Privacy Terms and Data Processing Agreement
Effective date: 25th May 2018
Hotelinco is an online hotel property management system and a trademark of MAiS Inc. Ljubljana, Slovenia.
To MAiS, privacy and security are of utmost importance we strive to ensure that our technical and organisational measures in place respect your data protection rights.
These Privacy Terms and Data Processing Agreement apply to the access and use of Hotelinco online hotel property management system and the websites www.hotelinco.eu and hotelinco.net and their subdomains (collectively, the “Website”) operated by MAiS and all features, functions, software and services offered through the Website. The website and features, software and services offered through the Website collectively constitute the "Service".
In order to be able to use the Service, you must accept the General Terms and Conditions for the use of Hotelinco. By accepting the General Terms and Conditions, you are Hotelinco User (User).
By registering a hotelinco account and by loging into the user account each user explicitly agrees with processing of personal information as specified and in accordance with in these Privacy terms.
If you subscribe to our services or fill in the contact form on website (www.hotelinco.eu) or any other MAIS-owned sites, you agree and accept that we can collect, process, store and / or use personal information submitted in accordance with the rules set out below.
All use of the Website and Hotelinco system, which is available on the website www.hotelinco.net, is subject to the General Terms and Conditions. Please read General Terms and Conditions.
2. Data processing agreement
These Privacy Terms apply to the Service and form an integral part of the General Terms. By entering into Agreement the User accepts these Privacy Terms. In this respect these Privacy Terms serve as a Data processing agreement between the User and MAiS.
We reserve the right to change the provisions of these Privacy Terms from time to time. In the event we make such changes, we will notify User in advance. User will have to explicitly accept the amended Privacy Terms.
In the event User does not explicitly accept the amended Privacy Terms and this results in a situation in which MAiS in its sole opinion is not willing or able to continue to provide the Service, MAiS has the right to terminate Agreement and this Data processing agreement without being liable to User.
As long as User has not explicitly agreed to the amended Privacy Terms, the current version of the Privacy Terms shall apply.
MAiS processes Personal Data in the area of United States, and the European Economic Area (“EEA”) and in other countries through third parties that we may use as partners or subcontractors.
MAIS processes and stores personal data in the European Economic Area and possibly in other countries through third parties that we use to provide the Website or Service. When you visit our website or use the Service or provide us with any other information, you agree (and you assure that you have the authority to give such consent) for the processing and transfer of personal data for the purposes defined in these Privacy Terms. MAiS or MAiS data processing partners will not export personal data to third countries, with the exception of the US, whereby Users acknowledges and accepts that. MAIS and MAIS data processing partners will transfer personal data to the US in such a way that appropriate safety measurements will be adopted and implemented.
The respective definitions will be defined in this Data Processing Agreement. If a definition is not defined in this agreement, the definition will be defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and appealing Directive 95/46/EC (the “GDPR”).
4. What is personal information?
“Personal Information” means any information relating to an identified or identifiable natural person (“data subject”) according to the definition of personal data as set out in GDPR.
An identifiable person is someone who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity.
“Personal Information” is information that identifies an individual (such as a name, address, telephone number, mobile number, e-mail address, or other account number), and all information about that individual’s location or activities, such as information about his or her use of the Service, IP-addresses or mobile device identifiers, when this can be linked to any Personal Information.
“Personal Information” also includes demographic information such as date of birth, gender, geographic area and preferences when this information can be linked to any other Personal Information.
“Personal Information” does not include “aggregate” information, which is data about a group or category of products, services or users, when this “aggregate” information cannot be linked to any Personal Information. Aggregate data helps us understand trends and our Customers’ needs so that we can better consider new features and functions, or otherwise tailor our Services. These Privacy Terms do not restrict or limit our collection and use of “aggregate” information.
5. What personal information do we collect?
a) Active Collection
If you choose to order services from us, we will collect your company’s contact details (name, address, e-mail address, further contact details, details about your business). We will store both these data and any correspondence transferred to us and use them for the purpose of providing our services to you, in order to improve our service and for marketing purposes.
When we provide services to you, we will store any data you choose to upload to our system running on our servers. This comprises of data concerning your business, your employees, and your guests. Upon request, we will be able to provide you with a separate agreement regarding order-data processing pursuant to GDPR.
When User uses our websites, the following Personal Information may be collected:
- Contact information, such as name and surname, e-mail address, postal address, IP number, geographic location, and telephone number;
- Information about your business, such as company or property name, accommodation size, and type of accommodation.
When User uses our services, the following Personal Information may be collected:
- Contact information, such as name and surname, e-mail address, physical mailing address, IP number, geographic location, and telephone number;
- Billing information, such as tax number, postal address
- Unique identifiers, such as user name, user account number and password
- For managing property and their customer relationship management, Users can collect: name and address, postal address, telephone number, date of birth, type and number of personal document, place of birth, communication language, telephone number, fax number, mail address, billing information, company name of your contacts, company tax number, scheduled date of travel, reservations, interests or guests preferences regarding their stay, all of which Users can collect through Guest Profile feature and the guest data export feature in the Hotelinco application.
When User uses our Services, the following personal information may collected in a number of ways:
- When User registers its hotelinco user account we will collect the registration information provided to us. This contains the name, address, e-mail address, user name and other contact and demographic information in connection with registration and set up of account. From time to time we may change the information requested upon registration or with respect to certain features or Service. MAiS will inform User of such change.
- When User submits inquiry about the Service or contact us for more information about the Service, we will collect contact information for the purposes of communication on and regarding our Service.
- If User contacts us by e-mail or some other means, we may collect the content of the messages, e-mail address as well as response.
- If User orders a service from us, we will keep user’s contact information for the purpose of providing the ordered service.
The registration of User and/or correspondence with us via e-mail constitutes a commercial relationship and implies the User’s consent for us to communicate to User about our Service.
- When User or user’s customer/ guest creates a reservation using integrated reservation system (e.g. fidelityhotel.net.) we will collect the information in order to provide the service.
- When User uses channel management system integrated with hotelinco, reservation data are collected in order to provide the Service.
When you provide us with personal information about your customers/ guests, we will use them only for the purpose with which they were sent.
- Personal Information and demographic information may also be collected if User provides such information by using other support systems, sending an e-mail or message to another user or participating in any interactive chat rooms, forums or features on the Website and when User uses our Service.
- From time to time we post User testimonials/comments/reviews on our Website which may contain personally identifiable information. Prior to posting the testimonial, we will obtain User’s written consent via e-mail to post their name along with his/her testimonial.
b ) Log files
When User uses the Service, some information of User is also automatically collected, such as its: Internet Protocol (IP) address, operating system, the browser or mobile device type, the address of a referring website and User’s activity on the Website and regarding the use of the Service.
We treat this information as Personal Information in the event this information can be linked to any Personal Information mentioned above. Otherwise, it is used in the aggregate form only.
When you opt in to receive our newsletter we will also use your personal data in order to provide the service. The personal data is stored in Mailjet system to which we have password protected access. By signing up for newsletter you also allow us to track statistics for sent emails. The data we use is used to help us improve the Service. Mailjet allows us to track statistics of open emails and clicks on individual links. You can at all times opt out from our newsletter by using the corresponding link within each individual newsletter or by contacting us.
By using the Website User agrees that we may automatically collect certain information through the use of “cookies”.
Cookies are small data files that are stored on your computer at the request of our website which enable us to recognize Users who have previously visited the Website.
We use our own and third-party cookies.
We use our own cookies to recognize you when you visit our website hotelinco.net; these cookies can only be read and used by our servers. We use our own cookies on our websites to maintain the session and your preferences, customize your user experience as well as obtain website use statistics.
Users can review and remove cookies that are installed by visiting individual websites at any time in their browsers. However, if you turn off cookies, some of the webpage options may be disabled.
e) Links to other websites and services
6. Processing of personal data
User will at all times be the data controller of the Personal Information for purposes of the Service and according with these Privacy Terms. MAiS shall at all times remain the data processor. If MAiS nevertheless processes Personal Information for its own purposes, MAiS will be deemed to be a (joint) data controller with regard to the Personal Information. A ‘data controller’ and ‘data processor’ shall have the same meaning as in the GDPR.
User shall be responsible for compliance with its obligations as data controller under the applicable data protection law, in particular for justification of any transmission of Personal Information to MAiS and for the decision concerning the processing and use of the Personal Information. This shall include providing any required notices and obtaining any required consents. If MAiS is deemed to be a (joint) data controller in relation to the Personal Information, it shall also be responsible for compliance with its obligations as data controller under the applicable data protection law.
As data controller, it shall be your responsibility to inform the End-Users / your Guests about the processing, and, where required, obtain necessary consents or authorizations for any Personal Data that is collected through your use of the Service(s). As the processors of Personal Data on behalf of our Users, we follow User’s instructions with respect to the Service Data to the extent consistent with the functionality of our Service(s). In doing so, we implement technical, physical and administrative measures against unauthorized processing of such information and against loss, destruction of, or damage to, Personal Data.
7. Purposes of processing Personal Information
MAiS shall process Personal Information as stated in these Privacy Terms solely for the reasons mentioned below. Each reason has been categorized on its legal basis. MAiS shall not:
(1.) process and use Personal Information of User for purposes other than set forth in the terms of service for the Service and the Privacy Terms, or as instructed by the User, or
(2.) disclose Personal Information to third parties other than the Subprocessors for the below mentioned purposes, or as required by law.
Processing for which the Customer has to give consent:
- to analyze user characteristics and usage patterns in order to improve User experience, adjust and improve the Service and market it more effectively;
- to inform User about other information, events, promotions, products or services we think will be of interest to User;
- to request feedback and to enable us to develop, customize and improve the Service and our publications and products;
If User refuses consent for processing its personal information for the in this subsection mentioned purposes, User will not be hindered in its use of the Service. Refusing or withdrawing consent thus has no negative effects on User’s use of the Service.
Processing necessary for the performance of a contract and providing the Service:
- for the provision of the Website and the provision of the Service according to our Terms of Service;
- to process and/or respond to User’s requests, submissions, comments, complaints and any transactions;
- to send automated messages via the Service or Hotelinco system
- to inform users about new features and product upgrades;
- to provide technical support and system maintenance;
- to provide User with information or services requested;
- to facilitate User’s use and our operation of the Service;
- to maintain User account or providing assistance for in using the Service
- to process reservations through booking engine fidelityhotel.net
- to perform system upgrades or additionally ordered services;
- for the purpose for which the information was provided;
- to evaluate the needs of User’s business and to advise User on appropriate product features, solutions and use of the service
- for storing data, creating backups, and transmitting data with encrypted procedures (ex. using iStor);
- to ensure proper IT equipment security and to prevent abuse;
- for the purposes of communicating with other systems that User uses in connection with the Service.
Processing necessary for compliance with a legal obligation
- facilitate our administration of the Service;
- to prevent or investigate actual or suspected fraud, hacking, infringement, or other misconduct involving our Services or Website.
8. Data protection and storage
MAIS ensures protection of personal data in accordance with this policy and with the requirements for the protection of personal data, which are determined by the legislation of the Republic of Slovenia (Personal Data Protection Act, Official Gazette of the Republic of Slovenia No. 86/2004 as amended) and in accordance with the EU GDPR Regulation 95/46/ES.
We store Personal Information for as long as it is required to provide the Service.
The User acknowledges and agrees that MAIS stores personal data which have been provided at the time of account registration by user and personal data user collects through the use of hotelinco during the time user has the status of a registered user and 30 days after the cancellation of the agreement, as in accordance with the General Terms and conditions for the use of Service.
MAIS may store the data as long as it is strictly necessary to achieve the purpose for which the data were collected and/ or as long as required by law, to maintain financial and other records, to settle possible disputes and enforce agreements, and then permanently erases them or effectively anonymizes, so that the specified data can no longer be associated with a particular individual.
9. Partners-subcontractors and the provision of personal data
Without the prejudice to the provisions of this Privacy Terms, Personal Data contained will never be sold to or shared with other companies or organizations for commercial or any other purposes.
We can transfer personal data to our partner companies and specialized subcontractors who help us provide our services. Transfers to the following third parties are covered by separate service agreements with our subcontractors.
The contractual processors with whom MAIS cooperates are: accounting services, law firms and other providers of legal advice, data processing and analytics providers, IT system maintenance providers, data storage security providers (e.g. iStor DataVault), email service providers (e.g. Mailjet), web site platforms (e.g. wix), payment system providers such as PayPal, Moneta, ticketing support systems (e.g. Freshservice), CRM, Google (only cookie) for remarketing purposes.
MAIS or MAIS data processing partners will not export any personal data they process to third countries, with the exception of the US, with which you as an individual are acquainted and agree with. MAiS and MAiS data processing partners will transfer personal data to the US only in a safely manner and with appropriate security measures, in accordance with GDPR.
10. Protection of Personal Information
MAiS shall ensure that it implements and maintains compliance with appropriate technical and organizational security measures for the processing of Personal Information. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we have received it.
We have put in place physical, electronic, and managerial procedures that are designed to prevent unauthorized access, loss, or misuse.
We use SSL (secured socket layer) technology to encrypt your transmission of sensitive information to us, such as account passwords, credit card numbers and other payment-related identifiable information).
We restrict internal access to Personal Information to employees who need the information to perform their duties. The unauthorized access or use of such information by an employee is prohibited and constitutes grounds for a disciplinary action. Employees of MAiS are bound to a confidentiality clause.
Our information management systems are configured in such a way as to block or inhibit employees from accessing information that they have no authority to access.
You should note that our Subprocessors may be responsible for processing, handling or storing some of the Personal Information that we receive. They are not authorized to market to you independently. These Subprocessors are contractually by means of a data processing agreement with MAiS required to safeguard and secure the Personal Information they received from us.
No method of transmission via the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
MAiS shall ensure it has a procedure to periodically test and evaluate its technical and organizational security measures for the processing of Personal Information.
11. Cooperation and notification obligations
MAiS and the User will – to the extent possible – co-operate with each other to promptly and effectively handle enquiries, complaints, and claims relating to the processing of Personal Information from any government official or other authority (including but not limited to any data protection legislation enforcement agency), third parties or individuals (including but not limited to the data subjects).
MAiS and the User are aware that applicable data protection legislation may impose a duty to inform the competent authorities or affected data subjects in the event of a data breach.
Data breaches should therefore be notified by MAiS to the User within 24 hours after they have been discovered, regardless of their origin. This also applies to serious operational faults or where there is any suspicion of an infringement of provisions relating to the protection of Personal Information or other irregularities in the handling of Personal Information belonging to the User. In consultation with the User, MAiS shall take appropriate measures to secure the Personal Information and limit any possible detrimental effect on the data subjects. Where obligations are imposed on the User as a data controller under applicable data protection legislation, MAiS shall fully and at its own expense assist in meeting them.
11. Your rights
Before sharing your Personal Information with third parties in ways not covered by these Privacy Terms, including any use for direct marketing purposes, you will be notified and required to opt-in to such sharing at the point at which such information is collected.
MAiS may send you marketing and promotional postal mail about our products and services.
If you no longer want your information to be used by MAiS for direct marketing purposes sent by postal mail please contact us at email@example.com.
You can also opt-out by following the unsubscribe instructions included in each promotional e-mail. This shall not affect our ability to send you service and account related e-mails or to use your Personal Information as otherwise described in these Privacy Terms.
We will be pleased to inform you upon your written request and in accordance with our legal obligation, if and which personal date we store. In accordance with the client's request, we will comply with the request as soon as possible after receipt.
In accordance with the provisions of the GDPR Regulation, you may request the correction, blocking and deletion of such data, unless these claims are contrary to the statutory deadlines for storage.
If you need additional information or have any questions about how we treat privacy data, please contact us via email.
12. How can User review, update, correct, or delete Personal Information
User may review, update, correct or delete its Personal Information collected through the Website and Service by e-mailing us at firstname.lastname@example.org.
Note that the deletion of User information data may lead to the termination of the Account of User and the use of the Service.
To have access to your Personal Information, you must provide sufficient proof of identification as we request, and we reserve the right to deny access to any user if we believe there is a question about your identity. We will respond to all access requests within 4 weeks.
User can request us to limit or stop the processing of its Personal Information in the future. We will meet the request of User, but User may be hindered in its use of the Service or may no longer be able or allowed to use the Service.
User can request us with reasonable intervals to transfer the Personal Information we process about him or her to him or her or another third party as specified by User, as long as the requested information does not include Personal Information of other natural persons and as long as the requested information has been processed based on the legal grounds of Customer permission or necessity for providing the Service and performing the contract. We will meet the request of User within 4 weeks after we have received the request.
Customer has the right to file a complaint to the competent privacy authority. For Slovenia, this authority is Informacijski pooblaščenec which can be reached at https://www.ip-rs.si/.
If a data subject contacts MAiS directly with a request as stated before, we will redirect the data subject to User and only after permission of the User shall we provide an overview of Personal Information of that data subject.
We reserve the right to retain your information in our files if we believe it is necessary or advisable to resolve disputes, enforce applicable terms of service, and for technical and legal requirements and constraints related to the Service.
13. Final provisions
The ineffectiveness of any provision of this Privacy Terms, irrespective of the reason for invalidity, does not imply the invalidity of this Privacy Terms as a whole. In such a case, an invalid provision shall be deemed to have been unpublished, and this Regulation shall continue to apply without this provision.
13. Governing law
The law of the Republic of Slovenia and the law of the European Communities shall apply to legal relations between users and MAIS. The court in Ljubljana, the Republic of Slovenia, has jurisdiction to resolve any disputes.
If you have any questions regarding these Privacy Terms, please contact us via e-mail: email@example.com
Our postal address is: MAiS d.d., Leskoškova c. 10, 1000 Ljubljana, Slovenia.