DATA PROTECTION PROVISIONS

Thank you for your interest in our website www.thejulius.eu (‘Website’). The Website is operated by Julius Meinl Living PLC (‘Julius Meinl Living’) and offer you, the user (‘User’), the option of learning about the serviced apartments offerings and the various serviced residence locations of the Julius Meinl Living Group, booking a serviced apartment if you are interested and there is a vacancy, and contacting us if you have any questions.

 

We take the protection of your personal data seriously and abide by the provisions of data protection laws and other relevant data protection requirements. In the sections below we tell you, as a User of our Website, how we handle your personal data and provide you with an overview of the measures we have implemented to protect your personal data.

 

You may revoke any consent you have granted at any time with future effect. If you have any questions regarding our use of your personal data, please contact us. As changes to laws or changes to our internal corporate processes may make it necessary to change this privacy policy, please read this privacy policy regularly.

1. CONTROLLER AND SCOPE

The controller pursuant to the EU General Data Protection Regulation (‘GDPR’) and other national data protection laws of member states as well as other data protection provisions is:

 

JULIUS MEINL LIVING PLC
VERDALA BUSINESS CENTRE
BREWERY STREET
MRIEHEL
MALTA
Web: www.juliusmeinlliving.com

 

This privacy policy applies to the Website www.thejulius.eu.

2. PRINCIPLES OF DATA PROCESSING

Personal data refers to all information related to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour.

 

Information that we cannot use to identify you personally (or that would involve a disproportionate effort to do so), for example, by anonymising the information, does not represent personal data. The processing of personal data (e.g. collecting,
accessing, using, storing or transmitting such data) always requires a legal basis or your consent. Personal data that has been processed shall be deleted as soon as the purpose of the processing has been achieved and there are no further statutory retention obligations.

 

If we process your personal data in order to provide certain offers, we will inform you of the specific processes, the scope and the purpose of the data processing activity, the legal basis for the processing activity and the relevant storage period prior to that further processing.

3. INDIVIDUAL PROCESSING STEPS

Provision and use of the Website

 

When you access and use our Website, we collect personal data that your browser and/or application automatically sends to our server. This information is temporarily saved in a log file. When you use our website, we collect the following information,
which we need for technical reasons in order to display our Website to you and ensure stability and security:

 

Every time a User accesses the Website or the app and every time a file is accessed, access data related to this action is stored in a log file on our server. This data includes:

  • Browser type/version
  • Operating system used
  • Referring URL (the site previously visited)
  • Host name of the accessing computer (IP address)
  • Time and date of the server request
  • Volume of data transmitted and access status (file transmitted, file not found,
    etc.).

 

This data is used to generate pseudonymised internal statistics that help us to analyse the use of the Website, correct errors and improve our services. It is not used for any other purpose related to you individually. In particular, this data is not merged with other data sources. This data is automatically deleted after the statistical assessment. You can prevent your pseudonymised data being used for
statistical purposes at any time by changing the settings in your browser to prevent cookies from being stored on your computer (see section 7).

 

The legal basis for the specified data processing is Article 6(1)(f) GDPR. The processing of the specified personal data is necessary to provide the Website and therefore serves to safeguard a legitimate interest of our company.

 

The temporary storage of an IP address by the system is necessary for the purpose of transmitting the Website to the computer of the User. The IP address of the user has to be stored for the duration of the session.

 

As soon as the specified data is no longer necessary to display the Website, it will be deleted. The collection of data to provide the Website and the storage of data in log files is necessary for the operation of the Website. Consequently, the User does not have the right to object to such use. The data may be stored for longer periods in individual cases if such storage is legally required.

 

Reservations and bookings

 

You can make a booking on our Website. When you do this, the following personal data will be entered into a form and processed by us:

  • Name and surname
  • Address
  • Email address
  • Phone number (if provided)
  • Company name (if provided)
  • Tax number (if provided)
  • Bank details or credit card information (if provided)

 

In order to process payments, we will share your payment details with the financial institution that has been engaged to process the payment and to any payment service provider we have engaged or the payment service you choose when you place the order. These companies may only use your personal data to execute the contract and not for any other purposes.

 

For payment settlement it is necessary that our payment service provider processes personal data for 3D Secure 2.0 protocol. 3D Secure 2.0 is a protocol for safer and stronger customer authentication carried out in compliance with EU Directive 2015/2366 (on payment services in the internal market 2, PSD 23).

 

For this purpose, further personal data will be processed, in particular:

  • Transaction data
  • Browser information, e.g. IP address and/or browser language
  • Billing and/or delivery address
  • Customer account data (e.g. length of existence of the customer account)

 

The above personal data are processed in connection with a booking or reservation in order to execute a contract between you and us in accordance with Article 6(1)(b) GDPR. This also applies to data processing that is necessary to take steps prior to entering into a contract.

 

As soon as the processed personal data is no longer necessary to execute the contract, it will be erased. After the conclusion of the contract, it may be necessary to store personal data concerning you in order to comply with contractual or statutory obligations. The data may be stored for longer periods in individual cases if such storage is legally required.

 

Contact form and email correspondence

 

We offer a possibility to contact us via electronic contact form. The personal data you enter in the form will be transferred to us. If you use the contact form, the following personal data concerning you will be processed:

  • Email address
  • First name and surname
  • Any other personal data included in the message

 

Additionally, the following personal data will be stored when the message is sent:

  • IP address
  • Date and time of your message

 

Alternatively, you can contact us at the email address provided. In this case, your personal data that is transmitted along with the email will be stored. The personal data will not be disclosed to third parties in this context. The personal data will only be used to process your enquiry.

 

The legal basis for the processing of personal data is Article 6(1)(f) GDPR. We have a legitimate interest in responding to enquiries that you email or send via contact form to us. Additionally, pursuant to Article 6(1)(f) GDPR, we have a legitimate interest in processing personal data during the sending process in order to prevent misuse of the contact form and protect our IT systems.

 

After we have processed your enquiry, the personal data will be erased unless the erasure is prevented by contractual or statutory retention periods. You have the right to withdraw your consent to the processing of personal data at any time. If you contact us by email, you can object to the processing of your personal data at any time. In this case, it will not be possible to process your enquiry any further. All personal data collected as part of your contacting us will be erased in this case unless the erasure is prevented by contractual or statutory retention periods.

 

Minors

 

Persons under the age of 18 should not provide us with any personal data without the consent of their parents or guardians. We do not request personal data from children and adolescents, nor do we collect such data or forward it to third parties.

4. EMAIL CORRESPONDENCE

Evaluation email following a stay

 

After staying at a The Julius residence, guests will receive an email asking them to rate their stay and suggest improvements.

 

The legal basis for the data processing activity carried out with respect to the use of your email address is Art. 6 (1), sentence 1(f) GDPR. The processing of email addresses and the collection of evaluations is necessary to ensure the quality of the hotel and to optimise hotel services, and therefore helps to safeguard the legitimate interests of our company. This evaluation email is not used for any other purpose.

 

As soon as the specified data (email address and evaluation) is no longer required for the specified optimisation purposes, it will be erased immediately.

5. PROCESSING AND DELETION

Julius Mein Living may, of its own initiative or at the request of the User, complete, correct or delete incomplete, erroneous or outdated personal data that we stored in connection with the operation of this Website. If these processes are carried out at the request of the User, we may only do so if the User has sufficiently identified him/herself. Identity is verified using a copy of a photo ID – which will of course be deleted immediately after the authentication has been completed – or using criteria that can only be known by the User. Julius Meinl Living cannot agree to the User’s request if he/she is not properly identified.

 

In line with statutory provisions, Julius Meinl Living deletes personal data immediately upon the User’s request, provided there are no mandatory retention obligations to the contrary.

6. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

a. Personal data is handled confidentially and in line with the statutory data protection regulations. Data is not disclosed to third parties without the User’s consent, unless doing so is required to carry out orders, process payments or process requests or it is permitted in accordance with the statutory provisions. External service providers are obliged to handle data confidentially and securely, and they may only use the data as required to carry out their duties.

 

b. This is particularly true for any payments processed by external service providers. The User’s legitimate concerns are taken into account in line with the statutory provisions.

 

c. Otherwise, personal data is only disclosed if the User has given his/her express prior consent or if doing so is necessary for the prosecution of criminal offences. Personal data is only transmitted to the authorities or government agencies with the right to receive information if doing so is subject to a statutory obligation to provide information or there has been a court ruling to this effect. Your legitimate concerns are taken into account in line with the statutory data protection provisions. Where necessary, we may disclose your data to third parties on the
basis of statutory requirements. We only comply with such requests if we are required to do so in line with statutory obligations.

 

d. You may revoke the consent to disclose your data at any time and without the need to provide us with a reason.

7. PROTECTION OF DATA

The protection of personal data is an important corporate principle at Julius Meinl Living. This is achieved through, among other things, training and a written agreement with all team members and external service providers to maintain the confidentiality of data and comply with data protection requirements.

 

All technical and organisational, physical and computer systems and measures in the area of data protection, IT and information security help to protect stored data from damage, destruction and unauthorised access and to achieve the protection objectives of confidentiality, availability and integrity.

 

For the sake of security, personal data is collected with the use of an encrypted secure socket layer (SSL) connection (which can be recognised by the use of ‘https://’ at the beginning of the website address in the address bar of the internet
browser).

 

In addition, we take all reasonable precautions to prevent unauthorised access to Users' personal data as well as the unauthorised use or falsification of this data and to minimise the corresponding risks. However, the provision of personal data, whether this is done in person, on the phone or online, always involves risks, and there is no technical system that is completely impervious to manipulation or sabotage.

8. USE OF COOKIES

The Website www.thejulius.eu uses cookies (i.e. text files) or web beacons (i.e. graphics files), which are stored on the User’s device. These files are used to collect certain User-specific settings and technical information that can be used to identify users. This information shows when and how the User used the Website and they allow us to continuously improve the Website. Thanks to cookies, Users do not have to enter their personal details every time they complete forms on the Website. The use of cookies is widespread and a feature of many Websites. Cookies are stored on the User’s device, not on the Website.

 

When using the Website for the first time, Users are informed about the use of cookies. The Website only uses cookies to read information stored by a cookie from the site on the User’s device. Users who do not want cookies stored on their device, who want to delete a stored cookie or who want to be informed when cookies are stored on their device can adjust their browser settings accordingly. For specific information about how to do this, please see the instructions provided with your browser or device.

 

The legal basis for processing personal data involving the use of cookies is Art. 6 (1f) GDPR. If you have granted us consent to use cookies on the basis of a note on the website (cookie banner), the lawfulness of the use of personal data is based on Art.

 

Setting cookies using our cookie consent tool

 

You can use our cookie consent tool at any time to adjust your cookie settings. To do this, you can use the link below to access the tool and set the above-mentioned categories of cookies by giving or not giving consent to the use of these cookies in your browser. 6 (1a) GDPR.

9. TRACKING AND ANALYSIS TOOLS

We use tracking and analysis tools to ensure ongoing optimisation and the need-based design of the Website. Tracking also enables us to collect statistics regarding the use of the Website, which helps us to enhance our online presence using the resulting findings. The legal ground for the use of tracking and analysis tools is the consent you provided in the cookie banner or in the cookie and tracking tool settings
pursuant to sentence 1 of Art. 6 (1a) GDPR.

 

The following description of tracking and analysis tools also reveals the respective
processing purposes and the data processed.

 

a. Google Analytics and Google Firebase

 

The Website uses Google Analytics, a web analysis service of Google Inc. (‘Google’). Google Analytics uses cookies, or text files, which are stored on your device and which enable your use of the website to be analysed. The information created by the cookie about your use of the Website is generally transmitted to a Google server in the USA and stored there. Google Analytics has been enhanced on the Website to include the code ‘gat._anonymizeIp();’ in order to ensure the anonymous collection of IP addresses. With this code, your IP address is first abbreviated by Google within member states of the European Union and in other contracting states that are party to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and abbreviated there in exceptional cases.

 

On behalf of us, Google uses this information to assess your use of the Website, to compile reports about Website activities and to provide other services related to use of the Website and the internet to the Website operator. The abbreviated IP address transmitted from your browser as part of the Google Analytics service will not be merged with other Google data. You can prevent cookies from being stored on your device by adjusting the browser settings accordingly; however, if you do this, you may not be able to fully use all of the Website’s functions.

 

You can also prevent the collection of the information generated by the cookie related to your use of the Website or app (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

 

Alternatively, you can prevent the collection of data by Google Analytics when you use a mobile device by clicking on the following link. Doing so will save an opt-out cookie that will prevent the future collection of your data when you visit this website: Click here to opt-out of Google Analytics.

 

Further information about Google Analytics can be found here.

 

Further information about Google Firebase can be found here.

10. LINKS TO OTHER WEBSITES

The Website occasionally provides links (interactive references) to third-party websites for which Julius Meinl Living is not responsible. We have no influence over the content and design of the linked external sites or the websites that the User accesses via these links. The respective providers are solely responsible for the content and design of these websites as well as for compliance with data protection
regulations.

11. RIGHTS OF DATA SUBJECTS

The GDPR provides you, as the data subject of personal data processing, with the following rights:

  • According to Art. 15 GDPR, you can request information from us about your personal data that we process. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom the personal data has been or will be disclosed, the planned storage period, the existence of the right to request correction or deletion of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint, any available information as to its source when personal data is not collected by us, transmission to a third country or to an international organisation, and about the existence of automated decision-making, including profiling and, in such cases, meaningful information about the logic involved.
  • According to Art. 16 GDPR, you have the right to request the immediate rectification of inaccurate personal data or to have incomplete personal data completed.
  • According to Art. 17 GDPR, you can request the erasure of your personal data we have stored if the processing is no longer necessary to exercise the right to freedom of opinion and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend against legal claims.
  • According to Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you, the processing is unlawful, we no longer need the data and you oppose the erasure of the personal data because you need them to assert, exercise or defend against legal claims. You have the right under Art. 18 GDPR even if you have objected to the processing in accordance with Art. 21 GDPR.
  • According to Art. 20 GDPR, you can request that your personal data which you have provided to us be given to you in a structured, commonly used and machine-readable format or to have your personal data transmitted to another controller.
  • According to Art. 7 (3) GDPR, you can revoke the consent you have granted to us at any time. If you do so, we will no longer be able to continue the data processing based on this consent in future.
  • According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority in your usual place of residence, your place of work or our corporate domicile for this purpose.
12. RIGHT TO OBJECT

In the case of the processing of your personal data on the basis of a legitimate interest in accordance with Article 6(1)(f) GDPR, you have the right pursuant to Article 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation or if you object to direct marketing. In the case of direct marketing, you have a general right to object which must be adhered to by us without the need to specify a special situation.

13. DATA SECURITY AND SECURITY MEASURES

We undertake to protect your privacy and to treat your personal data as confidential. In order to prevent the manipulation, loss or misuse of your data stored with us, we apply comprehensive technical and organisational security measures which are reviewed regularly and which are adapted in line with technical improvements. These include, among other things, the use of recognised encryption methods (SSL or TLS). Please note, however, that because of the structure of the internet it is possible that the data protection regulations and the above-mentioned security measures will not be observed by persons or institutions which are not within our area of responsibility. In particular, data disclosed in an unencrypted manner – e.g. data disclosed by email – may be read by third parties. We have no technical control over this. It is the User’s responsibility to prevent the misuse of the data he/she provides through encryption or another method.

14. CHANGES

We may change these data protection regulations or the content of the Website at any time without prior notice, or it may change or block access to this Website.

15. EXERCISING THE RIGHT, QUESTIONS ABOUT DATA PROTECTION AND CONTRACT

Users can contact us at any time to exercise the above rights, including if they would like their personal data corrected, blocked or deleted and to request information.

 

Users can contact us at the following email address:

info@thejulius.eu

 

Or at the postal address:

JULIUS MEINL LIVING PLC
VERDALA BUSINESS CENTRE
BREWERY STREET
MRIEHEL
MALTA .

 

In addition, Julius Meinl Living shares information about the user data it has stored as well as the origin and recipients of such data and the purpose for which it has been stored.

16. COMPLAINTS

If a User has a complaint about the way Julius Meinl Living processes his/her personal data, they can lodge a complaint with the respective regulator.

 

(In Malta, this is the Information and Data Protection Commissioner (details are available at https://idpc.org.mt/ ).

Vánoce