You are an important customer to us, therefore our very first priority is to offer you superb service in all aspects of your stay.
a) Responsible for data processing:
Company: Hoteli Cavtat d.d.
Headquarters: Cavtat, Šetalište Žal 4a
OIB /personal identification number/: 91951159924
The Data Protection Officer is available at the e-mail: firstname.lastname@example.org
b) If we use the services of external service providers for the processing of your personal data, we are talking about the processing (of personal data) per order. In this case, we are responsible for the protection of your personal data. During the processing of your personal data, we may use service providers outside the EU. We will do so only if for that third country exists is a decision of the European Commission on the adequacy of that country, or if we contracted with the service provider appropriate warranties or adherence to binding regulations on the protection of personal data.
"Personal data" means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.
We may use Your Personal Information (hereinafter referred to as “PI”) for marketing purposes. If required by applicable law, You will be requested to give Your prior express consent to receive such marketing materials. We may also collect and keep information and records related to conversations, including recording or monitoring reservation center calls
By accessing and using our website (this includes: viewing, transmitting, caching or storing this site, or any of its services, functions, materials or content) this means you have read and agreed to each and all the terms and conditions. If you do not agree with the terms and conditions, you may not use this Site for any further purpose.
1. Your rights
a) Right to rectification.
If we process your personal data that are incomplete or inaccurate, at any time you can request from us correction or amendment of the data
b) Right to erasure
You can request from us erasure of your personal data if we have processed them unlawfully, or if that processing represents a disproportionate infringement in your protected interests. Please take into consideration that there exist reasons that prevent immediate erasure, such as statutory obligations.
c) Right to the possibility of data transfer:
You may request from us to deliver to you in a structured form (in a common machine-readable format) the data that you have entrusted to us for archiving purposes
d) Right of access.
You can get a confirmation from us on whether your personal data are processed and if such personal data are being processed, you can get access to these data and the following information: information on the purpose of the processing, on the categories of the personal data concerned, on the recipients or categories of recipients to whom personal data are disclosed or will be disclosed, on the estimated period in which personal data will be stored or on the criteria that were used for the determination of that period, on the existence of your rights that are listed in this paragraph of the Policy, on the existence of automated decision making, including drafting profiles and information on the logic of the processing, on the importance and the predicted consequences of processing, on the protective measures if the personal data are transferred to third countries or international organization.
e) Right to limit processing: From us you can request the restriction of the processing of your data:
- if you dispute the accuracy of the data during the period that allows us to verify the accuracy of these data
- if the data processing was unlawful, but you refuse erasure and instead request data restriction
- if the data are no longer required for the intended purposes, but you still require them to meet legal requirements or
- if you filed a complaint about the distribution of these data
f) Right to object:
If we distribute your data in order to execute the tasks of public interest or tasks of public authorities or if we refer to our legitimate interests during their processing, you can submit a complaint against such data processing if there is interest of protecting your data.
g) Right to appeal:
If it is your opinion that during the processing of your data we violated Croatian or European regulations on data protection, please contact us in order to clarify any inquiries. You certainly have the right to submit a complaint to the Croatian Agency for Data Protection, or in the event of change of applicable regulations, you may submit a complaint to another body, which will take over its jurisdiction, and from May 25th, 2018 this complaint may be submitted to the supervisory body within the EU as well.
h) Exercise the right:
If you would like to exercise any of the above-mentioned rights, please contact us by using our contact information stated in the introductory provisions of this Policy.
i) Authentication of identity:
In case of doubt, we may require additional information to verify your identity. We do so in order to protect your rights and private sphere.
j) Abuse of rights: If you use these rights too often and with an evident intent of misuse, we may charge an administrative fee, or refuse to process your request.
2. The legal basis for the processing of your data
We process personal data based on the following legal grounds:
On the legal basis, processing of personal data is necessary for the execution of the contract, i.e. to finalize and manage your reservation. If the required personal data are not given to us, we cannot finalize the reservation, nor can we provide the services of the customer service.
• We rely on our own legitimate business interests in order to provide our services, prevent fraud and improve our services. When using personal data for the purpose of exercising our legitimate interests or the legitimate interests of third parties, we will always prioritize your rights and interests to protect your personal data over our rights and interests or rights and interests of third parties. Sometimes we may contact you through other channels such as email, post, telephone or SMS – the selected modality depends on the contact information you have previously shared with us. Also, we process the messages that you send us. There are several reasons for this:
- Answering and processing of any request that you have made. We offer our guests various ways of exchanging data, requests and comments about their offers and existing reservations made through our website and through the booking interface.
- If you have not completed a reservation online, we may contact you with a reminder to continue the reservation. We believe that this additional service is useful as it allows you to continue with your reservation without having to enter again the reservation data.
- When you use our services, you may receive a questionnaire or an invitation to write a review about your experience with us.
- Also, we send you other types of materials related to your reservations, such as information on how you can contact us if you need help while you're on the road, and information that we believe you might find useful when planning your stay in order to spend it in the best possible way. We also send you material related to the upcoming travel reservation or reviews of previous trips booked with us.
- Even if you do not have upcoming travel reservations, we may send you other administrative messages, which could include security alerts.
When calling the Customer service team, we use a system of automatic phone number recognition to connect your telephone number with the existing reservations in order to save time. Our Customer service team may require data authentication, which ensures the confidentiality of your reservation data. During the conversation with our Customer service team, we might listen to the call in real time or record the calls for the purposes of quality monitoring and training, which includes the use of recordings when resolving requests or for the purposes of detecting fraud. The recordings are stored for a limited time, after which they are automatically deleted, unless we have a legitimate reason to keep the data for a longer time period, for the purposes of fraud investigation, and for other lawful purposes.
· • In addition, when applicable, we rely on the fulfilment of legal obligations (such as the legitimate requirements of the competent law implementation authorities). When necessary, and on the basis of the applicable law, we will obtain your consent prior to the processing of your personal data for the purposes of direct marketing.
3. Information for individual categories of data subjects
3.1. Guests and other users of our services
3.1.1. Why do we collect and process your personal data?
When processing your personal data we also partly apply automated processing processes, for example: in order to constantly improve our products and services, to make our contact with you more individual, and in order to customize as much as possible our offer and products to your users’ habits. Such processes can be called profiling, and, as such, are mentioned in the following text. In addition, we may process and analyze large amounts of data about our users so that they are processed in an aggregated and anonymous form and cannot be linked to a concrete physical person. We process all kinds of your personal data for the following purposes:
- communication by telephone, electronic mail and directly at the location where the service is provided:
During the contractual relation, as well as after the termination of our contractual relation, we contact you via the following communication channels for which you have given us consent: call, SMS, electronic mail (email), social networks, in written form (by post).
- managing of your reservations of rooms and of other accommodation facilities;
- providing services that you have requested from us (for example, providing of accommodation services in hotels, camping and tourist village; providing of services of the marina; providing services of food and drinks, wellness services);
- providing information on conferences and events;
- Organization of congresses and seminars;
- check-in and check-out of guests to who you provide accommodation;
- ensure payments of providing services;
- exercise rights towards guests (e.g. billing for provided services)
- improvement of your stay in the accommodation facility;
- management of the fidelity program;
- use your feedbacks to improve our services;
- providing services after the stay: subscription to our newsletter, inclusion in our system for prize games, other marketing communication and marketing activities with the purpose of informing about our services and products;
- our internal statistical data processing;
- customer satisfaction monitoring
- Realization of a contract:
We process personal data for the purpose of providing and calculating services in tourism and hospitality in accordance with the applicable Act the hospitality and catering industry (e.g. the provision of accommodation services in hotels and camps). We process your personal data when you give inquiries in accordance with the applicable regulations (e.g. Law on electronic communications, Law on consumer protection, Law on personal data protection, etc.), as well as for informing that we are obliged to carry out according to the applicable regulations (for example, to send out the notices, to send a reminder for the payment of services, etc.). For the purpose of realization of the contract, we may contact you via the contact information you have given us;
- Detection of misuses and recognition of errors:
We also process your personal data internally, in order to detect fraud and misuse. For the purpose of revealing misuses and recognizing errors we can contact you via the contact information you have given us;
- Verification of creditworthiness and collection of claims:
Prior to the conclusion of the contract and during an existing contractual relationship with you, as a company, we have a justified interest in learning more about the creditworthiness of our (future) users. If we have stored your personal data during a prior contractual relationship with you (and we still have that personal data in accordance with the applicable regulations and this Policy), we can use them to assess the creditworthiness in case you wish to conclude a new contract with us. In this case, this is called profiling in terms of this Policy. If your creditworthiness is low or we cannot get information about your creditworthiness, we may decline the stipulation of the contract or request additional funds of insurance. If you have a complaint related with the assessment of creditworthiness, you can dispute it in any moment and state your opinion. If you do not fulfill your contractual obligations, and in order to protect ourselves as a creditor, we can forward the relative personal data and use the services of physical and legal persons for the collection of claims (for example, law firms, debt collection agencies and etc.). Before we undertake such a measure, we will inform you on the matter via the contact information you have given us, so that we could give you the opportunity to submit an observation;
Hoteli Cavtat d.d. processes personal data referred to in article 3.1.3, points from a. to c. of this Policy within the framework of the justifiable (legitimate) interest in order to gain an overview of our products and services for which you might be interested in, and in order to assign you with an internal user category. Based on this, as our user, we can offer you the appropriate services and products tailored to your users' habits, and which can give you additional benefits, i.e. can anticipate your needs and respond to them in a timely manner. For example: if we notice that you are often staying in the facilities of the Remisens brand, we can offer you a special offer for staying in Remisens hotels; If we notice that you are using the spa services at our facilities more often, we can offer you a special package that includes Spa facilities. In this sense we will process, for example, data about the manner of usage of our products and services, the preferred way and channel of communication, and your demographic information (age, gender, etc.).
We responsibly guarantee that these data will be used only for such purposes. The purpose of data usage is contacting you (so that we can send to you the information by post, fax, e-mail, telephone, etc.) if there would be a need to contact you quickly, or for the statistical processing of data, but only for our internal needs and market research.
Since we do not intentionally collect personal data of persons under the age of 18, we would be grateful if your children did not deliver any personal data without your permission.
If you choose to participate in the social media activities sponsored by us, it is possible that we will collect certain information from your social media account according to your settings for the social media services.
As far as the obligations according to local authorities, it is possible that we will also be required to submit your information to local authorities if so provided by law.
3.1.2. Sources from which we collect your data
Personal data you provide to us.
We collect and use the data you provide to us. When you make an accommodation reservation (further: reservation) and when you check in to the accommodation facility, we will ask (at least) your first and last name, email address, home address, phone number/cell phone number, billing information, date of birth, names of guests who are traveling with you and any preferences (such as your preferences in terms of diet and possible reduced mobility) related to your stay
If you need to contact our customer service or you want to contact us in some other way (for example, through social networks or interact with reserved travel Provider through us), in this way, we will also collect your personal data. Guests can also receive an invitation to write a review so that future customers can easily find what they are looking for. We will collect from you the data that are included in your reviews, including your nickname and avatar, if used.
There are some other situations in which you will give us your personal data. For example, if you search our site by using the browser on your mobile device, you can choose to allow us access to your current location or contact information - this helps us optimize the services and experiences that we provide to you (for example, in order to see our guides of the cities, restaurants or attractions that are closest to your location, or other recommendations). You can also create an account that allows you to save your personal settings, add photos, evaluate previously reserved facilities and plan or edit future bookings or have benefit from other options that are available only to account holders (such as incentives or other benefits that we can offer).
You can decide to take part in service recommending programs or prize games, and that means that you will give us your personal data. In addition, you can send us feedback or to ask for help when you are using our services.
Personal data you provide to us on third parties
Maybe in some cases you will not make a reservation for yourself. You might go on a journey with other guests whose data you will specify during the booking process or you might perform a reservation in someone's name.
We are obliged to point out that it is your responsibility to ensure that the person or the people whose personal data you have given us are familiar with that and that she/he understands and accepts the way in which we use this data (as described in the Policy).
Personal data we collect automatically.
Even if at the end you choose not to make the reservation, when you visit our website or applications, we automatically collect certain information. This includes your IP address, the date and time of access to our services, information on the hardware, software or Internet browser that you are using as well as on the operating system of your computer, the version of the application and your language settings. We also collect information about clicks and pages that are displayed to you.
If you are using a mobile device, we collect information that identifies your mobile device, the settings associated with your device, and the characteristics and information on other system activities. After you make a reservation, our system registers which way and from what page you have made a reservation or have accessed our website and/or applications.
Personal data we receive from other sources.
Not only we collect the data that you provide to us - we may also receive information about you from other sources. These include business partners such as distribution partners and other independent third parties, and everything we get from them can be combined with the data you provide to us. For example, reservation services are not exclusively given through us and our applications, they are also integrated in the services of the distribution partners that you can find on the Internet. If you are using some of them, you can provide the data necessary for the reservation to our business partner, which he then forwards to us. These distribution partners share with us payment information so that we can manage your reservation and process it, in order to make the whole procedure easy for you.
Distribution partners also share with us data about you – this can happen in case you have questions regarding a reservation, and if difficulties related to the reservation occur.
3.1.3. Types of data we collect
We use the following personal data:
a) your basic personal data: first name and last name, address, personal identification number (PIN), date of birth, gender, phone number and contact information (e-mail address, phone number).
b) other personal information, provided to us by you or a third party during the stipulation of the contract or throughout the duration of the contractual relationship, such as data from the ID card, bank account, powers of signature or representation; these do not comprehend the data that are especially sensitive in terms of protection of personal data, in particular data on racial or ethnic origin, political or religious beliefs or worldview, genetic data.
c) your data on the consumption and use of our products and services: for example the amount of the consumption for service of accommodation, food and beverages, spa services and treatments, etc.
d) information about your habits of using our products and services in general: for example the desired period of stay, the length of stay, the category of the facility, the preferred brand, the preferred type of service such as wellness, food and beverages.
f) other data you indicate to us, and you want they remain secret
You can, at any time, cancel the protection of this data, by an express statement. You can unsubscribe at any time from our mailing list, and in such way we will no longer use your data for promotion. In this case we may use them only in our own internal purposes, for example for statistical data processing.
3.1.4. Sharing your data with other people
In certain situations, we will share your personal data with third parties.
Third parties that provide services: We use service providers to process your personal data on our behalf. This process is made for several purposes including sending marketing materials or verifying the accuracy of the e-mail address that you specified during the booking procedure. Third parties that provide services have undertaken to keep the confidentiality of provided information, and are not permitted to use your personal data for purposes other than those which we specified.
Billing service providers and (other) financial institutions: When you or the owner of the credit card used for the reservation request a refund for your reservation, we need to share certain information about the reservation with the billing service providers and the relevant financial institution which will perform the refund. This may also include a copy of your confirmation of the reservation, or the IP address that was used for the reservation. If it is considered necessary in order to detect or prevent fraud, we may share this information with the relevant financial institutions.
Competent authorities: We disclose personal data to law enforcement authorities if necessary in accordance with the law, or if necessary for the prevention, detection or prosecution of criminal offences and fraud, or if we are otherwise legally required to do so. In addition, we can disclose personal data the competent authorities in order to protect our rights or property or the rights and property of our business partners.
Business partners: We collaborate with numerous business partners all around the world. Our business partners distribute or promote our services and products.
After you make a reservation through the website or application of any of our business partners, certain personal data that you provide to them, such as your name and email address, your address, payment information and other relevant information, will be forwarded to us in order to manage and finalize your reservation. If the business partner provides the services of the Customer service, we will share with the partner the data related to your reservation (when and in the extent that it is necessary), so that the partner could provide to you adequate and efficient support. After you make a reservation via the website or application of one of our business partners, he can receive certain parts of your personal data related to a specific reservation, such as your name and e-mail address. This is done for internal purposes (such as analytical purposes) of the partner and, if you request it, for the purpose of maintaining the fidelity or marketing programs.
After you make a reservation through the website of our business partners, we kindly ask you to read their privacy statement if you want to know how can they process your personal data. For the purposes of detecting and preventing fraud and if it is necessary, we may also exchange data about our users with our business partners.
Booking interface: We can allow you to execute reservations via the Booking interface. As part of the reservation process, we will be required to share some of your personal data, relevant for that reservation, to the relevant business partner.
The transfer of personal data described in the Policy may involve the transfer of personal data to other countries, whose data protection laws are not as comprehensive as the laws of the Member States of the European Union. When it is necessary on the basis of European law, we will transfer your personal data only to recipients that provide an adequate level of data protection. In such situations, if necessary, we will stipulate the contracts in order to ensure that your personal information remain protected in accordance with the European standards. You can ask us to deliver you a copy of such contracts by using the mentioned contact information.
3.1.5. Retention period of personal data
We usually delete your basic personal data when the contractual relationship terminates, and at the latest at the end of all legal obligations related to the safeguarding of personal data.
Please take into consideration that we do not delete your data:
your basic personal information: first and last name, address, personal identification number (PIN), date of birth, gender, phone number and contact information (e-mail address, phone number)
other personal information, provided to us by you or by a third party, during reservation of the accommodation facility and such data are: data from the identity card or passport, bank account, the power of signature or representation; this does not comprehend the data sensitive from the aspect of data protection, particularly data on racial or ethnic origin, political or religious beliefs or worldview, genetic data.
Your other personal data are generally deleted upon termination of the relation, and at the latest at the end of all legal obligations of retention, except in the case when a forced collection process of unpaid claims has been initiated or until the finalization of complaint procedures if there has been a timely complaint to a product or service, in accordance with the applicable regulations.
Your data about the use of our products or services are generally deleted upon the termination of the relation, and at the latest at the end of all legal obligations of storage, except in the case when a forced collection process of unpaid claims has been initiated or until the finalization of complaint procedures if there has been a timely complaint to a product or service, in accordance with the applicable regulations.
Once you provide us with the data and give consent to contact you, you are subscribed to our mailing list. The moment of subscription is your consent to be contacted. The protection of the privacy of your data is permanent. At any time you can request to be deleted from our mailing list.
We use your information in the following marketing purposes:
1. To send you regular news related to our products and services. You may, quickly, easily and at any time, unsubscribe from receiving notifications via email - simply click on the link "Unsubscribe" stated in each newsletter.
2. Based on your information, you may be presented with personalized offers on our web pages, in the mobile applications or even on other sites/applications (including social networks), and the content of the page displayed to you may be personalized. They may include offers that can be booked directly through our website, or other offers and products of third parties for which we think you might like.
3. When you participate in other promotional activities (such as competitions, loyalty programs or prize games), the relevant information will be used for the administration of these promotional activities.
4. Cookies and on-line technologies
As with many other sites, our site may use "cookies" or other technologies to help us deliver content specific to your interests, to process your reservations or requests, and/or to analyze your visiting patterns. Cookies and other similar tracers are packets of data used by servers to send status information to a user’s browser and return status information to the original server through this same browser. Based on this pattern, the information is adjusted to your needs and your usual usage of the Internet. These tracers may be installed on your device, depending on the browser’s preferences. Cookies, by themselves, cannot be used to disclose your individual identity. This information identifies your browser, but not you, to our servers when you visit our site. If you want to remove or block cookies at any time from your computer, you can update your browser settings (consult your browser's "help" menu to learn how to or block cookies). We also may collect data by using "pixel tags," "web beacons," "clear GIFs" or similar means (collectively, "pixel tags") that allow us to know when you visit our site and to understand how you interact with our emails or advertisements.
5. Measures of personal data protection
We conduct reasonable procedures to prevent unauthorized access and misuse of personal data. For the protection and storage of the personal data that you have entrusted to us, we use appropriate business systems and procedures. We also use security procedures as well as technical and physical restrictions for access to and use of personal data on our servers. Access to personal data is allowed only to authorized personnel for business purposes. The security measures are subject to technical progress and development. We may update or modify the security measures from time to time provided that such updates and modifications do not result in a degradation of the overall security of the system. We define the control of access to the system, as well as which employees have access to personal data of guests and other persons. We will ensure that every employee who has the authority for the processing of personal data is subject to the obligation to confidentiality requirements and continuous training in terms of protection of personal data of clients, partners, guests and other persons in accordance with the regulations.
6. Protecting the personal information of children
We advise parents and guardians to teach their children the importance of being responsible when dealing with personal information on the Internet. We do not wish to collect, and have no intention of collecting, personal information from those under the age of 18. Any information collected will be neither used nor divulged to a third party except in cases involving promotional games on the Internet. Such information required for contacting persons through the Internet will be used, without parental consent, only as a direct response to a child’s request and will not be used for any other purpose. We do not collect personal information for the purpose of contacting individuals outside of the Internet, except in cases involving contest prizes, and only then with parental consent. We do not divulge any personal information to third parties without parental consent; We do not enable children, without parental consent, to publicly announce, or in any way distribute, personal information sent to us as contact information, nor do we encourage children, for the purpose of participating in a contest or other activity, to disclose more information than is necessary to take part in said activity. In cases where a child under the age of 18 is eligible to participate in a contest, we first request that the child in question receives consent from a parent or legal guardian as well as submits the e-mail addresses of his/her parents or guardians. In the event that a child under the age of 18 is the recipient of a contest prize, the parents or guardians are informed by way of e-mail, telephone or in writing. The personal information of children will be deleted from our database should a parent or guardian request us to do so. As a parent or guardian, you retain the right to request to see any and all personal information regarding your child which we received on any of our websites. You may also request the removal of information (should this information still exist in our database) and/or ban any collection or usage of information about your child in the future. If you are a parent who would like to exercise that right please contact us. Aside from the aforementioned, we guarantee the protection of personal information of children in accordance with the legal regulations that pertain to this issue.
7. Changes of information
At any time, you may contact us to review your personal information as well as alter, correct or information. Up until we receive notification of changes, we will continue to use your original contact information. In the event of experiencing difficulties with your rights, please contact us directly on the e-mail address: email@example.com.
8. Your Permission
You agree that the use of our website is at your own responsibility, that we or any related third party cannot in any way guarantee that the use of this website will not be interrupted or without errors, that we or any other natural or legal person included in the creation, production and distribution of this website are not responsible for any damage resulting from the use or the inability to use this website, that it is forbidden to copy, transfer, distribute, link to, publish or modify this website in any way, and that any violation of this prohibition may result in the infringement of copyright, trademark, or any other right, which can lead to legal proceedings and prosecution.
Last updated on 24.05.2018