DATA PRIVACY & SECURITY POLICY
We Are Committed to Protect Your Privacy
SDH Capital, a member of the db Group located at Marfa Road, Mellieha, Malta and its group companies have a strong commitment to provide quality service to our guests, patrons and potential customers and are further committed to protecting your privacy.
To ensure you can make informed decisions and feel confident about supplying personal data relating to you when purchasing our products and using our services, we provide this policy statement outlining our data collection practices and the choices you have concerning how the data is being collected and used.
The term “Data” refers to any personal information that can be used to identify you as an individual. It can include, among other things, your name, contact number, address, age, gender, passport or other identification document details, driver’s licence details, personal financial information, frequent flyer or travel partner information.
We limit the collection, use and retention of the Data to the specific information we need for legitimate purposes to administer our business, to provide you with quality service and offer various products or services from db Group that may be of interest to you. We take appropriate steps to protect Data collected against unauthorized access, disclosure or alteration, and to keep such Data accurate and up to date.
In order to protect your Data, we will require that you prove your identity to us in relation to your request to access your Data, which may consist of a copy of a government-issued identification, your signature and correspondence address so we can check them against our records and satisfy ourselves as to your identity. The above information is required to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your Data.
This data privacy statement was last updated on the 07th May 2018 in line with the last EU legislation to meet the GDPR requirements. In the future, we may need to make additional changes. All additional changes will be included in the latest data privacy statement published on our website (www.dbgroupmalta.com) and on this website (https://sdhcapital.co.uk/), so that you will always understand our current practices with respect to the information we gather, how we might use that information and disclosures of that information to third parties. You can tell when this privacy statement was last updated by looking at the date at the top of the statement. Any changes to our statement will become effective upon posting of the revised statement on this site. We will seek your express consent to any changes to how we use or disclose your Data if requested by law but otherwise use of this site or our services following such changes constitutes your acceptance of the revised statement then in effect.
This privacy statement contains numerous general and technical details about the steps we take to respect your privacy concerns. We have organised the privacy statement by major processes and areas so that you can review the information of most interest to you.
- DATA WE COLLECT AND HOW WE USE IT
- INTERNAL CONTROLS
- HOW WE STORE AND TRANSMIT DATA
- HOW WE TRACK CUSTOMER USAGE ON OUR WEBSITE
- E-MAILS ABOUT SPECIAL OFFERS AND PROMOTIONS AND OPT-OUT
- HOW LONG WILL DATA BE RETAINED FOR?
- NOTIFICATIONS IN THE EVENT OF BREACH
- OTHER SITES
- CHILDREN’S PRIVACY
- LEGAL DISCLAIMER
Data we collect and how we use it
When you request a particular service from us or otherwise interact with the SDH Capital website, we will ask you to voluntarily provide us with Data that we need. For example, if you would like us to make a reservation at one of our hotels, we will request for Data such as your name, address, telephone number, e-mail address and credit card information for payment purposes (including credit card number, code and expiry date). We will use your e-mail address to send an e-mail confirmation of your booking and a pre-arrival message summarising your confirmation details and preferences. Such pre-arrival message will include other information about the hotel.
ACCESSING OUR WEBSITE FROM A WEB-ENABLED MOBILE DEVICES
You can access our website from a web-enabled mobile device to find a db Group Hotel and/or restaurants operated by the db Group. You can make a reservation from a web-enabled device. When you make a reservation, you may need to provide certain Data such as name, e-mail address and credit card information for guarantee purposes.
THIRD PARTY PROVIDERS
This policy statement does not apply to our processing of Data on behalf of, or at the direction of, third party providers (for example, airlines, car rental companies) who may collect Data from you and provide it to us. In the situation where we would merely act as a data processor it is advisable for you to review applicable third party providers’ privacy policies before submitting Data.
Please note that SDH Capital Ltd and the db Group will never send you an e-mail requesting your password, credit card number or passport, personal identity card or social security number. If you receive any suspicious e-mails that looks like it is from our group, but asks you for your credit card number or passport, personal identity card or social security number, it is a fraudulent e-mail, or “phishing”. We recommend that you do not reply to the e-mail or click onto any links or pop-up messages and report to the local authorities which handle fraudulent e-mails. If you believe “phishers” have gained access to your personal or financial information, we recommend that you also change your password(s), alert your credit card service provider and bank and review credit card and bank account statements to check for unauthorised charges.
It is important to note that all e-mail communication is not secure. There is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail, for example, from the “Contact Us” section of our website. We recommend that you do not include any sensitive information including credit card details when using e-mail or using any public computers/public WIFI. Our e-mail responses to you may not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the Internet is guaranteed to be secure.
To be prudent, it is advisable to always close your browsers when you have finished completing a form or a reservation. Although the session will automatically terminate after a short period of inactivity, it is easier for a third party to gain access to your profile whilst you are logged onto our website and making a reservation.
How we store and transmit Data
IN OUR MARKETING DATABASE
Some of our group operations maintain a database of customer information which is used for marketing, promotion and research, understanding and analysing customer behaviour and customer profiling to improve our services. You will receive marketing and promotional materials if you have already given your express and specific consent in some data collection forms. You may elect to unsubscribe from receiving future e-mail promotions at any time.
SECURE TRANSMISSION AND STORAGE OF DATA
We treat all Data that you provide to us as confidential information. To prevent Data from unauthorised access or leakage, we have adopted and regularly monitor our group’s security and data privacy policies and procedures. We use SSL protocol – an industry standard for encryption over the Internet, to protect the Data. When you type in sensitive information such as credit card details, it will be automatically encrypted and transferred over a SSL connection. This ensures that your sensitive Data is encrypted as it travels over the Internet. You will know that you are in a secure mode when the security icon (such as a lock) appears in the computer screen.
DISCLOSURE OF INFORMATION TO THIRD PARTIES
In addition to the required information sharing described above, we use the services of third party agents, such as e-mail service providers and mail houses for the purpose of mailing materials to our patrons. These parties are contractually prohibited from using Data for any purpose other than for the purpose specified in their respective contracts. We do provide non-personally identifiable information to certain service providers for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of Data to entities outside of the db Group for any use unrelated to our group operations or use of Data by third party for their own purposes. db Group will implement, where necessary appropriate measures, including contractual clauses, to secure the transfer of your Data to the third party service providers located in a country* with a level of protection different from the one existing in the country in which your Data is collected.
How we track customer usage on our website
Our website only uses “cookie” technology as a tracking tool. Cookies do not retain registered guests’ information provided during the online reservations. Cookies identify your browser, rather than you and cannot be used by themselves to disclose your individual identity. Cookies enable us to track the number of page visits from the same computer or browser to be aggregated for statistical purposes.
Cookies do not corrupt or damage your computer, programs, or computer files.
The purpose for which cookies — other than those which are either exclusively intended to enable or facilitate communication by electronic means or strictly necessary for the provision of an online communication service at your express request — are used on our website is set forth in a banner appearing the first time you land on such website. By continuing to browse on the website, you consent to their use.
You may set your browser to block Cookies, although doing so will affect your ability to perform certain transactions, use certain functionality, and access certain content on our website. Procedures for managing your settings may differ depending on your browser. Please consult the instructions for your particular browser on how to do this.
You can choose the “Help” function, followed by “Cookies” to find out where your cookie folder is stored.
Our group and our third-party service providers may use pixel tags (also known as “clear gifs”, “beacon gifs” etc.), tracking links and/or similar technology to:
- Track customer response to SDH Capital Ltd advertisements and website content;
- Determine your ability to receive HTML-based e-mail messages. Our e-mail service provider includes a pixel tag, which they refer to as a “coded sensor” in all of the HTML-based messages sent on our behalf. The sensor activates when the e-mail message is opened and flags the e-mail address of the user as one that is capable of receiving HTML-based e-mail messages. This capability helps our service provider to send the e-mail in a format you can read. The sensor does not collect or use any other information. If you cannot receive HTML, you will not receive a functioning sensor;
- Know how many users open an e-mail and allow our service provider to compile aggregated statistics about an e-mail campaign for us; and
- Allow us to better target interactive advertising, enhance customer support and site usability, and provide offers and promotions that we believe would be of interest to you. Your Data will not be collected apart from what you voluntarily provide us in your dealings with our group operations.
E-mails about Company Updates, Related Articles and Promotions and Opt-Out
With your consent, we may send you information about SDH Capital Ltd, and other operations operated by our group companies, including special offers on accommodation, food and beverage, spa and other hotel services by post or e-mail. It is however our intention to only send you mail and e-mail communications that you may want to receive. When you opt-in and do not opt-out from receiving promotional material either on a guest registration card; or when you patronise our restaurants or fill in membership forms and provide your e-mail address to us specifically and expressly in order to receive marketing communications, we will periodically contact you via e-mail and provide information about special offers and promotions that may be of interest to you. These communications will relate to offers relating to db Group, and restaurants operated by our group companies. We typically use third party e-mail service providers to send e-mails. These service providers are contractually prohibited from using your e-mail address for any purpose other than to send e-mails related to our group operations. Data will not be shared with third parties for their own marketing purposes.
We provide you the ability to unsubscribe from all marketing communications. Every time you receive an e-mail, you will be provided with the choice to opt-out of future e-mails by following the instructions provided in the e-mail. You may also opt-out of receiving promotional materials by updating your account, or sending a letter to our GDPR Coordinator.
C/O db Seabank Resort + Spa
Mellieha, MLH 1024
C/O Gilbert Schembri
Or on email address firstname.lastname@example.org
It may take a few days for us to process your opt-out.
DATA PRIVACY & SECURITY POLICY
Your Data will be stored for the period of time required or permitted by law in the jurisdiction of the operation holding the information. However, information that is stored on our websites may be edited and deleted by users of such service at any time.
Data may be stored by db Group and other group operations as long as required for the business purpose for which these Data are processed.
Notifications in the event of breach
In the unlikely event of a Data breach, we are prepared to follow any laws and regulations which may require us to notify you of the disclosure of private information.
Our careers websites at www.dbgroupmalta.com allow individuals that wish to be considered for potential employment to attach their curriculum vitae for consideration. We will not use the information you provide for any purpose other than to determine your qualifications for potential employment at the db Group.
Our website is not intended for children and minors and we do not knowingly solicit or collect Data from children and minors. As a parent or legal guardian, please do not allow your children to submit Data without your permission.
The Language in which Contracts may be Concluded.
All transactions / bookings carried out on our website are concluded in English.