Privacy Policy

Savynomad – Candidate Privacy Policy

Introduction

1.1. Savynomad located at 22, St Anthony Street, Valletta, Malta, (herein “Savynomad”, “we”, ”our” or “us”) is committed to protect and respect your privacy.

1.2. This Privacy Policy (“Policy”) is being provided to you because you are registering as a candidate with us.

1.3. We are the controller of your personal data; this means that we are responsible for deciding how we hold and use personal data about you.

1.4. The Policy sets out the basis on which we will process your personal data namely for the recruitment purposes and how long it will be retained for. This Policy also provides you with certain information that must be provided under the General Data Protection Regulation (EU 2016/679) (GDPR) and local data protection laws. Please read this Policy carefully to understand our practices regarding your personal data and how we will use it.

2. Principles for Processing your Personal Data

2.1. We will comply with data protection laws and principles which means that your data will be:

Processed lawfully, fairly and in a transparent way.
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
Relevant and adequate to the purposes we have told you about and limited only to those purposes.
Accurate and kept up to date.
Maintained only for as long as necessary for the purposes we have told you about, i.e. in relation to the recruitment exercise.
Kept securely and protected against unauthorised or unlawful processing and against loss or destruction using appropriate technical and organisational measures.

3. Personal Data which is protected

3.1. This Policy aims to provide you with all the information concerning your personal data, specifically what type of personal data is collected and for what purposes.

3.2. We may process personal data and/or special categories of personal data;

Personal Data: is defined as any information relating to you as an identified or identifiable natural person
Special Categories of Personal Data: is specific data concerning more sensitive data relating to you as an identified or identifiable person which reveal your racial, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

4. Personal Data we collect from you

4.1. We collect personal data about the candidate from you, or your named references

4.2. We will collect, hold and process the following data about you:

The data you have provided to us in your curriculum vitae (CV) and personal data contained in your covering letter.
The data you have provided upon registering with us as a candidate including your name, title, home address, telephone number, personal email address, nationality, identification number and any other data provided by you during interviews in support of the recruitment process.
Any personal data provided to us about you by your references [if applicable]

4.3. The legal basis on which we process the categories of personal data referred to in 4.2. are referred to in 5.2.

5. How we use your personal Data

5.1. We will use your personal data to:

Assess your skills, qualifications and suitability for the role
Carry out background and reference checks, where applicable
Communicate with you about the recruitment process
Keep records related to our hiring processes
Comply with legal or regulatory requirements

5.2. Legal basis on which we may process your personal data

Consent: We may seek your consent to process your personal data in specific circumstances; or
Legal Obligation: We may process your personal data where we have a legal or regulatory obligation to adhere to; or
Legitimate interest: We may process your personal data where it is necessary for the purposes of our legitimate interests as a business, specifically, to ensure that we recruit the best possible candidates.

6. Retention and Storage of your Personal Data

6.1. If you apply for a job with us and your application is unsuccessful or you have decided to withdraw from registering with us, we will retain your information for a year after you submit your application. The reasons why we retain your application for a year include the possibility of future jobs, contractual obligations or if applicable, for future legal claims to ensure that the recruitment exercises was carried out in a fair and transparent manner.

6.2. Your personal data will be stored in electronic means on a specific CV Software System which only authorised personnel have access to.

7. Disclosure of your personal data to Third Party

7.1. We work closely with third parties to provide the best possible service to you. These third parties include recruitment software providers.

7.2. We have processing agreements in place to ensure that the processors handle your personal data responsibly and comply with GDPR obligations and take appropriate security measure to protect your personal data.

7.3. The above mentioned third parties are only permitted to process your personal data for specified purposes and in accordance with our instructions.

7.4. We may also be under the obligation to disclose your personal data to if we are under an obligation to do so. These third parties include but are not limited to the courts, tribunals or any other authority to which we are subject to.

7.5. We do not transmit any data to third countries.

8. Your Rights as a Data Subject

8.1. As a data subject you are entitled to exercise the following rights:

a. Right to access to your personal data. (commonly known as a “data subject access request”). This enables you to request from us confirmation whether or not we are processing personal data that concerns you, to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. We may charge a reasonable fee if your request for access is clearly unfounded or excessive

b. Right to rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

c. Right to erasure of your personal data. You have the right to ask us to delete your personal data but only when permitted by law.

d. Right to Object to processing of your personal data. You shall have the right to object to the processing of your personal data by us when such processing is carried out for the performance of a task for public interest or when processing is necessary for the purposes of a legitimate interest by us or a third. You may not object to the processing in the instances described by law.

e. Right of restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it or while we are considering your objection to processing.

f. Right to withdraw your consent. You have the right to withdraw your consent to this Policy, and the processing practices abovementioned at any time by sending us an email. The right to withdraw your consent is only applicable when the basis of processing your data is carried out on the legal basis of consent.

g. Right of Data Portability. To ask us to provide your personal data (that you shall have provided to us) to you in a structured, commonly used, machine-readable format, or (where technically feasible) to have it ‘ported’ directly to another data controller.

9. Data Security

9.1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our specific instructions, and they are subject to a duty of confidentiality.vallet

10. Changes to this Privacy Policy

10.1. We reserve the right to update this Policy at any time.

10.2. We will notify you via email if we make any changes to this Policy in the future.

11. Contact information

11.1. If you have any questions about this Policy or how we handle your personal data please contact us by clicking on this link.

11.2. You may also submit a complaint with the Information Data Protection Commissioner (IDPC), the Maltese Supervisory authority for data protection uses by email idpc.info@idpc.org.mt or contact the IDPC via telephone on (+356) 2328 7100

We at Savynomad are firmly committed to protecting your privacy and we will not collect any personal information about you as a visitor unless you provide it voluntarily. This privacy policy is intended to inform you about our practices regarding collection, use, disclosure and transfer of personal information that (i) you may provide, or (ii) Savynomad Management and its affiliates from time to time may collect, via this Website or at our properties.

Please read this Privacy Policy before using or submitting your information to us.

1 What is personal information?

1.1 This section of the Privacy Policy explains what “personal information” is.

1.2 Personal information is any information that can be used to identify you, such as your name, birth date, address, email address and telephone number (“Personal Information”).

1.3 Other categories of Personal Information may include:

Personal details: contact information (including mobile telephone numbers), passport information, visa information, gender, national identification information, disability information, information on your driving license, photographs, images.
Reservation details: travel history, car rental packages booked, groups you are associated with when you stay at our accommodation, membership information, account applications, and other information related to your reservation, stay or visit to one of our properties.
Payment information: payment card number and other card information

2 Information collected

2.1 This section of the Privacy Policy explains how we collect your Personal Information.

2.2 Active information collection: We actively collect information from our guests. Examples where we actively collect your information include when you communicate directly with us via e-mail, by filling in online forms on our Website (or via third party websites). You may also provide us with Personal Information during registration and check-in at our property.

2.3 Other examples of where we actively collect your information include: (i) when you register your interest in booking a room or other experience with us; and (ii) for sales enquiries and transactions.

2.4 Passive information collection: In some circumstances we may process information on the basis of (i) your related interactions with us (for example, the web page from which you navigated to the Website), or (ii) Personal Information that we have received or obtained from a third party (for example, publicly available information sources). In these circumstances, your Personal Information may be said to have been passively collected (that is, gathered without you actively providing the information).

2.5 An example of where your Personal Information may be passively collected is when you use the Website. Each time you use the Website, we will automatically collect the following information:

details of your use of the Website including your user name, city, country, page views, searches, downloads (file names).
technical information, including your device model, operating system of the machine running your web browser, type and version of your web browser, IP address, date and time when you accessed the Website.
web page download information.
general Website usage information

2.6 For your safety and others we may record or capture images of our visitors and guests in public areas and certain location-based data (e.g. data from your room keycards and other entry passes). We may also process your Personal Information by using CCTV principally for the purposes of protecting you, our visitors, other guests and our staff.

3 Purposes and use of information

3.1 This section of the Privacy Policy explains why we process, collect and use your Personal Information.

3.2 We may collect, process and otherwise use your Personal Information for purposes that are required by applicable law, regulation or other contracts or to allow us to fulfil our business needs and legal obligations. These purposes include:

to administer, improve and develop the Website
for administration and completion of bookings, reservations and registrations
to manage our relationship with you and (if relevant) the organisation that you represent, including providing information regarding our products and services, customer service and concierge services.
for arranging, planning and booking group events or meetings at our properties.
to administer membership, rewards programmes, promotional offers and related offers
to personalise your user experience (e.g. by tailoring the content delivered to you on our Website)
for legal disputes, regulatory investigations and compliance purposes
to assist us in providing the services you request at any of our properties and to ensure we meet your needs while you are staying with us and/or to allow us to contact you in relation to matters that arise from your stay with us

3.3 We may rely on third party service providers to help deliver our goods and services to you, including when you visit our Website or any of our properties. Sometimes we partner with other businesses to provide you with services, products and other offers (for example, car hire services and package offers). We may need to share your Personal Information with our business partners in order to provide you with those services.

4 Cookies

4.1 The Website creates “cookies” when you visit it.

4.2 A cookie is a small piece of data that a website can send to your browser for storage (i.e. so it can later be read back from that browser). The purpose of cookies includes providing more tailored communications from websites.

4.3 Cookies may collect information (including Personal Information), such as user preferences, general usage information, membership information and unique identifiers. Cookies may in some circumstances also remain on your device after you leave the Website.

4.4 Your browser will return the cookie information only to the domain from where the cookie originated, i.e., the Website, and no other website can request this information. When you return to the Website, the cookie is sent back to the web server, along with your new request.

4.5 Your browser may provide settings where you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or reject the cookie altogether.

5 Disclosure of information

5.1 In some circumstances, we may need to process or disclose your Personal Information in connection with the purposes listed in this Privacy Policy (including those set out in section 3), or as otherwise permitted by law.

5.2 We may disclose your Personal Information:

(a) to our affiliates within the Savynomad holdings.

(b) to our agents, consultants and sub-contractors who assist us in running our business, including our properties, reservation systems, booking systems and who are subject to appropriate security and confidentiality obligations;

(c) if the whole or a substantial part of our business is to be sold or integrated with another business, to our advisers and any prospective purchasers (and their advisers); and

(d) where we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request.

5.3 Some of these disclosures may involve transfers of your Personal Information to a country outside of the European Union or the wider European Economic Area (EEA) (“International Transfers”). The EEA is comprised of the member states of the European Union, and Norway, Iceland and Liechtenstein.

5.4 In some cases, International Transfers may be made to countries which do not have similar data protection laws to those of the European Union. In those circumstances, we will only disclose your Personal Information:

where the recipient of the Personal Information is located within a country which has been assessed by the European Commission as ensuring an adequate level of protection for personal information.
with your explicit consent.
on the basis of an agreement, designed to protect your information, in the appropriate form approved for this purpose by the European Commission (or an equivalent body).
where we remain in control of the information; or
where otherwise permitted under applicable law

5.5 We will make sure that adequate safeguards are in place to protect your Personal Information where disclosure of your information requires an International Transfer.

6 Links to other websites

6.1 This Privacy Policy applies to the Website and Personal Information that we collect when you visit our properties. Our Website has a number of links or references to other websites, other agencies, local and international organisations .

6.2 It is important for you to note that upon linking to or visiting another website, you are no longer on our Website, and you become subject to the privacy policy (if any) of the new website. We do not control such websites and are not responsible for their data practices. This Privacy Policy does not apply to such third party websites.

7 Security

7.1 We will take appropriate measures to keep your information confidential and secure in accordance with our internal procedures covering the storage, access and disclosure of information.

7.2 Please note that messages you send to us by e-mail or via any internet connection may not be secure. If you choose to send any confidential information or Personal Information to us by such means you do so at your own risk with the knowledge that a third party may intercept this information. We are not responsible for the security or integrity of such information. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

8 Information about related persons

If you provide us with Personal Information about members of your family, friends, dependents, or other third parties (e.g. for the purposes of making a reservation), it is your responsibility to inform them of their rights in connection with this Privacy Policy with respect to such information. You may, for example, provide such individuals with a copy of this Privacy Policy for these purposes.

The collection of personal data relating to persons under the age of 16 years is not within our interests. Should it come to our attention that such data has been passed to us without the approval of the parents or legal guardian, this data will be deleted immediately.

Thereby we are reliant on the parents or legal guardians providing us with the appropriate information.’

9 Retention of information

We intend to keep your Personal Information accurate and up-to-date. We will retain your data for no longer than required. From time to time we may delete or anonymise your personal information if you have not stayed with us for a certain period of time.

10 Your rights

10.1 If any of the Personal Information that you have provided to us changes, please contact us and let us know the correct details.

10.2 Under applicable law, you have the right to:

request a copy of the personal information about you that we hold
request correction or deletion of Personal Information about you that is inaccurate
ithdraw any applicable consent for processing and transfer
object to our using your personal information for marketing purposes
object to profiling and automated decision making

In some circumstances, you may also have a “data portability” right to require us to transfer your personal data to you or to a new service provider.

10.3 We will ask your consent if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for marketing purposes.

10.4 To exercise any of these rights at any time, please contact us

11 Contact us

11.1 If you have any questions about this Privacy Policy or our data protection practices, please contact us at:

(a) email to DPO:

click here

(b) address: 22, St Anthony Street, Valletta, Malta