VILLA ZATONA recognises and understands the importance of protecting the confidentiality and privacy of personal information collected by or otherwise entrusted to us.
Personal data is considered to be any data relating to an individual whose identity has been identified or can be identified. Data on legal entities are not considered personal data and this Statement shall not apply to them.
We would like to inform you of how we process the personal data we collect directly from you or third parties, regardless of whether such data are collected via our website or other channels. Certain parts of this Statement may be supplemented by notices provided on other parts of our website or in other ways, where appropriate.
This Declaration is subject to change, with the date of the most recent change indicated in the statement title. You will be notified of any changes to this Statement that will affect you through a suitable channel, depending on the selected route of communication. In any case, we invite you to follow our Statement changes on our website.
For better visibility, this Statement is divided into specific areas. If you have any questions, please contact our privacy officer by sending an email to email@example.com
- Legal basis for processing your data – in general
The law of the Republic of Croatia allows us to process personal data only where there is purpose and legal basis to do so, and we are required to inform you of such legal . When we process your personal information, we rely on the following legal bases:
- conclusion and execution of a contract: this involves the processing of information required to conclude the contract and execute our contractual commitments towards you, such as providing accommodation services, transportation and other services we provide;
- legal obligation: this is applicable in cases where our law requires the processing of certain data, such as a special law that prescribes which information we are obliged to collect about guests to whom we provide accommodation services, a law requiring us to keep the received and issued accounts;
- consent: In certain cases, we will ask for your explicit permission to process data for a particular purpose, and we will process your personal information only with your agreement. Your consent can be withdrawn at any time. For example, we will ask you before sending you our newsletter about special offers and events;
- protection of your key interests: Your personal information may be handled in emergencies when it is necessary for the protection of your life or health;
- legitimate interest: Your personal information will be processed in the case of a legitimate interest for the purposes of our lawful business, provided that your interests, rights and freedoms do not prevail. Examples of our legitimate interest in our business are the following:
- providing information to individuals who visit our website and contact us via online contact forms,
- answering inquiries from potential guests, business partners, journalists and other persons,
- collecting data on users of our services with whom we are not in a direct contractual relationship to ensure the provision of appropriate services upon their arrival (e.g., guests arriving via tourist agencies, congress organization, etc)
- providing information on employment opportunities,
- Prevention of fraud and criminal acts and the protection of the security of our information system, confidential information, employee and property security,
- conducting marketing activities,
- conducting research and analysis activities with the aim of improving customer experience, improving the functionality and quality of our online travel booking services,
- resolving disputes or complaints, regulatory investigations and acting upon requests of competent authorities, obtaining legal claims or defending against other requests.
When collecting your information, we will notify you if the provision of personal data is a legal or contractual obligation or a condition necessary for the conclusion of a contract and whether you are obliged to provide such personal information, and the consequences if you do not provide such information.
- From which sources do we collect your personal information?
Your personal information may be collected from the following sources:
- directly from you (via contact forms on the web, forms on paper, e-mail correspondence, telephone conversations, personally through conversation with you),
- other persons (e.g. tourist agencies and event organizers who provide us your information regarding your stay with us, online platforms where you have booked the services, from persons traveling with you, from persons employed or otherwise engaged by your employer with whom we have a service contract). In such cases, we trust that the persons who provide us with your personal information or give instructions for their processing are authorized to do so and have provided you with all the necessary information, i.e. your approval where also necessary , and from publicly available sources (e.g. court register, business websites and other publicly available information).
In case you provide us with the personal information of other persons, it is your responsibility to ensure that the person whose information is provided has been informed of the way we use the personal information. In the event that we do not collect your information directly from you, but from any of the abovementioned persons, we may only be responsible for what we are undertaking with the personal information from the moment we collect it. We are not responsible for and cannot be held responsible for the activities taken with your personal information by those from who we received your information, therefore, please read the privacy policies of those persons to whom you provide your personal information.
- Protecting the security and integrity of your personal information
VILLA ZATONA applies reasonable policies and procedures for the protection of personal data against unauthorized access, misuse, alteration or destruction. Despite our best efforts, we cannot guarantee the absolute protection of your data. To the greatest extent possible, access to your information is limited to those who need to have access. Persons who have access to personal data are required to protect their confidentiality.
When we engage third parties to process your personal data (processor) on our behalf based on our instructions, we conclude contracts with such partners our partners to ensure strict standards of data protection.
- How long do we keep your personal information?
We will make reasonable efforts to keep your personal information for as long as necessary to achieve the purpose for which your data was collected. The length of the storage period depends on the particular circumstances and reasons for which we have collected data.
For example, when our law implies a certain maximum data retention period, we apply the statutory deadline for retention. When the law prescribes a minimum deadline for data storage or does not prescribe any time limit, we will keep the data for as long as necessary to ensure efficient operations and protection of our interests. When there is a possibility that you will have a specific request towards us, we will keep this information at least until the expiration of the legal requirement. If a court or similar procedure is in progress, we can keep the data for as long as needed for the purpose of such proceedings.
At the expiration of the deadlines for storing personal information as hardcopy, it will be destroyed in a safe manner, such as shredding or burning, while we will permanently delete or anonymize electronic data. By anonymizing, the data lose the status of personal data and do not fall within the scope of this Statement.
If you request the deletion of your data before the expiration of the deadlines, we will consider your request and satisfy it provided there are no barriers to the deletion of such data.
- Sharing and transferring your personal information
We will share your personal information with third parties in cases where we are legally obliged to do so; where there is a legitimate professional and business need; in order to comply with your request; to the extent necessary to realize the contractual rights and obligations and to protect our interests. This includes:
- Our service providers and business partners: We may share your personal information with our third-party service providers, such as those who maintain our IT applications, provide hosting services, provide newsletter service, business document archiving services; tourist agencies and congress organizers providing us the information about your arrival; carriers if you have requested transport service; our legal, tax and other advisers, auditors, court interpreters and translators; providers of postal and delivery services; marketing agencies;
- other recipients who disclose personal information at your request: We may also share your personal information with other third parties that you have requested for a particular service or to act upon your request (e.g. organization of transport and excursions, rental of cars and other equipment);
- courts and other state bodies: We may disclose your personal information at the request of the courts, the Personal Data Protection Agency, other state bodies upon which we are required to act, and when personal data is required or desirable to enable VILLA ZATONA to comply with the law, court order or to protect its reputation and business;
- audits and internal investigations: disclosure of personal data may be necessary in the case of audits in the area of personal data protection and security and/or investigation or response to a complaint or threat of security;
- Insurers: We may disclose your information when contracting and administering insurance, and when necessary for our insurance companies to fulfil their legal obligations and obligations to regulators;
We will ensure that third parties do not disclose your information to a greater extent than is appropriate to the circumstances. VILLA ZATONA will not make your personal information available to any of the above recipients for marketing or other own purposes.
7. More detailed information for some categories
We process personal information of guests and other users of our services when it is necessary to comply with our legal obligations, to conclude a contract with you, to act on your behalf or in accordance with our legitimate interest, for the following purposes:
7.1.2. The types of personal information we collect
- communication with you and customer support: When you contact us with a query, complain about or praise our service, we will process your information so we can contact you and act upon your request.
- reservation of accommodation and other hotel facilities and conclusion of contracts: if you are interested in our accommodation or other services we offer, we will collect your information so that we can manage our capacities and arrange the services you have requested in a timely and orderly manner.
- respecting contractual obligations and collection of payment for services provided: to the extent necessary, personal data will be processed for the purpose of fulfilling contractual obligations, providing the expected level of hospitality and exercising the right to charge for the provided service, irrespective of whether we are directly involved in the contract with you or with a tourist agency or organizer of events in our facility that is in a contractual relationship with you,
- check in and check out guest accommodation: if you are using accommodation services in our hotels, we are legally obliged to collect certain personal information for the registration of your stay and registration in the central Croatian guest system,
- monitoring and improving the quality of services: we may request your feedback about your satisfaction with the services provided. We can use your contact information to send an invitation to post reviews to you via e-mail after your stay. This way you can help other travellers when choosing the right accommodation, but also for us to improve our services. If you submit a review, it may be published on our website;
- To achieve the legal requirements we have against you or the defence of your claim: We may use your personal information to exercise our rights towards you, initiate procedures for, among other things, the payment of our fee, or to defend your claims arising out of or relating to reserving or staying with us,
We collect only those personal data that are necessary for us to accomplish these purposes. Depending on the circumstances, this may include the following: first and last name, address, postal code and city, country, e-mail, telephone number or cell phone number; place, country and date of birth; citizenship; visa number if you are subject to the visa regime; the place of entry into the Republic of Croatia; credit card information (card type, card number, card name, expiration date and code), arrival and departure time (including room preferences, content, or any other service used), persons you travel with, special requirements information about the services you are using, identification information, airline information or the vehicle used to arrive at our hotel, impressions of our services, information on whether you come via a promotional action or a prize game, information about events organized in our area and the names of participants in such events.
In addition to the above information about you, we may also request this information for persons traveling with you.
Health data, religious or philosophical beliefs and other special categories of personal data will only be collected if you volunteer such information to allow us to better serve or meet your special requirements and needs (e.g. avoid serving foods to which you are allergic, providing access to handicapped persons and the like). We will not actively seek out such information from you personally.
With regard to the credit card information we collect, we delete the same on the billing of our services. Regarding deadlines for keeping other data, recipients, your rights and other details, please see the appropriate point of this Statement.
7.2. Collecting data through our website
When using our site, some data (which may include personal data) is collected automatically. This information includes language settings, IP address, location, device settings, device operating system, login information, usage time, required URL, status report, user agent (browser version information), operating system, visitor results (visit or reservation), Search History and Data Type. We can also automatically collect data through cookies.
The information contained herein does not disclose your email address or identify you in any other way. Identifiers such as IP addresses that we collect in our analytics reports are processed only for the purpose of identifying the number of unique visitors to our site and geographic area you are visiting from, and we will not go in to identify the identity of individual visitors. Collecting these data allows us to customize your user experience, improve the performance of our site, and measure the effectiveness of our marketing activities.
- Your rights and how to protect them
If you would like to apply for the right to access your data, you can contact us thrugh email firstname.lastname@example.org .
Your rights related to personal data processing are as follows:
- the right to access your personal information (the right to obtain information about which of your data are being processed and the details of their processing). Before we give you this information, and to avoid potential misuse, we may ask you to prove your identity,
- the right to correct personal data,
- the right to delete personal data,
- the right to limit the processing of personal data,
- the right to object to processing of personal data based on our legitimate interest,
- the right to transfer of data,
- the right to exclude you from decisions based solely on automated processing, including the creation of a profile. To this regard, please note that we do not apply such decision-making processes.
- the right to withdraw the given consent.
The ability to exercise the above rights depends on the reason and basis on which we process your information. For example, in the event that we are legally obliged to keep personal information for a specified period, we cannot delete them, even if you request it. We will respond to your request within one month of receipt. In the case of a complex nature of your request or if we have received a large number of requests, we will notify you that we will be able to act upon your request in a period longer than one month, and we will certainly act upon your request within three months of your receipt. Your request can be accepted or rejected if we evaluate it as unfounded. In the case of placing claims that are unfounded or excessive, we reserve the right to charge a reasonable fee or refuse to act upon the request, which we will notify you in advance.