SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
The Osiris recognises its obligations as a Data Controller in terms of applicable data protection and privacy laws, mainly the General Data Protection Regulation (EU) 2016/679 as supplemented by the Data Protection Act (Chapter 586 Laws of Malta), together with other applicable laws as may be amended from time to time.
Here at The Osiris Boutique Hotel we take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us.
When you visit our website, we may collect the personal information you give us such as your name and email address when you use forms present on our website.
When you browse our website, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing: With your permission, we may send you emails about us, new products and other updates.
You can stop receiving marketing messages from us at any time. You can do this by contacting us on: info@the-osiris.com
SECTION 2 – CONSENT
How do you get my consent?
When you provide us with personal information to for example when you fill in a contact form, we imply that you consent to our collecting such information and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by sending us an email on info@the-osiris.com
In certain cases we may continue to process your personal data if it is required by law and to meet our contractual obligations with you.
SECTION 3 – DISCLOSURE
We may disclose information to third parties as follows:
· Any third parties who we engage to provide services to us, such as outsourced IT service providers;
· Any advisers/auditors auditing any of our business processes or who need to access such information for the purpose of advising us;
· Any law enforcement body which may have any reasonable requirement to access your Personal Information for the purposes of the prevention, investigation or detection of crime; and
· Any successor (or receiving) entity in the event of merger, reorganisation or similar event. However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
Should we transfer your personal data to third countries or international organisations, we will take every precaution necessary to protect your personal details as required by applicable law. For more information on the safeguards adopted please contact our Data Protection Officer at info@the-osiris.com
SECTION 4 – THIRD-PARTY SERVICES
The third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
We will make sure that any third-party providers have undertaken to use any personal data legitimately and in accordance to our written instructions or agreements. This means that they cannot use or share your personal data unless we have instructed them to do so. They will also be bound to retain the personal data in a secure manner and for the period we instruct.
Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy.
When you click on links on our website, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 5
SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
We have put in place procedures to deal with any suspected personal data security breach and will notify the supervisory authority of a suspected breach where we are legally required to do so. In certain cases, we will also inform you, as the data subject, of the occurrence of the breach and the steps you need to take to safeguard your rights.
If you believe your personal data has been compromised, please contact the Data Protection Officer (‘DPO’) on info@the-osiris.com
COOKIES
We may store some information (commonly known as “cookies”) on your computer when you look at our site. Cookies are used to enable and improve the use and functionality of the website, such as navigation and access to secure areas of the Website.
Here is a list of cookies that we use. We’ve listed them here so you can choose if you want to opt-out of cookies or not.
Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience.
Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site.
SECTION 6 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state, county, province, region or country of residence, or that you are the age of majority in your state, county, province, region or country of residence and you have given us your consent to allow any of your minor dependents to use this site.
SECTION 7 – RETENTION
We will retain personal data only for the period necessary to fulfil the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law.
In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
· What the purpose(s) was for which your information was collected in the first place;
· Whether there are any statutory obligations, obliging us to continue to process your information;
· Whether we have a legal basis in place to continue to process your information, including but not limited to consent;
· What the value attached to your information is;
· Whether there are any industry practices stipulating how long information should be retained;
· The risk, cost and liability attached to such retention; and
· Any other relevant circumstances.
SECTION 8 – YOUR RIGHTS
In terms of applicable data protection and privacy laws we protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
As a data subject you have the following rights:
· Right of access: You have the right to obtain for us confirmation whether personal data concerning you is being processed, and where that is the case, access to the Personal Information and the additional information as outlined in the regulations.
· Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
· Right to erasure: You have the right to obtain from us the erasure of your personal data in terms of law. This right is limited by, and subject to all our compliance, regulatory and legal obligations.
· Right to restriction of processing: You have the right to obtain from us restriction of processing where, one of the following applies:
(1) the accuracy of personal data is contested by yourself for a period enabling us to verify the accuracy of your personal data;
(2) the processing is unlawful and you oppose to the erasure of your personal data and request the restriction of its use instead;
(3) we no longer need the personal data, but it is required by yourself for the establishment, exercise or defence of legal claims;
(4) you object to processing pursuant to your right to object pending the verification whether our legitimate grounds override yours.
· Right to data portability: You shall have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format.
· Right to object: You have the right to object, on grounds relating to your particular situation to processing of your personal data. We shall no longer process your personal data unless we have a compelling legitimate ground for the processing. You have the right to object at any time to the processing of personal data concerning you for direct marketing purposes.
· Right to lodge a complaint: Should you require any clarification or need to discuss matters relating to the processing of your personal data, you may contact the Data Protection Officer by email at info@the-osiris.com
In the case you are not satisfied with the outcome, as a data subject, you also have a right to lodge a complaint with the Information and Data Protection Commissioner, either online, via the submission of a report by conventional mail, or by email at idpc.info@gov.mt. Also, you may seek to enforce your rights through judicial remedy.
Please note that your rights in relation to your personal data are not absolute. If you intend to exercise one or more of your rights, please send your request by email at info@the-osiris.com
Generally, no fees are applicable when exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We will provide you with a response without undue delay, and in any event, within one month, which starts running as soon as your identity is verified. Occasionally, if your request is particularly complex or you have made a number of requests, we may extend our response time to three months. In any case, we will inform you accordingly.
We may need to request specific information from you to help verify your identity. This is a security measure to ensure that personal data is not disclosed to unauthorised third parties.
We may also contact you to ask you for further information in relation to your request to speed up our response.
SECTION 9 – JOB APPLICANT’S PRIVACY NOTICE
As part of our recruitment process, The Osiris’s HR department collects and processes personal data relating to job applicants. The personal data may be held by us – The Osiris Boutique Hotel(and our subsidiaries) – in paper or in electronic format. We are committed to being transparent about how we collect and use that data and to meeting data protection obligations under applicable law. We will retain your personal data for as long as necessary to fulfill the purpose of recruitment. If your application for employment is unsuccessful, we will hold your data on file for 6 (six) months from the date on which we shall communicate our decision to engage you or not. You can assess full Job Applicant’s Privacy Policy document here. If you have any questions, please contact info@the-osiris.com.
SECTION 10 – CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If our organisation is acquired or merged with another company, your information may be transferred to the new owners.