We would like to thank you for visiting https://www.xarapalace.com.mt (the “Website“).
1 . What is personal information?
”Personal Information” consists of any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2. When you make use of our Website, book reservations or inquire as to our services, we may ask you to provide some Personal Information such as your full name, birth date, address, email address and telephone number(s)
1.3 Other categories of Personal Information may also be requested such as:
- Payment details,
- Marriage or Civil Union details,
- National identification information,
- Photographs and images
1.4. When you visit our [restaurants], [facilities], [venues], please note that We utilise CCTV for security purposes.
1.5. Information may be collected actively or passively
Active information collection: This occurs when We collect information from customers such as when you communicate directly with us via e-mail or by filling in online forms on our Website.
Passive information collection: In some circumstances we may process information on the basis of (i) your related interactions with us (for example, the web page from which you navigated to the Website), or (ii) Personal Information that we have received or obtained from a third party (for example, publicly available information sources). In these circumstances, your Personal Information may be said to have been passively collected (that is, gathered without you actively providing the information).
An example of where your Personal Information may be passively collected is when you use the Website. Each time you use the Website, we will automatically collect the following information:
- details of your use of the Website including your user name, city, country, page views, searches, downloads (file names)
- technical information, including your device model, operating system of the machine running your web browser, type and version of your web browser, IP address, date and time when you accessed the Website
- web page download information
- general Website usage information
- 2. Purposes and use of information
- Contract – your personal information is processed in order to fulfil a contractual arrangement e.g. in order to reserve and book one of our venues for your special occasion;
- Consent – where you agree to us using your information in this way e.g. for storing your payment card details.
- Legitimate Interests – this means the interests of managing Our business, to allow us to provide you with the best products and service in the most secure and appropriate way e.g. website personalisation and administration.
- Legal Obligation – where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.
2.2 Here is a list of the ways that we may use your Personal Information and the reasons described above we rely on to do so.
|What we use your Personal Information for||Legal Basis|
|Processing of Reservations and Orders||Fulfilling a contract and Legitimate Interests|
|Storing Payment Details||Consent|
|Managing your account, processing inquiries, providing customer services, keeping records up to date for effective handling of customer contact||Legal Obligation / Legitimate Interests|
|Detection investigation, and reporting of financial crime (e.g. Fraud)||Legal Obligation / Legitimate Interests|
|Marketing communications to inform you of special offers, promotions, new lines and services. Provide you with online advertising.||Legitimate Interests|
|Website personalisation and administration||Legitimate Interests|
|Notifying you about enhancements to our services, such as changes to the Website, and new services that may be of interest to you||Legitimate Interests|
|Contact you to undertake customer satisfaction surveys, invite you to provide service reviews or for market research||Legitimate Interests|
|Maintaining network and data security||Legitimate Interests|
|Logistics planning, demand forecasting, management information and research||Legitimate Interests / Fulfilling a contract|
For legal disputes, regulatory investigations and compliance purposes
|Legitimate Interests / Legal Obligations|
- 3. Cookies
3.1 The Website creates “cookies” when you visit it.
3.2 A cookie is a small piece of data that a website can send to your browser for storage (i.e. so it can later be read back from that browser). The purpose of cookies includes providing more tailored communications from websites.
3.3 Cookies may collect information (including Personal Information), such as user preferences, general usage information, membership information and unique identifiers. Cookies may in some circumstances also remain on your device after you leave the Website.
3.4 Your browser will return the cookie information only to the domain from where the cookie originated, i.e., the Website, and no other website can request this information. When you return to the Website, the cookie is sent back to the web server, along with your new request.
3.5 Your browser may provide settings where you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or reject the cookie altogether.
- 4. Disclosure of information
4.2 We may disclose your Personal Information:
- to our event organisers, audio visual service providers, event planners, venue owners, IT companies, Marketing Companies, Payment Processing providers, legal advisors and sub-contractors who assist us in running our business and who are subject to appropriate security and confidentiality obligations;
- if the whole or a substantial part of our business is to be sold or integrated with another business, to our advisers and any prospective purchasers (and their advisers); and
- where we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request.
- Links to other websites
6.1 We will take appropriate measures to keep your information confidential and secure in accordance with our internal procedures covering the storage, access and disclosure of information.
6.2 Please note that messages you send to us by e-mail or via any internet connection may not be secure. If you choose to send any confidential information or Personal Information to us by such means you do so at your own risk with the knowledge that a third party may intercept this information. We are not responsible for the security or integrity of such information. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Information about related persons
7.2 The collection of personal data relating to persons under the age of 16 years is not within our interests. Should it come to our attention that such data has been passed to us without the approval of the parents or legal guardian, this data will be deleted immediately.
7.3 Thereby we are reliant on the parents or legal guardians providing us with the appropriate information.’
8. Retention of information
8.1 We intend to keep your Personal Information accurate and up-to-date. We will retain your data for no longer than required. From time to time we may delete or anonymise your personal information.
9 Your rights
9.1 If any of the Personal Information that you have provided to us changes, please Contact Us and let us know the correct details.
9.2 Under applicable law, you have the right to:
- request a copy of the personal information about you that we hold
- request correction or deletion of Personal Information about you that is inaccurate
- withdraw any applicable consent for processing and transfer
- object to our using your personal information for marketing purposes
- object to profiling and automated decision making
9.3 In some circumstances, you may also have a “data portability” right to require us to transfer your personal data to you or to a new service provider.
9.4 We will ask your consent if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for marketing purposes.
To exercise any of these rights at any time, please Contact Us.
10 Contact us
Address: Refalo & Zammit Pace Advocates, 61, St. Paul Street, Valletta VLT1212, Malta
Telephone: +356 2122 3515
11.1 You can also raise complaints or concerns about our use or other processing of your Personal Information with the body regulating data protection in your country. In Malta, this is the Information and Data Protection Commissioner (details are available at https://idpc.gov.mt/en/Pages/Home.aspx).