For the purposes of this Statement and the applicable regulations on the protection of personal data, including the General Regulation on the Protection of Personal Data (EU) 2016/679 (hereinafter: “General Regulation” or “GDPR”), the Data Controller and the company responsible for processing your personal data is OBONJAN RIVIJERA d.d. for hotel management and tourism, with headquarters in Šibenik, Nikola Tesla 67 6, OIB: 49162530811 (hereinafter: “Obonjan” or “we”).
In case you have any question related to the protection of your personal data, you can contact us by e-mail to the address firstname.lastname@example.org.
In accordance with the principle of transparency, this Policy is intended to provide respondents with accurate, complete information about which of their personal data is collected, used, provided or otherwise processed by Obonjan, as well as to which extent this data is processed or will be processed. Likewise, the aim of this Policy is to introduce individuals who use this internet portal to the risks, rules, protective measures and rights related to the processing of their personal data and the manner in which to exercise their rights as regards its processing.
Personal data is any data that can be used to confirm your identity. Through its online services, Obonjan can collect some of the following personal data:
– First name, last name, home address, date of birth, personal identification number, personal ID number or number of other identification documents, citizenship;
– Data on your stay, including data on the facility in which you are staying, date of arrival, date of departure, products or services purchased, information on your preferences for services (room type, etc.);
– Data on the future loyalty program;
– Additional information about you that we might receive from third parties with whom we do business (e.g. travel agencies, tour operators).
LEGAL BASIS FOR THE COLLECTION OF PERSONAL DATA
Obonjan collects and processes your personal data only if one of the assumptions listed below is fulfilled:
We have your consent
Example: receiving our newsletter
If you wish to receive our newsletter, you will click the check box on the Obonjan Internet Portal indicating that you wish to receive the newsletter, and you will enter the e-mail address to which you wish to receive the newsletter.
Processing is necessary to execute an agreement to which the respondent is a party, or to take measures at the request of the respondent prior to concluding an agreement
Example: on-line booking
When booking accommodation at Obonjan’s facilities via the Obonjan Internet Portal in order for us to offer the services required.
Processing is required in order to fulfill the legal obligations of the data processor
Example: forwarding data to the eVisitor system
Obonjan is required to register every guest with the eVisitor system in order to pay sojourn tax and register their stay in Croatia.
Processing is required for the legitimate interests of the data processor or a third party
Example: in order to personalize your experience
Obonjan may use your personal data to improve its understanding of your interests in order to offer you other services or products that might interest you. This allows us to adjust our communication to make it relevant and more interesting to you.
Obonjan may collect personal data for other legally expected reasons, such as e.g. when processing is required in order to protect key interests of the respondent or other physical persons.
PERSONAL DATA THAT IS COLLECTED
Obonjan collects data during the use of its services or during access to the Obonjan Internet Portals:
(I) When booking accommodation and purchasing other products or services, the following are collected:
First name, last name, home address, e-mail address, telephone number, personal identification number. Information about services (or products) purchased
(II) When accessing the Obonjan Internet Portals, the following are collected:
Data on your accommodation interests;
Information on the use of the web page;
Information on clicks on our advertisements, including those published on other web sites;
Information on how you access digital services, e.g. operating system, web browser, IP address;
(III) When sending inquiries and offering support, consultations or answers to complaints, surveys and research, the following are collected:
The data you provide us when booking or purchasing services, including your first name, last name, and e-mail address, or if you are logged in via a social network, then your name, user name and contact data. The content of digital communications, as well as which links you clicked on during communication
The content of your complaints
(IV) When registering for our newsletter, the following is collected:
Name, surname, home address (country), e-mail address, date of birth, special interests of the guest, family status, gender, language of communication, hobbies telephone number, personal identification number, data on personal identification document, information on services (or products) purchased. Guest complaints and comments
(V) When joining the future loyalty program, the following is collected:
Name, surname, home address (country, city, postal code, street and house number), mobile phone number, e-mail address, date of birth, special interests of the guest, family status, gender, password, language of communication and hobbies
In addition to directly from respondents, Obonjan can collect personal data from other sources under the following circumstances:
– From specialized firms that offer information (e.g. credit rating agencies), business partners (e.g. tour operators) and public registers (trade register);
– If booking is carried out via a social network e.g. Facebook, Google+, you accept that we may use your user data, e.g. first name, last name, e-mail address or other information you have chosen to share;
– Via video surveillance at Obonjan facilities.
In situations in which you give Obonjan the personal data of other persons, the following must be taken into account:
– Obonjan uses the data of other persons you provide to us, such as e.g. persons included in your booking;
– When you provide data on other persons, you must be sure that they have consented to this and that you have the authority to do so in their name. Whenever possible, you must make sure that they are familiar with the processing of personal data from these Privacy rules.
HOW YOUR PERSONAL DATA IS USED
Obonjan processes the data collected to fulfil the purpose for which the data was provided, and/or to fulfill relevant regulations or legitimate interests arising from or tied to the use of the Obonjan Internet Portal and the offering of desired services.
In accordance with this, Obonjan may use your personal data:
– To offer services you have required, e.g. booking accommodation;
– To offer information you seek related to the services we offer;
– To simplify the use of the Obonjan Internet Portal by eliminating the need to frequently enter the same data;
– To aid in making content as relevant as possible to your interests, or to adjust the internet portal to your personal tendencies and interests – if you do not wish to receive personalized content, you are always able to complain by changing your online settings, or by contacting us via telephone or e-mail to update our data;
– To send notifications about important news concerning the internet portal;
– To prevent fraud or other forbidden or illegal activities;
– To protect the safety and integrity of the Obonjan Internet Portal or those of other Obonjan companies;
– For marketing and promotional purposes:
- In order to understand you as a client as best as possible and to adjust our services and marketing communication, Obonjan may combine personal data collected during the sales of services with data collected via our web sites, applications or other sources,
- To send you notifications about new services, updates to services, events and special offers we believe you may be interested in;
- To send you notifications about other companies and products we believe you may be interested in, but only if you have agreed to this type of communication beforehand,
- Marketing research to improve our services, in which case you are always free to refuse to cooperate.
WHO CAN SEE YOUR DATA
Obonjan does not sell, rent or lend your data to third parties.
Obonjan may share your data with trusted partners who perform particular functions for us, such as e.g. IT systems maintenance and applications, marketing campaigns, payment processing.
Particular personal data is provided to government bodies on the basis of legal requirements such as e.g. registering guests with the eVisitor system to pay sojourn tax, create guest lists and register foreign visitors.
In any case, when Obonjan must share collected personal data, we demand that it is protected and not used for marketing purposes.
HOW TO PROTECT YOUR RIGHTS
You have the right to ask for a copy of all the personal data of yours we have collected, while the data we have collected during your booking is visible in the booking itself. You may write to us if you wish for a copy of the other data we have collected from you, in which case you should list all details in order to help us identify and locate your personal data. Delivery of this data is free, but Obonjan retains the right to charge a reasonable fee for special requests, such as extra copies, special formatting, etc.
We want all your data to be correct and updated. If you notice that some of your data is inaccurate, please inform us.
Also, we would like to remind you of your right to ask for your personal data to be corrected or deleted, as well as your right to oppose the processing of your personal data. Obonjan will correct or erase your personal data, unless we are required to retain it out of legitimate legal or business interests.
If you have a complaint about the processing, use or storage of your personal data, feel free to contact us. If you are not satisfied with our response, you may contact the Croatian Personal Data Protection Agency.
All requests or complaints related to personal data collected by Obonjan are to be submitted in writing to the personal data protection agent. The request must contain the e-mail address you provided during check-in, as well as the e-mail address to which you wish to receive a response (if it is different from the e-mail address from which you sent the request). Obonjan will e-mail your data within a reasonable time frame to the e-mail address provided in the request.
We must point out that, prior to responding to your request, we may ask you for more information to confirm your identity. Also, we may ask you for more information to confirm whether you have approval to file a request if you are doing so in someone else’s name.
Complaint. You are also authorized to submit a complaint to the local supervisory body for data protection – that is, the Agency for Personal Data Protection, at the address:
Agency for the Protection of Personal Data
Selska cesta 136
HR – 10,000 Zagreb
Tel. +385 (01) 4609-000
Fax. + 385 (01) 4609-099
SAFETY OF YOUR PERSONAL INFORMATION
We are completely dedicated to protecting data from unauthorized access, distribution or erasure, regardless of where it is stored or processed or of the format in which it is stored. Obonjan uses the services of trusted IT partners, who are required to apply high IT protection standards.
Obonjan applies recognized data security standards:
– We carry out technical and organizational protection measures based on risk,
– We minimize data exposure,
– We check collected information, storage and processing methods,
– Whenever possible, we pseudonymize and anonymize data,
– We test organizational and technical protection measures,
– We limit access to personal data to our employees, contract workers and representatives, for whom the use of personal data is limited and controlled on the basis of user tasks, and who are required to respect strict contractual confidentiality obligations.
Obonjan takes all measures to identify problems, as well as measures to minimize potential damages.
Please do not forget that you are also our partner in data security. We invite you to take steps to make your personal data safe (including your password), and to always log out of our internet portal after use.
If the personal data we process is transferred outside the European Union and the European Economic Community as a necessity for the technical completion of services sought by users, then Obonjan will take reasonable measures to ensure that the persons outside the EU with whom the data is shared take appropriate measures to protect this data and to offer protection in accordance with these Privacy Rules.
PERIOD FOR WHICH PERSONAL DATA IS STORED
The period for which Obonjan stores your personal data is limited to a strict minimum, and in accordance with this, Obonjan defines the periods for which it stores or periodically checks particular personal data in order for it not to be kept longer than is necessary to fulfill the purposes for which it was collected.
After this period is over, Obonjan will erase the personal data. However, if this data is necessary to create statistical indicators, analyses, archiving or some other legitimate interest of Obonjan, all measures will be taken to ensure that this personal data is anonymized.
Obonjan uses tools to analyze the use of the Obonjan Internet Portal, through which we may collect particular data about you, thus gaining insight into the needs of our visitors and/or users, the goal of which is to improve the quality of our services.
Cookies are used for this purpose, as are some other tools.
The user and/or visitor may refuse or erase cookies through the relevant settings on their computer and the web browser they are using. However, this may prevent some functions of the Obonjan Internet Portal from being fully usable.
The aforementioned tools collect and store some technical data, including user and/or visitor IP addresses.
LINKS TO OTHER WEB SITES
Obonjan retains the right to change, modify and/or amend these Privacy Rules at any time. All changes to the Rules will be published on the Obonjan Internet Portal; in the case of significant changes, you will be informed in a clear and understandable manner.