MAESTRAL HOTELS

INFORMATION ON COLLECTION AND PROCESSING OF PERSONAL DATA

Maestral Hotels LLC (hereinafter: the "Company") pays a great attention to the protection and processing of personal data. In performing its registered activity, the Company processes personal data in compliance with all relevant laws and regulations.
The Head of Processing is responsible for data processing:

1.) HOTELI MAESTRAL d.o.o., HR - 20000 Dubrovnik, Ćira Carića 3, OIB: 88557173997
Phone: +385 (0) 20 433 600, F. +385 (0) 20 416 545, www.hotelsindubrovnik.com

2.) The Data Protection Officer (DPO) is:
ROMANA ANTUNOVIĆ and is available via contact: T. +385 (0) 20 433 603
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

3) If we use services of external providers to process your personal data ("The Processor"), we are talking about the processing (of personal data) by order. In that case, we are responsible for protecting your personal data. We do not use service providers outside the EU to process your personal data. Exceptionally, if necessary, we will only do so if there is a European Commission decision on suitability for that third country or if we have agreed with the service provider as the Processor appropriate guarantees or compliance with binding regulations of personal data protection

This Information on the collection and processing of personal data (hereinafter: "Information") describes what data we collect, how we process it, and for what purposes we use it, as well as your rights related to your data. The purpose of this Information is to inform you about all relevant features of the collection, processing and storage of your personal data. This applies to all personal data you have transmitted to us by electronic, written or verbal communication or that have been transmitted to us through a travel agency and other group with whom you are related and if you have a contractual or other similar relationship, as well as data collected from other sources.

Personal Data We Collect

We process the following personal data:

a) Your basic personal data that you or third parties make available to us when booking - name, surname, country, city and address of the residence, e-mail address, telephone number, age of the child, name and surname of the child and a date of birth, special requirements and habits, and the data of your companions; data required for booking - credit card number, emergency contact information - name and surname, telephone number; other necessary data - e-mail address, health data - in case of request for a special diet or the need for a doctor or in connection with epidemiological measures (COVID-19, etc.), data on the use of the web - IP address, visits the web site, data from social networks and similar data regarding the use of Internet browsers

b) Guest’s registration (check-in) and check-out - name and surname, date of birth, gender, identity document number (identity card, passport, driver's license), credit card number, country of birth, citizenship, visa number if the guest is a subject to visa regime, border crossing, i.e. place of entry into the Republic of Croatia, a date of arrival of the guest at the facility and a date of departure

c) Use of hotel services - data on guest consumption during the stay in the hotel. Data on the type of service provided and the price are collected, e.g.: Room Service, list of telephone calls, use of mini bar, use of bar, use of à la carte service, list of movies that have been watched, data on the use of the web - IP address, visit the web site, data from social networks and similar data related to the use of Internet browsers, use of transport services, excursions, and similar. Data on the special requests of the guest are also being collected so that the Company can perform the service of the required quality

d) Monitoring and improving the quality of hotel services - name and surname, gender, age, country from which the guest comes and the period of stay in the hotel, evaluation of each type of service, comment. Data collection is voluntary

The Purpose of Collecting Personal Data and the Legal Basis of Processing

The Company determines the purpose and means of personal data processing and in that sense is considered the Head of Personal Data Processing. The main purpose of collecting personal data is a legal obligation and/or concluding and executing contracts for accommodation and providing catering and tourism services or to take an action at Guest’s request before and during the contract. The scope of personal data we collect depends on the type of contract you intend to enter into or conclude or the request for the exercise of rights (type of service provided and price). Actions at your request before concluding a contract include checking your requirements and needs, if necessary checking the suitability or suitability of products and services for your special circumstances, all with the purpose of making an offer and/or informative calculation. If you are not a contracting party but a person entitled to an allotment contract, a travel agency contract, etc., the purpose of collecting your personal data is to fulfill the Company's obligations arising from the contract or the collection of your data is necessary to conclude or identify service users e.g. with the online booking platform. In this case, the amount of personal data we collect depends on the type of request made and the information that will be needed to fulfill the request. The purpose of personal data processing may be the Company's obligation to fulfill contracted services with such a service provider.

We process your basic personal data and data from Guest’s check-in and check-out based on the legal obligation to enter in the eVisitor system (Guest’s registration system), in accordance with regulations on the manner of keeping the tourist list and the form and content of the tourist registration form to the Tourist Board, the Tourist Tax Act or for the requirement of the Ministry of the Interior with the accordance of the Aliens Act. Therefore, providing the above-mentioned information is necessary when booking (in the case of amendments to regulations and/or new regulations, they are directly applicable to this Information). We delete the specified data after they have been transferred to the eVisitor system, i.e. after the submission of data to the Ministry of the Interior.

Consequently, the collection of personal data with regard to the defined purpose is a legal and contractual obligation, and a condition necessary for the conclusion of the contract. If you refuse to provide certain information, we will not be able to fulfill our legal or contractual obligations, which will result in the inability to enter into contracts for accommodation and services of catering and tourism activities or the inability to fulfill obligations under the contract.

We need the data necessary for the fulfillment of the contractual obligation to use hotel services in order to confirm the reservation in advance, in accordance with the Company's internal rules, and it is not possible to reserve and thus conclude the accommodation contract without disclosing listed data, which is being kept until the termination of the contract on providing accommodation.

The credit card number is collected because it is needed to conclude and execute the contract with the Guest. It is used as an insurance payment for the accommodation and other services that could be incurred in case the Guest does not settle the debt to the Company. This data is also being used for the service payment.

Data on the use of hotel services are subject to collection and processing for the purpose of fulfilling a contractual obligation. Data on the Guest’s consumption during the stay at the hotel are also being collected in order to fulfill the contract with the Guest and to be able to issue an invoice for the services provided.

In case of emergency, we process contact information based on legitimate interests or potential situations when it is necessary and urgent to transmit certain relevant information to people close to you (in case of extraordinary circumstances such as illness, accident, etc.). We process other necessary data or e-mail address based on legitimate interest in quality communication between the parties in order to fulfill all aspects of the contract, or easier communication in terms of organizing your arrival and booking the accommodation, which we also delete upon termination of the accommodation service contract.

Special Categories of Personal Data

In principle, the following types of personal data are not being processed: data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, and data relating to health, sexual life and sexual orientation of an individual.

However, the Company processes the above categories of personal data in the following situations:

1) the Guest has given his or her explicit consent to the processing of such personal data for one or more specific purposes, unless applicable regulations state that such consent does not produce effect

2) the processing is necessary to protect vital interests of the respondent or another individual if the Guest is physically or legally unable to give consent

3) the processing refers to personal data that are obviously published by the Guest

4) the processing is necessary for the establishment, realization or defense of legal claims or whenever the courts act in a judicial capacity

5) the processing is necessary for the needs of significant public interest on the basis of applicable regulations which is proportional to the desired goal and which respects the essence of the right to data protection and provides appropriate and special measures to protect fundamental rights and interests of respondents

6) the processing is necessary for the purpose of preventive medicine, medical diagnosis, providing of health or social care or treatment or management of health or social systems and services on the basis of applicable regulations

All your personal data provided by you or a third party are processed in accordance with the purpose of their processing (please note that if you are traveling with children under the age of 16, we process their personal data regardless of the basis, only with your explicit consent).

There is a possibility of using an internal network of surveillance cameras and other security measures in our facilities, which can take pictures/videos of Guests and to process information related to your location while you are in our facility (via keys-cards and other technologies), and all for the legitimate interests of security protection.

Links to Third Party Websites and Services

Our website and our mobile programs, Wi-Fi network and IPTV system record data of your use for the purpose of issuing invoices and contain links to third-party websites. Please note that we are not responsible for the collection, use, maintenance, exchange or publication of data and information of these third parties. If you provide or use information on third-party websites, the privacy policies and terms of use of those websites apply. We encourage you to read the privacy policies of the websites you visit before providing personal data.

The Company will take all reasonable steps to protect your personal data from unauthorized access, disclosure, alteration or destruction, and to keep personal data as accurate and up-to-date as possible. We require from our partners and service providers with whom we share personal data to make reasonable efforts to maintain the confidentiality of your personal information. For online transactions, we apply a reasonable level of technological measures to protect the personal data you share with us through our website. In doing so, of course, we must consider that no security system or Internet data transmission system can guarantee complete security.

Legitimate Interests of the Company as the Purpose of Personal Data Processing

We will process your personal data for the purposes of our legitimate interests, except when your interests or your fundamental rights and freedoms that require the protection of personal data take precedence over those interests. The legitimate interest of the Company in that sense is the processing of personal data in order to fully adapt our service to your needs and desires (e.g. special family packages, etc.). We may also use this data for our internal statistical and analytical purposes.

You can object to this legitimate interest of the Company at any time, in which case we will no longer process your data for this purpose, and this will not affect the legality of processing until the day of withdrawal. In any case, for the direct marketing we must have Your explicit consent.

Consent

Consent is the legal basis for collecting personal data on monitoring the quality of hotel services. The Company cares about Your opinion on the services provided and for this purpose we ask You to fill in so-called quality questionnaires so You could rate us. This allows us to analyze various aspects of our service so that we can develop it and improve it even more.

The questionnaire informs the Guest that the providing of any personal data is voluntary. The Guest decides whether to fill in the questionnaire or not, or if he fills it out, he decides whether to provide personal data and which. If the processing of the above data is based on Your consent, we process the data until you withdraw the consent in question or request the erasure of the above stated. Accordingly, based on your consent, we may also process other personal data beyond those listed in this Information. In connection with the above, we note that in accordance with applicable regulations, the Company still does not carry out erasure despite the request of the respondent to the extent that the processing of such personal data is necessary:

a) in order to comply with the legal obligation requiring processing to which the Company is subject or to perform a task of public interest

b) to exercise the right to freedom of expression and information

c) for the public interest in the area of public health

d) for the purposes of public interest, historical or scientific research or for statistical purposes or for the purpose of realization or defending legal claims

When processing your personal data based on your consent, we partly use automated processing or profiling processes so the contact with you would be more individual and to be able to fully adapt our service to your needs and desires (e.g. special family packages, etc.).

In the case of giving marketing consent for which we ask for Your explicit consent, Your personal data may exceptionally be a subject to automated processing on the basis of which Your profile will be created for the purpose of analyzing services provided and exercised rights and for the improving the quality of business relations. We will carry out automated decision-making, which also includes a profile creation, in cases of creating your client profile for the purpose of analyzing services provided and exercised rights and for the purpose of improving the quality of business relations and data processing based on consent for marketing purposes in order to inform you about the benefits and novelties from our offer. If such processing of personal data is not necessary for concluding or executing a contract, You have the right to request that the outcome of the processing be decided by an employee of the Company, the right to express one's views and the right to challenge a decision made by automated processing. We hereby also note that the use of Your personal data for marketing purposes is possible only with Your explicit consent. If You provide us with this consent, we will promptly inform You of all benefits, discounts, events and related services that we believe would be of interest to You. You can withdraw your consent at any time by notifying us via the contact provided in the introductory part of this Information.

To Whom Your Personal Data Will Be Disclosed

The Company ensures that your personal data is processed exclusively for the purposes set out in this document. The purpose of the processing of personal data will require that your personal data be disclosed and that it is processed by other companies and persons in the capacity of the Processor. Categories of processors by which your data will be disclosed include state and public authorities in accordance with the legal obligations of the Company, health care institutions, IT and legal service providers, delivery service providers and similar. We may forward the collected personal data to other hotels within our group or to entrepreneurs who provide services that may be of interest to You, and according to Your request, e.g. regarding the rental of a personal vehicle (rent-a-car) or boat, tickets for a particular event, cinema, theater, restaurant, etc.).

Executors of personal data processing, with the exception of state and public authorities, process data exclusively according to the Company's instructions, while respecting technical and organizational measures to ensure the protection of Your rights.

Where Your Personal Data Will Be Processed

The processing of your personal data may be carried out within or outside the European Economic Area, but will in any case be carried out by the Processor whose responsibilities and obligations protect personal data and applicable technical and organizational protection measures prescribed by the contract in accordance with all legal regulations which regulate the protection of personal data.

The Period in Which Personal Data Will Be Stored

Your personal data will only be stored for as long as necessary to fulfill the purpose for which it is being processed. The period of retention of personal data depends on the purpose of the collection. In the case of concluding contracts for accommodation, hotel services and providing of catering and tourism services, this period will be determined by the duration of the contract or the payment of these services in terms of the legal obligation to keep documents. The extension of this period is prescribed by the Company's internal rules, which in turn depend on the statutory limitation periods for receivables or these periods may be extended due to statutory retention periods, as in the case of accounting documents.

Rights in Relation to Personal Data Collected

Regarding the information you have revealed to us, you have:

a) the right to inspect the personal data being processed

b) the right to rectify or delete personal data

c) the right to limit processing

d) the right to object to the processing

e) the right to transfer data to another Processor

f) the right to withdraw consent

g) the right to submit a complaint to the supervisory authority

To exercise all of the rights listed here, simply notify us in accordance with the contacts listed in the introductory section of this Information. For more information, our Privacy Policy is available on our website www.hotelsindubrovnik.com.

The Right to Submit a Complaint to the Supervisory Authority

You may at any time object to the processing of your personal data to the competent supervisory authority in accordance with the National GDPR Implementation Law or other positive regulation governing personal data protection and determining the supervisory authorities regarding the processing of personal data.

Other information

We may change the information from time to time. When we make material changes to this Information, we will post a link to the modified Information on the homepage of our website. Any changes to the Information will become effective upon posting the changed Information on the Website.

This Information on the collection and processing of personal data shall apply from 25th of May 2018 in accordance with EU Regulation 2016/679 of the European Parliament and of the Council on the Protection of Individuals with regard to the processing of personal data and the free movement of such data from 27th of April 2016 (General Data Protection Regulation - GDPR) and in accordance with the National GDPR Implementation Law (OG No. 42/2018).

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

About Cookie Accept