Privacy policy

Privacy Policy

Information on personal data protection

Pula City Center Accommodation hereby informs you on the processing of your personal data and your rights based on the applicable rules on personal data protection.

  • Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: General Regulation - GDPR).

This Information applies to all cases of processing of your personal data by Pula City Center Accommodation as the Controller, unless any other Information, Privacy Policy or similar documents irrespective of their name need to be applied in special cases of processing and take precedence over this Information or supplement it.

CONTROLLER

Pula City Center Accommodation, Pula, Vrtlarska 1, is the controller of your personal data within the meaning of the General Regulation (GDPR).

Regarding the processing of your personal data, you can contact:


  1. sending a query via email to: cityroomspula@gmail.com;

  2. sending post to the following postal address: Vrtlarska 1, 52100 Pula (Hrvatska)



1. PURPOSE AND LEGAL BASIS FOR PROCESSING

We collect, store and in other permitted ways process your personal data for the following purposes.







Booking

  • At the time of booking accommodation, we collect your personal data in order to conclude an agreement for accommodation, especially to contact you (e.g. phone/mobile phone number, email address) or unambiguously link the booking with you and other guests traveling with you (e.g. name and surname, date of birth, number of guests, date of arrival, date of departure).

Without these data we cannot conclude an agreement for accommodation.

As an exception, when the booking is made on our partners' website, we collect the above-mentioned data and other data that our partner determines to be mandatory and without which the contract cannot be concluded.



Check-in

  • At the time of your check-in at the facility, we collect and process your personal data in order to comply with our legal obligations under the regulations on the manner of keeping tourist registers and the form of tourist registration.

According to the currently valid regulations, we are obliged to collect the following data: surname and name, place, country and date of birth, citizenship, type and number of identity document, place of residence (temporary residence) and address, date and time of arrival to and departure from the facility, gender, note (basis for exemption from the sojourn tax payment, i.e. for reducing the sojourn tax payment).

We cannot provide the accommodation service without these data.



Technical and security measures

  • During your stay at our facility, we apply technical and security measures (e.g. video surveillance in the public areas of the facility that can record you) to protect you and your property, other guests and their property, our employees and our property.

The application of technical and security measures that exist in our facility cannot be discontinued at the request of a particular guest.

2. LEGITIMATE INTEREST

The General Regulation (GDPR) provides for our right (legitimate interest) to process your personal data for the purpose of direct marketing and profiling regarding such marketing, to the extent which is not contrary to your interests, freedoms and rights.

However, in order to ensure a more complete protection of your personal data, rights and interests, before processing your personal data for the purpose of direct marketing, we will seek to ask your explicit consent for such processing.



3. CATEGORIES OF PERSONAL DATA RECIPIENTS

The personal data we are obliged to collect at the time of a guest’s check-in is sent electronically to the eVisitor system, according to the regulations on the manner of keeping tourist registers and the form of tourist registration.

Your personal data are sent to our contractual processors that provide us with service management computer programs that have access to these data only to the extent necessary for the proper functioning of the program and to other processors that enable us to provide hospitality and tourist services.

Your personal data are communicated or made available to third parties in other cases as well, but only when we are obliged to do so under the General Regulation (GDPR), for example at the request of a competent judicial or administrative body.



4. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

We do not intend to transfer your personal data to a third country (i.e. non-EU/EEA country) or an international organisation. However, when such transfers are necessary or useful in providing our services (for example, to store data on servers or for online data transfer), we regulate the relations with our processors in third countries in accordance with the provisions of the General Regulation (GDPR).



5. PERIOD OF DATA STORAGE

We store your data:

  • for the period prescribed by the applicable regulations, if such data are collected solely for the purpose of fulfilling our legal obligations:

- for example, the data from the guestbook must be kept at least 2 years after the expiration of the calendar year during which the guest stayed at our facility, and such data must be kept for 10 years in the eVisitor system;
- in addition, according to accounting regulations we are obliged to keep the issued invoices and the personal data contained therein for 11 years.

  • for the duration required for the expiry of statutory limitation period (three or five years) and for an additional reasonable period needed for your request submitted to a judicial or administrative body to be delivered to us, provided that such data are obtained solely in connection with the contracts we have concluded with you or about which we have negotiated (for example, data contained in booking requests/reservation inquiries and booking confirmations);

  • until you withdraw your consent if we base the processing of your data on your consent;

  • 10 years if the processing is based on our legitimate interests (but, above all, taking into consideration the content of point 2 of this Information



6. YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION

Users of our services have the following rights under the General Regulation (GDPR):


a. RIGHT OF ACCESS

At any time, you can request confirmation of whether your personal data are being processed and, if processed, you have the right to request access to such data and information as referred to in Article 15. of the General Regulation (GDPR).

Upon your request to exercise your right of access, we will provide you with the data and information electronically (via email), unless you did not specify your email address in your request or you explicitly requested postal delivery.



b. RIGHT TO RECTIFICATION

You have the right to ask us to rectify inaccurate personal data and to complete missing personal data without delay.



c. RIGHT TO ERASURE

If you feel that we have collected or otherwise processed your data contrary to the General Regulation (GDPR), you have the right to request erasure of such data. In case the request is well founded, the data will be erased without undue delay.


The right to erasure can be obtained if your personal data are no longer necessary for the purposes for which they were collected or otherwise processed, if you have withdrawn your consent to the processing of your data, if you have filed an objection to the processing necessary for our legitimate interests, if the data of a child under the age of 16 are collected in connection with the provision of information society services or if the data must be erased in order to comply with a legal obligation.


If there are reasons that prevent us from or limit us in complying with your request, we will notify you in response to your request.







d. RIGHT TO RESTRICTION OF PROCESSING

You have the right to ask us to restrict the processing of your personal data if you dispute the accuracy of these data, if the processing is illegal and you are opposed to erasure of such data, if you have filed an objection against the processing of your data, and if the data are no longer needed but are necessary for the establishment, exercise or defence of legal claims.



e. RIGHT TO DATA PORTABILITY

You have the right to receive the personal data you provided us in a structured, commonly used and machine-readable format and to transfer them to another controller if the processing of these data are based on consent or agreement and is carried out automatically.


f. RIGHT TO WITHDRAW CONSENT

If your data are processed based on your consent, you can withdraw such consent at any time without affecting the legitimacy of the processing that was based on such consent.


g. ADMINISTRATIVE COST

Your rights are exercised free of charge, and only exceptionally an administrative cost is charged.

We will notify you of the administrative cost that we have the right to charge under the General Regulation (GDPR) before it occurs and if the requirements for its payment are met.



7. RIGHT TO COMPLAIN AND OBJECT

Based on your particular situation, you have the right to file an objection at any time against the processing of personal data we conduct based on our legitimate interests under point 2 of this Information, including the right to file an objection against profiling related to such legitimate interests.

If you believe that by processing your personal data we are in violation of the General Regulation (GDPR), please contact us.

You have the right to file a complaint with the supervisory authority if you believe that by processing your personal data we are in violation of the General Regulation (GDPR).

You can file a complaint with, for example, a supervisory body in the EU member state of your normal residence or workplace or in the Republic of Croatia (Personal Data Protection Agency).


25.5.2018.


Pula City Center Accommodation

Popular arrangements