use the data on the website. |
"We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site."
