We would like to thank you for visiting https://www.xarapalace.com.mt (the “Website“).
Privacy assurance
We, The Xara Palace Hotel Co. Ltd. , C325 of Xara Palace Hotel, 11, Misrah il-Kunsill, Mdina, Malta, are firmly committed to protecting your privacy and we will not collect any personal information about you unless you provide it voluntarily. This privacy policy (the “Policy“) is designed to tell you about our practices regarding collection, use, disclosure and transfer of personal information that (i) you may provide, or (ii) The Xara Palace Hotel Co. Ltd. and its affiliates (“we” or “us“) may collect from time to time, via this Website or through our sales team.
Please read this Privacy Policy before using or submitting your information to us.
1 . What is personal information?
1.1
”Personal Information” consists of any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2. When you make use of our Website, book reservations or inquire as to our services, we may ask you to provide some Personal Information such as your full name, birth date, address, email address and telephone number(s)
1.3 Other categories of Personal Information may also be requested such as:
- Payment details,
- Gender,
- Marriage or Civil Union details,
- National identification information,
- Photographs and images
1.4. When you visit our [restaurants], [facilities], [venues], please note that We utilise CCTV for security purposes.
1.5. Information may be collected actively or passively
Active information collection: This occurs when We collect information from customers such as when you communicate directly with us via e-mail or by filling in online forms on our Website.
Passive information collection: In some circumstances we may process information on the basis of (i) your related interactions with us (for example, the web page from which you navigated to the Website), or (ii) Personal Information that we have received or obtained from a third party (for example, publicly available information sources). In these circumstances, your Personal Information may be said to have been passively collected (that is, gathered without you actively providing the information).
An example of where your Personal Information may be passively collected is when you use the Website. Each time you use the Website, we will automatically collect the following information:
- details of your use of the Website including your user name, city, country, page views, searches, downloads (file names)
- technical information, including your device model, operating system of the machine running your web browser, type and version of your web browser, IP address, date and time when you accessed the Website
- web page download information
- general Website usage information
- 2. Purposes and use of information
2.1 This section of the Privacy Policy explains why we process, collect and use your Personal Information. Data Protection rules allow Us to use and share your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons and these are:
- Contract – your personal information is processed in order to fulfil a contractual arrangement e.g. in order to reserve and book one of our venues for your special occasion;
- Consent – where you agree to us using your information in this way e.g. for storing your payment card details.
- Legitimate Interests – this means the interests of managing Our business, to allow us to provide you with the best products and service in the most secure and appropriate way e.g. website personalisation and administration.
- Legal Obligation – where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.
2.2 Here is a list of the ways that we may use your Personal Information and the reasons described above we rely on to do so.
What we use your Personal Information for | Legal Basis |
Processing of Reservations and Orders | Fulfilling a contract and Legitimate Interests |
Storing Payment Details | Consent |
Managing your account, processing inquiries, providing customer services, keeping records up to date for effective handling of customer contact | Legal Obligation / Legitimate Interests |
Detection investigation, and reporting of financial crime (e.g. Fraud) | Legal Obligation / Legitimate Interests |
Marketing communications to inform you of special offers, promotions, new lines and services. Provide you with online advertising. | Legitimate Interests |
Website personalisation and administration | Legitimate Interests |
Notifying you about enhancements to our services, such as changes to the Website, and new services that may be of interest to you | Legitimate Interests |
Contact you to undertake customer satisfaction surveys, invite you to provide service reviews or for market research | Legitimate Interests |
Maintaining network and data security | Legitimate Interests |
Logistics planning, demand forecasting, management information and research | Legitimate Interests / Fulfilling a contract |
For legal disputes, regulatory investigations and compliance purposes
|
Legitimate Interests / Legal Obligations |
- 3. Cookies
3.1 The Website creates “cookies” when you visit it.
3.2 A cookie is a small piece of data that a website can send to your browser for storage (i.e. so it can later be read back from that browser). The purpose of cookies includes providing more tailored communications from websites.
3.3 Cookies may collect information (including Personal Information), such as user preferences, general usage information, membership information and unique identifiers. Cookies may in some circumstances also remain on your device after you leave the Website.
3.4 Your browser will return the cookie information only to the domain from where the cookie originated, i.e., the Website, and no other website can request this information. When you return to the Website, the cookie is sent back to the web server, along with your new request.
3.5 Your browser may provide settings where you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or reject the cookie altogether.
3.6 The Website uses cookies to keep track of your booking cart. We also use cookies to deliver content specific to your interests. Click here for more information.
- 4. Disclosure of information
4.1 In some circumstances, we may need to process or disclose your Personal Information in connection with the purposes listed in this Privacy Policy (including those set out in section 3), or as otherwise permitted by law.
4.2 We may disclose your Personal Information:
- to our event organisers, audio visual service providers, event planners, venue owners, IT companies, Marketing Companies, Payment Processing providers, legal advisors and sub-contractors who assist us in running our business and who are subject to appropriate security and confidentiality obligations;
- if the whole or a substantial part of our business is to be sold or integrated with another business, to our advisers and any prospective purchasers (and their advisers); and
- where we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request.
- Links to other websites
5.1 This Privacy Policy applies to the Website and all Personal Information that We collect. Our Website has a number of links or references to other websites, other agencies, local and international organisations.
5.2 It is important for you to note that upon linking to or visiting another website, you are no longer on our Website, and you become subject to the privacy policy (if any) of the new website. We do not control such websites and are not responsible for their data practices. This Privacy Policy does not apply to such third party websites.
6. Security
6.1 We will take appropriate measures to keep your information confidential and secure in accordance with our internal procedures covering the storage, access and disclosure of information.
6.2 Please note that messages you send to us by e-mail or via any internet connection may not be secure. If you choose to send any confidential information or Personal Information to us by such means you do so at your own risk with the knowledge that a third party may intercept this information. We are not responsible for the security or integrity of such information. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Information about related persons
7.1 if you provide us with Personal Information about members of your family, friends, dependents, or other third parties (e.g. for the purposes of making a reservation), it is your responsibility to inform them of their rights in connection with this Privacy Policy with respect to such information. You may, for example, provide such individuals with a copy of this Privacy Policy for these purposes.
7.2 The collection of personal data relating to persons under the age of 16 years is not within our interests. Should it come to our attention that such data has been passed to us without the approval of the parents or legal guardian, this data will be deleted immediately.
7.3 Thereby we are reliant on the parents or legal guardians providing us with the appropriate information.’
8. Retention of information
8.1 We intend to keep your Personal Information accurate and up-to-date. We will retain your data for no longer than required. From time to time we may delete or anonymise your personal information.
9 Your rights
9.1 If any of the Personal Information that you have provided to us changes, please Contact Us and let us know the correct details.
9.2 Under applicable law, you have the right to:
- request a copy of the personal information about you that we hold
- request correction or deletion of Personal Information about you that is inaccurate
- withdraw any applicable consent for processing and transfer
- object to our using your personal information for marketing purposes
- object to profiling and automated decision making
9.3 In some circumstances, you may also have a “data portability” right to require us to transfer your personal data to you or to a new service provider.
9.4 We will ask your consent if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for marketing purposes.
To exercise any of these rights at any time, please Contact Us.
10 Contact us
10.1 If you have any questions about this Privacy Policy or our data protection practices, please contact us at:
Email: office@bar.com.mt
Address: Refalo & Zammit Pace Advocates, 61, St. Paul Street, Valletta VLT1212, Malta
Telephone: +356 2122 3515
11. Complaints
11.1 You can also raise complaints or concerns about our use or other processing of your Personal Information with the body regulating data protection in your country. In Malta, this is the Information and Data Protection Commissioner (details are available at https://idpc.gov.mt/en/Pages/Home.aspx).
12 Changes to this Privacy Policy
12.1 If there are any changes to this Privacy Policy, we will replace this page with an updated version. The new terms may be displayed on-screen and you may be required to acknowledge that you have read them before you continue to use the Website.
12.2 It is therefore important that you check the “Privacy Policy” page when you access our Website so as to be aware of any changes which may occur from time to time.