Last Update: 09/09/2019
As part of our effort to provide high-quality services and products, recognizing the importance of the issue of Privacy, we have designed and implemented a Personal Data Security System for our customers with the ultimate aim of avoiding any repercussions that might arise from non-compliance with the EC Regulation.
IMPLEMENTATION OF THIS POLICY
This Policy applies to personal data relating to customers and other people with whom we trade or who visit us, as well as to the management of these personal data in any form: verbally, electronically or in writing.
This Policy fulfills our commitment to the protection of your personal information and has been adopted by all separate and distinct legal entities involved in the management, operation, franchising, ownership and / or provision of services to the property units of the hotel.
COLLECTION OF PERSONAL DATA
The Personal Data we collect and process may include:
- Full name, gender, contact details and contact information at work, e-mail address, job title, date and place of birth, nationality, image, passport and visa information.
- Customer accommodation information, including the dates of arrival and departure, the products and services used, any special requests, comments on your preferences regarding services (including preferences for rooms and holidays), outgoing phone numbers and received fax and phone messages.
- Information about the vehicles you use during your stay at our premises.
- Your credit card details, bank account details, pricing details as well as any scheduled airline or travel agent program.
- Any necessary information to meet specific requests (eg health conditions requiring special accommodation conditions or services).
- Information, comments, or content that you provide about your sales promotion preferences that you disclose to us by participating in surveys, draws, contests or promotions, or deriving from our own or third-party websites and applications.
- Information collected while you were at the hotel using closed-circuit television, Internet systems (including wireless networks that collect data about your computer, smart or mobile device or location), card-type keys, and other security systems.
- Information collected during the use of our hotel website.
- Contact details and related information about corporate accountants and vendors, and other people with whom we deal (e.g. travel agents or meeting and event organisers).
- In specific cases, data concerning customer credit.
In addition to the data we collect directly from you, we have the ability to obtain information about you from the information you have already provided upon your arrival, during our transactions with you, or in relation to the services provided to you in our facilities.
Additionally, it is possible to collect data about you from third parties, including data from our airline and payment partners and other partners, data from social services according to your settings in these services, and from other third-party sources who have the legal right to share your information with us. We use and share these data (and we may attach these items to the other items we maintain for you in our records) for the purposes described in this Policy.
In some cases, the personal information you provide or collect is considered to be Sensitive Personal Data, in other words, personal information from which we can identify or infer information such as the race or ethnic origin of a person, political beliefs, religious or other relevant beliefs, membership trade union or professional association, physical or mental health or condition, medical treatments, genetic data, sex life or data of a judicial nature (including information concerning the commission of or suspected criminal offense). We process Sensitive Personal Data of your jurisdiction only if necessary and to the extent permitted or required by applicable law.
When you accept this Policy, you grant, to the extent required by law, your explicit and written consent to the processing of the personal data you provide to the “MARI KRISTIN BEACH HOTEL”, which are considered sensitive Personal Data or financial information. Unless required by law, you are not obliged to provide any of your Sensitive Personal Data to the Hotel “MARI KRISTIN BEACH HOTEL” and if you do not wish to do so, this will not prevent the purchase of any products and services by the “MARI KRISTIN BEACH HOTEL”.
We do not knowingly collect personal information from minors. As a parent or legal guardian, do not allow your children to submit personal information without your permission.
USE OF PERSONAL DATA
We use your personal information in a variety of ways to provide and customize the services you require in order providing the expected level of hospitality in our rooms and facilities to promote marketing and sales as specified below in more detail. In order to process your reservation, we collect specific information such as your name, address, payment details and travel documents when required. Failure to provide this information results in the inability to process your reservation.
In addition, we will obtain your consent before processing your information as required by applicable law.
In particular, we may collect, use and, whenever required by applicable law, disclose specific extracts of your personal information for the following reasons:
- To complete and provide your online booking.
- To provide and charge hotel services as well as other products and services.
- To respond to requests for information and services, including third-party services (such as restaurants and transport providers).
- To provide the regular customer program of the hotel.
- To conduct market research, customer satisfaction and quality assurance, and direct marketing and sales promotion. In the cases where we use your personal information for direct marketing purposes, such as promotional newsletters or other offers that we believe may be of interest to you, we also include a unsubscribe link that you can use if you do not wish to receive such messages from us in the future.
- To provide security for staff, customers and other visitors and identify or prevent fraud. For these purposes, personal data may be shared with third parties, such as law enforcement authorities, as allowed by applicable law, and external consultants.
- To keep records for the proper operation in line with the National Legislation.
The “MARI KRISTIN BEACH HOTEL” uses and retains your personal information for as long as it is required to fulfill its Purpose of Processing.
If required by applicable law, we will ask for your consent. You can withdraw your consent at any time by contacting us through the following email address: email@example.com .
LEGAL REQUIREMENTS FOR THE USE OF PERSONAL DATA
In accordance with applicable law, we reserve the right to disclose any of your personal information if this is imposed by a court or lawfully requested by a State Authority or in any other case deemed necessary to comply with the requirements of the law or to defend our legitimate interests and the protection of our property. We also retain the right to keep and process your personal information relating to our accounting and tax obligations and other special record keeping laws.
NOTIFICATION OF PERSONAL DATA
Disclosure of your personal information to outside parties will only take place when it is strictly necessary or mandatory and always in compliance with applicable law. The following fields list the external stakeholders with whom we could share your personal information and explain the reasons for such action.
Agents, service providers and suppliers: In order to provide high-quality services, we may outsource certain functions and / or process certain services to third parties and work with other companies to provide products, services or offers, such as inviting market research companies to support and enhance customer contact for market research and quality assurance, to work with travel agents to help them evaluate the compliance with travel policies or participation in the specific price plans or participation in promotions and to help with other services of our professional partners (e.g. car rental or airline tickets). In these cases we share your information necessary for the provision of our business associates’ services to you. When we assign your personal data to third parties or provide your personal information to external service providers, the latter are directly bound by confidentiality terms which oblige them to protect your personal information in accordance with the terms and conditions of this Policy. In general, our service providers are also required to comply with the requirements of the European Privacy Statement and to protect your personal data, which means that they may not use your personal data for their own purposes or for any other purpose unless required by law.
Credit Approval: When applying for credit, your personal information is used and disclosed to appropriate third parties in accordance with applicable law to decide on the provision and maintenance of a credit limit for you.
Electronic billing / pricing program: if you choose to use the “BOOK NOW” link, your credit card vendor will be informed of the pricing information and if you use a corporate credit card, possibly, your employer. Additionally, if you participate in a special pricing program, we may share information with the organization that provided you with the special pricing program. The privacy policies of your employer, special card provider, and card issuer apply once we pass on your details.
STORAGE OF PERSONAL DATA
In the event of a physical file being kept, personal data will be destroyed in a secure manner, such as using a shredder of documents and, if stored in electronic form, personal data will be destroyed by technical means to ensure that there is no possibility of subsequent restoration or restructuring.
The “MARI KRISTIN BEACH HOTEL” applies reasonable procedures to prevent access to and misuse of information, including personal data. We use appropriate information systems and adhere to written procedures to protect information that includes both personal and sensitive personal data.
We also implement security procedures and technical and physical limitations of access and use of personal data on our servers. Only authorized personnel have access to personal data in their work.
With regard to online transactions, we use modern technology to protect your personal data that you transmit to us through our web site. However, due to the increased probability of email interception, we recommend that you do not include sensitive personal data (such as your credit card number) in any emails you send us.
RIGHTS OF DATA SUBJECT
All the customers of our hotel from which we have collected personal data have the following rights:
- You may request a copy of your data that we maintain.
- You can notify us of any changes to your personal information or you may ask us to correct any of your data we hold.
- You may ask us to delete or prevent or restrict the processing of your personal data we hold for statistical and promotional purposes or to express your disagreement with specific ways of using your personal data.
- You may also ask us to send the personal data you have given us to a third party. Please note, however, that data portability rights apply only to personal data that we have acquired directly from you and only if processing is based on consent or contract signing.
In the cases when we use your personal data on your consent, you have the right to withdraw your consent at any time, in accordance with applicable law. Furthermore, in the cases when we maintain and / or process your personal data under applicable law, whether due to a legitimate or public interest, you have the right to express your disagreement at any time regarding this use of your personal data, in accordance with the applicable legislation.
We rely on you to ensure that your personal information is complete, correct and up-to-date. Please let us know in advance of any changes or inaccuracies in your personal information by contacting firstname.lastname@example.org . We will handle your request in accordance with applicable law.
QUESTIONS OR COMPLAINTS