Skip links

Privacy policy

Privacy Policy – Information on the Processing of Personal Data 

1.   Introduction 

ČISTA VODA PROJEKT d.o.o. with its principal place of business in Savudrija, Alberi 300, 52475 Savudrija, OIB: 10116776883 is a company registered in the court register of the Commercial Court in Pazin. 

ČISTA VODA PROJEKT d.o.o. is primarily engaged in providing hospitality services and real estate business, and in its transaction of business, it must collect and process certain data about individuals. 

All employees of ČISTA VODA PROJEKT d.o.o. are fully familiar with the content of this Policy and they ensure its application when processing personal data. Employees whose tasks include the handling of personal data are adequately educated regarding their tasks in relation to the protection of personal data. 

This policy applies to all personal data known to ČISTA VODA PROJEKT d.o.o. in relation to any person, regardless of whether he / she was, currently is or will be an employee, guest, client, supplier or contact. This Policy does not apply to anonymous data. Anonymous data stands for data that has been changed in such a way that it cannot be linked to a specific natural person or cannot be linked without disproportionate effort, and therefore, in accordance with current regulations, it is not considered personal data. 

This Privacy Policy applies only to your use of our websites. Our websites may contain links to other websites. Please note that we have no control over how other websites collect, store and use your information and we advise you to check the privacy policies of other websites you use before disclosing your personal information to them. 

  1. Data Controller

For the purposes of this Policy and the applicable regulations on the protection of personal data, including the General Data Protection Regulation (EU) 2016/679 (hereinafter: “General Regulation” or “GDPR”), the Data Controller and the company responsible for processing your of personal data is ČISTA VODA PROJEKT d.o.o., Alberi 300, 52475 Savudrija, OIB: 10116776883 (hereinafter: “ČISTA VODA PROJEKT” or “we”). 

 

  1. Contact

In case you have any question related to the protection of your personal data, you can contact us in the following ways: 

  • By e-mail to the address: gdpr@petramresort.com
  • By postal mail, to the address ČISTA VODA PROJEKT d.o.o., Alberi 300, 52475 Savudrija, OIB: 10116776883, Attn: Data Protection Officer.

 

  1. Reasons and Legal Basis for Collecting Personal Data

ČISTA VODA PROJEKT d.o.o. is a company that, among other activities, provides hospitality and accommodation services and engages in real estate business. 

We collect different types of personal data about you, depending on your relationship with us and the reasons for our communication. 

As a general principle, we only process your personal data if we have a valid legal basis for doing so. 

Most often, it will be on the following legal grounds: 

  • Contract
  • e.g. when you book accommodation in one of our facilities, you enter into a contract with us. 
  • Legal obligation
  • e.g. we register guests in the e-Visitor system in order to act in accordance with our legal obligation. 
  • Legitimate interest
  • In cases where your rights and freedoms do not outweigh our legitimate interests, we process your data, for example: for the purpose of protection of property and providing security, we record shared areas in our facilities (e.g. reception) with surveillance cameras. We do not use your personal data on the basis of this legal basis if we have assessed that this would adversely affect your privacy and that our legitimate interest does not outweigh the obligation to protect your rights and freedoms. 
  • Consent
  • As a rule, we do not use this legal basis, except in those situations where it is provided by law and other legal bases are not applicable. For example, we process your data on the basis of consent in case of membership and communication in our loyalty program. 

For some types of data processing, several legal bases of data processing may be applicable, depending on the circumstances and context. 

 

  1. Methods and Purposes of Collecting Personal Data

We collect your personal data directly from you, indirectly or automatically. 

The protection of your personal data is of particular importance to us. Your personal data will be collected only to the extent necessary to fulfil the respective purpose. 

Data collected and processed for the purpose of providing our services: 

  • For the purpose of registration in our accommodation units and registration before the competent authorities: 
  • name and surname 
  • date of birth 
  • birth place 
  • residence: place, country and postal code 
  • citizenship 
  • gender (male or female) 
  • type of identification document (identity card or passport) and number of the identification document 
  • OIB 
  • children’s names: first and last name, date and place of birth, gender, citizenship, OIB 
  • data from the identification document of the spouse 

 

  • For the purpose of fulfilling contractual obligations and obligations arising from the business relationship: 

 

  • name and surname 
  • gender 
  • title 
  • personal address 
  • citizenship 
  • phone number 
  • e-mail  
  • date of birth 
  • vehicle license plate number 
  • passport; issuing authority, date of issue, date of expiry 
  • the company 
  • occupation 
  • tax number 
  • membership card (loyalty programs) 
  • photography 
  • remarks 
  • family relationship with other guests 
  • spouse’s name, date and place of birth 
  • allergies 
  • special requirements 
  • credit card/payment information 
  • a copy of the identification document for transactions at the exchange office 
  • modes of transport: flight number, arrival time, GPS coordinates 
  • guest preferences (view of the sea or park, type of accommodation unit) 
  • additional packages (child seat, wellness, …) 
  • birthdays, anniversaries, important dates. 

 

  • For the purpose of informing about the offers and services of Petram Resort & Residences and for the purpose of contacting for conducting surveys: 

 

  • Name and surname 
  • postal address 
  • mobile phone number 
  • e-mail  

 

In order to be able to inform you about offers and services, and contact you to conduct surveys, we need your express consent. We cannot send you any information or contact you regarding these subjects without providing the above information and without having your consent.  

  • For the purpose of providing and improving services, and personalizing offers and services to suit your needs (profile creation): 

 

  • Name and surname 
  • gender 
  • title 
  • date of birth 
  • citizenship 
  • residence 
  • spouse  
  • children 
  • anniversary dates 

 

  • Video surveillance for the purpose of protecting people and property 

ČISTA VODA PROJEKT d.o.o. as data controller uses video surveillance measures to protect property and people in all outdoors areas of Petram Resort & Residences, at the reception and entrances to the apart-hotel buildings. 

The videos contain personal data of all persons who move in the camera’s range, and are therefore kept with special care, for which purpose a well-organized security system has been established. 

In case of judicial and/or criminal proceedings, ČISTA VODA PROJEKT d.o.o. can use the recorded videos. Personal data on videos can be viewed by third parties – data processors – contractual partners of ČISTA VODA PROJEKT d.o.o., who are registered professionals for providing personal and property protection services, and who in no way use the personal data independently, but only to take care of the security of central monitoring and notification systems. All other details regarding video surveillance are regulated by special regulations in this field.  

Storage: we keep recordings obtained through the video surveillance system for a maximum of six months or longer if they are exempted as evidence in a judicial, administrative, arbitration or other procedure. 

 

  1. Cookies

Our web pages use the so-called cookies – text data files placed on the user’s computer by the Internet server, through which the Internet access service provider (ISP) displays the website. 

Cookies are created when the browser on the user’s device loads the visited web destination, which then sends data to the browser and creates a text file (cookie). The browser retrieves and sends a cookie to the server of the website when the user returns to it. 

Our pages use technical cookies (mandatory cookies, they cannot be turned off) that are necessary for the website to function. 

More information can be found here.

 

  1. Statistical Processing

When we process your data for statistical purposes, we further use them exclusively in an aggregated, depersonalized form. This means that these data can no longer be linked to you in any way and no longer represent your personal data. 

 

  1. Recipients of Personal Data

We do not share your personal data with third parties for the purpose of advertising their services. We will not sell your personal data to third parties. 

In certain cases, we will share your personal data with other recipients, namely: 

In cases where it is necessary to share your personal data so that we can fulfil the contract in which you are a party; 

In cases where you have agreed to share your personal data with a third party (e.g. in the case of using cookies); 

With judicial, tax, audit and other competent authorities, when we have reason to believe that we are obliged to share such data based on the law and other regulations (for example, based on the request of the tax authority or in connection with an expected legal dispute); 

With payment service providers with whom we have contracts for the processing of personal data; 

With IT service providers with whom I have concluded appropriate data processing contracts, whose systems we use in our business (e.g. reservation system PHOBS (Phobs d.o.o.), guest database Opera (HRS International) and Laser Line (Laser Line d.o.o.), Microsoft Office 365 and HubSpot (HubSpot, Inc., HubSpot Ireland Limited). 

With the e-Visitor system, in accordance with the regulations on the provision of catering services and the way of keeping a list and registration of tourists; 

With other service providers who provide a specific service on our behalf, including external consultants, investment advisory service providers, professional advisors such as auditors, lawyers or accountants, marketing agencies companies and market research agencies, technical support service providers and IT consultants who conduct certain tests or work on the development of technical solutions in our systems; 

With the mobile application service provider if you use the same one. 

 

  1. Cross-border Data Transfers

We want to ensure that your personal data is stored and transmitted securely. Therefore, we will transfer data outside the European Economic Area (hereinafter referred to as the EEA) only if this is in accordance with the applicable data protection regulations and if the transfer means provide the appropriate level of security. 

When we transfer your data outside the EEA and in cases where the country or territory to which the data is transferred does not provide an adequate level of data protection, we will take all reasonable steps to ensure that your data is handled securely, and in accordance with the privacy policy contained in this Policy. 

 

  1. Security of Personal Data

We apply technical and organizational measures to ensure that your data is secure and to protect it from accidental or intentional unauthorized access, loss or alteration. We have ensured that your data can only be accessed by those persons who have a business need for it, exclusively for purposes that are permitted and about which you have been informed, and that these persons are under an obligation to keep your data confidential. 

If you suspect any unauthorized use, loss or unauthorized access to your personal data, please notify us. 

 

  1. Data Storage and Storage Periods

We keep your data as long as necessary in accordance with the purpose for which it was collected, including for the purpose of acting in accordance with legal obligations. After the storage period has expired, we will delete the data, and in cases where this is not technically possible, we will make the data unreadable. In the event that we still need some data for legitimate business purposes after the storage period for that data has expired, we will take appropriate steps to anonymize that data. 

According to the law, we keep guest data for at least two years after the year of stay, and data in the e-Visitor system must be kept for 10 years. 

We keep data related to accounting regulations for 11 years. This includes accounts that may also contain your personal information. 

In the case of using credit card data for the purpose of guaranteeing the reservation, we record such data in our system up to 30 days after your check-out, and in case of charging the amount of the guarantee, we store it in accordance with accounting regulations. 

We store data based on our legitimate interest in accordance with justified and reasonable business needs. 

We keep data related to video surveillance for up to six months. 

We keep the data we collect on the basis of consent until the consent is withdrawn. 

  

  1. Your Rights Regarding the Processing of Personal Data
Your Rights 

Explanation 

 

Right of access. 

 

 

You have the right to access your personal data processed by us and you can request detailed information, in particular, about the purpose of their processing, about the type / categories of personal data that are processed, including insight into your personal data, about recipients or categories of recipients, and about the intended period in which personal data will be stored. Access to personal data can be limited only in cases prescribed by Union law or our national legislation, i.e. when such a limitation respects the essence of the fundamental rights and freedoms of others. 

 

Restriction of processing. 

You have the right to obtain restriction of processing if: 

  • you dispute the accuracy of the data;  
  • if the processing is illegal, and you object to data deletion; 
  • if the data controller no longer needs the personal data, but you have requested it in order to establish, exercise or defend legal claims; 
  • if you objected to the processing of your personal data. 

 

 

Data transferability.  

 

You have the right to request the transfer of personal data to another service provider – in practice, this means that you have the right to request that we provide you with all personal data that we process in a machine-readable form or request that we provide it directly to another company. 

 

Right of correction.  

 

You have the right to request the correction or addition of personal data if your data is not correct, complete and up-to-date. To do this, send your request to us as the controller in writing, including electronic form of communication. 

Please note that in the request it is necessary to specify what is not accurate, complete or up-to-date and in what sense the above should be corrected and submit the necessary documentation in support of your allegations. 

 

Right to be forgotten.  

 

You have the right to obtain the deletion of personal data relating to you, without undue delay, when personal data have been unlawfully processed, when data processing disproportionately interferes with your legitimate interests, personal data are no longer necessary in relation to the purposes for which they were collected, and when you withdraw your consent on which the processing is based. 

There are reasons that exclude the possibility of immediate deletion, such as in the case of a legal obligation e data storage. 

 

Right to object.  

 

You have the right, based on your particular situation, to object at any time to the processing of personal data relating to you, when it is necessary to protect your legitimate interests or the legitimate interests of a third party. Your personal data may no longer be processed unless there are compelling legitimate reasons for the processing that go beyond your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defense of legal claims. 

You have the right to object to direct marketing at any time without giving reasons for objecting. 

 

Withdrawal of consent. 

 

If we process your data on the basis of consent, you are authorized to withdraw the given consent at any time. We will immediately stop processing personal data collected on these grounds. 

 

All requests can be made by sending a written request to the business address of ČISTA VODA PROJEKT d.o.o., Alberi 300, 52475 Savudrija, OIB: 10116776883 or to e-mail gdpr@petramresort.com 

Complaint. You are also authorized to submit a complaint to the local supervisory body for data protection – that is the Agency for Personal Data Protection, at the address: 

Agency for the Protection of Personal Data 

Selska cesta 136
HR – 10,000 Zagreb
Tel. +385 (01) 4609-000
Fax. + 385 (01) 4609-099
E-mail: azop@azop.hr
Web: www.azop.hr 

We inform you that we will keep a record of our communication, so that we can solve any question you contact us with as efficiently as possible. 

 

Send inquiry

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.