We would like to thank you for visiting https://www.ramlabayresort.com (our “website”) in which this Privacy Notice relates to. At Ramla Bay Resort we take data protection seriously and care about how your personal data is used and shared on line. This Privacy Notice has been formulated to outline our practices regarding the collection, use, disclosure and transfer of personal information that you may provide us with. Ramla Bay Resort is part of Holden Development Co Ltd and as the Data Controller, may collect data via this website or at our property.

The use of the internet pages of Ramla Bay Resort is not possible without the provision of some personal data. However, should you wish to use certain services via our website (www.ramlabayresort.com) and any related software applications, further processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we will ask for your consent.

In this Privacy Notice “You” and “Your” and “User” and “Data Subject” refers to an identified or identifiable natural person, being the user of our site; and/or the recipient (or prospective recipient) of any of our given services. Our Privacy Notice provides general information on how and why we in general process your  information via our website or any of our apps. Should you be in any doubt as to what your privacy rights are and how to exercise them please contact our Data Protection Officer (contact details can be found at the end of this notice).

All personal data processing shall always be in line with the main privacy laws that are applicable to us, are as follows:

• The Maltese Data Protection Act “DPA” 2018 (Chapter 586 of the Laws of Malta) including the various subsidiary legislation issued under the same and;
• The General Data Protection Regulation (EU) 2016/679 (GDPR) which protectsnatural persons regarding processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

All of the above are collectively referred to as the “Data Protection Laws”, of which are updated at times and will be reflected within our Privacy Notice. You are advised to read this Privacy Notice before using our website or submitting your personal information.

“Personal information” is any information that relates to a natural person who is identified or identifiable, directly or indirectly, with a particular reference to an identifier. This can be any information that can be used to identify you and may include but may not be limited to:

• Your name, address, email address, ID number, passport number, telephone number, gender, disability information, country of origin, information from your driving licence and any photographs or images contained on such documentation
• Reservation details, travel history, car rental packages booked and other information related to your stay or by visiting one our outlets
• Payment information: payment card number and other card information

We actively collect information from our guests, for example this may include when you communicate directly with us via email, when you complete our on line form on our Website (or via our third party websites). During check in and registration, we will also require you to provide your personal information.

Other examples of where we actively collect your information include: (i) upon registering your interest in booking accommodation or any other service(s) we provide; and (ii) for any sales enquires or transactions.

Passive information collection, sometimes known as Implicit data collection: In some circumstances, we may process your information on the basis of (i) your related interaction with us (for example, the web page from which you were navigated to the website, or (ii) Personal information that we have received or obtained from a third party (for example, publicly available information sources). In any of these circumstances, your personal information may be said to have been passively or implicitly collected (that means, it is gathered without you actively providing the information to the website that navigated you to “our” website).

An example of where your personal information may be passively/implicitly collected is when you visit the website. Each time you use our website, we will automatically collect the following information:

• Details of your use of the website including your user name, city, country, page views and searches made
• Technical information, including your IP address, date and time you accessed our website

The legal basis for processing shall be where:

• You have given us consent to the processing your personal data for one or more specific purposes;
• Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering a contract;
• Processing is necessary in compliance with a legal obligation to which as the controller is subject;
• Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Just in the same way as other hotels, we value your safety and security. We may therefore, record or capture images of our visitors and guests in public areas and certain location based data i.e., data from your room key card and other entry passes. We may also process your personal information by using CCTV in the principal of protecting you, our visitors, other guests and staff; and in accordance with our internal CCTV Policy and Procedure.

Unless otherwise specified and subject to various controls, we will only collect personal data from you that we:

• Require to enable us to provide you with the services or information you have requested from us. For the administration and completion of bookings reservations and registrations.
• To manage our relationship with you, including providing information in regard to our products and customer service
• Are legally required to collect/use and retain for a predetermined period of time
• Believe to be necessary to carry out the performance of a contract/service, or by law, legal disputes, regulatory investigations and compliance purposes
• Believe to form a basis of our legitimate interest, in cases that do not fall in line with the above categories
• To assist us in providing the services that you request, ensuring we meet your needs during your stay with us; and to allow us to contact you in relation to matters that may arise from your stay with us. Should any of your information change please inform us in order that your data is up to data and accurate
• We may at times rely on third party service providers, to assist us in delivering our goods and services to you; this includes when you access our website. We partner with other businesses to provide you with services, products and other offers you may request (for example, car hire services, spa treatments and various package offers). In these circumstances, we may need to share your personal information with our business affiliates in order to provide you with those services.

A cookie is a small of information sent by a web server to a web browser, which lets
us collect information from the browser. The cookies purpose is to provide a more tailored communication from the website.

We use cookies to identify you when you visit our website and to keep track of your browsing patterns – this means that in some circumstances cookies may remain on your device after you leave the website.

Your browser will return the cookie information only to the domain from where the cookie originated , i.e., the website, and no other website can request the information. The next time you visit the website, the cookie is sent back to the web server, along with the new request.

Most browsers will allow you to turn off cookies. If you want to know how to do this please look at the menu on your browser, where you can set your browser to notify you when you receive a cookie. This will enable you to decide whether to accept it or reject the cookie.

Our website uses cookies to keep track of your booking cart. We also use cookies to deliver content specific interest.

• Click here to view our Cookie Policy – to find out more about how our website works and how we can put you in control.

We have implemented effective and proportionate technical security controls with the aim to keep your information confidential and secure, in accordance with our internal procedures taking into account Articles 25 and 32 of the GDPR; ensuring the measures of confidentiality, integrity and availability of our systems and the personal data we process within them. These measures cover the storage, access and disclosure of information and will be held securely in accordance with our internal security policies, to protect the personal data that we may have under our  control.

We endeavour to use all reasonable efforts to safeguard the confidentiality of all personal data we may process that relates to you. Whilst regularly reviewing and enhancing our technical, physical and managerial procedures to ensure that your personal data is protected from:

• Improper use or disclosure
• Unauthorised modification
• Unauthorised access
• Unlawful destruction or accidental loss

All our employees who may have access to and are processing personal data on our behalf, are provided with the appropriate training and obliged (under contract) to respect the confidentiality and integrity of our data subjects as imposed by the Data Protection Regulation.

Please note that any messages that you send to us via email or any other internet connection may not be secure. Should you choose to send any confidential or personal information to us by such means, you will do so at your own risk with the knowledge that a third party may intercept this information. Therefore, we are not responsible for the security or integrity of such information. However, once we are in receipt of your information, we will use our stringent and security features in order to attempt in preventing unauthorised access. However, despite the security measures in place we cannot guarantee that any given storage system is 100% secure.

We will retain your information for no longer than is required by Data Protection Regulation and as the law permits; and intend to keep your data accurate and up to- date. At such time we will delete your data from our data base.

We may need in certain circumstances, to process your data or disclose your personal information in connection with the purposes held within this Privacy Notice, or as otherwise permitted by law. We have a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request.

This may include us to disclose your information to our agents, consultants and sub-contractors who may assist us in our booking and reservation systems; and whom are subject to the appropriate technical, security and confidential measures to meet with our obligation as the Data Controller.

Some disclosures may involve transferring your personal data to a country outside of the European Union or the wider European Economic Area (EEA). The EEA is comprised of member states of the EU, and Norway, Iceland and Liechtenstein. In some cases, International transfers may be made to countries which do not have similar data protection laws to those of the EU. In those circumstances, we will only disclose your personal information:

• Where the recipient of the personal data has been accessed by the European Commission as ensuring an adequate level of protection of personal information
• With your explicit consent
• On the basis of an agreement, in the appropriate form approved by the European Commission ( or equivalent body)
• Where we remain in control of the information; or
• Where otherwise permitted under applicable law

We will make the appropriate steps to ensure safeguards are in place to protect your personal information, where disclosure of information requires an international transfer.

This Privacy Notice applies to our website and the personal information we collate when you visit our website. Our website has a number of links or references to other websites, other agencies and local organisations.

Therefore, it is important for you to be aware that upon linking to or visiting another website, you are no longer on our website. We do not control such websites and we are not responsible for their data practices. This Privacy Notice does not apply to such third party websites.

Should you provide us with personal information about members of your family, friends, dependants or other third parties i.e., for the purpose of making a reservation, it is your responsibility to inform them of their rights in connection with this notice with respect to such information.

It is not in our interests to collect personal data relating to a minor under the age of 16 years. Should it come to our attention that such data has been forwarded to us without the prior consent of the legal guardian/parent, the data will be immediately deleted. We are thereby reliant on the legal guardian/parent to provide us with the appropriate information.

We are led by our client-first principles and want to inform you of your personal data rights.

In relation to the General Data Protection Regulation (GDPR), you have the following rights to:

1) Right to be informed – you have the right to know what we are collecting and how we are collecting it.
2) Right of access – you have the right to know whether we are processing your personal data, and what we are processing. We will respond within one month of receiving your request.
3) Right to rectification – you have the right to have any incorrect personal data corrected or completed if it is incomplete.
4) Right to erasure – this right, often is referred to the right to be forgotten, allows us to erase personal data where there is no valid reason for us to keep it.
5) Right to restrict processing – you have a right to request us to restrict the processing of your personal data.
6) Right to object – you have the right to object to our processing your personal data based on legitimate interests, or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing including profiling; and for statistical purposes.

We are not legally bound to comply with an erasure request if your personal data is necessary:

• For us to comply with a legal obligation to which we are subject (including but not limited to our duty to retain an accurate database of our company records and our data retention periods in line with local laws and data retention regulations).
• For the company to exercise our rights in defence of legal claims

We will ask for your consent before we intend to use your data for marketing purposes and/or if we intend to disclose your information to any third party for marketing purposes.

Should you require further information or to exercise your rights, please contact our Data Protection Officer. Before we address any request you make with us, we will require you to verify your identity. Data Subject Access Requests will be dealt within one month from the receipt of request, in line with the GDPR.

Should you have a complaint please contact our Data Protection Officer who will on hand to deal with your query/complaint. We will reply to all legitimate requests as soon as possible, at the latest within one month of receipt of the request. With that said, for more complex requests it may take longer than one month. In such cases, we will notify you accordingly along with regular updates.

However, you can also raise any concerns or complaints about our processing of your data with the relevant Data Protection Regulatory body within your country. Should you wish to contact the Data Protection Commissioner in Malta, the details are available at: https://idpc.gov.mt/en/pages/home.aspx

We would appreciate the opportunity to resolve any issues you may have in the first instance; though your right to file a complaint remains unaffected.

Ramla Bay Resort is part of the Holden Development Company Ltd. Our address is Triq Ir-Ramla, Marfa, Mellieha. MLH 7100, Malta. Holden Development Company Ltd is the Data Controller responsible for processing

Your Personal Data on this site or in the manner, as explained in detail in this notice. Should you have any queries about privacy or would like to exercise any of your individual rights, please contact us on:

Data Protection Officer Telephone Number: +356 2281 2281
Email Address: dpo@ramlabayresort.com

This Privacy Notice is regularly reviewed and will be updated when necessary.

Any changes will be published on our Privacy Notice a https://www.ramlabayresort.com

This notice was last updated April 2022.