Privacy Policy

This Information contains amendments to the Privacy Policy based on which Maistra d.d. regulated the protection of your personal data. These amendments are motivated by the entry into force of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: General Regulation - GDPR).

This Information applies to all cases of processing of your personal data by Maistra d.d. Rovinj as the Controller, unless any other Information, Privacy Policy or similar documents irrespective of their name need to be applied in special cases of processing and take precedence over this Information or supplement it (e.g. data processing cases specific to individual Maistra facilities).

CONTROLLER

Maistra d.d., joint stock company for hotel management and tourism, Rovinj, Obala Vladimira Nazora 6 is the controller of your personal data within the meaning of the General Regulation (GDPR).

Regarding the processing of your personal data, you can contact us through our Data Protection Officer by:

1. sending a query via email to: dpo@maistra.hr;
2. sending post to the following postal address: Obala Vladimira Nazora 6, 52210 Rovinj (Croatia), Attn: Data Protection Officer.

PURPOSE AND LEGAL BASIS FOR PROCESSING

We provide the purposes and legal bases for the processing of your personal data in point 1 of this Information.

OUR LEGITIMATE INTERESTS

For more information on our legitimate interests in the processing of your personal data for the purpose of direct marketing see point 2 of this Information.

CATEGORIES OF RECIPIENTS

We provide more information on the categories of recipients of your personal data in point 3 of this Information.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

For more information on the transfer of your personal date see point 4 of this Information.

PERIOD OF STORAGE

For more information on the period of storage of your personal data see point 5 of this Information.

YOUR RIGHTS

We remind you of your rights in point 6 of this Information.

AUTOMATED DECISION-MAKING AND PROFILING

You can read more about the automated decision-making, including profiling, in point 7 of this Information.

COMPLAINTS AND OBJECTIONS

You can find useful information about your right to complain and object in point 8 of this Information.

1. PURPOSE AND LEGAL BASIS FOR PROCESSING

We collect, store and in other permitted ways process your personal data for the following purposes.

Booking

• At the time of booking accommodation and other services, we collect your personal data in order to conclude an agreement for accommodation and other services, especially to contact you (e.g. phone/mobile phone number, email address) or unambiguously link the booking with you and other guests traveling with you (e.g. name and surname, date of birth, number of guests, date of arrival, date of departure).

Without these data we cannot conclude an agreement for accommodation and other services.

As an exception, when the booking is made on our partners' website, we collect the above-mentioned data and other data that our partner determines to be mandatory and without which the contract cannot be concluded.

Check-in

• At the time of your check-in at the facility, we collect and process your personal data in order to comply with our legal obligations under the regulations on the manner of keeping tourist registers and the form of tourist registration.

According to the currently valid regulations, we are obliged to collect the following data: surname and name, place, country and date of birth, citizenship, type and number of identity document, place of residence (temporary residence) and address, date and time of arrival to and departure from the facility, gender, note (basis for exemption from the sojourn tax payment, i.e. for reducing the sojourn tax payment).

We cannot provide the accommodation service without these data.

Booking and check-in

• At the time of booking and check-in, you can also provide us with additional data that will help us personalise the service we provide and further arrange your contractual relationship regarding accommodation and other services.

For this purpose, we collect and process data which are marked as optional on our websites and our partners' websites advertising our facilities, such as the flight number, accommodation preferences (e.g. smoking room), vegetarian menu, allergies, bed preferences, pillow preferences, etc.

Without these data, accommodation and other services will be provided, but the provided accommodation and services will not necessarily have additional quality and content that depend on these data.

Technical and security measures

• During your stay at our facility, we apply technical and security measures (e.g. video surveillance in the public areas of the facility that can record you, card keys that can show your location, etc.) to protect you and your property, other guests and their property, our employees and our property.

The application of technical and security measures that exist in some of our facilities cannot be discontinued at the request of a particular guest.

Loyalty programmes

• The collected data regarding your membership in our Loyalty Programmes are processed based on our contractual relationship which arises from your membership in these programmes in order to gain the benefits described in the following links: https://www.maistra.com/loyalty and https://www.maistra.com/loyalty/general-terms.
• In addition, we use your data for direct marketing purposes (e.g., sending newsletters), which includes profiling for direct marketing needs.
• Membership in Loyalty Programmes is voluntary and you may at any time terminate your participation in the programmes as described in the links listed above.

Marketing and customer satisfaction surveys

• We collect and process your data so that we can contact you for promotional (marketing) purposes or for the purpose of assessing customer satisfaction concerning our services (surveys and such), in accordance with your consent.
• Promotion, for example, implies making special and personalised offers and services (e.g. newsletters).

Competitions

• When you participate in our competitions, we collect data required by the rules of the competition as a precondition for participation and data which are necessary for the fulfilment of your contractual rights and our contractual obligations in the event of you winning a prize.

Statistical analysis for internal purposes

• We process your personal data for statistical purposes in order to collect information about our business and our services. Data are processed so as not to allow your identification (so-called depersonalised data).

2. LEGITIMATE INTEREST

The General Regulation (GDPR) provides for our right (legitimate interest) to process your personal data for the purpose of direct marketing and profiling regarding such marketing, to the extent which is not contrary to your interests, freedoms and rights.

However, in order to ensure a more complete protection of your personal data, rights and interests, before processing your personal data for the purpose of direct marketing, we will seek to ask your explicit consent for such processing.

3. CATEGORIES OF PERSONAL DATA RECIPIENTS

The personal data we are obliged to collect at the time of a guest’s check-in is sent electronically to the eVisitor system, according to the regulations on the manner of keeping tourist registers and the form of tourist registration.

Your personal data are sent to our contractual processors that provide us with service management computer programs that have access to these data only to the extent necessary for the proper functioning of the program and to other processors that enable us to provide hospitality and tourist services. Also, your data are sent to other Controllers if it is necessary for the provision of accommodation services or other services (e.g. if you have booked a travel transfer service provided by our contracting partner with the accommodation service).

Your personal data are communicated or made available to third parties in other cases as well, but only when we are obliged to do so under the General Regulation (GDPR), for example at the request of a competent judicial or administrative body.

4. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

We do not intend to transfer your personal data to a third country (i.e. non-EU/EEA country) or an international organisation. However, when such transfers are necessary or useful in providing our services (for example, to store data on servers or for online data transfer), we regulate the relations with our processors in third countries in accordance with the provisions of the General Regulation (GDPR).

5. PERIOD OF DATA STORAGE

We store your data:

• for the period prescribed by the applicable regulations, if such data are collected solely for the purpose of fulfilling our legal obligations:
  - for example, the data from the guestbook must be kept at least 2 years after the expiration of the calendar year during which the guest stayed at our facility, and such data must be kept for 10 years in the eVisitor system;
  - in addition, according to accounting regulations we are obliged to keep the issued invoices and the personal data contained therein for 11 years.
• for the duration required for the expiry of statutory limitation period (three or five years) and for an additional reasonable period needed for your request submitted to a judicial or administrative body to be delivered to us, provided that such data are obtained solely in connection with the contracts we have concluded with you or about which we have negotiated (for example, data contained in booking requests/reservation inquiries and booking confirmations, data regarding loyalty programme membership, participation in competitions, etc.);
• until you withdraw your consent if we base the processing of your data on your consent;
• 10 years if the processing is based on our legitimate interests (but, above all, taking into consideration the content of point 2 of this Information, or 2 years if the matter in question are cookies).

6. YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION

Users of our services have the following rights under the General Regulation (GDPR):

a. RIGHT OF ACCESS

At any time, you can request confirmation of whether your personal data are being processed and, if processed, you have the right to request access to such data and information as referred to in Article 15. of the General Regulation (GDPR).

Upon your request to exercise your right of access, we will provide you with the data and information electronically (via email), unless you did not specify your email address in your request or you explicitly requested postal delivery.

b. RIGHT TO RECTIFICATION

You have the right to ask us to rectify inaccurate personal data and to complete missing personal data without delay.

c. RIGHT TO ERASURE

If you feel that we have collected or otherwise processed your data contrary to the General Regulation (GDPR), you have the right to request erasure of such data. In case the request is well founded, the data will be erased without undue delay.

The right to erasure can be obtained if your personal data are no longer necessary for the purposes for which they were collected or otherwise processed, if you have withdrawn your consent to the processing of your data, if you have filed an objection to the processing necessary for our legitimate interests, if the data of a child under the age of 16 are collected in connection with the provision of information society services or if the data must be erased in order to comply with a legal obligation.

If there are reasons that prevent us from or limit us in complying with your request, we will notify you in response to your request.

d. RIGHT TO RESTRICTION OF PROCESSING

You have the right to ask us to restrict the processing of your personal data if you dispute the accuracy of these data, if the processing is illegal and you are opposed to erasure of such data, if you have filed an objection against the processing of your data, and if the data are no longer needed but are necessary for the establishment, exercise or defence of legal claims.

e. RIGHT TO DATA PORTABILITY

You have the right to receive the personal data you provided us in a structured, commonly used and machine-readable format and to transfer them to another controller if the processing of these data are based on consent or agreement and is carried out automatically.

f. RIGHT TO WITHDRAW CONSENT

If your data are processed based on your consent, you can withdraw such consent at any time without affecting the legitimacy of the processing that was based on such consent.

g. ADMINISTRATIVE COST

Your rights are exercised free of charge, and only exceptionally an administrative cost is charged.
We will notify you of the administrative cost that we have the right to charge under the General Regulation (GDPR) before it occurs and if the requirements for its payment are met.

7. PROFILING AND AUTOMATED DECISION-MAKING

We use your data to personalise our services and marketing materials and tailor them according to your preferences. We personalise services and materials by profiling (e.g. segmentation) that help us better understand your interests. Profiling does not limit your choice of services we provide.

We apply automated decision-making in such a way that, depending on the profiling or data you provide, a computer program sends you an offer and/or promotional (marketing) material without any human intervention. The described automated decision-making does not limit your choice of services we provide.

8. RIGHT TO COMPLAIN AND OBJECT

Based on your particular situation, you have the right to file an objection at any time against the processing of personal data we conduct based on our legitimate interests under point 2 of this Information, including the right to file an objection against profiling related to such legitimate interests.

If you believe that by processing your personal data we are in violation of the General Regulation (GDPR), please contact us.

You have the right to file a complaint with the supervisory authority if you believe that by processing your personal data we are in violation of the General Regulation (GDPR). You can file a complaint with, for example, a supervisory body in the EU member state of your normal residence or workplace or in the Republic of Croatia (Personal Data Protection Agency).

SERVER STATISTICS

Our global network server uses statistical software. Such programs are standard for all web servers and are not specific to our website. These statistical programs allow us to adjust our website so they are as efficient and as easy to use as possible for our visitors (determining which information our users are most or least interested in, adapting websites for specific web browsers, location structure efficiency, and website traffic).

USE OF COOKIES

To facilitate browsing functions on our websites, our global network server uses cookies. These are small text files that a server places on the user’s computer to enable monitoring of the selection of individual language versions on our websites, as well as when visiting those parts of our sites that require user login and password. Cookies cannot be used to start programs or plant viruses on your computer. Certain cookies placed by our web server are automatically deleted from your computer at the end of the session, i.e. the moment you leave our website. You can view our website without the use of cookies if your browser has the required settings.

To make our website work properly, in order to further improve our website and your browsing experience, this site has to save a small amount of information in the form of cookies on your computer. Over 90% of all websites use this practice but under the current regulations, especially the Electronic Communications Act and the Personal Data Protection Act, we are obliged to ask for your consent before storing cookies. By using the website you agree to use of cookies. By blocking the cookies you can still browse the website, but some of its features will not be available.

What are cookies?

Cookies are the information stored on your computer by the website you have visited. Cookies usually store your settings, as well as website settings, such as the preferred language. Later, when you visit the same website again, the web browser sends back the cookies belonging to that website. This allows the website to show the information adjusted to your needs.

Cookies can store a wide range of information, including your personal information (such as your name or email address). However, this information can only be stored if you enable it – websites cannot get access to the information you did not provide and cannot access other files on your computer or mobile device. The default options of storing and sending cookies are not visible to you. However, you can change the settings of your internet browser, so you can decide for yourself whether to approve or deny requests for storing cookies, as well as delete the stored cookies automatically when closing your internet browser, etc.

How to disable cookies?

By disabling cookies you decide whether you wish to allow storage of cookies on your computer or mobile device. You can control and configure your cookies settings in your web browser. If you disable cookies, you may not be able to use some features on our website.

What are permanent cookies?

Permanent or saved cookies remain on your computer after you close the web browser. These cookies allow websites to store data, such as login name and password, so that you do not have to sign in each time you visit a specific site. Permanent cookies will remain on your computer or mobile device for days, months, even years.

What are temporary cookies?

Temporary cookies are automatically removed from the computer once the Internet browser has been closed. Websites use them to store temporary information, such as shopping cart items.

What are first-party cookies?

First-party cookies come from the website that you are viewing and can be either persistent or temporary. Websites might use these cookies to store information that they will reuse the next time you visit that website.

What are third-party cookies?

Third-party cookies come from other websites’ advertisements (such as pop up or other ads) on the website you are viewing. Websites use these cookies to track your web use for marketing purposes.

Who places data collection systems?

Data collection systems are placed by Maistra d.d. or one of its partners.

Data collection systems that we place are:

- Data collection systems strictly necessary for website operation and provision of our services. We use them to save information on your log-ins or access to our website and use of services in order to implement security measures or adapt the website to the settings of your device (language, operating system, etc.). These data collection systems also allow you to access your personal account on the website.

- Analytical data collection systems. We use them to produce statistics on website views and use of its various parts (pages visited and content viewed, user’s manner of use) which help us improve the content of the website and the quality of our services.

- Data collection systems for advertising. These data collection systems enable us to analyse your use of the website and of the advertisements displayed on the website in order to offer you advertisements adapted to your areas of interest on our website or on our partners’ websites. These data collection systems allow us (i) to count and identify the advertisements displayed, (ii) to count the number of users who clicked on each advertisement and (iii), where applicable, to monitor the subsequent actions taken by these users on the pages to which these advertisements are linked.

We can also share with our partners some of the data collected through a data collection system to enable them to conduct visitor behaviour research.

Data collection systems placed by third parties:

- Some of our business partners are authorised to place data collection systems on our website for the aforementioned purposes. The placement and usage of such data collection systems are subject to the third party’s Privacy Policy.

How can I change my settings?

You can view and change settings regarding data collection systems at any time. You can set whether you want to accept or discard data collection systems occasionally or permanently in your web browser settings. Bear in mind that these settings may affect the functioning of your internet browser and your usage of certain website services which require data collection systems to be used.

Manage your settings on this site depending on the web browser you use:

Internet Explorer™: http://windows.microsoft.com/hr-hR/windows-vista/B...

Safari™: http://www.apple.com/support/mac-apps/safari/

Chrome™: http://support.google.com/chrome/bin/answer.py?hl=...

Firefox™: http://support.mozilla.org/hr/kb/Uključivanje%20i%...

Opera™: http://help.opera.com/Windows/10.20/en/cookies.htm...

We use Google Analytics. If you do not want us to use Google Analytics to collect
or use your information, click the following link:
https://tools.google.com/dlpage/gaoptout?hl=en

DATA SECURITY

For reasons of security at this address and to ensure that this service can be accessed by all users, this computer system uses software that monitors online visits and recognises unauthorised attempts to send or modify data, as well as those that could otherwise cause damage. Unauthorised attempts to send or modify data at this location are strictly forbidden.

LINKS

We do everything in our power to ensure that all redirections from our websites take you to websites that contain quality content in the sense that it does not encourage negativity. However, websites and online addresses change quickly, and we cannot always guarantee that the content of every website we redirect you to complies with this.

25.5.2018.

Maistra d.d.