Valid from 08.06.2021.
We process your personal data only in accordance with the present regulations: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. 46 / EC (hereinafter: "General Data Protection Regulation", "GDPR") and the Croatian Law on the Implementation of the General Data Protection Regulation.
This Policy regulates:
a) protection of the individual-physical persons regarding the processing of their personal data (hereinafter: “subject” “subjects”) related to the collection, processing, storage and the use of personal data,
b) liabilities of Arenaturist Ribarska Koliba d.o.o. and Ljetni dan d.o.o. as Processing Manager (hereinafter: “Processing Manager”),
c) the rights of subjects, and the implementation of organizational, personnel and technical measures for the protection of personal data, all with the aim of ensuring the implementation of Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding processing of their personal data and on the free movement of such data.
Meaning of important terms in relation to the provisions of this Policy in relation to the Regulation
"Personal data"is all data related to an individual (physicalperson) whose identity has been established or can be established. An individual whose identity can be established is a person who can be identified directly or indirectly.
„Processing”means any operation or set of operations carried out on personal data or on
sets of personal data, either by automated or non-automated means such as
collecting, recording, organizing, structuring, storing, adapting or modifying, finding,
performing insights, use, disclosing by transmission, dissemination or making available in other way, aligning or combining, restricting, deleting or destroying.
„Controller”is a legal or physical person, public authority, agency or any other body which alone or together with others determines the purposes and means of processing personal data.
„Processor”is a legal or physical person, public authority, agency or any other body which
processes personal data on behalf of the controller.
„Recipient”is a legal or physical person, public authority, agency or any other body to whom are disclosed personal information, whether or not he is a third party.
„Third party”is a legal or physical person, public authority, agency or any other body which is not the respondent, controller, processor or the persons authorized to process personal data
under the direct authority of the controller or processor.
„Consent”of the respondent means any voluntary, special, informed and unambiguous expression of the respondent’s wish by which respondent gives the consent for processing of personal data related to him/her by a statement or a clear affirmative action.
"Storage system"is any structured set of personal data available under special
criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.
"Violation of personal data"is a security breach that leads to accidental or unlawful
destruction, loss, alteration, unauthorized disclosure or access to personal data that are
transferred, stored or otherwise processed.
„Identifiable person“is a person whose identity can be established (directly or indirectly)
in particular on the basis of an identification number or one or more characteristics specific to
its physical, psychological, mental, economic, cultural or social identity.
„Special category of personal data“refers to racial or ethnic origin, political
views, religious or other beliefs, union membership, health or sex life and personal
data on criminal and misdemeanor proceedings.
1. WHOSE PERSONAL DATA WE COLLECT
We collect and process personal data of:
- third parties – partners,
- shareholders, and
- other individuals with whom we communicate.
2. FOR WHAT PURPOSE DO WE COLLECT PERSONAL DATA
The purposes for which we process your personal data are:
- for higher quality of services;
- improvement of our website and / or services as well as development and advertising of new services; and
- compliance with applicable law, court decisions, other court proceedings or other requirements of the legislator.
We use your personal data especially for the most efficient implementation of our services, but also for the implementation of the legitimate interest of the legislator if so prescribed by law or other legal act.
3. WHAT PERSONAL DATA WE COLLECT AND PROCESS
We collect and process following personal data:
1. personal data necessary to fulfill the legitimate interest of the legislator
This personal data includes data on:
- Name and surname,
- Type and number of identification document,
- State and city of residence,
- Country of birth,
- Address of residence (for invoicing purposes)
- Date of birth and
- Sojourn tax category (applicable only if the respondent has a disability).
We share these personal data exclusively with authorized bodies and organizations of the Republic of Croatia, in accordance with the law, via the electronic system "eVisitor". The retention period of these personal data is prescribed by the relevant legal regulation and these data are kept for 10 years from the date of residence of the respondent.
When issuing invoices, we share your personal data with authorized institutions and organizations of the Republic of Croatia, in accordance with the law. In order to comply with the provisions of the laws of the Republic of Croatia, we are obliged to keep such information for 11 years from the date of issuance of the invoice.
2. personal data needed to handle your inquiries and provide customer support
When you send an inquiry about our services or request customer support for our services, we may collect your personal data. We use various user interfaces to provide you with information about our services and to respond to your inquiries. In any case, we might request your contact information along with other personal information that is relevant to your inquiry. This information is used so that we can respond to your inquiries.
We may seek the assistance of third-party service providers to assist us with client requests.
Depending on the nature of your inquiry or request, the legal basis for the processing of such personal data will be:
(a) that processing is necessary for the fulfillment of our obligations according to any contract we have entered into with you;
(b) it is in our legitimate interest to use your personal information in such a way as to ensure that you are provided with the best possible service; and / or
(c) the consent you have given us for such processing up to the time of your withdrawal of that same consent.
3. personal information that you voluntarily provide us with while using our websites and/ or our services
We may use the contact, identification and payment details you have provided us with to ensure the realization of the services you have booked through our website, through a third party, or by telephone through our call centers or through personal reservations. This could include information such as your name and last name, occupation, address, previous residence information, your preferred services, phone number, gender, citizenship, passport number, date and place of issue of your passport, payment information including credit card details and CVV code, flight information, name and the last name of other guests on the reservation, wishes regarding the room, notes you have given us and preferred ways of communication. We also receive information from third parties and websites, travel agents, social networks and booking websites, third party agents and mediators, organizers of meetings, conferences and events, as well as restaurants and spa reservation services that we will use for those purposes. This includes verifying your identity, contacting you regarding hotel reservations, and processing your reservation and payment.
We may share this personal information with third parties for the following purposes:
- sending check-in / check-out data of your stay before your arrival
- To confirm your identity
- To verify the card payment (including the pre-authorization procedure carried out at check-in at our hotel) and refunds
- To make reservations, cancellations and to change reservations
- To enable your reservation and any special requests or requested services
- To provide loyalty program membership services
- To send you, where possible, a welcome text or e-mail with information about your stay, free services including online check-in requests regarding the room or notes on special requests.
We use your personal information for realization of our obligations to you with the aim to fulfill our contractual relationship with you. We will process such data until our contractual relationship ends.
4. personal data necessary for us to be able to communicate with you via our newsletter and provide you with selected business information and personal data that we process based on your inquiries.
We collect and store personal information, including your name and contact details such as email address, so that we can communicate with you through our newsletters and provide you with information and benefits of our services.
It is in our legitimate interest to use your personal information so that we can communicate with you in this way. We process this data for a maximum of seven (7) years from the date of our last interaction with you or the time of the withdrawal of your consent.
5. personal data we collect through the video surveillance system
We are able to use video surveillance and record people in, or around our accommodation facilities. Video recordings of persons taken by video surveillance contain personal data. Video surveillance can also record audio. Video surveillance recordings can be viewed by authorized personnel. We will place signs on our facilities that will warn that you can be recorded by video surveillance where it is in use as well as contact information where you can exercise your right.
We may share your personal data recorded via video surveillance with third parties in the manner prescribed by law or when necessary for the functioning of the video surveillance security system itself, hence with the police and technical service providers.
It is in our legitimate interest to use video surveillance for the purpose of:
• personal safety of our employees and guests
• preventive action against crime and protection of our facilities and property from damage
• protection of our guests’ property from damage and theft
• support to the competent authorities in the prevention, detection and in punishment of crime.
We keep all video surveillance recordings within a maximum of 6 months, but we can also store them for a longer period of time if they must be used as evidence in court, for government administration, arbitration or for similar proceedings.
6.personal data that we process for the purpose of employment
We may collect personal information for the purpose of reviewing and acting on any inquiry or application for employment with our Company. We collect and process data that you have voluntarily provided to us or received from third parties - employment agencies for the above purpose. Personal information may include your name, contact information, education information, and any other information contained in your resume, application, or other supporting letter. You can apply for job vacancies at https://www.ribarskakoliba.com/. When you apply for job advertisements using social networks, including Facebook, we may also collect information that is publicly available through that social network. We use this information for the purpose of communicating with you regarding your job application.
We will not share this information with any third party.
You can give us consent for the processing of your personal CV data in the case of future employment. You can withdraw this consent at any time, in the same way as you gave it.
7. personal data necessary to achieve business, administrative and legal compliance
We use your personal data for our own legal, business and administrative compliance, as follows:
- for the purpose of maintaining archives,
- to comply with our legal obligations,
- in order to exercise our rights,
- to protect the rights of third parties,
- related to business and status changes such as merger, acquisition by another company or sale (part) of our assets.
We share this personal information with our advisors, including attorneys and accountants, and with government and other regulatory authorities.
The use of your personal data for the purpose of status changes, the exercise of our rights or the protection of third party rights is our legitimate interest. Compliance with legal obligations such as compliance with court decisions is our legal obligation. If we share your personal information that falls into special categories of personal information, we will first ask for your consent.
8. personal data that we process based on E-mail marketing
We may use the information we receive while you use our site, communicate with us by e-mail and / or use our services, in order to send you marketing messages by e-mail when you have agreed to receive such messages or if we have another valid reason for doing so. We will act on your request not to send you promotional material.
We share your personal information with third-party email marketing providers, who help us run our email marketing campaigns.
We have a legitimate interest in using your personal information for promotional purposes. We will only send you promotional material via email when you have given us your consent or if we have another valid reason to do so.
9. personal data that we process for the purpose of promotion on social networks
We may use the following social networks on which you are registered as Facebook, Twitter, Instagram, YouTube, LinkedIn. When you participate in our sponsored activities on the social networks where we are present, we may use personal information such as your location, check-in notifications, social media activities, photos, status changes, publicly available comments and friend lists solely on your consent. We may use the information we receive from you as a result of your use of our Site, from e-mail communication with you or from your use of our services in order to personally advertise to you through social networking channels operated by Facebook or others.
We share your e-mail address with third-party service providers who help us with our advertising campaigns. Your encrypted email address is also shared with third party service providers, such as Facebook, under their terms and conditions.
4. Respondents' rights
Irrespective of the basis of data collection, respondents may exercise the following rights for free within the limits prescribed by the Regulation:
1. Right of access
Upon your inquiry, we will answer whether we process your personal data and, if so, we will provide you with a copy of that personal data (together with certain details). If you request additional copies, the Company reserves the right to charge a reasonable fee.
2. Right to correction
You can update the personal information we have by contacting us directly by post, e-mail or by making a change during your stay or on the registration card when checking in at the reception. We recommend that you update your information the moment you change it. If the personal information we hold about you is incorrect or incomplete, you have the right to request correction. If we have shared your personal information with others, we will notify them of the correction if possible. At your request, if it is possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them directly.
3. Right of deletion
You may ask us to delete your personal information in certain circumstances, such as when we no longer need your personal information or when you wish to withdraw your consent. If we have shared your personal information with others, we will notify them of the deletion if possible. We will also let you know with whom we have shared your personal information so that you can contact them directly.
4. Right to limit processing
You may request a restriction on the processing of your personal data in certain circumstances, such as when you dispute the accuracy of personal data or when you object to the processing of personal data. We will only process such personal information based on your consent while we are able to store it. We will notify you before we remove all restrictions. If we have shared your personal information with others, we will notify them of the processing restriction if possible. At your request, if it is possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them directly.
5. Right to data portability
You have the right, in certain circumstances, to receive personal information that you have provided to us (in a structured, commonly used and machine-readable format) and you have the right to pass it on to a third party.
6. The right to object
You have the right to object to the processing of your personal data:
- If we rely on our or the legitimate interests of a third party to process your personal data, unless we prove that there are compelling legitimate reasons for processing that go beyond the interests, rights and freedoms of the respondent or to set, exercise or defend legal claims
- If we process your personal data for the purposes of direct marketing
- Your right to automated individual decision making and profiling
You have the right not to be a subject to a decision based solely on automated processing, including profiling, which produces legal effects against you or similarly significantly affects you, unless the decision is necessary for the conclusion or execution of a contract between you and us, permitted by Union law or the law of the Member State to which the Company is subject and which also prescribes appropriate measures to protect the rights and freedoms and legitimate interests of the respondents, or is based on your explicit consent.
7. Right to withdraw consent
If we rely on your consent as our legal basis for the processing of your personal data, you have the right to withdraw such consent at any time in the same manner as given.
8. Right to lodge a complaint to the supervisory authority
If you have objections to any aspect of our privacy practices, including the way we handle your personal information, you may file a complaint with the supervisory authority, ie the Personal Data Protection Agency (AZOP). Details on this can be found on the AZOP website https://azop.hr/prava-ispitanika/
5. Processing of personal data of minors
6. Contact information
1) by sending an email to firstname.lastname@example.org or/and
2) via mail to the address Verudela 16, 52100 Pula, Croatia