Privacy Policy

The following statement sets out details of the policy adopted by 
Prima Hotels and Tourism Israel 1997 Ltd., M.N.S.R Hotels Ltd., Pritel Hotel Management 2013 Ltd., including: Prima Call Center, Hotel Prima Tel Aviv, Hotel Prima City, Hotel Prima Kings, Hotel Prima Park, Hotel Prima Palace, Hotel Prima Royale, Hotel Prima Galil, Hotel Prima Link, Hotel Prima Millennium, Hotel Prima Music, Hotel Spa Club Dead Sea, Hotel Oasis Dead Sea, Hotel 75 (The companies and hotels listed above are hereinafter referred to collectively as "Prima Hotels" or "We"), to gather and disseminate information as (the “Privacy Policy”). 
 
The Privacy Policy outlines the types of personal and other data (as defined below) that we gather about users of the services (as defined below), how we collect and make use of such data, including saving, processing and sharing the data with third parties, etc.
 
Whenever in this Privacy Policy that we refer to "Data Subject" the intention is a natural person whose personal data is processed by a controller or a processor (from GDPR Policy Definitions).
 
We collect personal data and other data (as defined below)  through: (1)  websites operated by us, including www.prima.co.il , www.prima-hotels-israel.com,  and other websites owned or controlled by Prima Hotels (collectively, the “Websites”); (2)  through the software applications made available by us for use on or through computers and mobile devices (the “Apps”); (3)  through our social media pages that we control (collectively, our “Social Media Pages”); (4)  when you visit or stay as a guest at one of our properties, or through other offline interactions such as a call to the call center. Collectively, we refer to the Websites, the Apps and our Social Media Pages, as the “Online Services” and, together with offline channels, the “Services”.  By using the Services, you agree to the terms and conditions of this Privacy Statement. Please read this Privacy Statement carefully.
 
Prima Hotels serves as a Data Controller of Personal Data about you. 
 
Data Subjects are aware that your Personal Data, as defined below, may be stored in the Prima Hotels’ database and that providing the Personal Data is subject to his/her requests and his/her consent.
However, if the personal data that we request is not provided to us or prohibit us from collecting such data, we may not be able to provide the Services.
 
Collection of Personal Data and of Other Data
1.            “Personal Data” means data that identifies the data subject as an individual or relates to an identifiable individual. We collect Personal Data, such as:
1.1.         Contact information (name, email address, mailing address, phone number, fax number, ID number and passport number);
1.2.         Payment information (payment card: numbers and expiry date upon PCI DSS rules, billing address, and bank account information);
1.3.         Demographic data (age, gender, country, and preferred language);
1.4.         Data about family members and companions, such as names and ages of children;
1.5.         Information related to a reservation, stay, or visit to a Prima Hotels (date of arrival and departure, goods and services purchased, preferences, phone calls executed);
1.6.         Information necessary to fulfill special requests and/or specific accommodations (preferences, leisure activities, date of birth, anniversary, accompanying guest name, and number of children and ages);
1.7.         Guest preferences and personalized data (“Personal Preferences”), such as interests, activities, hobbies, food and beverage choices, services and amenities of which the Data Subject advise us or which we learn about during your visit;
1.8.         Loyalty program member information;
1.9.         Geographical position and other location based information;
1.10.      Images and video and audio data via security cameras located in public areas, such as hallways and lobbies, in our properties (closed circuit television systems – CCTV and electronic card key).
2.            “Other Data” means data that does not reveal a specific identity or does not relate to an individual directly. We collect Other Data, such as, browser and device data including IP address and data collected through cookies, pixel tags and other technologies, aggregated data relative to the Data Subject’s stays, and responses to promotional offers and surveys.
3.            In some instances, we may combine Other Data with Personal Data (such as combining a data subject’s specific name with a data subject’s specific location). If we do, we will treat the combined data as Personal Data as long as it is combined.
4.            If a data subject submits any Personal Data about other people to us or our service providers (e.g., when a reservation is made by a data subject for another individual), it represents that the data subject has the authority to do so and allows us to use the data in accordance with this Privacy Statement.
How We Collect Personal Data and Other Data
We collect Personal Data and Other Data in a variety of ways:
5.            Online Services. We collect Personal Data when a reservation is made, goods and services are purchased, when a data subject communicates with us, or otherwise connects with us or posts to social media pages, or signs up for a newsletter or participates in a survey, contest or promotional offer or submits a job application.
6.            Visits and Offline Interactions. We collect Personal Data when the data subject visits Prima Hotels or stays as a guest at a Prima Hotel or uses Prima Hotels’ Services, when attending promotional events that we host or in which we participate, or when a data subject’s personal data is provided to facilitate an event. We also collect Personal Data from those who visit our properties, where information may be collected about the data subject through such properties’ closed circuit television systems (CCTV), electronic key cards and other security systems.
7.            Other Sources. We may receive Personal Data about you from other third parties. This may include information from travel agents, loyalty programs, credit cards, state authorities in order to meet legal requirements, surveys companies and our sub-contractors and services providers, as well as other third parties.
8.            Automatic Information: Use or interaction with our website and/or use any apps that we may make available on our website, we receive and store information generated by the data subject’s activity and information automatically collected from the data subject’s browser or mobile device. For example, like many websites, we obtain certain information when a web browser accesses our website including IP address, browser type, operating system, mobile network data, pages viewed and access times. This information helps us to communicate with our customers and provide them with our Services.
9.            Customer Support & Call Centers. We collect Personal Data when the data subject makes a reservation over the phone, communicates with us by email, fax or via online chat services or contacts customer service. These communications may be recorded for purposes of quality assurance and training.
10.          Aggregated Data. We may aggregate data that we collect and this aggregated data will not personally identify the data subject or any other user.
Use of Personal Data and Other Data
11.          We use Personal Data and Other Data for one or more of the purposes detailed below:
11.1.      Fulfillment of reservations and other purchases: We may process information relating to transactions entered into with us and/or through our website ("Transaction Data"). The transaction data may be processed for the purpose of completing a room reservation, supplying the purchased goods and services, customizing our services to the data subject’s preferences, seeking feedback on a stay at our properties, and keeping proper records of those transactions.
11.2.      Guest Relations: To offer hospitality services and goods based on the data subject’s preferences, information is collected during and prior to the data subject’s stays at one of our properties. The information may be used for future voluntary loyalty events operated by us or by our partners. 
11.3.      Response to inquiries: We may process information contained in or relating to any communication that is sent to us ("correspondence data") by the data subject. The correspondence data may include the communication content and metadata associated with the communication (such as groups, meetings and events). The correspondence data may be processed for the purposes of communication and record-keeping. 
11.4.      Internal Business Purposes: For our internal business purposes, developing new products, enhancing the website, improving our services, identifying usage trends and visiting patterns, determining the effectiveness of our promotions, evaluating Third Parties performance (such as Travel Agencies), predicating our yield and occupancy, and meeting contractual obligations.
11.5.      Administrative and other communications: To send important information regarding our website, changes to our terms, conditions, and policies, or other administrative information (e.g., information about travel reservations, such as confirmation emails).
11.6.      Marketing and promotions: To communicate news and promotions to our guests regarding Prima Hotels related products and services we think may be of interest to them
11.7.      Safety and security: To maintain the safety and security of our data subject as well as that of other guests and staff, while the data subject visits at Prima Hotels.
11.8.      Our legal duties: To comply with legal and regulatory requirements or demands in accordance with applicable law, regulations, or other legal process.
11.9.      We may use some or all of the Personal Data and Other Data in order to perform certain statistical calculations, some of which may be presented on the App, websites or other services; provided, however, that none of these calculations shall include any personally identifiable information or details. 
12.          The legal basis for processing your Personal Data is made up of one or more of the following reasons:
12.1.      Data subject consent.
12.2.      Providing the Services.
12.3.      Compliance with applicable laws, regulations or other legal process.
12.4.      Legitimate Business Interest.
 
Disclosure of Personal Data and Other Data
13.          We share Personal Data and Other Data with the following:
13.1.      Prima Hotels and properties in order to provide better hospitality experience based upon the data subject’s preferences, use of our services and prior stays;
13.2.      A representative or travel advisor that has supplied us with the data subject’s personal information (for example, travel agent, personal assistant, employer or spouse who has provided us with your details);
13.3.      A service Provider and suppliers that assist us in providing services. Examples of such service providers and suppliers are IT service providers, legal advisers, accountants, suppliers of payment services etc.
13.4.      Our marketing and advertisement partners to provide more-relevant ads on our site and to encourage the data subject to return to our site. These partners will not use the data for any other purpose than our legitimate interest of direct marketing and data subject always have the right to object. 
13.5.      We may disclose or transfer Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Prima Hotels’ business and assets (including any bankruptcy or similar proceedings).
14.          We may also disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with  applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities, (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy, safety or property of Prima Hotels, of you or of others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Cross-Border Transfer 
15.          As a general principal, data processing is held within Israel borders, data processing by third parties or cloud service providers may be held on servers around the world such as Microsoft azure, Microsoft 365, amazon aws etc.
16.          Notwithstanding, some information might be held on a cloud which might be held outside the borders of Israel or the European Union (EU). The operator of such services undertakes to comply with the General Data Protection Regulations provisions. In this specific case, be sure that we will verify that appropriate measures have been put in place to ensure that Personal Data benefits form an adequate level of protection.
How the Data Subject Can Access, Change, or Limit the Use of Personal Data¬¬¬
If the data subject resides in the EU the following provisions will apply 
17.          The right to information on the processing of the data subject’s Personal Data. We strive to provide the data subject with concise, transparent, understandable and easily accessible information on the conditions for processing personal data, in clear and simple terms.
18.          The right to access, rectify, delete Personal Data. The right of access allows the data subject to obtain from us confirmation that Personal Data have or have not been processed as well as the conditions of such processing, and to receive an electronic copy.
19.          The right to rectify Personal Data.
20.          Subject to the exceptions provided by applicable law, the data subject have the right to ask us to delete Personal Data, when one of the following grounds applies:
20.1.      Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed;
20.2.      The data subject wishes to withdraw consent on which the processing of Personal Data was based and there is no other basis justifying such processing;
20.3.      Consider and can establish that Personal Data has been unlawfully processed;
20.4.      Personal Data must be deleted in accordance with a legal obligation.
20.5.      The right to restrict the processing of Personal Data; The applicable regulations provide that this right may be invoked in certain cases, in particular the following:
20.6.      When data subject disputes the accuracy of personal data;
20.7.      When data subject considers and can establish that the processing of Personal Data is unlawful but oppose the deletion of Personal Data and demand instead that the processing be limited;
20.8.      When we no longer need Personal Data but they are still necessary to establish, exercise or defend legal rights;
20.9.      When data subject objects to the processing that would be based on the legitimate interest of the controller, during the verification whether the legitimate grounds pursued by the controller prevail over those of the person in question.
21.          The right to data portability.
21.1.      When the processing is based on the data subject’s consent or a contract, this right to portability allows the data subject to receive the Personal Data that have been provided to us with in a structured, commonly used format, and to transmit this Personal Data to another data controller without us hindering it.
22.          The right to withdraw consent. 
22.1.      When we process Personal Data on the basis of consent, this latter may be withdrawn at any time using the means provided for this purpose (procedure indicated below of this Policy). On the other hand, and in accordance with applicable law, the withdrawal of consent is only valid for the future and cannot therefore call into question the lawfulness of the processing carried out before this withdrawal. 
23.          The right to decide the fate of Personal Data after the data subject’s death
23.1.      To organize the fate of personal post-mortem data through the adoption of general or specific guidelines.  We are committed to respecting these guidelines. In the absence of directives, we recognize the possibility for heirs to exercise certain rights, in particular the right of access, if it is necessary for the settlement of the deceased’s estate; the right to object to the closure of the deceased’s user accounts; and the right to object to the processing of his/her data.
24.          The right to lodge a complaint with a supervisory authority. If, despite our effort to preserve the confidentiality of the data subject’s personal data, the data subject feels that his/her rights are not respected, he/she has the right to lodge a complaint with a supervisory authority. A list of control authorities is available on the European Commission’s website.
25.          If the residence is anywhere outside the EU (including Israel) the rights to review, edit or amend Personal Data held in our Databases will be governed applicable to Israeli law, includin¬¬¬¬¬¬g the provisions of the Protection of Privacy Law, 5741-1981.
Security.
26.          We implement reasonable administrative, organizational and technical safeguards and security measures to protect Personal Data from unauthorized access, disclosure, destruction or alteration, accidental loss, misuse or damage. We regularly review and monitor such safeguards and security measures.
27.          When disclosure of data to third parties is necessary and authorized, we ensure that these third parties guarantee adequate level of protection and requires contractual guarantees so that the data are exclusively processed for the purposes that have been previously accepted  (by the Data Subject), and with the required confidentiality and security.
28.          If the data subject has a reason to believe that the interaction with us is no longer secure, the data subject must immediately notify us in accordance with the “Contact Us” section, below.
Retention.
29.  To the extent permissible by applicable law, we will retain the data subject’s Personal Data for such period as necessary to satisfy or to fulfill the following:
29.1.      The purposes for which that Personal Data was provided;
29.2.      An identifiable and ongoing business need, including record keeping;
29.3.      A requirement to retain records that may be relevant to any notified regulatory investigations or active legal proceedings;
29.4.      Comply with any applicable law, regulation, legal process, including, without limitation, court orders and/or compulsory disclosures required by governmental authorities;
29.5.      Fulfill legitimate interests of Prima Hotels and third parties, such as, defend in cases of legal procedures and etc.
Sensitive Data.
30.          Unless specifically requested, we ask that the data subject not send us, or disclose, on or through the Services or otherwise, to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, administrative or criminal proceedings and sanctions).
Use of Services by Minors.
31.          Prima Hotels does not knowingly collect Personal Data from any person under the age of 18.
32.          Prima Hotels may collect Personal Data from people under the age of 18 as part of the guest registration process, but always with the consent of such person’s parent or guardian.
Updates.
33.          We are entitled to change and update this Privacy Policy from time to time, at our sole discretion, without having to provide notice thereof. Responsibility for becoming familiar with the changes, if any, made by this Privacy Policy rests with you alone.
Cookies
34.          Like many other websites, in order to enhance your experience on our web site, some of our web pages may use “cookies". Cookies, by themselves, do not tell us personally identifiable information unless the data subject chooses to provide this information to us (by, for example, registering for one of our services). However, once the guest choose to furnish the site with your personally identifiable information, this information may be linked to the data stored in the cookie.
35.          A cookie is a small text file containing small amounts of information which is placed by a website onto a computer or device. Cookies are designed to assist a computer or device to remember something the user has done within that website, for example remembering that the user has logged in, or which buttons have been clicked.
36.          We use cookies to understand site usage and to improve the content and offerings on our sites. We may use cookies to personalize your experience at our web pages and to offer you relevant products, programs, or services as well as interest-based or targeted advertising.
37.          Disabling Cookies. Browsers may give the ability to control cookies; certain browsers can be set to avoid cookies collection. If the guest does not agree to the use of cookies, the guest must disable them by following the instructions for his/her browser set out here, Please note that certain features on our website may not work properly. Some cookie organizations provide an automated disabling tool in respect of its cookie(s), see the list of these 3rd party cookies with a link to its automated disabling tool. In other cases the data subject can disable & control them if you want through 3rd party control tools like this.
38.          We may use various types of Cookies:
38.1.      Session Cookies. These Cookies are stored only temporarily during a browsing session and are deleted from the device when the browser is closed. We use Session Cookies to support the functionality of the site and to understand use of the site, for example which pages the guest visits, which links the guest uses and how long the visitor stays on each page.
38.2.      Essential Cookies. These cookies are necessary for the operation of the site and, for example, enable a VIPRIMA or Prima Club member to log-in & enjoy member benefits.
38.3.      Functional Cookies. We use Functional Cookies to save the data subject’s settings on the site - settings such as currency preference when looking at hotel prices on the site. We also use Functional Cookies to store data so that the data subject can easily find it the next visit. Some Functional Cookies are essential to viewing maps or videos on the site. We also may use "Flash Cookies" for some of our animated content.
38.4.      Persistent Cookies. These Cookies are not deleted when the browser is closed, but are saved on the data subject’s device for a fixed period or until they are deleted. Each time the data subject visits the site, the server that set the Cookie will recognize the persistent Cookie saved on your device. We and others use persistent Cookies to store preferences, so that they are available the next visit. 
38.5.      Targeting and advertising Cookies. These cookies are used to collect information to help us to improve our products and services as well as serve the data subject with targeted advertisements that we believe will be relevant to him/her. We use targeting cookies on our websites for various marketing initiatives and campaigns. We also may use some Analytics Cookies and Other Technologies to facilitate advertising.
38.6.      Analytics Cookies. These cookies collect information about the use of the site, and enable us to improve the way it works. These Cookies give us aggregated information that we use to monitor site performance, count page visits, spot technical errors, see how users reach the Site, and measure the effectiveness of advertising & Targeted ads
39.          The Website uses the following third party cookies:
39.1.      Google cookies. Google analytics cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help improve our site. These cookies collect information in an anonymous form, for example determine the number of visitors, where the visitors have come to the site from and what buttons the visitor clicked. To read Google’s privacy policy in respect of Google Analytics click here to opt out of Google analytics click here. Google cookies also include Google AdWords & DoubleClick cookies for marketing, advertising & remarketing; these enable us to recognize visitors on the websites of our advertising partners and to address them with interest-related information or ads. To find out about Googles double-click cookies click here.
39.2.      Facebook Cookies. These cookies are used for interest-based advertising meaning ads you might like to see based on your activity on websites off of Facebook. These cookies collects information from the site visit and enables promoting ads through Facebook platforms. To read more about interest-based ads from Facebook click here.
To unsubscribe from Facebook's interest-based ads, please follow Facebook's instructions here.
More information about Facebook's privacy policy can be found here in the Facebook Privacy Policy.
39.3.      Bing cookies. Bing cookies are used to collect information about how visitors use our site & for marketing, advertising, remarketing purposes. These cookies enable to recognize visitors on the websites of our advertising partners and to address them with interest-related information or ads. To read more about Microsoft/Bing privacy click here.
Data Protection Officer (“DPO”)
40.          In matters pertaining to European laws for the protection of privacy, our DPO is Mrs. Carina Kaufmann.
Contact Us.
If you have any questions about this Privacy Policy or our privacy practices, please contact us at DPO@Prima.co.il  (DPO: Data Protection Officer)
 
Last updated on: 24/07/2018
 
Effective from: 25/05/2018