Privacy Policy

PRIVACY POLICY

I. GENERAL
On 25 May 2018, the mandatory application of European Union Regulation 2016/679, which relates to the protection of personal data of persons residing in the Member States of the European Union, began.
HOTELS ŽIVOGOŠĆE d.d. (hereinafter the Company) with its registered office in Živogošće, Porat 136, OIB: 88429213928, hereby informs you about access to your personal data, how it processes them, for what purposes it uses them, as well as your rights related to the processing of personal data.

II. GENERAL PROVISIONS
Scope of application

This Policy applies to any processing of personal data by the Company, with this Policy taking precedence over any other content if that content prescribes the rights and obligations related to data processing differently.

Data Processor and legal framework
The Company, as the Processor of your data,  respects your privacy and undertakes to protect your personal data. Data collection and storage is carried out in accordance with the provisions of EU Regulation 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Act on data protection (OG 42/2018) and other regulations governing the subject area, applicable in the Republic of Croatia.

Data Protection Officer
The Company has appointed a personal data protection officer who you can contact at any time via the address: dpo@zivogoscehotels.com or by mail at DPO,  HOTELI ŽIVOGOŠĆE d.d., Živogošće, Porat 136.


III. LEGALITY, METHODS AND PURPOSES OF PERSONAL DATA PROCESSING

Legal basis of processing
The legal basis for the stated processing purposes are:
1. a) legal,
2. b) contractual,
3. c) key interests of the respondents,
4. d) a legitimate interest that is stronger than the interest of the respondent or
5. e) consent or explicit consent of the respondent, depending on the purpose of processing and the type of personal data.

Purpose of processing
The Company is obliged to process your individual personal data due to the fulfillment of the accommodation contract and due to the regulations governing the hospitality business, while the Company may also process certain other or the same data for other contractual purposes, ie:
1. a) fulfillment of the accommodation contract;
2. b) meeting the legal requirements and other applicable positive regulations governing the hospitality industry;
3. c) for the purposes of direct marketing;
4. d) sending offers;
5. e) for the purpose of improving and personalizing the service to you as a guest;
6. f) for the purposes of protecting the property and safety of individuals by applying video surveillance measures.

Method of data processing
The company processes your data in the process of :
1. a) accommodation reservations (reservations via web or telephone reservations);
2. b) when fulfilling the accommodation contract – registration at the reception of the facility;
3. c) filling in the registration card;
4. d) when registering for free WiFi on the Company’s website;
5. e) in places under the video surveillance system.

IV TYPES OF PERSONAL DATA


Personal data collected from persons who have booked accommodation and guests
The Company, as the processor, stores your personal data that you provide in order to facilitate with accommodation services exclusively for the purpose of fulfilling accommodation contracts and fulfilling legal obligations for submission of data, as well as collecting personal data related to hospitality , and may use them also for other purposes required by positive regulations.
In the event that you do not provide the Company with the minimum data required for guest registration in all pertinent registers, the Company will not be able to provide you with accommodation in accordance with the contract and the law.
Personal data that the Company records at the time of booking and on the registration form upon arrival at the facility are collected on the basis of the laws governing the hospitality industry, and for the purpose of providing services to guests. These are the following data (which are subject to change due to positive regulations):
1. a) name and surname
2. b) address of residence (Croatian citizens)
3. c) date of birth
4. d) number, type of identification document and place of issue
5. e) nationality
6. f) name of the facility
7. g) number of accommodation unit
8. h) date of arrival and departure of the guest
The Company keeps the above mentioned data in its guest database and sends them to the E-visitor system (electronic guest registration system) to the responsible authorities of the Republic of Croatia, and the afore mentioned  must be kept in the system for 10 years. Also, the Company is obliged to keep all invoices issued to guests with personal data of the guest for 11 years, in accordance with legal regulations.
Furthermore, in order to fulfill the contractual obligation, the Company collects the following information at the time of booking, as well as on the registration form upon arrival at the facility:
1. a) e-mail
2. b) language
Other data related to the circumstances of your stay, such as: mode of travel, traveling companion, marital status, pets, other interests, shall also be collected if they have a direct connection with providing the accommodation services, and will be deleted after your departure from the facility. 
The Company as the processor has the right, based on legitimate interest, to collect your personal data (name and surname, e-mail address), for its guest database and to use for direct marketing purposes and only for the purpose of informing you about the Company’s offers by e-mail. In this case, you have the right, at any time and free of charge, to request deletion (the right to be forgotten) from the database for this purpose.
During and after your stay, the Company shall send you as a guest a satisfaction questionnaire via e-mail, which, if you want to fill it out only with your consent, is processed by the tour operator with whom you have entered into a travel agreement, who will publish data from this questionnaire according to its rules and policies for which the Company is not responsible. The primary purpose of the satisfaction questionnaire is to collect data on the service in order to improve the service provided by the Company.

Additionally, the person booking the accommodation or the guest may give special permission, consent, to the Company to do the following with all the collected information, such as:

a) name and surname
b) e-mail
c) date of birth
e) the state

f) other personal data collected during the stay (e.g. mobile phone number, telephone number, gender, marital status, language, pets, interests and activities during the stay, mode of travel, accommodation preference, destination preference, etc.)
g) other personal data collected when browsing the web (so-called cookies) including IP address

collect and use it for further profiling of respondents and for the purpose of contacting and informing about special and personalized offers, news and events organized by the Company through online channels (e-mail, web, internet promotion). In this case, the respondent has the right to withdraw the consent given at any time, which includes processing for the purpose of profiling to the extent that it is related to this direct marketing, either in relation to initial or further processing, at any time and free of charge, as well as at any time to change the data and the right to be forgotten.

The data is stored in the guest database of the Company for 2 years.
The company also collects personal data through a video surveillance system.

Cookies and internet technologies
The Company’s web portal may use cookies and other technologies that make it easier for us to deliver content depending on your areas of interest, process reservations or requests, and / or analyze the characteristics of your visits. Cookies cannot be used to reveal your personal identity. When you access our website, this information identifies the properties of your browser to our servers, but not you.

The company uses different types of cookies:
1. a) Necessary cookies – they are necessary for the functioning of the website, which cannot function without them. This means that a website cannot be opened or displayed without these cookies. These cookies are used for the purpose of transmitting communication or are necessary to provide an information society service that is explicitly required of the user of such service. Also, these cookies will allow us a basic analysis of the website in order to improve the operation of the website through data that is completely anonymized, i.e. not based on your personal data or data that can be linked to you in any way. For these cookies your consent is not required.
2. b) Functional cookies – we use them to conduct a more advanced analysis of the website. These cookies are used to analyze user behavior and based on the obtained anonymous data we can determine what content the visitors of the website prefer and view, so we are able to customize the website and make its content and functionality as easy as possible to use. We ask for your consent for these cookies.
3. c) Advertising cookies – we use them to analyze your interests and wishes, and they serve us to publish information that is interesting to you and create offers tailored to your use of the Company’s website. For this content your consent is required.
The company stores cookies in the database and we store them for a maximum of 2 years for the purpose of informing about special and personalized offers, news and organized events through online channels (e-mail, internet, internet promotion).
Should you change your mind regarding the cookies settings on the Company’s website, you can change them at any time at the link: (link to the cookie consent box). You can always delete cookies stored on your computer, thus preventing further processing of your personal data through such technology.
Video surveillance system
The company, as the processor, has a legitimate interest in implementing video surveillance measures to protect property and persons, and in relation to certain work positions and legal duty to install surveillance cameras that record employees and all persons moving in the area covered by the surveillance camera.
The company marks all places where video surveillance is installed in the prescribed manner.
The Company is aware that the videos contain personal data of all persons moving in the camera’s field of vision, and therefore keeps them with special care, has a system of security, availability and a policy of deleting them, which is governed by internal rules of the Company.
Videos are regularly taped over so that they are automatically deleted after a maximum of 6 (six) months from the date of recording. The exception is the case when videos are kept longer if they are needed for evidence in proceeding before the state authorities. Excluded videos will be stored in a centrally alert system with an extremely strict access policy.
In the event of court and / or criminal proceedings, the Company may use the said videos. Third parties, processors, contractual partners of the Company which are registered experts in the provision of services for the protection of persons and property, and who in no way use the independently stated data but take care of the security of central monitoring and reporting systems, may also have access to personal data in videos. Special regulations governing the area apply to all other details related to video surveillance.

Period of data storage

Your data will be at the disposal of the Company for the duration of our contractual relationship and/or until the legal consequences of such contractual relationship cease, and no later than after the expiration of all legal storage obligations, except in the case of forced collection of overdue receivables. Also, if you file a complaint about the service performed, we will keep your date until the completion of the complaint procedure, all in accordance with applicable regulations.

Transmission of personal data

We may pass on your personal data (based on our legitimate interest and your consent in accordance with this Statement) to the tour operator with whom you have entered into the travel arrangement. This may result in the fact that you, as a guest of the Company, receive certain information and / or inquiries from the travel agency in connection with your stay at the facilities of Company.
Insight into the personal data of guests, if necessary and to a limited extent, may also be accessible to third parties, processors (for example, associates of the Company who provide IT services or other services), who keep them in their databases until the end of processing. A detailed contract is concluded with such subjects regarding their powers and obligations in the processing of personal data, in accordance with the requirements of the Regulation.
In certain situations, it is possible for external entities together with the Company to jointly determine the purposes and methods of personal data processing, then these external partners and the Company are the joint controllers. In these relations, the joint controllers shall determine in a transparent manner their responsibilities for compliance with the obligations under the Regulation, in particular with regard to the exercise of respondents’ rights and their duties in respect to the transparency of processing procedure, unless responsibilities are established by law.
If, as part of data processing, data is disclosed to third countries, the Company will ensure compliance with high standards of protection in order to comply with the highest possible standard of personal data protection, in accordance with the strict requirements of the Regulation. In this sense, when international transfers of personal data are in use, the Company will inform the respondent about the intention to disclose personal data to a third country or international organization and about the existence or non-existence of a decision of the European Commission on adequacy. At the same time, the respondent shall be instructed on appropriate or appropriate safeguards and the means of obtaining a copy or place where they are made available if the transfer is subject to appropriate safeguards under Article 46 of the Regulation, the application of binding corporate rules under Article 47 of the Regulation. Article 49 (1), subparagraph 2 of the Regulation. Any transfer of personal data to third countries will be carried out in accordance with Chapter V of the Regulation.
Also, in case of non-fulfillment of your contractual obligations, as a creditor we have the right to forward your personal data to the appropriate extent to natural and legal persons for the collection of receivables (law firms, debt collection agencies, etc.).

CONTACTING
During the duration of the contractual relationship, ie after the end of the contractual relationship, we can contact you regarding the provided accommodation and food service, for example to check the quality of service, identify possible deficiencies in the provision of services and the like. We can contact you via your email address
If you object to the contact regarding the accommodation and food service provided, you have the option of filing an objection to such processing of your personal data. You can exercise this right by sending a request via the address: dpo@zivogoscehotels.com or by mail to the address HOTELI ŽIVOGOŠĆE d.d., Živogošće, Porat 136. In the event of a complaint, the Company will no longer contact you regarding the service provided.

CONSENT MANAGEMENT
You can revoke the contact consent you have given at any time. You may also object at any time to our processing of your personal data for the purpose of the service provided.
You can change your consent by sending a request via the address: dpo@zivogoscehotels.com or by mail to the address HOTELI ŽIVOGOŠĆE d.d., Živogošće, Porat 136.
If you want to give your consent again, you can do so in a manner described above.