Notice of Personal Data Processing via the website www.plitivice.com
Grabovac 102, Rakovica
VAT ID: 28609922905
Contact: +385 47 784 192
DATA PROTECTION OFFICER (DPO)
The data controller has appointed a data protection officer. They can be contacted for further information about the processing of personal data, to request access to your data, to lodge a complaint or objection regarding the processing, or to seek any other information related to the processing of your personal data.
DPO contact: email@example.com
COLLECTED AND PROCESSED DATA – PURPOSE AND LEGAL BASIS
Personal data may be collected through this website for the following purposes:
- Responding to inquiries/requests and receiving notifications about special offers.
- Making accommodation reservations.
- Improving the functionality of the website features and providing a better user experience.
- The data collected for the purpose of responding to inquiries/requests or for subscribing to receive information about special offers and promotions may include the following categories:
- Contact information
Such processing is necessary for the performance of the requested service or for taking steps prior to providing the requested service, and the processing is lawful under the General Data Protection Regulation (Article 6(1)(b) of the GDPR). In case the requested data is not provided, we will be unable to respond to the inquiry or request, and the user will need to contact us through alternative means.
- The data collected for the purpose of accommodation reservations may include the following categories: • User identification • Contact information • Stay details • Credit card information.
Such processing is necessary for the performance of the requested service or for taking steps prior to providing the requested service, and the processing is lawful under the General Data Protection Regulation (Article 6(1)(b) of the GDPR). In case the requested data is not provided, the user will not be able to make a accommodation reservation through the website and will need to make the reservation through alternative available methods.
- Personal data may be collected through this website for the purpose of improving the functionality of the website features and providing a better user experience.
For this purpose, non-intrusive cookies are used, and user consent is obtained before their use, except for necessary cookies. The data collected is anonymous and does not contain individual identification information.
The processing of data is based on consent and follows the General Data Protection Regulation (Article 6(1)(a) of the GDPR). The user can manage cookies and withdraw their consent throughout their visit to the website. Withdrawal of consent does not affect the lawfulness of the processing conducted prior to the withdrawal.
In certain situations, personal data may be processed based on established legitimate interests. When processing is based on this legal basis, individuals have the right to object to such processing. However, processing cannot be restricted or suspended if there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or when the processing is necessary for the establishment, exercise, or defence of legal claims. Such processing is in accordance with Article 6(1)(f) of the GDPR.
The processing activities we carry out based on legitimate interests are as follows:
- a) VIDEO SURVEILLANCE
Purpose of processing: Video surveillance is carried out for the purpose of protecting individuals and property.
Retention period of recordings: Up to 3 days, or in the case of an incident, up to 6 months. A longer retention period is possible if the recordings are evidence in a judicial, administrative, arbitration, or other legal proceedings.
Other recipients: Video recordings can only be provided upon request to competent authorities (such as the police or court) when necessary for official proceedings and cannot be disclosed to other individuals.
The collected data is not processed for any other purposes.
- b) NEWSLETTER
Data that may be processed: Email address.
Purpose of processing: Marketing. The newsletter may be used to deliver information about our services, including details about special offers and promotions.
Method of collection: Directly from the data subject. If the email address used for newsletter delivery is obtained through another source, the data subject will be informed during the first contact.
At any time, the data subject can raise an objection to the processing of their email address for marketing purposes and can restrict or entirely prohibit such processing.
RECIPIENTS OF PERSONAL DATA
The collected personal data may be shared with providers of IT and communication solutions and services who act as our data processors.
These processors provide reasonable guarantees and have implemented appropriate technical and organizational measures to ensure data protection and compliance with the requirements of the GDPR. Agreements/contracts for the processing of personal data have been concluded with these processors based on the European Commission’s Implementing Decision (EU) 2021/915 on standard contractual clauses between controllers and processors as a separate part of the contract. The agreement/contract specifies in detail the handling of personal data, and these processors are not authorized to process personal data without our instructions or disclose them to third parties.
Personal data is not disclosed to third parties for direct marketing purposes.
PERIOD OF DATA RETENTION
Personal data collected through this website is processed until the purpose for which the data was collected is fulfilled. After the purpose ceases to exist, the personal data is no longer processed. However, certain personal data (such as an email address) may continue to be processed based on legitimate interests (for marketing purposes, such as sending information about our services) as long as there is a legitimate purpose for the processing or until such processing is restricted or entirely prohibited by raising an objection or unsubscribing from the recipient list.
DATA COLLECTED THROUGH SOCIAL MEDIA
The pages and profiles we manage on social media platforms (such as Facebook, Instagram, etc.) always clearly indicate the accurate and full name of the data controller. Personal data of our contacts that we collect through these platforms is only used for the purpose of responding to inquiries or comments, and the data is not processed for any other purposes.
- GENERAL TERMS
WHAT ARE COOKIES? A cookie is a piece of information stored on your computer by the website you visit. Cookies typically store your preferences and settings for the website, such as preferred language or address. When you revisit the same website, your web browser sends back the cookies belonging to that website. This allows the website to display information tailored to your needs.
WHAT INFORMATION CAN COOKIES STORE?
Cookies can store a wide range of information, including personal information (such as your name or email address). However, this information can only be stored if you enable it. This website cannot gain access to information that you have not provided, and it cannot access other files on your computer. The default activities of storing and sending cookies are not visible to you. However, you can change your web browser settings to choose whether to accept or decline cookie storage requests, automatically delete stored cookies when closing the web browser, and more.
WHAT IS THE PURPOSE OF COOKIES?
The purpose of cookies is to ensure the proper functioning of the website, further improvements, and to enhance the user browsing experience.
COOKIES BASED ON FUNCTION
Technical cookies – necessary cookies (always active) – essential for the functioning of the website and cannot be disabled in our systems. They are typically set in response to your actions, such as cookie settings, login, or form filling requests. You can set your browser to block these cookies or to provide you with a warning about them, but in that case, some parts of the website may not work. These cookies do not store any information that could personally identify you.
Functional cookies (can be disabled) – enable the website to provide enhanced functionality and personalization.
Statistical cookies (can be disabled) – allow tracking of visits and traffic sources for the purpose of measuring and improving the effectiveness of the website.
Marketing cookies (can be disabled) – used to track users across websites and display targeted advertisements.
Session cookies, also known as temporary cookies, are removed from your computer once you close the web browser. Session cookies are used by websites to store temporary data, such as items in a shopping cart.
Persistent cookies – Persistent or stored cookies remain stored on your computer after closing the web browser. Websites use them to store data such as login credentials, so you don’t have to log in every time you visit a particular site. Persistent cookies can remain on your computer for days, months, or even years.
First-party cookies – First-party cookies come from the website that the user is visiting and can be either persistent or temporary. With the help of these cookies, websites can store data that will be reused during the user’s next visit to that website.
Third-party cookies – Third-party cookies come from advertisements on other websites (such as pop-up or other ads) that are present on the website the user is visiting. With these cookies, websites can track internet usage for marketing purposes.
TYPES OF COOKIES WE COMMONLY USE
- Session cookies – These are temporary cookies that expire (and are automatically deleted) when the internet browser is closed. The website uses session cookies to provide access to content.
- Persistent cookies – These cookies usually have a future expiration date and remain in the user’s browser until they expire or are manually deleted. The website uses persistent cookies to better understand the habits of its users, to improve the website based on visitor preferences. This information is anonymous.
- Third-party cookies – There are several external services that can store limited cookies on computers. These cookies are not set by this website, but some are used to enable certain features that facilitate user access to content.
- Strictly necessary cookies: These cookies are technically necessary for managing our website and providing the required functionality and services. This type of cookie is considered essential under Directive 2002/58/EC on privacy, and user consent is not required for them. The processing of associated data is based on consent and our legitimate interest in optimizing usability and user experience.
- Non-essential cookies (marketing/analytics and third-party content): These cookies require your explicit consent for data processing. If you do not consent to them, they will not be collected, and your personal data will not be processed. This will not impact the functionality of the website.
- Web analytics: Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We have entered into a data processing agreement with Google regarding the use of this service. The data generated by cookies about the usage of our website by users is typically transmitted to and stored on Google servers in the United States. This process will only occur if you consent to the collection of Google Analytics cookies when visiting our website. In this case, Google will process the data collected by cookies on our behalf to evaluate the usage of our website and provide us with reports on website activity, which we can analyse. The purpose of Google Analytics is to analyse traffic on our website. In simple terms, Google collects data and information to assess the usability of our website and provide online reports that help us improve the user experience. Google may disclose this data to third parties as required by law or if the analysis is conducted on behalf of Google by a third party. We want to emphasize that we have implemented additional protection measures by including the “gat._anonymize();” code in Google Analytics on this website to ensure the anonymous collection of IP addresses (known as IP masking). Due to IP address anonymization on this website, Google will truncate the IP address of users. In the configuration of Google Analytics, we have ensured that Google receives this data as a data processor and is not permitted to use it for its own purposes. For more information about Google Analytics and the processing of personal data, you can refer to this link.
CONSENT FOR COOKIE STORAGE
By using the website without changing the settings to withhold consent for cookie storage, you accept the use and storage of cookies on your computer. If you do not consent to the storage of cookies, their storage will be disabled, and you will still be able to browse this website, although certain features may not be fully available.
In the control panel, you can manage non-essential cookies on this website. By disabling cookies, you decide whether to allow the storage of cookies on your computer. Additionally, you can accept or reject some or all cookies by adjusting your browser settings. Cookie settings can also be controlled and configured within your web browser. The following links provide information on how to change settings for some of the most used web browsers:
Please note that disabling cookies may impact the functionality and user experience of the website.
ADDITIONAL INFORMATION ON DISABLING COOKIES
Some browsers offer the ability to navigate the Internet in “private” or “incognito” mode, limiting the amount of data stored on your computer and automatically deleting persistent cookies set on your computer or mobile device when you finish your browsing session. There are also many third-party applications you can add to your browser to block or manage cookies. You can also delete cookies that have previously been set in your browser by selecting the option to clear your browsing history, including the option to delete cookies. For more detailed information on cookies and adjusting browser settings, you can visit the following links:
Please note that the provided links offer comprehensive information on cookies and provide guidance on adjusting browser settings to manage or disable cookies according to your preferences.
SECURITY OF PERSONAL DATA PROCESSING
We collect and process personal data in a manner that ensures appropriate security and confidentiality in their processing, as well as enables the effective implementation of data protection principles, data minimization, processing scope, storage period, and accessibility. To achieve this, we have implemented appropriate technical and organizational security measures that provide a level of security commensurate with the risks posed by the data processing and the nature of the personal data being protected, considering the characteristics and costs of their implementation.
We ensure the highest level of data protection for users of our reservation system. For secure data transmission between users’ computers and our servers, we use an “AWS” certificate and SSL technology with 128-bit data encryption. All personal data, including personal identification numbers, credit card numbers, or other payment information provided by users through the reservation system, are transmitted exclusively through a secure connection with 128-bit data encryption.
We regularly review data processing activities that may pose risks to individuals’ rights and freedoms, and we have implemented appropriate measures to protect personal data from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure, or access, especially in cases where data transfers occur over networks, as well as from any other unlawful forms of processing.
EXERCISE OF RIGHTS
Right of Access
At any time, you can request confirmation of whether your personal data is being processed and obtain detailed information about the processing, particularly regarding the purpose of the processing, the types/categories of personal data being processed, including access to your own personal data, the recipients or categories of recipients, and the envisaged storage period for the personal data.
Right to Rectification
We ensure the right to rectification, and you can promptly obtain the correction of inaccurate personal data and the completion of incomplete personal data.
Right to Erasure
You have the right to request the deletion of your personal data. If the request is justified and there is no legal obligation for us to retain the data, the data will be deleted without undue delay.
Right to Restriction of Processing
You have the right to request the restriction of processing of your personal data in cases provided for by the General Data Protection Regulation. You can restrict the processing of personal data based on legitimate interests as a lawful basis for processing.
Right to Object
You have the right to object to the processing of your personal data in all cases provided for by the General Data Protection Regulation. Specifically, you can object to processing based on legitimate interests as a lawful basis for processing and restrict or completely prohibit the processing.
Right to Lodge a Complaint
If you believe that the processing of your personal data has violated your rights under the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority, the Croatian Personal Data Protection Agency, located at Selska ulica 136, Zagreb.
For further information about the processing of personal data or to exercise your rights, you can contact us through our Data Protection Officer or other contact details provided.
Data Protection Officer: firstname.lastname@example.org
After verifying your identity, we will respond to your inquiry within 30 days in the usual electronic format unless otherwise requested.
Last updated: May 2023.