ST Project Ltd is a limited company incorporated in terms of the laws of the Republic of Malta and having its registered address situated at 143 The Stand Gzira GZR 1026, Malta (hereinafter, the “Data Controller”).
Data collected by the Data Controller in terms of the present Website.
Personal data is generally processed to provide the service which the client is desirous of contracting with the Data Controller.
ST Project Ltd collects data about the clients of the website as per below:
- biographical and contact information including name, telephone number, address, email, government identification, payment card information;
- Other relevant data provided during the submission of forms through this website or any of our other websites, or the registration and on-boarding process;
- information related to service(s) requested via the Website such as reservations, accomodation and payment and specific information related to each request made (Member hotel stay information; Your preferences regarding your member hotel stay (e.g. bed size, smoking versus non-smoking room);
- if you apply for a job with us, all other details and documentation required and submitted (such as information about previous jobs and education or other information included in the covering letter or curriculum vitae);
- when you register for an account, your User ID and Password and associated account information such as your preferences and if applicable promotional codes and offers;
- feedback rating (including information provided to resolve disputes or complaints about services provided);
- payment information and payment history;
- text, images and other user content you provide;
- if we ban or suspend you from use of service, a record of that ban or suspension;
- identification data of the device that you use to access this website (e.g. Internet Protocol (IP Adress));
- website and communication information such as details collected by cookies and other similar tracking technologies when you use our sites (including device being used);
- details of support queries you make (e.g. even via other communication channels); and
- where we reasonably suspect fraud, details of offences or alleged offences from fraud detection and prevention agencies;
Even if you do not provide us with any Personal Information, we collect certain non-personal information about how you use our Site. This information cannot identify you and is used for statistical purposes only.
ST Project Ltd does not knowingly collect Personal Information from children under the age of 16, and users under the age of 16 should not submit any Personal Information to ST Project Ltd. If ST Project Ltd has actual knowledge that Personal Information about a child under 16 years old has been collected, then it will take the appropriate steps to delete this Personal Information.
The Retention of Client Personal Data by the Data Controller
Client personal data will be stored as long as you have an active and registered digital account via the digital portal of the Company.
If your account is closed, personal data will be deleted, securely destroyed or anonymised (according to the policies set out in this section) from the databases, unless such data is required to be retained for legal or regulatory purposes or certain legitimate business purposes, including for accounting, dispute resolution or fraud prevention.
This follows that:
- Data related to each Service will be stored for a maximum of three years as of the performance of each Service, unless your Account is deleted by us before that;
- Data required for accounting purposes will be stored for five years after the performance of each Service;
- If the Account has not been used for three years, we will notify you and ask you to confirm whether the Account is still active. If no reply is received, the account will be closed and personal data will be deleted, securely destroyed or anonymized unless such data is required to be stored for certain legitimate business purposes including for accounting, dispute resolution or fraud prevention purposes within the following twelve months;
- In the event that there are suspicions of an administrative or criminal offence, fraud or false information having been provided, the data will be stored for ten years;
- In the event of disputes or investigations, data will be retained until the claim or investigation is satisfied/resolved or the expiry date of such claims;
Please note that the inactivation of your Account from the website from your device does not cause the automatic deletion, destruction or anonymization of your personal data.
How and Why is personal data used by the Data Controller
ST Project Ltd collects and uses personal data for purposes of providing the Services you request through the Website and for ST Project Ltd’s legitimate business purposes. These include the purposes set out below.
Under European Union data protection legislation, ST Project Ltd’s use of personal data must be justified by one of a number of legal bases. These are also set out below:
- To deliver our services to you (lawful basis: to perform and fulfil our contracts with you); and for our legitimate interests (to provide our services to you):
- We may use personal data to manage our Website, to create and manage your user accounts and to allow you to provide feedback;
- To forward your requests to the relevant Company Group so that they can provide you with the necessary information and communicate with you;
- To find and allocate the best deals for you
- Once you have made a request or booking via the Website, additional information is provided to our Group Companies to facilitate communication (see section “Disclosure of personal data” for further information);
- We may use personal data to facilitate payments made through the Website;
- We may use personal data to provide support, including to assist with resolving service quality issues and to respond to queries from Clients.
- We use contact details to notify you of updates to our websites.
- To undertake checks were permitted by applicable law (lawful basis: legal obligations); legitimate interests (to comply with legal or regulatory requirements and provide a safe service); legal claims; and substantial public interest (processing to prevent or detect a crime):
- We use personal data in our efforts to prevent fraud, including fraudulent payments.
- If false or inaccurate information is provided and fraud is identified or suspected, your personal data may be passed to fraud prevention agencies and may be recorded by us or by them.
- In certain jurisdictions we may send data about earnings to tax authorities or other relevant authorities.
- For research and development purposes (lawful basis: legitimate interests (to allow us to improve our services))
- We may use personal data to improve our websites and apps (including their security features) by analysing it to better understand our business and services. For example, we collect data of the routes taken by the Website to analyse the geographic coverage which can be used by ST Project Ltd when deciding in which geographical areas it needs to broaden its investments.
- In order to assist with this, we may apply profiles to you based on your personal data and behavioural information (such as the pages on the website you have visited or interacted with, including by reference to personal data legitimately obtained and shared with us by third parties or publicly available data). Such profiles may be used as part of our advertising, analytics and provision of support.
- We may use personal data provided from surveys or feedback to assist with this.
- To provide you with marketing materials (lawful basis: consent, legitimate interest (where we are not required to rely on consent, to keep you updated with news in relation to our products and services and to enable us to analyse how you interact with our communications)
- Where permitted by law (you will always be provided with an opportunity to opt-out of future messages either by clicking on the ‘unsubscribe’ link in any email or by contacting us on: www.stprojectsmalta.com , we may contact you with promotional messages regarding the Website and other products and services offered by our Group Companies. For further information about marketing and how to manage your preferences, see the section “Direct Marketing to Users” below.
- To comply with our legal obligations and in relation to legal claims (lawful basis: legal obligations; legitimate interests (to comply with legal or regulatory requirements and provide a safe service); legal claims; and substantial public interest (processing to prevent or detect a crime))
- We may use your personal data to enforce our terms and to meet our legal and regulatory requirements which may include disclosing your personal data to third parties, the court service and/or regulators, governmental agencies or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world.
- We may record any requests for your information made by law enforcement, regulatory, governmental or judicial bodies.
- To reorganise or make changes to our business (lawful basis: legitimate interests (in order to allow us to change our business)).
- In the event that we:
- are subject to negotiations for the sale of our business or part thereof to a third party;
- are sold to a third party; or
- undergo a re-organisation, we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation.
- In the event that we:
- To deliver our services to you (lawful basis: to perform and fulfil our contracts with you); and for our legitimate interests (to provide our services to you):
We may also need to transfer your personal data to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.
Automated Decision Making (ADM)
Each data subject shall have the right granted by the European Union legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision:
- is not necessary for entering into, or the performance of, a contract between the data subject and a data controller,
- is not authorised by the European Union or the respective Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or
- is not based on the data subject’s explicit consent.
If the decision
- is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or
- is based on the data subject’s explicit consent,
Then ST Project Ltd may undertake automatic analysis of your personal data to make certain decisions on an automated basis without human intervention. This may include decisions around:
- Allowing you to use, or to continue to use our Website and services – we may use information relating to the outcome of background checks, verification processes and behavioral analysis (such as where your behavior appears to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity) to automatically decide whether we will allow you to use our Website and services, or to automatically stop you from using our apps and services. We do this on the basis that it is necessary to enter into a contract with you, or that it is within the substantial public interest (processing to prevent or detect a crime).
In relation to each of the instances of automated decision-making referred to above, you may have the right to require us to review the decision; to express your point of view; and to contest the outcome of the decision.
We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances, our response will be limited to verifying (or requesting an applicable third party to verify) that the algorithm and source data are functioning as anticipated without error or bias.
For more information about the rights you may have under applicable data protection law (and how to exercise these), please see the section below titled “Your rights in relation to your personal data”.
Direct Marketing to Users
We may contact you with promotional messages regarding the Website, our Group Companies and our services by email, SMS, phone, social media and where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing on our website.
If you no longer wish to receive direct marketing messages, please click the ‘unsubscribe’ link in any marketing email. You can also opt-out through the Profile section of the Website, or by contacting us at the contact details specified below in the section “Questions and Updates”.
The Disclosure of Personal Data on a general basis
ST Project Ltd shares and discloses your personal data to third parties for the purposes and lawful bases set out in the section above titled “How and why we use this personal data”. These third parties may include one of Our Group Companies, other service providers, advisors and authorities.
Disclosure of Personal Data for law Enforcement and Claims
ST Project Ltd is committed to ensuring the safety of all clients using our service. We take all reports of misconduct seriously and we reserve the right, at our discretion, to volunteer information to third parties, law enforcement, regulatory, governmental or judicial bodies where required by applicable law or regulation or where we feel is necessary.
If we are made aware that third parties, law enforcement, regulatory, governmental or judicial bodies require information about your personal data for an administrative or criminal investigation or in relation to legal claims we will comply as required by applicable law or regulation or to the extent that their request is reasonable, and we are able to supply such personal data.
Personal data that we may provide may include:
- date of birth (if available);
- contact number;
- home address (if available);
- details about the Services you requested and your preferences;
- details required pursuant to the complaint made.
ST Project Ltd may, at our discretion, provide you with notice that we have provided such third parties, law enforcement, regulatory, governmental or judicial bodies with your personal data.
We reserve the right to proactively initiate police reports if we become aware of action or behaviour that may constitute a threat to safety or is of a criminal concern.
How ST Project Ltd protects Personal Data
No data transmission over the Internet or websites can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal data in accordance with applicable data protection legislative requirements. All personal data you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or mobile apps, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
International transfer of Personal Data
ST Project Ltd may disclose personal data to our third-party service providers, who may be located in countries outside of the UK or European Economic Area (EEA), subject to contracts with those third parties such as IT or payment services providers or driver verification checks providers.
Where we transfer personal data from inside the UK or EEA to outside the UK or EEA, we will transfer your personal data subject to approved safeguards unless we are permitted under UK/EEA data protection law to make such transfers without such formalities. For further information about the safeguards employed, please contact us at contact details specified below in section “Questions and updates”.
Your Personal Data Rights
- You have the right to opt-out of marketing communications at any time. To do so, please click the “Unsubscribe” link in the marketing e-mail. You can also opt-out through the Profile section of the Website, or by contacting us at contact details specified below in section “Questions and updates”.
- Every User is entitled to the following:
- The right to access – Users have the right to request copies of their personal data. We may charge a small fee for this service.
- The right to rectification – Users have the right to request that ST Project Ltd corrects any information they believe is inaccurate. They also have the right to request that ST Project Ltd completes the information that is incomplete.
- The right to erasure – Users have the right to request that ST Project Ltd erases their personal data, under certain conditions.
- The right to restrict processing – Users have the right to request that ST Project Ltd restricts the processing of their personal data, under certain conditions.
- The right to object to processing – Users have the right to object to ST Project Ltd’s processing of their personal data, under certain conditions.
- The right to data portability – Users have the right to request that ST Project Ltd transfers the data collected to another organization, or directly to them, under certain conditions.
If any User would like to exercise any of these rights, they should contact ST Project Ltd.
Third Party Links
Our websites and apps may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or their processing of your personal data. Please check these policies before you submit any personal data to such third-party websites.
Questions and Updates
Company email address: email@example.com
Company contact number: +356 2264 0000
Company registered address: 143, The Strand, Gzira, GZR 1026, Malta