Your privacy is important to us!
Data Privacy and Security Policy
NOTICE REGARDING THE COLLECTION AND PROCESSING OF PERSONAL DATA
In accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), and the Act on the Implementation of the General Data Protection Regulation, all the information regarding the collection and processing of personal data is given below:
Firstly, it should be emphasized that AMADRIA PARK represents a Croatian brand of hotels, specifically associations providing services in the hotel industry – Milenij hoteli d.o.o. Opatija and Solaris d.d. Šibenik.
Personal data processing manager:
Milenij hoteli d.o.o., Ulica Viktora Cara Emina 6, 51410 Opatija, OIB: 78796880101
E-mail: firstname.lastname@example.org; tel: +385 51 278 021 (hotel accommodation in Opatija, Zagreb and Lovran)
Solaris d.d. Hoteli Solaris 86, 22 000 Šibenik, OIB: 26217708909, email@example.com,
tel: +385 22 361 001(hotel accommodation in Šibenik and Trogir)
(hereinafter under the common name: AMADRIA PARK)
Personal data protection officer:
Information is always available on the website www.amadriapark.com
E-mail: firstname.lastname@example.org, tel: 051/323 605
Personal data which AMADRIA PARK processes, the purpose and legal basis of such processing, legitimate interests of the processing manager:
1) Personal data processed pursuant to the law:
- name and surname
- city, country and date of birth
- identification document type and number
- permanent residence (temporary residence) and address
- date and time of arrival to and departure from the facilities
- information on exemption from payment of sojourn taxes or decrease in payment of sojourn taxes: regarding degree of invalidity, education, employment, members of immediate family of the inhabitants of the tourist municipality or city, use of social welfare services, membership in international youth organizations, etc.
The purposes of processing the above-mentioned personal information are:
- monitoring the execution of the obligation to register and check out tourists by the person responsible for registration and checkout pursuant to the Sojourn Tax Act and the Ordinance on the manner of keeping visitor registers and on the format and contents of the form for registering visitors to the Tourist Board
- keeping records, calculating and collecting sojourn taxes pursuant to the Sojourn Tax Act and the Customs Services Act
- bookkeeping or keeping a registry of guests by the accommodation service provider, as well as monitoring the fulfilment of those obligations by inspection authorities pursuant to the Hospitality and Catering Industry Act, Ordinance on the form, contents and method of keeping a registry of guests and guest lists, and the Tourist Inspection Act
- registration of foreigners with the Ministry of Internal Affairs as well as monitoring the fulfilment of this obligation by inspection authorities pursuant to the Aliens Act and the Act on Police Affairs and Authorities
- managing a registry of tourists by the Tourist Board as well as statistical processing and reporting pursuant to the Sojourn Tax Act and the Act on Tourist Boards and Promotion of Croatian Tourism
- supervision of accommodation service provider’s operations in the area which relates to the legality of performing their duties regarding the provision of registered services and respecting the legislation on taxes and other regulations regarding public affairs pursuant to the Customs Services Act, General Tax Act and the Act on the Inspection of Road Transport and Roads
In order to identify the guests and collect the above information we request to see personal identification but do not retain a copy of it.
2) Personal data processed in order to communicate with guests:
- telephone number and/or e-mail address
Data is processed for the purposes of maintaining communication regarding hotel accommodation services, as this is necessary for the execution of the contract between AMADRIA PARK and the guest(s).
3) Personal data connected to the fulfillment of financial obligations of the guest:
- depending on the method of payment, credit card information or information regarding the account from which payment is made
Data is processed by the Accounting Department for the purposes of securing payment, and this processing is necessary in order to ensure the execution of contract between AMADRIA PARK and the guest and respecting the obligations of the regulations which the Accounting Department regulates.
Personal data recipients/categories of recipients:
So as to comply with legal obligations, certain personal information of guests is delivered to, and for the purpose of carrying out supervision based on legal powers, handed over to the Tourist Board competent for the area in which the accommodation is situated, Croatian National Tourist Board and public bodies – Ministry of Internal Affairs, Customs Administration, Tax Administration, Ministry of Tourism and Ministry of the Sea, Transport and Infrastructure.
Storage period for personal data:
Personal data which is processed pursuant to the law is stored for a period of 10 years, and 11 years for data stored along with the issued receipt pursuant to the Accounting Act and data regarding accounts and credit cards. Statistical analysis and information are kept and stored permanently.
Data which is processed for the purposes of communication is stored for a period of at least five years starting from the end of that year, that is until the end of the guest’s stay at the hotel.
If there are no special real or legal reasons for storing personal data for longer than anticipated, the data is erased in the year that follows the shortest storage period.
Providing personal data is a condition necessary for providing services for which processing of personal data is a legal obligation of AMADRIA PARK, that is, a condition for exercising certain rights when those rights are tied to personal data which is revealed to competent authorities. If the guest does not provide the necessary personal data, AMADRIA PARK will not be able to fulfill its legal obligations or ensure that the guest can exercise certain rights.
AMADRIA PARK does not apply automated decision-making.
Rights regarding the processing of personal data:
The following rights are guaranteed to you at all times:
- The right of access to personal data – you are entitled to a confirmation from AMADRIA PARK regarding whether your personal data is being processed, information about the purpose of such processing, categories of data being processed, recipients, storage period, and the existence of rights in the case of requests for correction, deletion, processing limitations or complaints.
- The right to correct – you are entitled to request correction of incorrect data or fill in incomplete data which refers to you.
- The right to erase – you are entitled to request AMADRIA PARK to erase personal data which refers to you under certain conditions, unless storage of such data is required by law.
- The right to limit processing of personal data – you are entitled to request AMADRIA PARK to limit processing of data which refers to you under certain conditions.
- The right to complain about processing – you are entitled to file a complaint regarding the processing of your personal data.
- The right to transfer information – you are entitled to transfer your personal data to another processing manager, and if it’s technically feasible, such transfer will be handled in an automated way.
- The right to file a complaint to the supervisory board: Croatian Personal Data Protection Agency, Martićeva ulica 14, HR – 10 000 Zagreb, tel: 00385 (0)1 4609-000, fax 00385 (0)1 4609-099, E-mail: email@example.com, web: azop.hr
All the aforementioned rights can be exercised at any moment by contacting AMADRIA PARK in written form, using the contact information listed in this notice, or by contacting the personal data protection officer.