2. WHO IS DATA CONTROLLER?
As the data controller, D-Resort Šibenik has implemented numerous technical and organizational measures to ensure the comprehensive protection of personal data processed through our website and on our premises. In case of any questions regarding your personal data or our data protection practice, do not hesitate to contact us:
Obala Jerka Šizgorića 1
22 000 Šibenik, Croatia
Tel : +385 22 331 452
Data protection officer (DPO): email@example.com
3. PERSONAL DATA WE COLLECT
D-Resort Šibenik collects your personal data and other information, such as your personal identification and contact details, business identification and contact details, other contractual details, mailing and billing address, financial and payment information, guest preferences, other information related to your reservation, stay or visit, information about vehicles you bring onto our property, publicly available information etc. This includes but is not limited to the following: name and surname, personal PIN, passport number, nationality, address, date of birth, gender, (mobile) phone number, e-mail address, profession, food and communication preferences, accommodation and spending details, transportation/travel details, membership number, details about insurance, credit card and invoice details and other types of information that you choose to provide to us or that we are obliged or allowed to obtain about you.
4. HOW WE USE YOUR DATA
Processing of your personal data is based on a particular lawful basis. We fully respect the principle of purpose limitation, so your personal data are collected for specified, explicit and legitimate purposes and will not be further processed in a manner that is incompatible with those purposes.
Primarily, processing of your personal data is necessary for us to provide you with the service you have requested or it is necessary for the performance of a contract with you (e.g. making a reservation and processing payment).
In certain cases we are required to process your personal data to comply with the legal obligations (e.g. guest registration in e-Visitor system).
Additionally, following the consent obtained from you, we may process your personal data for some other specific purposes, such as sending promotional and advertising materials and providing you with personalized services.
We strive to provide you with the best possible service, so certain things we consider as our legitimate interests, in accordance with your reasonable expectations. Among others, such legitimate interest would be carrying out a voluntary satisfaction survey after your visit to D-Resort Šibenik, to understand our guests' needs and improve our everyday business.
If you have any concerns regarding purposes for which we process your personal data or wish to obtain more information, please contact us at firstname.lastname@example.org.
5. YOUR CONSENT AND CHOICES
As a part of the check-in process, we allow you to choose freely whether you e.g.:
- wish to receive marketing information and promotional offers related to D-Resort Šibenik and our partners
- want us to provide you with personalized services according to your expressed wishes and preferences
- Agree that we share your personal data within Dogus Group (Doğuş Holding A.Ş.), to ensure the provision of tailor-made services in all Dogus facilities in and outside the EU
- etc. (other possible legitimate and specified processing purposes, depending on the development and improvement of our services and the respective practice).
By marking the respective box on our consent form you will affirmatively express your consent to one or more of the above-stated purposes of processing (“opt-in“). Categories of personal data that are being processed for a certain purpose are strictly limited to those that are necessary (e.g. identification details and e-mail address for marketing) and/or those that were provided by you as an expression of your preferences or demands (e.g. food or room preferances).
You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on your consent before its withdrawal. If you wish to exercise this right, please contact us at email@example.com.
6. YOUR RIGHTS
According to the GDPR, you are entitled to exercise the following rights:
Right of access
You have the right to ask us to confirm whether we are processing your personal data and to inform you on how they are being processed, in particular - for what purpose(s), which categories of personal data, are we sharing your data with anyone, how long will they be stored etc. You can also obtain a copy of your personal data being processed by D-Resort Šibenik.
Right to rectification (correction)
You have the right to request rectification of your personal data that are inaccurate, as well as the right to have your incomplete personal data completed. This can be done through submitting a request to us or providing a supplementary statement.
Right to erasure (“right to be forgotten“)
In certain circumstances, you are entitled to demand erasure of your personal data, in particular when your data is no longer necessary in relation to the purposes for which they were collected and processed, if your data have beeen unlawfully processed or if you withdraw your consent on which the processing was solely based and there is no other legal ground for processing of your personal data. However, in accordance with the GDPR, we shall not comply with your request for erasure of personal data, if processing of such is necessary for compliance with legal obligations, exercising the right of freedom of expression and information, for the establishment, exercise or defence of legal claims and other.
Right to restriction of processing
You have the right to request that D-Resort Šibenik limits the processing of your personal data in certain cases, such as:
- during the process of responding to your request to update or correct personal data;
- if processing of your data was unlawful, but you do not want us to erase your data;
- in case we no longer require your personal data for the purposes of the processing, but you want us to retain them for the establishment, exercise or defence of legal claims;
- when you have submitted an objection to processing based on our legitimate business interests, pending our response to such objection.
In case you have obtained restriction of processing of your personal data, D-Resort Šibenik shall inform you prior to lifting such restriction.
Right to data portability
You have the right to request that D-Resort Šibenik provides you (or a third party that you designate) with your personal data in a structured, commonly used and machine-readable format. Please note that the right to data portability applies only to personal data that you have provided to us, the processing was carried out by automated means and based on your consent or was necessary for the performance of a contract.
Right to object
You have the right to object to processing of your personal data:
- for direct marketing purposes and activities (including profiling related to such marketing);
- for statistical purposes, unless such processing is necessary for the performance of a task carried out for reasons of public interest;
- if the processing is based on our legitimate business interests, unless we are able to demonstrate compelling grounds for such processing or we need to process your personal data in relation to legal claims.
In case you express an objection to our marketing acitivities, we shall immediately cease to process your data for that purpose.
Automated individual decision-making, including profiling
In conducting its business, D-Resort Šibenik does not make decisions based solely on automated processing, including profiling, which would produce legal effects concerning you.
Human intervention/involvement is always a part of our decision-making process and you are welcome to express your point of view on issues concerning you.
For exercising any of the aforementioned rights, we would kindly ask you to contact us at firstname.lastname@example.org. After receiving your e-mail, we will provide you with the written request for exercising the rights regarding your personal data, as well as all the necessary instructions and additional information. We shall respond to your request without undue delay, usually within 30 days of our receipt of your request, unless there are extraordinary circumstances, which you will be duly notified about.
If you have any other questions about our data practices or the exercise of your rights, please do not hesitate to contact us at email@example.com.
In any case, you have the right to lodge a complaint with the supervisory authority.
In Croatia, the competent body is Croatian Personal Data Protection Agency, Martićeva 14, 10 000 Zagreb, www.azop.hr.
7. RECIPIENTS OF YOUR DATA
In conducting our business, providing you with the services you requested and to ensure compliance with our legal obligations, we may share your personal data with other subjects. This includes but is not limited to: public (regulatory or government) authorities, persons and departments within D-Resort Šibenik responsible for the processing of your personal data, IT administrators, external IT maintenance company, business partners that provide specific travel or leisure services upon your request or other similar service providers and suppliers that work on our behalf for the performance of any contract.
8. TRANSFER OF DATA OUTSIDE THE EU
In accordance with the GDPR, we use appropriate safeguards for such transfers - the EU standard contractual clauses. To obtain a copy of theses clauses or additional information on our third-country data transfers, you may send your request to firstname.lastname@example.org.
9. HOW LONG WILL YOUR DATA BE STORED?
We take seriously the GDPR principles of data minimisation and purpose and storage limitation. D-Resort Šibenik retains your personal data for the time necessary to accomplish the purpose for which they were collected, usually for the duration of any contractual relationship and a certain period thereafter. Our retention policy reflects our legitimate business needs, applicable statute of limitation periods and legal requirements. After the expiry of the applicable terms or when the purpose for processing is no more applicable or ceases to exist, your personal data will be securely deleted or anonymized.
10. PERSONAL DATA PROTECTION
D-Resort has implemented various technical and organisational measures to protect your personal data from unauthorized access, loss, disclosure, modification or destruction, and to keep it accurate and up-to-date. Our employees, as well as service providers with whom we may share your personal data, are also obliged to exercise reasonable efforts and to ensure the confidentiality and security of your data. In the event that, despite all the security measures undertaken, the confidentiality or availability of your personal data is somehow compromised, we shall immediately notify the competent supervisory authority and/or data subjects, in accordance with the applicable laws or regulations.
11. CHANGES TO THIS POLICY