MaiStar Rewards Club Loyalty Programme
We care about you and your privacy, which is why we are continuously working on providing you with adequate protection of your personal data. To ensure that your privacy is protected, we have put together this document, which contains information on how we process your personal data. Please take some time to study this notice and to learn what we do with your personal data, why we need this data, and what your rights are.
To access and join the MaiStar Rewards Club Loyalty Programme (hereinafter: “MaiStar”), you must accept our general terms and conditions. However, it is important to know that accepting the general terms and conditions and joining MaiStar implies the collection of certain personal data about you. We need this data to give you access to MaiStar, to allow you to collect points, and to be able to take full advantage of participating in our Loyalty Programme.
We will use your personal data exclusively in the manner described in this Privacy Notice and will not use it for other purposes or share it with third parties.
2. Versions and Updates
This Privacy Notice was updated on [insert publication date].
3. About us
Your personal data is processed jointly by two companies working together on the basis of a business cooperation agreement. In terms of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), within the MaiStar Rewards Club Loyalty Programme joint project, these two companies are considered to be joint controllers vis-à-vis the data subjects.
The following companies are the controllers: MAISTRA d.d., Rovinj, Obala Vladimira Nazora 6, PIN (OIB): 25190869349 (hereinafter: “MAISTRA” or “the Company”) and HUP-ZAGREB d.d., Zagreb, Trg Krešimira Ćosića 9, PIN (OIB): 66859264899 (hereinafter: “HUP-ZAGREB” or “the Company”).
Hereinafter collectively referred to as “We”.
If you have any questions related to the protection of your personal data, you can contact us by using the following contact information,via the point of single contact of joint controllers:
o E-mail at firstname.lastname@example.org
o Post at the address Obala Vladimira Nazora 6, 52 210 Rovinj, Attn. Službenik za zaštitu podataka (data protection officer).
5. Reasons for Collecting Personal Data
The data about you that we collect, receive, or process is used primarily to enable you to participate in the benefits offered by MaiStar membership.
For example, we will collect, process, and store your personal data to register and enrol you in the MaiStar programme. At the time of registration, we will also ask you for information on your date of birth and your place of residence.
During your membership in the MaiStar programme, we will also process information about you in order to find out more about how you use our services. We need this information in order to fulfil the content of your MaiStar membership and enable you to collect points and redeem points to claim membership benefits.
We will also process personal data to better understand your activities or find out which types of our services interest you. We may also collect information about the language in which we communicate with you or about the ways in which you most often use our accommodation services and other additional services.
We may sometimes ask you for some additional information, which may also include the processing of your personal data. When we do so, we will always explain why we are requesting such information and the benefits of sharing such information with us, and we will ask for your consent. For example, we may ask you to complete a survey on a voluntary basis, which is used to improve the quality of our accommodation, restaurants, cafés, wellness centres, or other services we provide, as well as to explore consumer habits in order to adapt the facilities, amenities, and activities available.
Other service providers, such as analytics or promotional service providers, may collect this data for us. In this case, the privacy policies of other service providers shall also apply to the processing of data, but we will always inform you about this on a case-by-case basis. Participation in such activities is voluntary and requires your consent. In case you do not consent to participate in such activities, we will not collect such personal data about you.
6. The Types of Personal Data Collected
Personal data includes any data relating to an identified natural person or other data by which a person can be identified.
Examples of personal data we collect are:
o Identification data
o Name and surname, mode of address, date of birth.
o Contact information
o Postal address and e-mail address.
o Service usage data / transaction data
o Transaction data includes data about which of our services you have used, dates and descriptions of services (stays, food and beverage consumption, prices, spa and wellness services).
o Data on the use of membership benefits
o Technical data include IP addresses, login information, location data, time zone, browser type and version, operating system, and other data about the technology you use to access our website.
o Technical data
o Includes IP addresses, login information, location data, time zone, browser type and version, operating system, and other data about the technology you use to access our website.
o Includes data on how you use our website, products and services.
o Data about your preferences
o Data on the preferred type of accommodation, destination, and interests (optional data).
7. Purposes of Processing Personal Data
We collect and process your personal data for the following purposes:
- To enable you to register and open a MaiStar Rewards Loyalty Programme user account;
- To enable you to earn points by using our services, in accordance with the provisions of the MaiStar Rewards Loyalty Programme Terms and Conditions;
- To enable you to exchange the collected points for our services and benefits, in accordance with the provisions of the General Terms and Conditions of the MaiStar Rewards Loyalty Programme;
- In order to calculate a special discount for our services, in accordance with the provisions of the General Terms and Conditions of the MaiStar Rewards Loyalty Programme;
- Unless you have already requested not to be contacted for these purposes, we will also use your personal data to contact you electronically with new offers and services that may be of interest to you;
- With your consent, we will use your personal data to inform you electronically about news about us;
- Unless you have already requested not to be contacted for these purposes and you have agreed to participate in a survey, we will process your answers and record your preferences;
- If you choose to participate in contests or promotions, we will process the data you have provided to us for the purpose of participating;
- To better understand your preferences and choices and to offer you a customized and individualized experience based on your interests;
- For analytical and statistical purposes and to be able to conduct market research, for example, to find out which user groups participate in our Loyalty Programme and in what way;
- To provide you with customer support.
8. Legal Bases for the Processing of Personal Data
In processing, collecting and using this personal data, we rely on several legal bases:
Concluding / Executing Agreements.
In situations where we process your data used for access, we process the data in order to enable you to register and become a member of MaiStar. In cases where we record data about your accommodation, we record it in accordance with the general terms and conditions of membership in the MaiStar Loyalty Programme and in cases where points are used for our other services, in accordance with the general terms and conditions.
Sometimes we process your personal data because it is in our legitimate interest to do so, for example, if we process personal data on the way you use the programme, as well as to create special offers, to provide you with personalized content and to improve your user experience.
In some cases, for example, if we contact you with information about us and our services, we process such data with your consent.
We do not collect special categories of your personal data, meaning we do not collect any data relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, nor your genetic data, biometric data, or health data that can be used to identify you, nor do we collect any other information relating to your sex life or your sexual orientation.
We can retain the data we collect only if we have the appropriate legal basis for it.
Our website collects cookies that contain certain information about how and in what way you use our website. Cookies are small text files that contain a unique identification and reference code that the web browser saves on your device and with which we can recognize you again when you access our website.
We do not use this data to identify you, nor do we use third-party cookies for this purpose. Some cookies we collect last only during your use of our site, and some last a little longer so that we can recognize you again when you access our site again.
10. Recipients of Personal Data
We do not share your personal data with third parties for the purpose of advertising their services. We will not sell your personal data to third parties.
In certain cases, we will share your personal data with other recipients, as follows:
o With affiliated companies or companies that are affiliated companies of Adris Grupa d.d., which is the majority shareholder of MAISTRA d.d. and HUP-ZAGREB d.d.;
o In cases where it is necessary to share your personal data to fulfil an agreement to which you are a party;
o With judicial, tax, audit and other competent authorities, when we have reason to believe that we are obliged by law and other regulations to share such data (for example, at the request of the tax authority or in connection with expected litigation);
o With payment service providers with whom we have concluded agreements on the processing of personal data;
o With IT service providers with whom we have concluded appropriate agreements on the processing of personal data, whose systems we use in our business (e.g. PHOBS booking system (Phobs d.o.o.), Opera guest database (HRS International) and Laser Line (Laser Line d.o.o.), CRM system (BE-Terna d.o.o.), Microsoft Office 365);
o With other service providers that provide a specific service for us, including external consultants, investment advisory service providers, professional advisors such as auditors, lawyers or accountants, marketing and market research agencies, technical support service providers and IT consultants who conduct certain testing or work on developing technical solutions in our systems;
o In case of a merger or takeover of Maistra or HUP-ZAGREB in the future, we may share your personal data with the company’s new owners. Certain personal data may also be transferred during the purchasing process, to potential buyers and their advisors, as part of the due diligence process.
11. Cross-Border Transfers
We want to ensure that your personal data is stored and transferred securely. Therefore, outside the European Economic Area (hereinafter: EEA), we will only transfer data if that complies with the applicable data protection regulations and if the means of transmission ensure an adequate level of security for your data, for example:
o Transfer of data to a third country, based on a decision of the European Commission on adequacy, which established that the legislation of that country has ensured an adequate level of data protection; or
o A Data Transfer Agreement concluded with a third party, which contains standard contractual clauses accepted by the European Commission for data transfer cases within the EEA, to controllers and processors in jurisdictions without an adequate level of data protection; or
o if you have expressly consented to the data transfer.
12. Security of the Processing of Personal Data
We apply technical and organizational measures to ensure that your data is secure and to protect it from accidental or intentional unauthorized access, loss or modification. We have ensured that your data can be accessed only by those persons who have a business need for it, solely for the permitted purposes and of which you have been notified, and that these persons are obliged to keep your data confidential.
If you suspect any unauthorized use, loss or unauthorized access to your personal data, please notify us.
13. Data Storage and Retention Periods
We retain your data for as long as we need it for our legitimate business purposes and for as long as permitted by law. As long as your account is active and not deleted, we will retain your data, which has been submitted on the basis of consent, until you withdraw your consent. If you choose to delete your account, such deletion of data will be considered a withdrawal of consent, and all your data will be deleted as soon as operationally and reasonably practicable.
14. Your Rights
Access. You have the right to access your personal data at any time by sending a request requesting that we provide you with all your personal data that we process.
Restriction of Processing. You have the right to object to certain processing activities, for example, if we process your personal data on the basis of a legitimate interest.
Transfer. You have the right to request a transfer of personal data to another service provider – in practice, this means that you have the right to request that we provide you with all personal data that we process in a machine-readable format or to request that we provide it directly to another company.
Rectification. You have the right to request an update, rectification or supplementation of your personal data at any time.
Deletion. You have the right to request the deletion of your personal data. We will comply with your request if we do not have a legal obligation or a valid reason of a legal or business nature for which we should continue to keep them.
Withdrawal of Consent. If we process your data on the basis of consent, you are entitled to withdraw your consent at any time. We will stop processing personal data collected on this legal basis without delay.
You can make all requests by sending a written request to the business address MAISTRA d.d. in Rovinj, Obala Vladimira Nazora 6 (Attn. Službenik za zaštitu podataka (data protection officer) or by e-mail at email@example.com.
Complaint. You are also entitled to submit a complaint to the local supervisory authority for data protection – or the Croatian Personal Data Protection Agency, to the address:
Agencija za zaštitu osobnih podataka
Selska cesta 136
HR – 10 000 Zagreb
Tel. +385 (01) 4609-000
Fax. + 385 (01) 4609-099
We inform you that we will keep records of our communication so that we can resolve any issue you contact us about as efficiently as possible.
We process your rights free of charge, and we will only exceptionally charge you the administrative cost of processing the request, in accordance with the provisions of the General Regulation. In that case, we will notify you before the cost is incurred.