[Last Updated: August 8, 2022]
Any capitalized terms not defined herein shall have the meaning ascribed to them in the Terms or in the applicable Privacy Laws.
“Customer” shall mean an individual, business, or other legal entity purchasing the Fattal Services through the Website or through other means. Any and all Customers shall be over 18 years old.
“Visitor” shall mean any individual browsing the Fattal Website.
2) CONTACT DETAILS OF THE CONTROLLER
The “Fattal” shall mean:
Fattal Hotels Ltd. a company registered under the law of Israel, together with its subsidiaries and affiliated companies,
registration number 510678816,
Address: 94 Yigal Alon St., Tel-Aviv, Israel,
For GDPR purposes, Fattal is the Data Controller of the Personal Data collected from you (“Controller”);
EU Data Protection Representative “DPR” for EU data subjects:
Sunflower Management GmbH & Co KG
Address: Landsberger Allee 117A 10407 Berlin.
Phone number: +49 (0) 30 - 688 322 0
Email address: email@example.com
3) WHICH DATA DO WE COLLECT AND FOR WHAT PURPOSE?
“Personal Data”: means information which identifies or may identify, with reasonable effort, an individual, including, inter alia, your name, address, phone number, billing information and online identifiers (such as IP address or Cookie ID).
Please see below the table which specifies the Personal Data we collect and how we use it:
|DATA SET||PURPOSE AND OPERATIONS||LAWFUL BASIS|
If you voluntarily contact us for with an inquiry, including through the use of any form in the Website (e.g., “Contact us” or “Conferences and events”) you may be required to provide us with certain information such as your name, email address, ID number, phone number, order number and the name of the hotel (“Contact Information”).
If you are contacting us on behalf of another person, we value your assistance and care for others, please note that it is your responsibility to make sure that any person whose Personal Data you provide is aware of the principles of this statement and agrees that you will provide Personal Data to us on this basis
We will use this data to respond to your inquiry or provide you with information regarding our Services. We may process the content of our correspondence with you to improve our customer service, and in the event, we believe it is required in order to provide you with any further assistance (if applicable).
We will store your data, including in any of our data systems such as CRM, analyze it, provide access to our relevant staff members and keep record of our correspondence with you.
|We process such Contact Information subject to our legitimate interest in order to respond to your inquiry and as part of our marketing efforts.|
Joining our Legacy Plan
If any of our plans will require any payment or subscription, we will also collect, retain and process your billing data, in a secure manner under common standards.
We will use this data to provide you, as a member of our special plans, with special offers, discounts, commercial proposals, information regarding our activity, etc.
We will collect and retain your data in our systems, use the data for delivering you any such news and proposals, and keep record of your membership with us.
We will use your billing information in relevant cases for charging you with the relevant subscription fees.
We process your member data for fulfilling our contract with you.
After you will terminate your membership, we will keep record of your data as part of our legitimate interests.
|Subscribing to our Mailing lists
In the event you sign up to receive our newsletter or other marketing materials ("Marketing Materials"), you will be requested to provide your contact details, such as email address, phone number and name.
|We will use your email in order to send you our newsletter and other Marketing Materials.||We process such Marketing Materials subject to your consent. You may withdraw consent at any time through the “unsubscribe” link within the email or by contacting us directly.|
In the event you apply for a job, we will collect your CVs as uploaded by you and your name, email address, phone number, preferred work and job area, and a photo (optional).
In the event you send us your CV, note that, your provision of Personal Data in connection with recruiting is voluntary, and you determine the extent of information you provide us.
If you are hired by us, the Recruitment Information that you provide us may be used in connection with your employment and our corporate management.
|We process such Recruitment Information subject to our legitimate interest.|
We use third-party cookies on the Website, as further detailed below, these cookies provide us with analytic services as well as marketing services. The Personal Data processed is an online identifier, either a cookie agent, the IP address, etc.
|We will use your Online Identifiers for analytic and marketing purposes.||We will process such data subject to your consent through the Cookie Banner on the Website.|
Booking and data regarding your stay with us
Please note that in the event you purchase through our call center, we will process your Purchase Information as well, during the call which is likely to be recorded.
We will use and process Purchase Information in order to enable you to purchase our Services and stay in one of our hotels.
We will use your information for contacting you with respect to your reservation and stay with us, for offering you with deals and other services and asking for your opinion regarding your experience as our customer.
Also, we may provide you with the option to revise or cancel your booking.
We process such Purchase Information for the fulfillment of the contract between us.
After we will complete processing your order and after you will check out from the hotel, we will keep your booking information as part of our legitimated interests.
Some of the data will be retained by us under our legal obligations, such as bookkeeping, tax and custom laws, etc.
Please note that, the actual processing operation per each purpose of use and lawful basis detailed in the table above, may differ. Such processing operation usually includes set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure or destruction. Transfer of personal data to third party countries as further detailed in the Data Transfer section is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of Website and to enforce the Terms, as well as to protect the security or integrity of our databases and Website, and to take precautions against legal liability. Such processing is based on out legitimate interests.
4) Cookies Usage
• Essential Cookies – which are necessary for the site to work properly (usually appears under our name/cookie tag);
• Functional Cookies – designated to save your settings on the site - your language preference or other view preferences (also, under our name/cookie tag);
• Session Cookies – used to support the Website's functionality – such Cookies are stored only temporarily during a browsing session and are deleted from your device when you close the browser.
• Targeting Cookies - these cookies are used to collect information from you to help us improve our products and services and serve you with targeted advertisements that we believe will be relevant to you (e.g., Google’s Cookies).
• Social networks Cookies - Social Plug-In Cookies (e.g., Facebook, Twitter, LinkedIn Cookies, or pixels, etc.) enable sharing your usage information with your social network’s accounts.
• Analytics Cookies - give us aggregated and statistical information to improve the Website and System and further developing it e.g., Google analytics, Google Firebase Catalytic, etc.
• Third-party services used by us – for example, an external service supporting our recruiting options through the Website (e.g., Comet or Workday), or an external service which allows us to screen short videos on our Website (e.g., YouTube or Vimeo).
In addition, Cookie’s data is usually collected through the use of third-party services, like Google, Facebook, etc. In those cases, your Personal Data might be transferred to those third parties, which might link it and use it together with other information they have on you from other sources. Such data is “owned” and processed separately by those third-parties under their terms and conditions and the direct accounts or subscriptions you have with those third parties. For example, suppose you have a Facebook account, the Personal Data collected through Facebook’s Cookies on the Website might be linked to other data that Facebook collects from you as a Facebook user, and might be used by Facebook per the independent agreements between you and Facebook.
For additional information regarding Cookies usage please refer to our Cookies banner on the Website.
5) HOW WE COLLECT INFORMATION
According to the nature of your interaction with Website, we may collect information as follows:
• Provided by you voluntarily – we will collect information if and when you choose to provide us with information, such as through a checkout process or when you contact us through the online form.
• Provided to us by third parties – as part of our digital marketing efforts as described hereunder.
6) DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH
We share your data with third parties, including with trusted partners or service providers that help us provide our Services and improve the Website:
|CATEGORY OF RECIPIENT||DATA THAT WILL BE SHARED||PURPOSE OF SHARING|
|Various Service Providers (payment processors, marketing, CRMs, etc.)||Contact Information.
|Booking your reservation, processing the payment, check in and check out, marketing and support.|
|Cloud Service Provider||All data||Data storage and providing you with the Services.|
|Analytics Service Provider||Online Identifiers||Please see the part regarding Cookies Usage above.|
|Legal and law enforcement||Subject to law enforcement authority request.||We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.|
|Our subsidiaries and affiliated companies||Reservation and legacy plan data||Fattal operates through various subsidiaries with whom it shares reservation data. In addition, we are associated with Leonardo Hotels chain and as part of that we may share your reservation data with any of the Companies in the Leonardo Group.|
Where we share information with service providers and partners, we ensure they only have access to such information that is strictly necessary in order for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations.
7) DATA TRANSFER
8) USER RIGHTS
You may have certain rights regarding the Personal Data that Fattal has collected about you.
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. We provide you with the ability to exercise certain choices, rights and controls in connection with your information. Depending on your relationship with Fattal (e.g., if you are a Visitor of our Website or a Customer), data protection and privacy laws provide you with some of the following principal rights regarding your Personal Data, including (and depending on your jurisdiction): The right to access your Personal Data that we process; The right to ensure your Personal Data is accurate, complete and up to date; The right to have your Personal Data amended (by correcting, deleting or adding information); The right to object to the processing of your Personal Data, to the extent applicable; The right to send or “port” your Personal Data; The right to file a complaint with a supervisory authority in your jurisdiction; The right to withdraw consent, subject to legal or contractual restrictions and reasonable notice; Right to Non-Discrimination, etc.
You may exercise any or all of your above rights in relation to your Personal Data by contacting us by mail: firstname.lastname@example.org.
Where we are not able to provide you with the information for which you have asked, we will endeavor to explain the reasoning for this and inform you of your rights, including the right to complain to the supervisor authority (in the event you are EEA resident). We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any such information in accordance with applicable law.
We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws or until an individual requests to opt-out of such collection. We may at our sole discretion, delete or amend information from our systems, without providing any notice to you, once we deem it is no longer necessary for our purposes.
We implement extensive security measures to reduce the risks of damage, loss of information and unauthorized access or misuse of Personal Data. We implement appropriate data collection, storage and processing practices and security tools to protect personal data against unauthorized access, alteration, disclosure or destruction. You should be aware that no security measures are completely fail-proof, and it is impossible to prevent any and all threats to the security of data and systems. Therefore, you should be aware that any processing of digital Personal Data holds certain inherent risks, and we cannot guarantee that our services and databases will be immune to any wrongdoings, malfunctions, unauthorized interceptions or access, malware attacks or other kinds of abuse and misuse.
Our System and Website are not directed, nor is it intended for use by children (the phrase "child" shall mean an individual that is under age defined by applicable law which concerning the European Economic Area (“EEA “) is under the age of 16 and with respect to the U.S.A, under the age of 13) and we do not knowingly process a child’s information. We will discard any information that we receive from a user who is considered a "child" immediately upon our discovery that such a user shared information. Please contact us if you have reason to believe that a child has shared any information with us.