On 25 May 2018, the mandatory application of European Union Regulation 2016/679, which relates to the protection of personal data of persons residing in the Member States of the European Union, began. TT Hotels Croatia d.o.o. (hereinafter the Company) with its registered office in Zagreb, Slavonska avenija 1C, OIB: 77301543615, hereby informs you about access to your personal data, how it processes them, for what purposes it uses them, as well as your rights related to the processing of personal data.
II. GENERAL PROVISIONS
Scope of application
This Policy applies to any processing of personal data by the Company, with this Policy taking precedence over any other content if that content prescribes the rights and obligations related to data processing differently.
Data Processor and legal framework
The Company, as the Processor of your data, respects your privacy and undertakes to protect your personal data. Data collection and storage is carried out in accordance with the provisions of EU Regulation 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Act on data protection (OG 42/2018) and other regulations governing the subject area, applicable in the Republic of Croatia.
Under business cooperation agreement, TT Hotels Croatia d.o.o. additionally provides accommodation reservation service for its affiliated companies Hoteli Živogošće d.d. which consists of TUI BLUE Adriatic Beach Resort, TUI BLUE Makarska, Camp Dole and Hotels Koločep d.d. which makes up TUI BLUE Kalamota Island Resort. Also, based on the Business Cooperation Agreement TT Hotels Croatia d.o.o. provides accommodation reservation services to WOT Hotels Adriatic Asset Company d.o.o. consisting of the TUI BLUE Adriatic facility.
In this sense, if you book accommodation in any of the above facilities, except TT Hotels Croatia d.o.o. as the head of personal data processing will be responsible for:
Hoteli Živogošće d.d.
Živogošće, Porat 136, OIB: 88429213928, for reservations of accommodation in TUI BLUE Adriatic Beach Resort, TUI BLUE Makarska and Camp Dole;
Hoteli Koločep d.d.
Koločep, Donje Čelo 45, OIB 30328587951, for accommodation reservations in TUI BLUE Kalamota Island Resort;
WOT Hotels Adriatic Asset Company d.o.o.
Dračevice 35, 21325 Tučepi, OIB: 27255389237, for accommodation reservations in TUI BLUE Jadran.
Data Protection Officer
The Company has appointed a personal data protection officer who you can contact at any time via the address: firstname.lastname@example.org or by mail at TT Hotels Croatia d.o.o., Zagreb, Slavonska avenija 1C.
III. LEGALITY, METHODS AND PURPOSES OF PERSONAL DATA PROCESSING
Legal basis of processing
The legal basis for the stated processing purposes are: a) legal; b) contractual; c) key interests of the respondents; d) a legitimate interest that is stronger than the interest of the respondent or e) consent or explicit consent of the respondent, depending on the purpose of processing and the type of personal data.
Purpose of processing
The Company is obliged to process your individual personal data due to the fulfillment of the accommodation contract and due to the regulations governing the hospitality business, while the Company may also process certain other or the same data for other contractual purposes, ie: a) fulfillment of the accommodation contract; b) meeting the legal requirements and other applicable positive regulations governing the hospitality industry; c) for the purposes of direct marketing; d) sending offers; e) for the purpose of improving and personalizing the service to you as a guest; f) for the purposes of protecting the property and safety of individuals by applying video surveillance measures.
Method of data processing
The Company processes your data in the process of: a) accommodation reservations (reservations via web or telephone reservations); b) when fulfilling the accommodation contract – registration at the reception of the facility; c) filling in the registration card; d) when registering for free WiFi on the websites TUI BLUE ADRIATIC BEACH, TUI BLUE MAKARSKA, TUI BLUE KALAMOTA ISLAND, TUI BLUE JADRAN and KAMP DOLE;
e) in places under the video surveillance system.
IV. TYPES OF PERSONAL DATA
Personal data collected from persons who have booked accommodation and guests
The Company, as the processor, stores your personal data that you provide in order to facilitate with accommodation services exclusively for the purpose of fulfilling accommodation contracts and fulfilling legal obligations for submission of data, as well as collecting personal data related to hospitality , and may use them also for other purposes required by positive regulations. In the event that you do not provide the Company with the minimum data required for guest registration in all pertinent registers, the Company will not be able to provide you with accommodation in accordance with the contract and the law. Personal data that the Company records at the time of booking and on the registration form upon arrival at the facility are collected on the basis of the laws governing the hospitality industry, and for the purpose of providing services to guests.
These are the following data (which are subject to change due to positive regulations): a) name and surname; b) address of residence (Croatian citizens); c) date of birth; d) number, type of identification document and place of issue; e) nationality; f) name of the facility; g) number of accommodation unit; h) date of arrival and departure of the guest.
The Company keeps the above mentioned data in its guest database and sends them to the E-visitor system (electronic guest registration system) to the responsible authorities of the Republic of Croatia, and the afore mentioned must be kept in the system for 10 years. Also, the Company is obliged to keep all invoices issued to guests with personal data of the guest for 11 years, in accordance with legal regulations.
Furthermore, in order to fulfill the contractual obligation, the Company collects the following information at the time of booking, as well as on the registration form upon arrival at the facility: a) e-mail, b) language; c) telephone.
Other data related to the circumstances of your stay, such as: mode of travel, traveling companion, marital status, pets, other interests, shall also be collected if they have a direct connection with providing the accommodation services, and will be deleted after your departure from the facility.
The Company as the processor has the right, based on legitimate interest, to collect your personal data (name and surname, e-mail address), for its guest database and to use for direct marketing purposes and only for the purpose of informing you about the Company’s offers by e-mail. In this case, you have the right, at any time and free of charge, to request deletion (the right to be forgotten) from the database for this purpose.
During and after your stay, the Company shall send you as a guest a satisfaction questionnaire via e-mail, which, if you want to fill it out only with your consent, is processed by the tour operator with whom you have entered into a travel agreement, who will publish data from this questionnaire according to its rules and policies for which the Company is not responsible. The primary purpose of the satisfaction questionnaire is to collect data on the service in order to improve the service provided by the Company.
Additionally, the person booking the accommodation or the guest may give special permission, consent, to the Company to do the following with all the collected information, such as: a) name and surname; b) e-mail; c) date of birth; e) the state; f) other personal data collected during the stay (e.g. mobile phone number, telephone number, gender, marital status, language, pets, interests and activities during the stay, mode of travel, accommodation preference, destination preference, etc.); g) other personal data collected when browsing the web (so-called cookies) including IP address; collect and use it for further profiling of respondents and for the purpose of contacting and informing about special and personalized offers, news and events organized by the Company through online channels (e-mail, web, internet promotion). In this case, the respondent has the right to withdraw the consent given at any time, which includes processing for the purpose of profiling to the extent that it is related to this direct marketing, either in relation to initial or further processing, at any time and free of charge, as well as at any time to change the data and the right to be forgotten.
The data is stored in the guest database of the Company for 2 years. The company also collects personal data through a video surveillance system.
Cookies and internet technologies
The Company uses different types of cookies
1. Necessary cookies – they are necessary for the functioning of the website, which cannot function without them. This means that a website cannot be opened or displayed without these cookies. These cookies are used for the purpose of transmitting communication or are necessary to provide an information society service that is explicitly required of the user of such service. Also, these cookies will allow us a basic analysis of the website in order to improve the operation of the website through data that is completely anonymized, i.e. not based on your personal data or data that can be linked to you in any way. For these cookies your consent is not required.
2. Functional cookies – we use them to conduct a more advanced analysis of the website. These cookies are used to analyze user behavior and based on the obtained anonymous data we can determine what content the visitors of the website prefer and view, so we are able to customize the website and make its content and functionality as easy as possible to use. We ask for your consent for these cookies.
3. Advertising cookies – we use them to analyze your interests and wishes, and they serve us to publish information that is interesting to you and create offers tailored to your use of the Company’s website. For this content your consent is required.
The Company stores cookies in the database and we store them for a maximum of 2 years for the purpose of informing about special and personalized offers, news and organized events through online channels (e-mail, internet, internet promotion). Should you change your mind regarding the cookies settings on the Company’s website, you can change them at any time at the link: (link to the cookie consent box). You can always delete cookies stored on your computer, thus preventing further processing of your personal data through such technology.
Video surveillance system
The Company, as the processor, has a legitimate interest in implementing video surveillance measures to protect property and persons, and in relation to certain work positions and legal duty to install surveillance cameras that record employees and all persons moving in the area covered by the surveillance camera. The Company marks all places where video surveillance is installed in the prescribed manner. The Company is aware that the videos contain personal data of all persons moving in the camera’s field of vision, and therefore keeps them with special care, has a system of security, availability and a policy of deleting them, which is governed by internal rules of the Company. Videos are regularly taped over so that they are automatically deleted after a maximum of 6 (six) months from the date of recording. The exception is the case when videos are kept longer if they are needed for evidence in proceeding before the state authorities. Excluded videos will be stored in a centrally alert system with an extremely strict access policy.
In the event of court and/or criminal proceedings, the Company may use the said videos. Third parties, processors, contractual partners of the Company which are registered experts in the provision of services for the protection of persons and property, and who in no way use the independently stated data but take care of the security of central monitoring and reporting systems, may also have access to personal data in videos. Special regulations governing the area apply to all other details related to video surveillance.
V. PERIOD OF DATA STORAGE
Your data will be at the disposal of the Company for the duration of our contractual relationship and/or until the legal consequences of such contractual relationship cease, and no later than after the expiration of all legal storage obligations, except in the case of forced collection of overdue receivables. Also, if you file a complaint about the service performed, we will keep your date until the completion of the complaint procedure, all in accordance with applicable regulations.
VI. TRANSMISSION OF PERSONAL DATA
We may pass on your personal data (based on our legitimate interest and your consent in accordance with this Statement) to the tour operator with whom you have entered into the travel arrangement. This may result in the fact that you, as a guest of the Company, receive certain information and / or inquiries from the travel agency in connection with your stay at the facilities of Company.
Insight into the personal data of guests, if necessary and to a limited extent, may also be accessible to third parties, processors (for example, associates of the Company who provide IT services or other services), who keep them in their databases until the end of processing. A detailed contract is concluded with such subjects regarding their powers and obligations in the processing of personal data, in accordance with the requirements of the Regulation.
In certain situations, it is possible for external entities together with the Company to jointly determine the purposes and methods of personal data processing, then these external partners and the Company are the joint controllers. In these relations, the joint controllers shall determine in a transparent manner their responsibilities for compliance with the obligations under the Regulation, in particular with regard to the exercise of respondents’ rights and their duties in respect to the transparency of processing procedure, unless responsibilities are established by law.
If, as part of data processing, data is disclosed to third countries, the Company will ensure compliance with high standards of protection in order to comply with the highest possible standard of personal data protection, in accordance with the strict requirements of the Regulation. In this sense, when international transfers of personal data are in use, the Company will inform the respondent about the intention to disclose personal data to a third country or international organization and about the existence or non-existence of a decision of the European Commission on adequacy. At the same time, the respondent shall be instructed on appropriate or appropriate safeguards and the means of obtaining a copy or place where they are made available if the transfer is subject to appropriate safeguards under Article 46 of the Regulation, the application of binding corporate rules under Article 47 of the Regulation. Article 49 (1), subparagraph 2 of the Regulation. Any transfer of personal data to third countries will be carried out in accordance with Chapter V of the Regulation.
Also, in case of non-fulfillment of your contractual obligations, as a creditor we have the right to forward your personal data to the appropriate extent to natural and legal persons for the collection of receivables (law firms, debt collection agencies, etc.).
During the duration of the contractual relationship, ie after the end of the contractual relationship, we can contact you regarding the provided accommodation and food service, for example to check the quality of service, identify possible deficiencies in the provision of services and the like. We can contact you via your email address.
If you object to the contact regarding the accommodation and food service provided, you have the option of filing an objection to such processing of your personal data. You can exercise this right by sending a request via the address: email@example.com or by mail to the address TT Hotels Croatia d.o.o., Zagreb, Slavonska Avenija 1C. In the event of a complaint, the Company will no longer contact you regarding the service provided.
VIII. CONSENT MANAGEMENT
You can revoke the contact consent you have given at any time. You may also object at any time to our processing of your personal data for the purpose of the service provided. You can change your consent by sending a request via the address: firstname.lastname@example.org or by mail to the address TT Hotels Croatia d.o.o., Zagreb, Slavonska Avenija 1C. If you want to give your consent again, you can do so in a manner described above.
IX. YOUR RIGHTS
TT HOTELS CROATIA treats your personal data in accordance with applicable laws and regulations, with the application of appropriate technical and security measures to protect personal data from unauthorized access, misuse, disclosure, loss or destruction.
Also, TT HOTELS CROATIA implements appropriate technical and organizational measures to ensure that only personal data necessary for each specific purpose of processing are processed in an integrated manner. TT HOTELS CROATIA applies this measure to the amount of personal data collected, the scope of their processing, the storage period and their availability. Specifically, such measures ensure that personal data are not automatically, without the intervention of an individual, available to an unlimited number of individuals.
TT HOTELS CROATIA protects the privacy of its guests and visitors to its website, keeps the confidentiality of all your personal data and allows access and communication of personal data only to those employees who need it to perform their work tasks, and third parties only in cases expressly prescribed by the law or persons referred to in Article VI. of this Statement
The rights that belong to you
a) Access to personal data - By submitting this request, we will provide you with your personal data, their purpose of processing, category of personal data, persons to whom such data is disclosed, the period in which such data will be stored and inform you of your personal data protection.
b) Correction of personal data - If you believe that some of your personal data is incorrect or incomplete in the personal data files of the controller, by submitting a request stating the correct or additional personal data, we will change such personal data in accordance with your request.
c) Deletion of personal data - You can ask us to delete your personal data if, in your opinion, we are processing it illegally, if there is no longer a legal basis for processing that data, if you have withdrawn consent to certain processing or if your legitimate interest in deleting it is in our legitimate interest to retain and process them. It is important to note that there are reasons that prevent the immediate deletion of your personal data, such as the fact that the procedure of forced collection of overdue debt is in progress. There is a possibility that your personal data will be anonymized instead of deleted, in which case it is not possible to link this data with you as person.
d) Restrictions on the processing of personal data - If you consider that the processing of your personal data needs to be restricted while there is a basis for this, please state the same in your request. This right can be exercised in the following cases: if you dispute the accuracy of personal data - during the verification of the accuracy of data, if in your opinion, the processing is illegal and oppose the deletion and instead seek to restrict the use of your personal data intended purposes, but you still need them to set, implement or defend legal claims, if you have objected to the processing based on the creation of the profile.
e) Possibility of personal data transfer - By submitting a request for data portability, you are allowed to receive personal data relating to you in a readable format. These are personal data that you have provided to us actively and knowingly (eg address) and those that have been recorded based on your activity (eg consumption data). You can exercise this right if the processing of your data is carried out on the basis of consent, for the purpose of performing the Contract or automatically.
f) Objection to the processing of personal data - You have the right to object to the processing of your personal data at any time. If we process your data for public interest or public authority purposes or invoke our legitimate interests in processing your data, you may object to such data processing if your interest in data protection is greater than our interest.
g) Withdrawal of consent - If you have given your consent to the processing of your personal data for individual purposes, you can withdraw it at any time. By withdrawing your consent, TT HOTELS CROATIA will no longer use your data for the purpose for which you originally gave your consent. We would also like to inform you that the subsequent withdrawal of consent does not affect the data processing performed before the withdrawal of consent. Withdrawal of consent is completely free and the request to withdraw it does not need to be explained.
h) Right to complain to the supervisory authority - If you believe that we did not act in accordance with the regulations governing data protection during the processing, please contact us to clarify our specific actions. In any case, you have the right to file a complaint to the Personal Data Protection Agency, or another body that will take over its competence in case of changes in applicable regulations, and from 25 May 2018 you can file a complaint to the supervisory authority within the EU.
X. EXERCISING YOUR RIGHTS
You can protect your rights by: a) sending a request to the address TT Hotels Croatia d.o.o., Slavonska avenija 1C, 10 000 Zagreb; b) by e-mail: email@example.com. In order to verify your identity, we may request additional information so that we can unequivocally establish it.