DATA PRIVACY & SECURITY POLICY
We Are Committed to Protect Your Privacy
db Group located at Marfa Road, Mellieha, Malta and its group companies have a strong commitment to provide quality service to our guests, patrons and potential customers and are further committed to protecting your privacy.
To ensure you can make informed decisions and feel confident about supplying personal data relating to you when purchasing our products and using our services, we provide this policy statement outlining our data collection practices and the choices you have concerning how the data is being collected and used.
The term “Data” refers to any personal information that can be used to identify you as an individual. It can include, among other things, your name, contact number, address, age, gender, passport or other identification document details, driver’s licence details, personal financial information, frequent flyer or travel partner information.
We limit the collection, use and retention of the Data to the specific information we need for legitimate purposes to administer our business, to provide you with quality service and offer various products or services from db Group that may be of interest to you. We take appropriate steps to protect Data collected against unauthorized access, disclosure or alteration, and to keep such Data accurate and up to date.
In order to protect your Data, we will require that you prove your identity to us in relation to your request to access your Data, which may consist of a copy of a government-issued identification, your signature and correspondence address so we can check them against our records and satisfy ourselves as to your identity. The above information is required to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your Data.
This data privacy statement was last updated on the 07th May 2018 in line with the last EU legislation to meet the GDPR requirements. In the future, we may need to make additional changes. All additional changes will be included in the latest data privacy statement published on our website (www.dbgroupmalta.com), so that you will always understand our current practices with respect to the information we gather, how we might use that information and disclosures of that information to third parties. You can tell when this privacy statement was last updated by looking at the date at the top of the statement. Any changes to our statement will become effective upon posting of the revised statement on this site. We will seek your express consent to any changes to how we use or disclose your Data if requested by law but otherwise use of this site or our services following such changes constitutes your acceptance of the revised statement then in effect.
This privacy statement contains numerous general and technical details about the steps we take to respect your privacy concerns. We have organised the privacy statement by major processes and areas so that you can review the information of most interest to you.
DATA WE COLLECT AND HOW WE USE IT
HOW WE STORE AND TRANSMIT DATA
HOW WE TRACK CUSTOMER USAGE ON OUR WEBSITE
E-MAILS ABOUT SPECIAL OFFERS AND PROMOTIONS AND OPT-OUT
HOW LONG WILL DATA BE RETAINED FOR?
NOTIFICATIONS IN THE EVENT OF BREACH
Data we collect and how we use it
When you request a particular service from us or otherwise interact with the db Group, we will ask you to voluntarily provide us with Data that we need. For example, if you would like us to make a reservation at one of our hotels, we will request for Data such as your name, address, telephone number, e-mail address and credit card information for payment purposes (including credit card number, code and expiry date). We will use your e-mail address to send an e-mail confirmation of your booking and a pre-arrival message summarising your confirmation details and preferences. Such pre-arrival message will include other information about the hotel.
For hotel reservations, we may also ask for your travel details (including flight number, arrival and departure dates and time, as well as country/point of origin) and room preferences to better prepare ourselves for your arrival and to serve you better before your departure, as well any dietary requirements.
MAKING A RESERVATION AND CHECK-IN AT one of our hotels.
The Data that you provide to us for making a reservation is made available to the applicable hotel for the purpose of completing your reservation request. We may also need to collect information as required by local laws such as passport numbers, type of entry visa, and driver’s license. Upon check-in, your Data will be verified by our staff and you will be requested to indicate whether you wish to opt in and to receive hotel promotional literature. At times, we may make certain Data available to strategic business partners such as mail houses and e-mail service providers for the sole purpose of mailing and dissemination of promotional materials for our Hotels and its related facilities only. Data will not be shared with third parties for their own marketing purposes.
MAKING A RESERVATION THROUGH one of OUR HOTELS
You can make a reservation by contacting a particular hotel. When making a reservation, you will be asked to provide Data such as your name, address, telephone number, address and method of payment, room preferences and special requests. Data obtained will be sent in a secured environment to the relevant hotel. If you choose to provide us with your e-mail address, a confirmation and a pre-arrival message of your reservation will be sent to you by e-mail.
DURING YOUR STAY AT A HOTEL
We record your itemised spending to properly assemble your folio during your stay, which includes your room rate and other expenses billed to your room where applicable. We also record this information to comply with financial reporting requirements and those imposed by our auditors and government authorities. In order to assure your future comfort and attention to your individual needs, other stay specific information may also be stored in the property management system at the particular hotel, such as your dietary preferences and other special requests. Certain information regarding your service preferences may be made available to other db Group Hotels through our central database.
MAKING A PURCHASE ON OUR WEBSITE
When making a purchase such as a gift certificate or reservation, you will be asked to complete a form that includes your name, e-mail address, delivery address and credit card details for payment purposes. When the form is complete, your credit card number will be verified using a checking sequence to complete the transaction. Credit card information and Data are transferred over a Secure Socket Layer (SSL) connection. Doing so protects the confidentiality of your Data while it is transmitted over the Internet. Purchasing transactions are assisted by third party processors who are required by contract to protect the privacy of your Data. SSL is an industry standard for encryption over the Internet to protect Data supplied to us. We will use that information to assist in any inquiries about your transaction.
ACCESSING OUR WEBSITE FROM A WEB-ENABLED MOBILE DEVICES
You can access our website from a web-enabled mobile device to find a db Group Hotel and/or restaurants operated by the db Group. You can make a reservation from a web-enabled device. When you make a reservation, you may need to provide certain Data such as name, e-mail address and credit card information for guarantee purposes.
FOOD AND BEVERAGE OUTLET RESERVATIONS
We collect Data such as your name and phone number when you make a reservation at our food and beverage outlets. If you are a repeat guest at our food and beverage outlets or have filled out our food and beverage questionnaire, we may store your Data in our Customer Information System to serve you better upon your return.
We collect Data such as your name, contact details, and where necessary, credit card information for payment purposes when you make a spa reservation. In addition, we may also collect information relating to your health, allergies and treatment preferences before the spa treatment is commenced to ensure that your spa treatment is conducted under safe conditions.
THIRD PARTY PROVIDERS
This policy statement does not apply to our processing of Data on behalf of, or at the direction of, third party providers (for example, airlines, car rental companies) who may collect Data from you and provide it to us. In the situation where we would merely act as a data processor it is advisable for you to review applicable third party providers’ privacy policies before submitting Data.
Please note that the db Group will never send you an e-mail requesting your password, credit card number or passport, personal identity card or social security number. If you receive any suspicious e-mails that looks like it is from our group, but asks you for your credit card number or passport, personal identity card or social security number, it is a fraudulent e-mail, or “phishing”. We recommend that you do not reply to the e-mail or click onto any links or pop-up messages and report to the local authorities which handle fraudulent e-mails. If you believe “phishers” have gained access to your personal or financial information, we recommend that you also change your password(s), alert your credit card service provider and bank and review credit card and bank account statements to check for unauthorised charges.
It is important to note that all e-mail communication is not secure. There is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail, for example, from the “Contact Us” section of our website. We recommend that you do not include any sensitive information including credit card details when using e-mail or using any public computers/public WIFI. Our e-mail responses to you may not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the Internet is guaranteed to be secure.
To be prudent, it is advisable to always close your browsers when you have finished completing a form or a reservation. Although the session will automatically terminate after a short period of inactivity, it is easier for a third party to gain access to your profile whilst you are logged onto our website and making a reservation.
How we store and transmit Data
AT THE HOTEL AND OTHER GROUP OPERATIONS
Your Data may be shared with companies forming part of db Group. We have policies and procedures to limit access to Data to authorised personnel only.
OUR CUSTOMER INFORMATION SYSTEM AND RESERVATION SYSTEM
We store certain customer information and reservation details within our PMS – Property Management System. Such systems is a secure customer database stored on a dedicated server. The stored database includes Data such as guest name, address, phone numbers, position, company name and credit card information. We may also store other information such as your room, food and beverage, other service preferences and transaction history. This information may be shared within our group individual hotels to better anticipate your needs prior to and during your stay.
Our server resides behind firewalls to protect the Data collected from you against unauthorised or accidental access.
IN OUR MARKETING DATABASE
Some of our group operations maintain a database of customer information which is used for marketing, promotion and research, understanding and analysing customer behaviour and customer profiling to improve our services. You will receive marketing and promotional materials if you have already given your express and specific consent in some data collection forms. You may elect to unsubscribe from receiving future e-mail promotions at any time.
SECURE TRANSMISSION AND STORAGE OF DATA
We treat all Data that you provide to us as confidential information. To prevent Data from unauthorised access or leakage, we have adopted and regularly monitor our group’s security and data privacy policies and procedures. We use SSL protocol – an industry standard for encryption over the Internet, to protect the Data. When you type in sensitive information such as credit card details, it will be automatically encrypted and transferred over a SSL connection. This ensures that your sensitive Data is encrypted as it travels over the Internet. You will know that you are in a secure mode when the security icon (such as a lock) appears in the computer screen.
DISCLOSURE OF INFORMATION TO THIRD PARTIES
In addition to the required information sharing described above, we use the services of third party agents, such as e-mail service providers and mail houses for the purpose of mailing materials to our patrons. These parties are contractually prohibited from using Data for any purpose other than for the purpose specified in their respective contracts. We do provide non-personally identifiable information to certain service providers for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of Data to entities outside of the db Group for any use unrelated to our group operations or use of Data by third party for their own purposes. db Group will implement, where necessary appropriate measures, including contractual clauses, to secure the transfer of your Data to the third party service providers located in a country* with a level of protection different from the one existing in the country in which your Data is collected.
How we track customer usage on our website
Our website only uses “cookie” technology as a tracking tool. Cookies do not retain registered guests’ information provided during the online reservations. Cookies identify your browser, rather than you and cannot be used by themselves to disclose your individual identity. Cookies enable us to track the number of page visits from the same computer or browser to be aggregated for statistical purposes.
Cookies do not corrupt or damage your computer, programs, or computer files.
The purpose for which cookies — other than those which are either exclusively intended to enable or facilitate communication by electronic means or strictly necessary for the provision of an online communication service at your express request — are used on our website is set forth in a banner appearing the first time you land on such website. By continuing to browse on the website, you consent to their use.
You may set your browser to block Cookies, although doing so will affect your ability to perform certain transactions, use certain functionality, and access certain content on our website. Procedures for managing your settings may differ depending on your browser. Please consult the instructions for your particular browser on how to do this.
You can choose the “Help” function, followed by “Cookies” to find out where your cookie folder is stored.
Our group and our third-party service providers may use pixel tags (also known as “clear gifs”, “beacon gifs” etc.), tracking links and/or similar technology to:
Track customer response to db Group advertisements and website content;
Determine your ability to receive HTML-based e-mail messages. Our e-mail service provider includes a pixel tag, which they refer to as a “coded sensor” in all of the HTML-based messages sent on our behalf. The sensor activates when the e-mail message is opened and flags the e-mail address of the user as one that is capable of receiving HTML-based e-mail messages. This capability helps our service provider to send the e-mail in a format you can read. The sensor does not collect or use any other information. If you cannot receive HTML, you will not receive a functioning sensor;
Know how many users open an e-mail and allow our service provider to compile aggregated statistics about an e-mail campaign for us; and
Allow us to better target interactive advertising, enhance customer support and site usability, and provide offers and promotions that we believe would be of interest to you. Your Data will not be collected apart from what you voluntarily provide us in your dealings with our group operations.
E-mails about Special Offers and Promotions and Opt-Out
With your consent, we may send you information about db Group, and other operations operated by our group companies, including special offers on accommodation, food and beverage, spa and other hotel services by post or e-mail. It is however our intention to only send you mail and e-mail communications that you may want to receive. When you opt-in and do not opt-out from receiving promotional material either on a guest registration card; or when you patronise our restaurants or fill in membership forms and provide your e-mail address to us specifically and expressly in order to receive marketing communications, we will periodically contact you via e-mail and provide information about special offers and promotions that may be of interest to you. These communications will relate to offers relating to db Group, and restaurants operated by our group companies. We typically use third party e-mail service providers to send e-mails. These service providers are contractually prohibited from using your e-mail address for any purpose other than to send e-mails related to our group operations. Data will not be shared with third parties for their own marketing purposes.
We provide you the ability to unsubscribe from all marketing communications. Every time you receive an e-mail, you will be provided with the choice to opt-out of future e-mails by following the instructions provided in the e-mail. You may also opt-out of receiving promotional materials by updating your account, or sending a letter to our GDPR Coordinator.
C/O db Seabank Resort + Spa
Mellieha, MLH 1024
C/O Gilbert Schembri
Or on email address email@example.com
It may take a few days for us to process your opt-out.
DATA PRIVACY & SECURITY POLICY
Your Data will be stored for the period of time required or permitted by law in the jurisdiction of the operation holding the information. However, information that is stored on our websites may be edited and deleted by users of such service at any time.
Data may be stored by db Group and other group operations as long as required for the business purpose for which these Data are processed.
Notifications in the event of breach
In the unlikely event of a Data breach, we are prepared to follow any laws and regulations which may require us to notify you of the disclosure of private information.
Our careers websites at www.dbgroupmalta.com allow individuals that wish to be considered for potential employment to attach their curriculum vitae for consideration. We will not use the information you provide for any purpose other than to determine your qualifications for potential employment at the db Group.
Our website is not intended for children and minors and we do not knowingly solicit or collect Data from children and minors. As a parent or legal guardian, please do not allow your children to submit Data without your permission.
The Language in which Contracts may be Concluded.
All transactions / bookings carried out on our website are concluded in English.