Maistra d.d. Rovinj hereby informs you on the processing of your personal data and your rights based on the applicable rules on personal data protection.
Maistra d.d., joint stock company for hotel management and tourism, Rovinj, Obala Vladimira Nazora 6 is the controller of your personal data within the meaning of the General Regulation (GDPR).
Regarding the processing of your personal data, you can contact us through our Data Protection Officer by:
We provide the purposes and legal bases for the processing of your personal data in point 1 of this Information.
We provide more information on the categories of recipients of your personal data in point 2 of this Information.
For more information on the period of storage of your personal data see point 3 of this Information.
We remind you of your rights in point 4 of this Information.
You can read more about the automated decision-making, including profiling, in point 5 of this Information.
We collect, store and in other permitted ways process your personal data for the following purposes.
Without these data we cannot conclude an agreement for accommodation and other services.
As an exception, when the booking is made on our partners' website, we collect the above-mentioned data and other data that our partner determines to be mandatory and without which the contract cannot be concluded.
According to the currently valid regulations, we are obliged to collect the following data: surname and name, place, country and date of birth, citizenship, type and number of identity document, place of residence (temporary residence) and address, date and time of arrival to and departure from the facility, gender, note (basis for exemption from the sojourn tax payment, i.e. for reducing the sojourn tax payment).
We cannot provide the accommodation service without these data.
Booking and check-in
For this purpose, we collect and process data which are marked as optional on our websites and our partners' websites advertising our facilities, such as the flight number, accommodation preferences (e.g. smoking room), vegetarian menu, allergies, bed preferences, pillow preferences, etc.
Without these data, accommodation and other services will be provided, but the provided accommodation and services will not necessarily have additional quality and content that depend on these data.
Technical and security measures
The application of technical and security measures that exist in some of our facilities cannot be discontinued at the request of a particular guest.
Marketing and customer satisfaction surveys
Statistical analysis for internal purposes
The General Regulation (GDPR) provides for our right (legitimate interest) to process your personal data for the purpose of direct marketing and profiling regarding such marketing, to the extent which is not contrary to your interests, freedoms and rights.
However, in order to ensure a more complete protection of your personal data, rights and interests, before processing your personal data for the purpose of direct marketing, we will seek to ask your explicit consent for such processing.
The personal data we are obliged to collect at the time of a guest’s check-in is sent electronically to the eVisitor system, according to the regulations on the manner of keeping tourist registers and the form of tourist registration.
Your personal data are sent to our contractual processors that provide us with service management computer programs that have access to these data only to the extent necessary for the proper functioning of the program and to other processors that enable us to provide hospitality and tourist services. Also, your data are sent to other Controllers if it is necessary for the provision of accommodation services or other services (e.g. if you have booked a travel transfer service provided by our contracting partner with the accommodation service).
Your personal data are communicated or made available to third parties in other cases as well, but only when we are obliged to do so under the General Regulation (GDPR), for example at the request of a competent judicial or administrative body.
We store your data:
Users of our services have the following rights under the General Regulation (GDPR):
a. RIGHT OF ACCESS
At any time, you can request confirmation of whether your personal data are being processed and, if processed, you have the right to request access to such data and information as referred to in Article 15. of the General Regulation (GDPR).
Upon your request to exercise your right of access, we will provide you with the data and information electronically (via email), unless you did not specify your email address in your request or you explicitly requested postal delivery.
b. RIGHT TO RECTIFICATION
You have the right to ask us to rectify inaccurate personal data and to complete missing personal data without delay.
c. RIGHT TO ERASURE
If you feel that we have collected or otherwise processed your data contrary to the General Regulation (GDPR), you have the right to request erasure of such data. In case the request is well founded, the data will be erased without undue delay.
If there are reasons that prevent us from or limit us in complying with your request, we will notify you in response to your request.
d. RIGHT TO RESTRICTION OF PROCESSING
You have the right to ask us to restrict the processing of your personal data if you dispute the accuracy of these data, for a period enabling the controller to verify the accuracy of the personal dana, if the processing is illegal and you are opposed to erasure of such data, if you have filed an objection against the processing of your data, and if the data are no longer needed but are necessary for the establishment, exercise or defence of legal claims.
e. RIGHT TO DATA PORTABILITY
You have the right to receive the personal data you provided us in a structured, commonly used and machine-readable format and to transfer them to another controller if the processing of these data are based on consent or agreement and is carried out automatically.
f. RIGHT TO WITHDRAW CONSENT
If your data are processed based on your consent, you can withdraw such consent at any time without affecting the legitimacy of the processing that was based on such consent.
g. ADMINISTRATIVE COST
Your rights are exercised free of charge, and only exceptionally an administrative cost is charged.
We will notify you of the administrative cost that we have the right to charge under the General Regulation (GDPR) before it occurs and if the requirements for its payment are met.
h. RIGHT TO COMPLAINE AND OBJECT
Based on your particular situation, you have the right to file an objection at any time against the processing of personal data we conduct based on our legitimate interests under point 2 of this Information, including the right to file an objection against profiling related to such legitimate interests.
If you believe that by processing your personal data we are in violation of the General Regulation (GDPR), please contact us.
You have the right to file a complaint with the supervisory authority if you believe that by processing your personal data we are in violation of the General Regulation (GDPR). You can file a complaint with, for example, a supervisory body in the EU member state of your normal residence or workplace or in the Republic of Croatia (Personal Data Protection Agency).
The controller shall provide information on action taken on a request to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
We use your data (name and surname, email) to personalise our services and marketing materials and tailor them according to your preferences. We personalise services and materials by profiling (e.g. segmentation) that help us better understand your interests. Profiling does not limit your choice of services we provide.
We apply automated decision-making in such a way that, depending on the profiling or data you provide, a computer program sends you an offer and/or promotional (marketing) material without any human intervention. The described automated decision-making does not limit your choice of services we provide.
What are cookies?
Cookies are the information stored on your computer by the website you have visited. Cookies usually store your settings, as well as website settings, such as the preferred language. Later, when you visit the same website again, the web browser sends back the cookies belonging to that website. This allows the website to show the information adjusted to your needs.
Cookies can store a wide range of information, including your personal information (such as your name or email address). However, this information can only be stored if you enable it – websites cannot get access to the information you did not provide and cannot access other files on your computer or mobile device. The default options of storing and sending cookies are not visible to you. However, you can change the settings of your internet browser, so you can decide for yourself whether to approve or deny requests for storing cookies, as well as delete the stored cookies automatically when closing your internet browser, etc.
How to disable cookies?
By disabling cookies you decide whether you wish to allow storage of cookies on your computer or mobile device. You can control and configure your cookies settings in your web browser. If you disable cookies, you may not be able to use some features on our website.
What are permanent cookies?
Permanent or saved cookies remain on your computer after you close the web browser. These cookies allow websites to store data, such as login name and password, so that you do not have to sign in each time you visit a specific site. Permanent cookies will remain on your computer or mobile device for days, months, even years.
What are temporary cookies?
Temporary cookies are automatically removed from the computer once the Internet browser has been closed. Websites use them to store temporary information, such as shopping cart items.
What are first-party cookies?
First-party cookies come from the website that you are viewing and can be either persistent or temporary. Websites might use these cookies to store information that they will reuse the next time you visit that website.
What are third-party cookies?
Third-party cookies come from other websites’ advertisements (such as pop up or other ads) on the website you are viewing. Websites use these cookies to track your web use for marketing purposes.
Who places data collection systems?
Data collection systems are placed by Maistra d.d. or one of its partners.
Data collection systems that we place are:
- Data collection systems strictly necessary for website operation and provision of our services. We use them to save information on your log-ins or access to our website and use of services in order to implement security measures or adapt the website to the settings of your device (language, operating system, etc.). These data collection systems also allow you to access your personal account on the website.
- Analytical data collection systems. We use them to produce statistics on website views and use of its various parts (pages visited and content viewed, user’s manner of use) which help us improve the content of the website and the quality of our services.
- Data collection systems for advertising. These data collection systems enable us to analyse your use of the website and of the advertisements displayed on the website in order to offer you advertisements adapted to your areas of interest on our website or on our partners’ websites. These data collection systems allow us (i) to count and identify the advertisements displayed, (ii) to count the number of users who clicked on each advertisement and (iii), where applicable, to monitor the subsequent actions taken by these users on the pages to which these advertisements are linked.
We can also share with our partners some of the data collected through a data collection system to enable them to conduct visitor behaviour research.
Data collection systems placed by third parties:
How can I change my settings?
You can view and change settings regarding data collection systems at any time. You can set whether you want to accept or discard data collection systems occasionally or permanently in your web browser settings. Bear in mind that these settings may affect the functioning of your internet browser and your usage of certain website services which require data collection systems to be used.
Manage your settings on this site depending on the web browser you use:
Internet Explorer™: http://windows.microsoft.com/hr-hR/windows-vista/B...
We use Google Analytics. If you do not want us to use Google Analytics to collect
or use your information, click the following link: