1.) Hotel Ola d.o.o. appreciates and respects your privacy and undertakes to protect your personal data.
2.) CONTROLLER AND THE LEGAL FRAMEWORK OF PERSONAL DATA PROCESSING
Hotel Ola d.o.o. for tourism, Ulica hrvatskih žrtava 296, Seget Donji, OIB: 42900391831, (hereinafter referred to as: Hotel Ola d.o.o.). is the controller in accordance with EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18) and other positive legal regulations governing the subject matter.
3.) DATA PROTECTION OFFICER
Hotel Ola d.o.o. has appointed a Personal Data Protection Officer who you can contact in the following ways:
a) by submitting an inquiry to the email address: firstname.lastname@example.org and/or
b) by submitting an inquiry to the address of the company: Hotel Ola d.o.o., Ulica hrvatskih žrtava 296, Seget Donji, The Republic of Croatia, with an indication „personal data protection officer“.
4.) PURPOSE OF THE PERSONAL DATA COLLECTION
We collect, store, and process personal data primarily to meet legal obligations in accordance with the applicable regulations, while we collect particular data for other purposes or to establish a contact with you.
The basic purposes for which and when we collect, store and process your personal data are:
a) for the purpose of booking;
b) for the purpose of check-in in our facilities;
c) for the purpose of protecting persons and property, by using video surveillance devices;
d) for the purpose of promotion (marketing) and polling and assessing customer satisfaction;
e) for the purpose of sending offers and our internal statistical data processing;
f) for the purpose of organizing games of chance;
In addition to the data referred to in paragraph 1 of this section, according to the existing regulations, we are also obligated to collect the following data:
Last name and first name, place, country and date of birth, citizenship, type and number of identity document, place of permanent residence (temporary residence) and address, date and time of arrival or departure from the facility, sex, basis for exemption from payment of sojourn tax or for reduction of payment of sojourn tax. (entry into the e-visitor system).
We also collect data obtained by applying safety-technical measures (video surveillance).
6.) LEGAL BASIS OF COLLECTION
Regarding the purpose of collecting personal data referred to in section 4, the legal basis for the collection is:
c) key interests of data subjects or some other natural person;
d) legitimate interest of controller prevailing the data subject's interest and/or
e) consent by the data subject;
7.) PERSONAL DATA RECIPIENT CATEGORIES AND DATA TRANSFER TO A THIRD COUNTRY
We forward your personal data that we are obliged to collect during check-in of a guest in electronic format to a uniform check-in and check-out system - eVisitor.
We forward your personal data to processors that we have concluded business cooperation agreements with, that allow us to use computer programs for managing services and providing hospitality and tourist services. We conclude detailed contracts with such entities whose powers and responsibilities are clearly and unambiguously regulated in personal data processing, all in accordance with the General Data Protection Regulation.
We may make your personal data available to third parties in other cases as well, but only if and when we are required to do so according to the General Personal Data Protection Regulation, such as acting upon requirement of the court or other competent public authority.
We try not to transfer your personal data to a "third country". However, if such transfers are necessary or useful in providing services, we regulate the issues with processors in a third country in accordance with the provisions of the General Data Protection Regulation.
8.) PERIOD OF DATA STORAGE
We store your personal data over a period of time:
a) data that Hotel Ola d.o.o. collects according to the law and that is necessary for the fulfillment of its legal obligations - for a duration stipulated by the applicable regulations;
b) data collected by Hotel Ola d.o.o. according to the contract concluded with you - for a duration necessary for the expiration of legal statutes of limitation (three/five years), and also further reasonable time needed for your request submitted to a judicial or administrative authority to be delivered to Hotel Ola d.o.o.
c) data collected by Hotel Ola d.o.o. on your first name, last name and email address based on a legitimate interest in direct marketing - for a duration of 10 years (on a guest basis);
d) data collected by Hotel Ola d.o.o. on the basis of the consent - for a duration until the consent is withdrawn if the data processing is based on your consent;
9.) DATA SUBJECTS' RIGHTS BASED ON THE GENERAL PERSONAL DATA PROTECTION REGULATION
Our service beneficiaries have the following rights under the General Data Protection Policy:
a) Right to Access - Art. 15 of the General Data Protection Regulation
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information as referred to in Article 15 of the General Regulation.
b) Right to rectification and erasure (right to be forgotten) - Article 16. and 17 of the General Data Protection Regulation
The data subject shall have the right to obtain the rectification of inaccurate and supplementation of incomplete personal data with no delay, including, inter alia, making an additional statement and erasure of data if you believe that your data has been collected or processed contrary to the General Regulation. You are entitled to request us to erase such data. In case your claim is grounded, the data will be erased with no delay.
c.) Request for restriction of processing –Article 18 of the General Data Protection Regulation
The data subject shall have the right to request a restriction of personal data processing if they challenge the accuracy of personal data, if the processing is illegal and the data subject objects to the erasure of the data, if you have filed a complaint against the processing of personal data, and if we do not need the data any longer, but you require the data to file, exercise or defend legal requirements.
d.) Right to data portability –Article 20 of the General Data Protection Regulation
The data subject shall have the right to receive personal data relating to him which he has provided in a structured, commonly used and machine-readable format and is entitled to transfer such data to some other controller if the processing of such data is based on consent or a contract and is carried out by automated means.
e.) Right to withdrawal of consent
They are entitled to withdraw consent (if we process data based on a consent given) without affecting the legitimacy of the processing that was based on that consent.
f.) Right to lodge a complaint
They are entitled to lodge a complaint to the supervisory authority - the Personal Data Protection Agency (www.azop.hr), if they find that some of their guaranteed rights have been violated by the General Data Protection Regulation.
You exercise your rights free of charge, and administrative expense will be charged only in special cases.
We shall notify you about charging an administrative expense which we are entitled to charge according to the General Data Protection Regulation before it incurs.
10.) VIDEO SURVEILLANCE SYSTEM
Hotel Ola d.o.o. as a controller, has a legitimate interest to implement security-technical measures of video surveillance for the protection of assets and people, and has installed surveillance cameras that record the employees and anyone moving in the surveillance camera field of view.
Hotel Ola d.o.o. marks all places where cameras are installed for video surveillance in a way as intended.
The records obtained through the video surveillance system are designated as classified information and processed in accordance with the internal security rules of Hotel Ola d.o.o.
Videos are dubbed regularly so that they are automatically erased after a maximum of 15 days after recording. Exceptionally, video recordings are kept longer if they are used as evidence in the proceedings before the competent state and public authorities.
11.) PROTECTION OF PERSONAL DATA OF CHILDREN
Hotel Ola d.o.o. does not want and does not intend to collect the personal data of children, will neither use such data in any way, nor will they disclose such data to any third parties.
A child can give his or her consent solely in relation to any information society services, but only a child older than 16 years of age. Any other processing of children's data under the above mentioned age limit and other processing except as expressly stated herein, is permitted only with the prior parent's consent for children under 18 years of age.
12.) STATISTICS, COOKIES AND OTHER TECHNOLOGIES
We use statistical software on our websites to analyze trends, track user trends, collect demographic data, and make them more efficient.
If you have configured your web browser in this way, you will be alerted to cookie data file every time it is placed on your computer. You can configure your Internet browser in a way to disable cookie writing on your computer.
Data may be collected my means of “pixel tags”, “network signals”, “clear GIFs” or similar means (commonly named “pixel tags”) which enable us to know when you visit our portal and how you use our e-mail messages or advertisements.
13.) ELECTRONIC MAIL MESSAGE
When you send us electronic mail (e-mail) with personal data identifying you, we use this data exclusively for the purpose of meeting your requirements.
14.) YOUR CONSENT
We are doing everything in our power to ensure that all redirections from our web pages will guide you and/or your child to the websites of high quality content in the sense that it does not encourage bad behavior. However, web pages and addresses on the network change quickly and we can not always guarantee the content of each address we direct you to.