Maistra d.d., joint stock company for hotel management and tourism, Rovinj, Obala Vladimira Nazora 6 is the controller of your personal data within the meaning of the General Regulation (GDPR).
Regarding the processing of your personal data, you can contact us through our Data Protection Officer by:
- sending a query via email to: [email protected];
- sending post to the following postal address: Obala Vladimira Nazora 6, 52210 Rovinj (Croatia), Attn: Data Protection Officer.
PURPOSE AND LEGAL BASIS FOR PROCESSING
We provide the purposes and legal bases for the processing of your personal data in point 1 of this Information.
CATEGORIES OF RECIPIENTS
We provide more information on the categories of recipients of your personal data in point 2 of this Information.
PERIOD OF STORAGE
For more information on the period of storage of your personal data see point 3 of this Information.
We remind you of your rights in point 4 of this Information.
AUTOMATED DECISION-MAKING AND PROFILING
You can read more about the automated decision-making, including profiling, in point 5 of this Information.
1. PURPOSE AND LEGAL BASIS FOR PROCESSING
We collect, store and in other permitted ways process your personal data for the following purposes.
- At the time of booking accommodation and other services, we collect your personal data in order to conclude an agreement for accommodation and other services, especially to contact you (e.g. phone/mobile phone number, email address) or unambiguously link the booking with you and other guests traveling with you (e.g. name and surname, date of birth, number of guests, date of arrival, date of departure).
Without these data we cannot conclude an agreement for accommodation and other services.
As an exception, when the booking is made on our partners' website, we collect the above-mentioned data and other data that our partner determines to be mandatory and without which the contract cannot be concluded.
- At the time of your check-in at the facility, we collect and process your personal data in order to comply with our legal obligations under the regulations on the manner of keeping tourist registers and the form of tourist registration.
According to the currently valid regulations, we are obliged to collect the following data: surname and name, place, country and date of birth, citizenship, type and number of identity document, place of residence (temporary residence) and address, date and time of arrival to and departure from the facility, gender, note (basis for exemption from the sojourn tax payment, i.e. for reducing the sojourn tax payment).
We cannot provide the accommodation service without these data.
Booking and check-in
- At the time of booking and check-in, you can also provide us with additional data that will help us personalise the service we provide and further arrange your contractual relationship regarding accommodation and other services.
For this purpose, we collect and process data which are marked as optional on our websites and our partners' websites advertising our facilities, such as the flight number, accommodation preferences (e.g. smoking room), vegetarian menu, allergies, bed preferences, pillow preferences, etc.
Without these data, accommodation and other services will be provided, but the provided accommodation and services will not necessarily have additional quality and content that depend on these data.
Technical and security measures
- During your stay at our facility, we apply technical and security measures (e.g. video surveillance in the public areas of the facility that can record you, card keys that can show your location, etc.) to protect you and your property, other guests and their property, our employees and our property.
The application of technical and security measures that exist in some of our facilities cannot be discontinued at the request of a particular guest.
- The collected data regarding your membership in our Loyalty Programmes are processed based in accordance with your consent on our contractual relationship which arises in these programmes in order to gain the benefits described in the following links: https://www.maistra.com/loyalty and https://www.maistra.com/loyalty/general-terms.
- In addition, we use your data for direct marketing purposes (e.g., sending newsletters), which includes profiling for direct marketing needs.
- Membership in Loyalty Programmes is voluntary and you may at any time terminate your participation in the programmes as described in the links listed above.
Marketing and customer satisfaction surveys
- We collect and process your data so that we can contact you for promotional (marketing) purposes or for the purpose of assessing customer satisfaction concerning our services (surveys and such), in accordance with your consent.
- Promotion, for example, implies making special and personalised offers and services (e.g. newsletters).
- When you participate in our competitions, we collect dana, in accordance with your consent, required by the rules of the competition as a precondition for participation and data which are necessary for the fulfilment of your contractual rights and our contractual obligations in the event of you winning a prize.
Statistical analysis for internal purposes
- We process your personal data for statistical purposes in order to collect information about our business and our services. Data are processed so as not to allow your identification (so-called depersonalised data).
The General Regulation (GDPR) provides for our right (legitimate interest) to process your personal data for the purpose of direct marketing and profiling regarding such marketing, to the extent which is not contrary to your interests, freedoms and rights.
However, in order to ensure a more complete protection of your personal data, rights and interests, before processing your personal data for the purpose of direct marketing, we will seek to ask your explicit consent for such processing.
2. CATEGORIES OF PERSONAL DATA RECIPIENTS
The personal data we are obliged to collect at the time of a guest’s check-in is sent electronically to the eVisitor system, according to the regulations on the manner of keeping tourist registers and the form of tourist registration.
Your personal data are sent to our contractual processors that provide us with service management computer programs that have access to these data only to the extent necessary for the proper functioning of the program and to other processors that enable us to provide hospitality and tourist services. Also, your data are sent to other Controllers if it is necessary for the provision of accommodation services or other services (e.g. if you have booked a travel transfer service provided by our contracting partner with the accommodation service).
Your personal data are communicated or made available to third parties in other cases as well, but only when we are obliged to do so under the General Regulation (GDPR), for example at the request of a competent judicial or administrative body.
3. PERIOD OF DATA STORAGE
We store your data:
- for the period prescribed by the applicable regulations, if such data are collected solely for the purpose of fulfilling our legal obligations:
- for example, the data from the guestbook must be kept at least 2 years after the expiration of the calendar year during which the guest stayed at our facility, and such data must be kept for 10 years in the eVisitor system;
- in addition, according to accounting regulations we are obliged to keep the issued invoices and the personal data contained therein for 11 years.
- for the duration required for the expiry of statutory limitation period (three or five years) and for an additional reasonable period needed for your request submitted to a judicial or administrative body to be delivered to us, provided that such data are obtained solely in connection with the contracts we have concluded with you or about which we have negotiated (for example, data contained in booking requests/reservation inquiries and booking confirmations, data regarding loyalty programme membership, participation in competitions, etc.);
- until you withdraw your consent if we base the processing of your data on your consent;
- 10 years if the processing is based on our legitimate interests;
- 6 months (tapes - surveilance).
4. YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION
Users of our services have the following rights under the General Regulation (GDPR):
a. RIGHT OF ACCESS
At any time, you can request confirmation of whether your personal data are being processed and, if processed, you have the right to request access to such data and information as referred to in Article 15. of the General Regulation (GDPR).
Upon your request to exercise your right of access, we will provide you with the data and information electronically (via email), unless you did not specify your email address in your request or you explicitly requested postal delivery.
b. RIGHT TO RECTIFICATION
You have the right to ask us to rectify inaccurate personal data and to complete missing personal data without delay.
c. RIGHT TO ERASURE
If you feel that we have collected or otherwise processed your data contrary to the General Regulation (GDPR), you have the right to request erasure of such data. In case the request is well founded, the data will be erased without undue delay.
If there are reasons that prevent us from or limit us in complying with your request, we will notify you in response to your request.
d. RIGHT TO RESTRICTION OF PROCESSING
You have the right to ask us to restrict the processing of your personal data if you dispute the accuracy of these data, for a period enabling the controller to verify the accuracy of the personal dana, if the processing is illegal and you are opposed to erasure of such data, if you have filed an objection against the processing of your data, and if the data are no longer needed but are necessary for the establishment, exercise or defence of legal claims.
e. RIGHT TO DATA PORTABILITY
You have the right to receive the personal data you provided us in a structured, commonly used and machine-readable format and to transfer them to another controller if the processing of these data are based on consent or agreement and is carried out automatically.
f. RIGHT TO WITHDRAW CONSENT
If your data are processed based on your consent, you can withdraw such consent at any time without affecting the legitimacy of the processing that was based on such consent.
g. ADMINISTRATIVE COST
Your rights are exercised free of charge, and only exceptionally an administrative cost is charged.
We will notify you of the administrative cost that we have the right to charge under the General Regulation (GDPR) before it occurs and if the requirements for its payment are met.
h. RIGHT TO COMPLAINE AND OBJECT
Based on your particular situation, you have the right to file an objection at any time against the processing of personal data we conduct based on our legitimate interests under point 2 of this Information, including the right to file an objection against profiling related to such legitimate interests.
If you believe that by processing your personal data we are in violation of the General Regulation (GDPR), please contact us.
You have the right to file a complaint with the supervisory authority if you believe that by processing your personal data we are in violation of the General Regulation (GDPR). You can file a complaint with, for example, a supervisory body in the EU member state of your normal residence or workplace or in the Republic of Croatia (Personal Data Protection Agency).
The controller shall provide information on action taken on a request to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
5. PROFILING AND AUTOMATED DECISION-MAKING
We use your data (name and surname, email) to personalise our services and marketing materials and tailor them according to your preferences. We personalise services and materials by profiling (e.g. segmentation) that help us better understand your interests. Profiling does not limit your choice of services we provide.
We apply automated decision-making in such a way that, depending on the profiling or data you provide, a computer program sends you an offer and/or promotional (marketing) material without any human intervention. The described automated decision-making does not limit your choice of services we provide.
What are cookies?
A cookie represents information stored on your computer by a website you visit. Cookies usually store your settings and website settings, such as your preferred language or address. Later, when you open the same website again, the web browser sends back the cookies that belong to that website. This allows the website to display information tailored to your needs.
Cookies can store a wide range of information, including personal data (such as your name or e-mail address). However, this information can only be saved if you allow it – websites cannot access information you did not give them, and cannot access other files on your computer. The default cookie saving and sending activities are not visible to you. However, you can change your web browser settings to be able to choose whether to approve or reject requests to save cookies, delete saved cookies automatically when you close your web browser etc.
What types of cookies can be found on our websites?
Cookies by duration
- Persistent cookies
Persistent or saved cookies remain on your computer after you close your web browser. They enable websites to store information, such as your username and password, language settings, or cookie settings, so you don't have to re-enter them each time you visit. Persistent cookies can stay on your computer or mobile device for days, months, even years.
- Temporary cookies
Temporary cookies or session cookies are removed from your computer when you close your web browser. Websites use these cookies to store temporary information, such as the last few pages you opened on the website you're visiting, or items in your shopping cart if you are visiting a website that specialises in online shopping.
Cookies by source
- First-party cookies
First-party cookies come from the website you are visiting, and can be persistent or temporary. Using these cookies, websites can store data they will use again the next time you visit that Internet site.
- Third-party cookies
Third-party cookies come from other websites that are located on the website you are visiting. Using these cookies, other websites can track your use of the Internet on the website you are visiting for marketing purposes. Cookies by function.
- Technical cookies – required cookies
(always active) – essential for the functioning of the website and cannot be disabled in our systems. They are usually set in response to your actions that include a request for services, such as cookie settings, login, or filling out forms. You can set your browser to block these cookies or send a warning about them, but in that case some parts of the website will not work. Those cookies don't store any information that might identify you.
- Functional cookies
(can be disabled) – enable the website to provide enhanced functionality and personalised experience. They can be set up by us or third-party service providers whose services have been added to our websites. If you don't enable these cookies, some of these functions might not work properly.
(can be disabled) – enable recording visits and traffic sources in order to measure and improve the efficiency of our website. They help us find out which pages are most and least popular and see how visitors move around the website. All the information that these cookies collect accumulates and therefore remains anonymous. If you don't enable those cookies, we won't know when you visited our website and we won't be able to track its effectiveness. They do not store your personal settings directly, but are based on the unique identification of your browser and Internet device. If you do not enable these cookies, you will encounter less targeted advertising.
Who installs data collection systems?
Data collection systems are installed by Maistra d.d. or one of the partners.
The data collection systems we install are:
- Data collection systems strictly necessary for the operation of websites and the provision of our services. We use them to store information about your logins or access to websites, as well as your use of services, in order to apply security measures or adjust the website to the settings on your device (language, operating system, etc.). These data collection systems also allow you to access your personal account on the website.
- Analytical data collection systems. We use them to generate statistics about the number of views of the website, and the use of its various parts (pages visited, content viewed, the user's use of the site), which help us improve the content on the website, and the quality of our services.
- Advertising data collection systems. These data collection systems allow us to analyse your use of the website and the ads displayed, so that we can offer you ads that match your interests on our website or our partners' websites. These data collection systems specifically allow us to (i) count and identify the ads displayed, (ii) count the users who clicked on each of those ads, and (iii) in such cases, monitor the behaviour of those users on the websites to which the ads lead.
We may also share with our partners some of the data collected through the data collection system to enable them to conduct research on visitor behaviour.
Data collection systems installed by third parties:
- Some of our business partners have permission to install a data collection system on the website for purposes stated prior to the installation. The installation and use of such data collection systems are subject to third-party privacy policies.
Can I disable cookies?
You can disable cookies by activating a setting in your browser that allows you to refuse to set all or certain cookies. By blocking cookies, you will still be able to browse our pages, but certain functionalities will be limited.
To learn more about cookies, including how to see and manage set cookies, visit www.aboutcookies.org or www.allaboutcookies.org.
To turn off Google Analytics tracking on all websites, visit http://tools.google.com/dlpage/gaoptout.
How long do cookies last?
Cookies can expire at the end of a browser session and are deleted after closing the web browser – these are temporary cookies (“session cookies”). Cookies can last for a long time; they can be stored on your hard drive and remain there even after you close your web browser – these are permanent cookies (“persistent cookies”). The table below indicates whether a particular cookie is temporary or permanent. Except for essential cookies, all cookies will be removed when they are no longer needed or have expired.
How can I change my settings?
By turning off cookies, you decide whether to allow cookies to be stored on your computer or mobile device. Cookie settings can be controlled and configured in your web browser. If you disable cookies, you may not be able to use some of the website functionalities.
You can review or change settings related to data collection systems at any time. In your web browser settings, you can choose whether you sometimes or permanently want to accept or reject data collection systems. Please note that these settings may affect the operation of your web browser and your use of services on the website, which require the use of a data collection system.
Manage your own settings on these websites, depending on your browser:
We use Google Analytics. If you do not want us to collect or use your data through Google Analytics, click on the following link:
We use AdRoll for advertising and providing ads to change the target audience. For more information on the use of personal data, click on the following link: https://www.adrollgroup.com/privacy
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site."