Updated on May 24th, 2018.
ROYAL HOTELS & RESORT d.o.o., headquartered in Dubrovnik, Kardinala Stepinca 31, VAT: 41984487913, (hereinafter “the Company”), email of the Data Protection Officer: email@example.com, recognises and understands the importance of protecting the confidentiality and privacy of personal information collected by or otherwise entrusted to us.
Personal data is considered to be any data relating to an individual whose identity has been identified or can be identified. Data on legal entities are not considered personal data and this Statement shall not apply to them.
We would like to inform you of how we process the personal data we collect directly from you or third parties, regardless of whether such data are collected via our website or other channels. Certain parts of this Statement may be supplemented by notices provided on other parts of our website or in other ways, where appropriate.
This Declaration is subject to change, with the date of the most recent change indicated in the statement title. You will be notified of any changes to this Statement that will affect you through a suitable channel, depending on the selected route of communication. In any case, we invite you to follow our Statement changes on our website.
For better visibility, this Statement is divided into specific areas. If you have any questions, please contact our privacy officer by sending an email to firstname.lastname@example.org.
The law of the Republic of Croatia allows us to process personal data only where there is purpose and legal basis to do so, and we are required to inform you of such legal . When we process your personal information, we rely on the following legal bases:
conclusion and execution of a contract: this involves the processing of information required to conclude the contract and execute our contractual commitments towards you, such as providing accommodation services, transportation and other services we provide;
legal obligation: this is applicable in cases where our law requires the processing of certain data, such as a special law that prescribes which information we are obliged to collect about guests to whom we provide accommodation services, a law requiring us to keep the received and issued accounts, a law stipulating the obligation to use video surveillance at our exchange offices;
consent: In certain cases, we will ask for your explicit permission to process data for a particular purpose, and we will process your personal information only with your agreement. Your consent can be withdrawn at any time. For example, we will ask you before sending you our newsletter about special offers and events;
protection of your key interests: Your personal information may be handled in emergencies when it is necessary for the protection of your life or health;
legitimate interest: Your personal information will be processed in the case of a legitimate interest for the purposes of our lawful business, provided that your interests, rights and freedoms do not prevail. Examples of our legitimate interest in our business are the following:
providing information to individuals who visit our website and contact us via online contact forms,
answering inquiries from potential guests, business partners, journalists and other persons,
collecting data on users of our services with whom we are not in a direct contractual relationship to ensure the provision of appropriate services upon their arrival (e.g., guests arriving via tourist agencies, congress organization, etc)
providing information on employment opportunities,
Prevention of fraud and criminal acts and the protection of the security of our information system, confidential information, employee and property security,
fulfilling our responsibilities towards society as a whole, corporate responsibility,
monitoring the quality of services rendered and improving our business in accordance with the modern standards of the hotel industry,
conducting marketing activities (e.g. photographing events in our properties, prize games, promotional offers),
conducting research and analysis activities with the aim of improving customer experience, improving the functionality and quality of our online travel booking services,
resolving disputes or complaints, regulatory investigations and acting upon requests of competent authorities, obtaining legal claims or defending against other requests.
When collecting your information, we will notify you if the provision of personal data is a legal or contractual obligation or a condition necessary for the conclusion of a contract and whether you are obliged to provide such personal information, and the consequences if you do not provide such information.
Your personal information may be collected from the following sources:
directly from you (via contact forms on the web, forms on paper, e-mail correspondence, telephone conversations, personally through conversation with you),
other persons (e.g. tourist agencies and event organizers who provide us your information regarding your stay with us, online platforms where you have booked the services, from persons traveling with you, from persons employed or otherwise engaged by your employer with whom we have a service contract). In such cases, we trust that the persons who provide us with your personal information or give instructions for their processing are authorized to do so and have provided you with all the necessary information, i.e. your approval where also necessary , and from publicly available sources (e.g. court register, business websites and other publicly available information), through the video surveillance system installed in our premises.
In case you provide us with the personal information of other persons, it is your responsibility to ensure that the person whose information is provided has been informed of the way we use the personal information. In the event that we do not collect your information directly from you, but from any of the abovementioned persons, we may only be responsible for what we are undertaking with the personal information from the moment we collect it. We are not responsible for and cannot be held responsible for the activities taken with your personal information by those from who we received your information, therefore, please read the privacy policies of those persons to whom you provide your personal information.
We will make reasonable efforts to keep your personal information for as long as necessary to achieve the purpose for which your data was collected. The length of the storage period depends on the particular circumstances and reasons for which we have collected data.
For example, when our law implies a certain maximum data retention period, we apply the statutory deadline for retention. When the law prescribes a minimum deadline for data storage or does not prescribe any time limit, we will keep the data for as long as necessary to ensure efficient operations and protection of our interests. When there is a possibility that you will have a specific request towards us, we will keep this information at least until the expiration of the legal requirement. If a court or similar procedure is in progress, we can keep the data for as long as needed for the purpose of such proceedings.
At the expiration of the deadlines for storing personal information as hardcopy, it will be destroyed in a safe manner, such as shredding or burning, while we will permanently delete or anonymize electronic data. By anonymizing, the data lose the status of personal data and do not fall within the scope of this Statement.
If you request the deletion of your data before the expiration of the deadlines, we will consider your request and satisfy it provided there are no barriers to the deletion of such data.
We will share your personal information with third parties in cases where we are legally obliged to do so; where there is a legitimate professional and business need; in order to comply with your request; to the extent necessary to realize the contractual rights and obligations and to protect our interests.
Our service providers and business partners: We may share your personal information with our third-party service providers, such as those who maintain our IT applications, provide hosting services, provide newsletter service, business document archiving services; tourist agencies and congress organizers providing us the information about your arrival; carriers if you have requested transport service; our legal, tax and other advisers, auditors, court interpreters and translators; providers of postal and delivery services; marketing agencies;
other recipients who disclose personal information at your request: We may also share your personal information with other third parties that you have requested for a particular service or to act upon your request (e.g. organization of transport and excursions, rental of cars and other equipment);
courts and other state bodies: We may disclose your personal information at the request of the courts, the Personal Data Protection Agency, other state bodies upon which we are required to act, and when personal data is required or desirable to enable ROYAL HOTELS & RESORT to comply with the law, court order or to protect its reputation and business;
companies belonging to the same group of entrepreneurs: ROYAL HOTELS & RESORT d.o.o. is part of the IMPORTANNE Group and may share your personal information with other companies belonging to the group where necessary to perform regular administrative functions;
audits and internal investigations: disclosure of personal data may be necessary in the case of audits in the area of personal data protection and security and/or investigation or response to a complaint or threat of security;
Insurers: We may disclose your information when contracting and administering insurance, and when necessary for our insurance companies, brokers, reinsurers and their professional advisors to fulfil their legal obligations and obligations to regulators;
Reorganization of our business: We may disclose your personal information regarding the sale or transfer of part of our business to another person related to the part of the business that is the subject of sale or transfer.
We will ensure that third parties do not disclose your information to a greater extent than is appropriate to the circumstances. ROYAL HOTELS & RESORT will not make your personal information available to any of the above recipients for marketing or other own purposes.
In the above cases, there may be a need to disclose your personal information to a recipient in a third country that does not provide an adequate level of protection. In order to ensure that your personal information is adequately protected in such cases, we will apply one of the safeguards prescribed in Chapter V of the General Data Protection Act. If no derogation from special cases referred to in Article 49 of the General Data Protection Regulation can be applied, we will conclude with the recipient of the data in the third country a contract with standard clauses containing the text that has been adopted and approved by the European Commission.
We process personal information of guests and other users of our services when it is necessary to comply with our legal obligations, to conclude a contract with you, to act on your behalf or in accordance with our legitimate interest, for the following purposes:
– communication with you and customer support: When you contact us with a query, complain about or praise our service, we will process your information so we can contact you and act upon your request. For example, if you do not complete your online reservation, we’ll send you a reminder to continue booking by email. We believe that this additional service is helpful as it allows you to proceed with your reservation without having to search for or enter your reservation information again, reservation of accommodation and other hotel facilities and conclusion of contracts: if you are interested in our accommodation or other services we offer, we will collect your information so that we can manage our capacities and arrange the services you have requested in a timely and orderly manner (e.g., accommodation, use of currency exchange services, congress organization, conferences, weddings, banquets and other services);
respecting contractual obligations and collection of payment for services provided: to the extent necessary, personal data will be processed for the purpose of fulfilling contractual obligations, providing the expected level of hospitality and exercising the right to charge for the provided service, irrespective of whether we are directly involved in the contract with you or with a tourist agency or organizer of events in our facility that is in a contractual relationship with you,
check in and check out guest accommodation: if you are using accommodation services in our hotels, we are legally obliged to collect certain personal information for the registration of your stay and registration in the central Croatian guest system,
monitoring and improving the quality of services: we may request your feedback about your satisfaction with the services provided. We can use your contact information to send an invitation to post reviews to you via e-mail after your stay. This way you can help other travellers when choosing the right accommodation, but also for us to improve our services. If you submit a review, it may be published on our website;
To achieve the legal requirements we have against you or the defence of your claim: We may use your personal information to exercise our rights towards you, initiate procedures for, among other things, the payment of our fee, or to defend your claims arising out of or relating to reserving or staying with us,
protection of your security and property through video surveillance: part of our hotel and area around the hotel is under video surveillance, with notices posted visible around the property. During your stay in our area, therefore, you may be affected by video surveillance. More about video surveillance can be found here.
7.1.2. The types of personal information we collect
We collect only those personal data that are necessary for us to accomplish these purposes. Depending on the circumstances, this may include the following: first and last name, address, postal code and city, country, e-mail, telephone number or cell phone number; place, country and date of birth; citizenship; visa number if you are subject to the visa regime; the place of entry into the Republic of Croatia; credit card information (card type, card number, card name, expiration date and code), arrival and departure time (including room preferences, content, or any other service used), persons you travel with, special requirements information about the services you are using, identification information, airline information or the vehicle used to arrive at our hotel, impressions of our services, information on whether you come via a promotional action or a prize game, information about events organized in our area and the names of participants in such events.
In addition to the above information about you, we may also request this information for persons traveling with you.
Health data, religious or philosophical beliefs and other special categories of personal data will only be collected if you volunteer such information to allow us to better serve or meet your special requirements and needs (e.g. avoid serving foods to which you are allergic, providing access to handicapped persons and the like). We will not actively seek out such information from you personally.
With regard to the credit card information we collect, we delete the same on the billing of our services. Regarding deadlines for keeping other data, recipients, your rights and other details, please see the appropriate point of this Statement.
7.1.3. Sharing data with Booking.com
In addition to the information provided in section 6. Sharing and transferring your data, we would like to inform you of the way we share the information with Booking.com. We partner with Booking.com B.V. headquartered at Herengracht 597, 1017 CE Amsterdam, Netherlands (www.booking.com) (hereafter “Booking.com”) to provide you with an online reservation service. While we are responsible for the content on this website and reservations booked directly through our site, the booking process is done through Booking.com. The information you enter on this page will also be available to Booking.com and its partners. This may include personal information such as your name, contact information, payment details, guest names traveling with you, and any other information you provided when booking.
Your personal information may be shared with the BookingSuite B.V. headquartered at Herengracht 597, 1017 CE Amsterdam, Netherlands, the company managing this website and the website of suite.booking.com.
7.2. Business partners and employees of business partners
For the purpose of communicating with our business partners and suppliers, for which we have a legitimate interest, we collect contact details of business partners of physical persons, contact details of persons authorized to represent legal persons and contact details of their employees we are in contact with in our business relationship. We do not collect any personal data from our business partners, but only official contact information (name, family name, work place, official telephone or mobile phone, email address) that business partners regularly make available to other entities as part of their regular business. When we are in a contractual relationship with a business partner who is a physical person, in addition to the above information, we may collect other data necessary for the execution of contractual and legal obligations (e.g. billing, payment and reporting on public affairs related to work contracts and copyright contracts and for the realization and defence of legal requirements that may arise in connection with a contractual relationship).
7.3. Recipients of our newsletter
ROYAL HOTELS & RESORT may occasionally send you a newsletter to inform you about special offers and events. We will send you a newsletter only if you have given us your consent. Consent is voluntary, and may be withdrawn at any time. You can withdraw your consent by clicking on the marked area in the newsletter.
To receive a newsletter, you can sign up on our website or at the hotel. In order to receive our newsletter, we need your name, last name and email address.
Newsletter dissemination is performed by our processing agent, Rocket Science Group LLC, based in the United States via its Mailchimp service. The protection of your data is ensured by entering into the standard contract clauses in the text approved by the European Commission. Furthermore, Rocket Science Group LLC has obtained a certificate in accordance with EU-US Privacy Shield and is therefore deemed to provide an adequate level of protection of personal data.
More information on how the Rocket Science Group LLC handles your data can be found at the following link https://mailchimp.com/legal/privacy/#1._The_Basics
7.4. Filing a job application at ROYAL HOTELS & RESORT
If you are interested in working at ROYAL HOTELS & RESORT, you can sign up at email@example.com. ROYAL HOTELS & RESORT handles the personal data of candidates, whether the candidates voluntarily apply to a published job advertisement for a specific position, or submit an open application. The personal data of the candidate will be processed for the purposes of selecting the candidate for employment (review of received applications, contacting the candidate for the purpose of calling for a test and interview). The submitted data will also be processed for statistical purposes and to reply to your requests. In the event that we invite you for testing and/or an interview, this and the results of the test and/or interview will be recorded in your file. The legal basis for processing your personal data for employment purposes is your consent (Article 6 (1) (c) of the General Data Protection Regulation). You can give us your consent to process your data only for the purposes of the specific selection process, but also for the purposes of future employment. If you are applying for a specific job placement, and you have not indicated that you want your information processed for future employment opportunities, then we will not contact you if there is a need to work in the future for a specific position. For future employment purposes, we will contact you only if you have sent us an open application or you have given your application for a specific open position.
The legal basis for processing data for statistical purposes, responding to your requests, as well as the fact that we have tested and/or interviewed you, is our legitimate interest (Article 6 (1) (f) of the General Data Protection Regulation). Our legitimate interest is to increase the efficiency of the selection process. Please provide only the information relevant to your application and selection of candidates (name and surname, date of birth, residence and contact information, completed education and work experience) in the documents you submit as attachments, and protect your privacy by avoiding the delivery of surplus data. If you choose to provide any additional information, such as your photo or information about your interests and hobbies, we will deem that you have provided such information for processing for employment purposes. Your personal information will not be shared outside Croatia. In case you submit the application on behalf of another person, it is your responsibility to ensure that that person is familiar with the provisions of this Privacy Statement and has consented to the processing of the information. The personal information we collect based on your consent will be retained until you withdraw the given consent or until the need for their retention otherwise ends, whichever comes first. The data collected based on our legitimate interest (the circumstance for which you were invited to the test and/or interview and regarding the results) will be kept for five years.
7.5. Video surveillance
ROYAL HOTELS & RESORT uses video surveillance at its facilities and the areas it manages for the following purposes:
control of entries and exits from workrooms and premises and to reduce the exposure of workers to the risk of break-ins, burglary, violence, theft and similar events at work or in connection with work,
to protect the safety of guests and other persons who, for any reason, find themselves in the area under our control and for the protection of their property,
protection of property of ROYAL HOTELS & RESORTS,
preventing unauthorized entry into the premises of ROYAL HOTELS & RESORTS,
Reducing the risk and increasing the protection of individuals with regard to performing currency exchange transactions.
The legal basis for the application of video surveillance for the purposes described above is our legitimate interest, while for the activities of performing currency exchange transactions, we have a statutory obligation to use video surveillance for the supervision of currency exchange. Recorded videos are kept for a period of six months. We will keep them longer, if necessary for the purposes of a court or other procedure. Samples obtained via the video surveillance system will not be delivered to third parties unless there is a request or order from an authorised state body (e.g. police, state attorney, courts, labour inspectorate). Recordings may be used as evidence in court, administrative, arbitration or other equivalent proceedings, in accordance with the applicable procedural rules in such proceedings.
7.6. Collecting data through our website
When using our site, some data (which may include personal data) is collected automatically. This information includes language settings, IP address, location, device settings, device operating system, login information, usage time, required URL, status report, user agent (browser version information), operating system, visitor results (visit or reservation), Search History, User Booking ID, and Data Type. We can also automatically collect data through cookies. For more information about cookies, please click here. The information contained herein does not disclose your email address or identify you in any other way. Identifiers such as IP addresses that we collect in our analytics reports are processed only for the purpose of identifying the number of unique visitors to our site and geographic area you are visiting from, and we will not go in to identify the identity of individual visitors. Collecting these data allows us to customize your user experience, improve the performance of our site, and measure the effectiveness of our marketing activities.
If you would like to apply for the right to access your data, you can contact our privacy officer by e-mail firstname.lastname@example.org or by post to: ROYAL HOTELS & RESORT doo, Kardinala Stepinca 31, 20 000 Dubrovnik (for Data Protection Officers). Your rights related to personal data processing are as follows:
the right to access your personal information (the right to obtain information about which of your data are being processed and the details of their processing). Before we give you this information, and to avoid potential misuse, we may ask you to prove your identity,
the right to correct personal data,
the right to delete personal data,
the right to limit the processing of personal data,
the right to object to processing of personal data based on our legitimate interest,
the right to transfer of data,
the right to exclude you from decisions based solely on automated processing, including the creation of a profile. To this regard, please note that we do not apply such decision-making processes.
the right to withdraw the given consent.
The ability to exercise the above rights depends on the reason and basis on which we process your information. For example, in the event that we are legally obliged to keep personal information for a specified period, we cannot delete them, even if you request it. We will respond to your request within one month of receipt. In the case of a complex nature of your request or if we have received a large number of requests, we will notify you that we will be able to act upon your request in a period longer than one month, and we will certainly act upon your request within three months of your receipt. Your request can be accepted or rejected if we evaluate it as unfounded. In the case of placing claims that are unfounded or excessive, we reserve the right to charge a reasonable fee or refuse to act upon the request, which we will notify you in advance. If you are not satisfied with our response, you may be entitled to file a complaint with the supervisory body, whether in Croatia or another EU Member State. In Croatia, the Supervisory Authority is the Personal Data Protection Agency, Martićeva ulica 14, 10 000 Zagreb, e-mail: email@example.com