Entry-header image

Privacy Policy

Who we are

Kotor Nest d.o.o., Kotor Montenegro

Last updated

June 2021

Operating as: Kotor Nest

Kotor Nest (also referred to as “Nest”, “we”, “us” or “our”) is fully committed to both protecting and respecting your privacy.

This privacy notice (“Privacy Notice”) is intended to inform you how we gather, define, and utilise your personal data such as name, address, email address and mobile phone number that you give to us when you interact with us in person, phone, email, through www.kotornest.me (the “Website”), our mobile application (the “App”) or via any other of our services (the Website, App and our other services, collectively our “Services”). It is also intended to assist you in making informed decisions when using our Services.

Personal data relates to a living individual who can be identified from that data. This policy sets out the basis on which we collect and process your personal data through your use of our group websites, our digital applications (Apps) and / or signing up for newsletters, email updates, event invitations and other marketing activities either in personor online. By visiting this or any of our websites (also referred to as “sites”) you are accepting and consenting to the practices described in this policy.

The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

What information do we collect?

The personal information that we may collect about you broadly falls into the following categories:

Information that you provide voluntarily

Certain parts of our Services may ask you to provide personal information voluntarily: for example, we require personal information from you when you make a booking with us, we may ask you to provide your contact details when you visit our sites or in order to register an account with us, or you may engage with us or other users of the Services via interactive functions on our Website or App.

This information may include your name, contact details, identity verification, passport and visa details, and payment and bank account information, employment information, records from previous visits, survery responses and images and audio from our CCTV (as further explained under the heading ‘CCTV’). The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

Information that we collect automatically

When you use our Services, we may collect certain information automatically from your device.  In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.

Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.  We may also collect information about how your device has interacted with our Services, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who use our Services, where they come from, and what content on our Services is of interest to them.  We use this information for our internal analytics purposes and to improve the quality and relevance of our Services to our visitors.

We may aggregate data that we collected, and this aggregated data will not personally identify you or any other user. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice. Some of this information may be collected using cookies and similar tracking technology, as explained further under Information about our use of cookies

Information that we obtain from third party sources

From time to time, we may receive personal information about you from third party sources (including our customer referral scheme), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. 

The types of information we collect from third parties include for example your name and email address and we use the information we receive from these third parties to maintain and improve the accuracy of the records we hold about you.

We maintain the highest standards of security, however the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your Information, we cannot ensure the security of your data transmitted to our Website. Any information you submit is sent at your own risk. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using appropriate technical security measures.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with certain services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

How do we use the information that you provide to us?

From time to time, we may receive personal information about you from third party sources (including our customer referral scheme), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. 

The types of information we collect from third parties include for example your name and email address and we use the information we receive from these third parties to maintain and improve the accuracy of the records we hold about you.

We maintain the highest standards of security, however the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your Information, we cannot ensure the security of your data transmitted to our Website. Any information you submit is sent at your own risk. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using appropriate technical security measures.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with certain services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

How do we use the information that you provide to us?

We use and analyse your information to keep in touch with you and to supply and improve our Services. Sometimes we’ll combine and anonymise this information so you won’t be identified.

In particular, we use your information for the following purposes:

  • To register you as a member or for registration to other services.
  • To undertake eligibility checks with respect to your stay at our sites.
  • To provide you with member support during your stay.
  • For the security of our business and premises.
  • To allow you to access the Services we provide.
  • To process and manage and deliver Services to you including, managing and recovering payments, fees and charges.
  • To ensure that content from our Website and App is presented in the most effective manner for you and your devices.
  • To administer and protect our business, and the Services.
  • To pass your information to other companies to supply goods, services or information requested by you and we may pass your information to them for this purpose.
  • To manage our relationship with you for example notifying you about changes to our services, or any concerns you may have.
  • To contact you with information about products, services and special offers or ask you to participate in one of our customer satisfaction surveys.
  • To use data analytics to improve the Website, App, products/services, marketing, customer relationships and experiences.
  • To make suggestions and recommendations to you about goods or services that may be of interest to you.
  • If we buy or sell any business or assets in which case we may disclose your Information to the seller or buyer of such business or assets.
  • If we are under a duty to disclose or share your personal data to comply with any legal obligation or in order to enforce or apply our terms and conditions and other agreements or protect the rights, property, or safety of our customers, or others.
  • To pursue our legitimate business interests (such as direct marketing, conducting market research and preventing fraud and money laundering to minimise our credit and fraud risks and protect our business).
  • We may sometimes use automated systems to analyse your information. We ensure that any service provider that we use which may make automated decisions about you based on your personal information has implemented measures to safeguard your rights and interests.
  • To contact you with events we think you may be interested in, manage your bookings for events and to provide you with event updates.

To better understand your likes and dislikes and enable you to interact more effectively with the community

Legal basis for processing personal information

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only: (i) where we need the personal information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so.  In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities.  We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided on our Website.

Who does Kotor Nest share my personal information with?

We may disclose your personal information to certain recipients. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

The recipients we disclose below:

  • to our third party services providers and partners and agencies and each of their sub-contractors who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Services), or who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information;
  • to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
  • we may share personal information within our corporate family of companies that are related by common ownership or control, to support us in providing our Services, our affiliates’ services or for integrating, promoting and improving our Website or our App;
  • to any other person with your consent to the disclosure.

If you choose to ‘share’ our content with friends through Facebook, Twitter or other social networks, some of your personal data might be sent to these websites. We don’t control how these social networks use your personal data, so please check those websites’ privacy policies and terms for more information about how they may use your personal data. Social media networks receive data which may include information like the website you’re visiting, the date and time you visit the website, your IP address, browser type, cookie information and other browser-related information.

Our service providers

We use a number of service providers to provide our cloud infrastructure environment and storage of our user’s personal information.

We also work with various service providers that monitor, maintain and otherwise support our Services. In order to provide this functionality these service providers may have access to your personal information (but as legally permitted).

Payment tools

PayPal as the payment method used

You can pay with us using the PayPal payment service. The provider for the European operation is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg.

If you select PayPal as the payment method, your data required for the payment process will be transmitted to PayPal.

The following data are collected regularly:

  • Surname
  • Address
  • Company
  • E-mail address
  • Telephone and mobile number
  • IP address
  • Paypal payer ID
  • Account verification status and PayPal account country
  • Information about the booking or payment (amount, subject, payee, date)
  • Technical information (browser, device type)

The following data are processed by Kotor Nest to process the payment:

  • E-mail address
  • IP address
  • Paypal payer ID
  • Account verification status and PayPal account country
  • Information about the booking or payment (amount, subject, payee, date)
  • Technical information (browser, device type)

The data transmitted to PayPal may be transmitted to credit agencies by PayPal. The purpose of this transmission is to check your identity and creditworthiness.

PayPal may also pass on your data to third parties if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of us.You can read PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.

The legal basis for data processing is Article 6 (1) b) GDPR, as processing is necessary for payment and thus for the execution of the contract.

The data arising in this context can be transmitted by PayPal to a server in the USA for evaluation and stored there.In the event that personal data is transferred to the USA, we rely on the legal basis of Art. 49 Paragraph 1 Clause 1 lit. b GDPR, since the payment is about the fulfillment of a contract.The associated risks can be found in section 6 (“Data transfer to third countries”).

Your data protection rights

If you wish to access, correct, update, request deletion or have any concerns regarding your personal information, you can contact us at any time using the following contact details: Kotor Nestdoo, whose registered office is at Stari Grad 444, 85330, Kotor or via email to: hello@kotornest.me

In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided in this notice.

You have the right to opt-out of marketing communications we send you at any time. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided in this notice.

Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

You have the right to complain to a data protection authority about our collection and use of your personal information.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Please note that email is not recognised as a secure medium of communication. For this reason, we request that you do not send private information to us by email.

International data transfers

Data and personal information that we collect from you may be transferred to, processed and stored at a destination outside the European Economic Area (“EEA”) as certain of our third-party service providers and partners operate around the world.  This means that when we collect your personal information we may process it in any of these countries. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice.

We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Notice.

Data retention

We retain personal information we collect from you where we have consent or an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). 

When consent is no longer valid or we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

CCTV

For the safety of our guests and members, and the prevention and detection of crime, CCTV is in operation in public, communal and shared areas of our locations.

If a government or regulatory authority or if the police or any other regulatory or government authority investigating suspected illegal activities requests CCTV images of you or any other personal information relating to you, we are obliged to comply.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.  We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

Information about our use of cookies

Our websites uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

Cookies are tiny text files that are stored on your browser if you agree. Most cookies contain a unique identifier called a cookie ID: a string of characters that websites and servers associate with the browser on which the cookie is stored. This allows us to distinguish your browser from other browsers, to recognize your browser by its unique cookie ID and to store information about your preferences on a particular website. This information may remain on your computer or other internet enabled device after your internet session finishes and you leave the website, but you can delete them using some browsers, manually or using system utilities. Most internet browsers are pre-set to accept cookies.

The cookies we use on our websites include:

  • Session cookies, which are temporary cookies that remain in the cookie file of your browser until you leave the site; and
  • Persistent cookies, which remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie).

Most major websites use cookies. Cookies cannot be used by themselves to identify you. We may share statistical information regarding cookies with third parties.

  1. Web analytics cookies:

We use Google Analytics cookies on this website to collect information about how our visitors use and navigate this website so that we can continually work to add new features and improve your experience of it. The cookies collect information such as the number of visitors to the site, which pages they visited and whereabouts they came to the site from. This information is anonymous and cannot be used to identify you personally.

  • Personalised advertising:

We use DoubleClick cookies to improve our advertising – for example, to improve reporting on advertising campaign performance, to avoid showing ads the user has already seen, or to enable us to display advertising that is more relevant to users. DoubleClick cookies contain no personally identifiable information.

  • Third-party cookies:

During your visits to this website you may be delivered cookies by third-party websites. When you visit a page with content embedded from, for example, Facebook, Twitter, YouTube or Flickr, you may be presented with cookies from these websites.

  • We have no control the dissemination over these cookies.

You should check the third-party websites for more information about these.

How to manage cookies

You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled. You may wish to visit www.aboutcookies.org which contains comprehensive information on how to modify the cookie settings on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone or tablet you will need to refer to your device manual. If you’d like to opt out of advertising cookies, please go to the Network Advertising Initiative website http://www.networkadvertising.org/ (opens in a new window – please note that we are not responsible for the content of external websites).