1. INTRODUCTORY NOTES
We extremely value the privacy of our clients and therefore we treat your personal information with seriousness and responsibility. The information we collect are required only in matter to provide you a complete and professional service, in accordance with our business.
When providing services from our professional activity, we act in accordance with General Data Protection Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 (GDPR) and the provisions of the Law on Implementation of the General Regulation on Personal Data Protection (NN 42/18) and other applicable regulations that protect personal information.
Our goal is to provide all the necessary information on how we process and protect personal data of our clients and the rights that belong to them regarding the processing of personal data.
Also, the use of personal information within our business system focuses on processing your requests so that we can notify you about news regarding our services and business. Therefore, please inform us if there is a change in your personal information or if you have made a mistake while submitting it, so that we can act in accordance with the principles of personal data protection as well as providing a professional and complete service.
In case you notice any deviation from these principles or have any comments regarding our business practices, feel free to contact us at e-mail: email@example.com to improve our service and business.
2. PRINCIPLES OF PERSONAL DATA PROCESSING
A client is considered a person who has requested a service or a service offer from HIDDEN ADRIATIC ltd.
Personal data is any data relating to an individual whose identity has been identified or can be identified (Article 4 of the General Data Protection Act).
Data processing means any procedure or set of procedures that are carried out on personal data or on personal data sets (Article 4 of the General Data Protection Regulation).
Client Privilege means any voluntary, specifically, informed and unambiguous expression of the wishes of a respondent who expressly or explicitly acknowledges the consent of the processing of personal data relating to him (Article 4 of the General Data Protection Regulation). Without the client’s privacy, we will never use any client’s personal information for any purpose that is required by the applicable regulations.
Accordingly, we will act in accordance with the following principles:
1. Lawfulness, Fairness and Transparency
Data is processed lawfully, fairly and in a transparent manner in relation to the data subject in accordance with the best business practice of data protection.
2. Purpose limitation
We collect data for specified, explicit and legitimate purposes and only in accordance with the purpose for which this data was collected.
3. Data minimisation
We collect and process only those data that are necessary, adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
4. Data accuracy
We pay particular attention to the accuracy of the data collected. We use every reasonable step to ensure that personal data that are inaccurate are erased or rectified without delay, regard to the purposes for which they are processed.
5. Storage limitation
Data that enables client identification is only kept for as long as is necessary to fulfil the purpose for which the data was collected or as required by the applicable regulations.
6. Integrity and confidentiality
The data is processed in a way that ensures the proper security of personal data, including protection against unauthorized or illegal processing, and from accidental loss, destruction or damage by applying appropriate technical and organizational measures.
All our employees who collect or process personal information of our clients are acquainted and educated in accordance with the principles of the Regulation and act in a legitimate, fair and transparent manner with personal information of their clients.
3. PERSONAL DATA COLLECTION MODE
We collect information –personal data about or customers in the following ways:
1. Collecting Data at our Business bureau – When making a reservation or offer, we ask the user for the personal information needed for the reservation or offer
2. The user may leave his or her data personally or in the name of the user, or another user can be contacted by us or by phone or mail
3. Data collection via web – On our website when making a reservation or asking for a quote, we collect the information needed to make a reservation or offer; The customer submits us the information via the form on the web site or when registering the invoice
4. TYPES OF PERSONAL DATA WHICH WE CONCLUDE
We only collect data that is necessary for the purpose of data collection and in accordance with applicable legal regulations.
The information that we collect are: name and surname, date of birth of children ( e.g. discounting), phone number and e-mail address for contact, location, sex, citizenship, passport number or other appropriate personal document where necessary for enforcement legal obligations (e.g when crossing the border), credit card number or other asset information.
Due to the nature of passenger services, there may be a need for processing specially protected categories of personal information that reveal, for example, religious or philosophical beliefs, union membership, and data related to client health, exclusively for the purpose of executing a contract between HIDDE ADRIATIC ltd and a client, that is, performing the activities that precede the conclusion of the contract.
It will be considered, that the client, who voluntary reveals data from a special category of personal data to HIDDEN ADRIATIC ltd, is explicitly giving his or her privacy, in processing such data.
5. PURPOSE OF PERSONAL DATA COLLECTION
We collect personal information for the following purposes:
1. In order to execute the contract or prepare for the execution of the contract, we collect personal information so that we can perform the service to the client or in order to make a service offer to the client.
2. For the purposes of informing users about services and products, if the client has given the privilege, we can use the client’s information to inform the customer about our services and products that may be of interest to the client.
3. For internal purposes – with the aim of protecting the interests of their clients as well as their own legitimate interests, in accordance with the applicable regulations.
We are obliged to provide or allow access to certain personal data of the client to the competent state bodies, based on a written request, according to the applicable regulations, (e.g. courts, police, tourist inspections, etc.). The legal basis for the processing of data for these purposes is the fulfilment of the legal obligations of HIDDEN ADRIATIC ltd.
6. PROMOTING DATA TO THIRD PARTY
We pass client data to third parties in the following cases:
1. For the purpose of executing a contract or preparing for execution of a contract with a client
When it is necessary to provide the customer with a contracted service or required information, we pass the data to a third party. This includes, for example, sending a client’s data to a hotel or carrier when it is needed to perform a service or make a bid for the service.
2. When the user has given the privilege
We pass the data to a third party if it is necessary for the purpose for which the user has explicitly granted the privilege.
3. When engaging subcontractors to perform certain jobs
If we engage the subcontractors as executives for the execution of certain jobs, in that case we will pass the personal data to the subcontractor.
7. CLIENT RIGHTS
In accordance with the General Data Protection Regulation (GDPR), the client has the following rights:
1. Right of access by the data subject
The client is entitled to receive confirmation that we are processing his or her personal data and, if processed, he or she is entitled to receive information about the purpose of the processing, the category of personal data we are processing, the recipients or categories of recipients of the data we are processing, the estimated period in which the data will be stored or the criteria to determine the period, the right to request correction, deletion and limitation of data processing, the right to lodge a complaint with the supervisory authority, automated decision-making system information, such as profile design, of safeguards if the data is transferred to a third country.
2. Right to Rectification
The customer has the right to obtain correction of incorrect data related to it, as well as to request the completion of incomplete data.
3. Right to erasure (“Right to be forgotten”)
The customer has the right to obtain deletion of data (“Right to be forgotten”) unless the data is necessary for the purpose for which they are collected or should be kept in accordance with the applicable legal regulations. HIDDEN ADRIATIC ltd. has the obligation to notify the customers the change or erasure of the data executed at its request.
4. Right to restriction of processing
The client has the right to access the data processing limit, under the terms defined in the General Data Protection Regulation. HIDDEN ADRIATIC ltd has an obligation to notify the client about the processing limit made at the client’s request.
5. Right to data portability
The client has the right to receive the personal data concerning him or her, which he or she has provided to HIDDEN ADRIATIC ltd, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
6. Right to Object
The client has at all times the right to object to the processing of personal data.
The client has at all times the right to a direct marketing complaint, in which case the data will no longer be used for that purpose.
7. Automated individual decision-making, including profiling
The client has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
8. PERSONAL DATA PROTECTION
When protecting personal information of our clients, we handle a business practice in the field of tourism as well as information and communication technologies. We are improving every day in the area of our activity and we are of particular interest to the client’s satisfaction, which of course implies the protection of his or hers personal data. For this reason, we have invested additional resources and efforts to protect our customers from any unauthorized insight, change, loss, theft, or other misuse of data.
The client can exercise his rights under the General Data Protection Regulation (GDPR) by submitting a request to the electronic mail address: firstname.lastname@example.org, as well as filing a claim with the Personal Data Protection Agency.
The Policy comes into force and begins to apply on the day of its publication and is available on the internet site and at HIDDEN ADRIATIC ltd. On the possible amendments to the Policy, clients will be timely informed, including through the publication on the web site. The right to transfer of personal data, deletion of data and the limitation of personal data processing shall have the client no later than the date of application of the General Data Protection Act, 25 May 2018.
In Rijeka, 03.06.2019.