- Homepage
- Privacy policy
Privacy Policy
Information on personal data protection
Pula City Center Accommodation hereby informs you on the processing of your personal data and your rights based on the applicable rules on personal data protection.
- Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: General Regulation - GDPR).
This Information applies to all cases of processing of your personal data by Pula City Center Accommodation as the Controller, unless any other Information, Privacy Policy or similar documents irrespective of their name need to be applied in special cases of processing and take precedence over this Information or supplement it.
CONTROLLER
Pula City Center Accommodation, Pula, Vrtlarska 1, is the controller of your personal data within the meaning of the General Regulation (GDPR).
Regarding
the processing of your personal data, you can contact:
- sending a query via email to: cityroomspula@gmail.com;
- sending post to the following postal address: Vrtlarska 1, 52100 Pula (Hrvatska)
1. PURPOSE AND LEGAL BASIS FOR PROCESSING
We collect, store and in other permitted ways process your personal data for the following purposes.
Booking
- At the time of booking accommodation, we collect your personal data in order to conclude an agreement for accommodation, especially to contact you (e.g. phone/mobile phone number, email address) or unambiguously link the booking with you and other guests traveling with you (e.g. name and surname, date of birth, number of guests, date of arrival, date of departure).
Without these data we cannot conclude an agreement for accommodation.
As an exception, when the booking is made on our partners' website, we collect the above-mentioned data and other data that our partner determines to be mandatory and without which the contract cannot be concluded.
Check-in
- At the time of your check-in at the facility, we collect and process your personal data in order to comply with our legal obligations under the regulations on the manner of keeping tourist registers and the form of tourist registration.
According to the currently valid regulations, we are obliged to collect the following data: surname and name, place, country and date of birth, citizenship, type and number of identity document, place of residence (temporary residence) and address, date and time of arrival to and departure from the facility, gender, note (basis for exemption from the sojourn tax payment, i.e. for reducing the sojourn tax payment).
We cannot provide the accommodation service without these data.
Technical and security measures
- During your stay at our facility, we apply technical and security measures (e.g. video surveillance in the public areas of the facility that can record you) to protect you and your property, other guests and their property, our employees and our property.
The application of technical and security measures that exist in our facility cannot be discontinued at the request of a particular guest.
2. LEGITIMATE INTEREST
The General Regulation (GDPR) provides for our right (legitimate interest) to process your personal data for the purpose of direct marketing and profiling regarding such marketing, to the extent which is not contrary to your interests, freedoms and rights.
However, in order to ensure a more complete protection of your personal data, rights and interests, before processing your personal data for the purpose of direct marketing, we will seek to ask your explicit consent for such processing.
3. CATEGORIES OF PERSONAL DATA RECIPIENTS
The personal data we are obliged to collect at the time of a guest’s check-in is sent electronically to the eVisitor system, according to the regulations on the manner of keeping tourist registers and the form of tourist registration.
Your personal data are sent to our contractual processors that provide us with service management computer programs that have access to these data only to the extent necessary for the proper functioning of the program and to other processors that enable us to provide hospitality and tourist services.
Your personal data are communicated or made available to third parties in other cases as well, but only when we are obliged to do so under the General Regulation (GDPR), for example at the request of a competent judicial or administrative body.
4. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
We do not intend to transfer your personal data to a third country (i.e. non-EU/EEA country) or an international organisation. However, when such transfers are necessary or useful in providing our services (for example, to store data on servers or for online data transfer), we regulate the relations with our processors in third countries in accordance with the provisions of the General Regulation (GDPR).
5. PERIOD OF DATA STORAGE
We store your data:
- for the period prescribed by the applicable regulations, if such data are collected solely for the purpose of fulfilling our legal obligations:
-
for example, the data from the guestbook must be kept at least 2
years after the expiration of the calendar year during which the
guest stayed at our facility, and such data must be kept for 10 years
in the eVisitor system;
-
in addition, according to accounting regulations we are obliged to
keep the issued invoices and the personal data contained therein for
11 years.
- for the duration required for the expiry of statutory limitation period (three or five years) and for an additional reasonable period needed for your request submitted to a judicial or administrative body to be delivered to us, provided that such data are obtained solely in connection with the contracts we have concluded with you or about which we have negotiated (for example, data contained in booking requests/reservation inquiries and booking confirmations);
- until you withdraw your consent if we base the processing of your data on your consent;
- 10 years if the processing is based on our legitimate interests (but, above all, taking into consideration the content of point 2 of this Information
6. YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION
Users
of our services have the following rights under the General
Regulation (GDPR):
a. RIGHT OF ACCESS
At any time, you can request confirmation of whether your personal data are being processed and, if processed, you have the right to request access to such data and information as referred to in Article 15. of the General Regulation (GDPR).
Upon your request to exercise your right of access, we will provide you with the data and information electronically (via email), unless you did not specify your email address in your request or you explicitly requested postal delivery.
b. RIGHT TO RECTIFICATION
You have the right to ask us to rectify inaccurate personal data and to complete missing personal data without delay.
c. RIGHT TO ERASURE
If
you feel that we have collected or otherwise processed your data
contrary to the General Regulation (GDPR), you have the right to
request erasure of such data. In case the request is well founded,
the data will be erased without undue delay.
The
right to erasure can be obtained if your personal data are no longer
necessary for the purposes for which they were collected or otherwise
processed, if you have withdrawn your consent to the processing of
your data, if you have filed an objection to the processing necessary
for our legitimate interests, if the data of a child under the age of
16 are collected in connection with the provision of information
society services or if the data must be erased in order to comply
with a legal obligation.
If there are reasons that prevent us from or limit us in complying with your request, we will notify you in response to your request.
d. RIGHT TO RESTRICTION OF PROCESSING
You have the right to ask us to restrict the processing of your personal data if you dispute the accuracy of these data, if the processing is illegal and you are opposed to erasure of such data, if you have filed an objection against the processing of your data, and if the data are no longer needed but are necessary for the establishment, exercise or defence of legal claims.
e. RIGHT TO DATA PORTABILITY
You have the right to receive the personal data you provided us in a structured, commonly used and machine-readable format and to transfer them to another controller if the processing of these data are based on consent or agreement and is carried out automatically.
f.
RIGHT TO WITHDRAW CONSENT
If
your data are processed based on your consent, you can withdraw such
consent at any time without affecting the legitimacy of the
processing that was based on such consent.
g. ADMINISTRATIVE COST
Your rights are exercised free of charge, and only exceptionally an administrative cost is charged.
We will notify you of the administrative cost that we have the right to charge under the General Regulation (GDPR) before it occurs and if the requirements for its payment are met.
7. RIGHT TO COMPLAIN AND OBJECT
Based on your particular situation, you have the right to file an objection at any time against the processing of personal data we conduct based on our legitimate interests under point 2 of this Information, including the right to file an objection against profiling related to such legitimate interests.
If you believe that by processing your personal data we are in violation of the General Regulation (GDPR), please contact us.
You have the right to file a complaint with the supervisory authority if you believe that by processing your personal data we are in violation of the General Regulation (GDPR).
You can file a complaint with, for example, a supervisory body in the EU member state of your normal residence or workplace or in the Republic of Croatia (Personal Data Protection Agency).
25.5.2018.
Pula City Center Accommodation