I Data collection
We will collect only those personal data that are necessary for fulfilling our contractual and legal obligations, whereas we will inform you of the purposes for which we collect the same.
Also, we will collect other personal data (such as email for example) based on your explicit consent.
Personal data shall be processed lawfully, fairly and in transparent manner. We will process your data in accordance with the relevant legal provisions regulating the protection of personal data.
Prior to collecting your personal data, we will inform you of the data processor, its details and contacts, purpose of the processing.
A data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files.
We are the data controller as defined by relevant data protection laws and regulation and these are our contact details:
BIKE&BOAT ADRIATIC j.d.o.o.
Address: Brnini 23, 51215 Kastav
Email address: email@example.com Telephone: +38591 524 6077
You have the right to:
– access your personal data held about you and to learn the origin of the data, the purposes and ends of the processing, the details of the data controller(s), the data processor(s) and the parties to whom the data may be disclosed;
– withdraw your consent at any time where your personal data is processed with your consent;
– update or correct your personal data so that it is always accurate;
– delete your personal data from our records if it is no longer needed for the purposes indicated above;
– restrict the processing of your personal data in certain circumstances, for example where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
– obtain your personal data in an electronic format; an
– submit a complaint with us and/or the relevant data protection authority.
You may exercise these rights by contacting us providing your name, email address, account identification, and purpose of your request.
We will collect and use your personal data that you freely provide to us:
A) for the purpose of providing you with travel/accommodation services, for realisation of the services requested, for providing information regarding your travel or other travel related services prior or during your travel, regulatory reporting and compliance, internal accounting and administration; where we will use only those data that are necessary for providing travel services and meeting the legal requirements in Croatia,
B) after your travel, we will use your personal data for statistic purposes, activities for improving our services and, in you provide us with explicit consent to send you newsletters and information on our special offers, travels etc. (using mailproviders outside or within EU).
The type of personal information we collect about you is the information that is needed to facilitate your travel arrangements and bookings and to arrange travel related services and/or products on your behalf. We typically process the following types of personal information about you necessary to provide you with travel services:
• contact information (such as name, residential/mailing address, telephone number, email address); • payment account information (credit/debit card details, including card type, card number, security number and expiry date);
• passport or ID details;
• travel period;
• information about your dietary requirements and health issues (if any); and
• other details relevant to your travel arrangements or required by the relevant travel service provider(s).
In general, we obtain the personal data directly from you. If data is obtained from a third party we will endeavour to inform you.
We take care of the security of your personal data, use the adequate technology and defined processes in our work, educate our employees in relation to the protection of personal data and perform regular internal analysis of compliance with the relevant legal provisions.
We will keep your personal data for five years after providing the travel/accommodation services, or
longer if prescribed by law.
In case of consent for marketing communications, we will keep your personal data as long as you do not withdraw your consent to receive marketing communications.
IV Your rights
The aforementioned rights are however not without limitation. Laws and regulations may authorise or oblige the company to deny your request. However, your right to object the processing of your personal data for direct marketing purposes is unconditional.
On your request, we will inform you of your personal data we process; where the personal data are not collected from the data subject, any available information as to their source; allow you with access to your personal data in our database, and provide you with the copy of the personal data undergoing processing stipulating the purpose of processing and the ground for processing, or request that we transmit them direct to a third party.
Based on your request, we will update or correct your personal data so that it is always accurate. Under certain circumstances you may have the right to request that we erase personal data
You may exercise these rights by contacting us via email: firstname.lastname@example.org providing your name, email address, and purpose of your request.
We will provide you with without undue delay.
Please note that laws and regulations may authorise or oblige us to deny your request.
V Data transfer
We do not and will not sell, rent out or trade your personal information.
We will only transfer (disclose) your personal information to third parties in the ways set out in this Notice and, in particular, as set out below, to fulfil our contractual or legal obligations, in which cases we require third parties to undertake sufficient levels of protection of personal data, as applied by us.
Your personal information may be disclosed to the following types of third parties:
– our contractors, suppliers and service providers of trips that we book on your behalf, including without limitation: suppliers of IT based solutions that assist us in providing products and services to you (such as any external data hosting providers we may use);
– travel service providers such as travel wholesalers, tour operators, airlines, hotels, car rental companies, transfer handlers and other related service providers;
– mailing houses, courier services;
– external business advisers (such as lawyers, accountants, auditors and recruitment consultants);
– third party to whom we assign or novate any of our rights or obligations;
– a person making your travel booking on your behalf, where you are travelling on a booking made on your behalf by another person (for example, a family member, friend or work colleague);
– your employer, where you are an employee of one of our corporate, business or government clients and you are participating in an event or travelling for work purposes;
– as required or authorised by applicable law, and to comply with our legal obligations;
– regulatory bodies and law enforcement officials and agencies.
Also, if you as a passenger concludes the insurance policy, we will disclose his/her details to the insurance company.
By sending us an enquiry, you confirm that you have freely provided us with your personal data contained in such enquiry and that you allow us to use the same for providing you with travel offers requested by you, with travel/accommodation services.
For the stated purposes, your personal data may be disclosed to the following parties who operate as third party data controllers:
– our agents, other insurers,
– advertising networks to send you marketing communications,
We do not share your personal data with non-affiliated third parties for their own marketing use without your permission.
VI Newsletters and marketing communications
You may want to receive marketing communications (including special promotions and offers) from us that are sent using newsletter providers with seat in EU or outside the EU.
In this case, we will require you to provide us with your email address.
At any point of time you may decide you no longer wish to receive communication from our firm and unsubscribe.
VII Securing the safety of your personal data
We will maintain your privacy and restrict the access to your data only for those employees that are engaged in travel/accommodation services providing.
We will implement technical and organisational measures appropriate to secure personal data from unauthorized access or use, and we use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the General Data Protection Regulation and ensure the protection of the rights of the data subject.
VIII Protection of your rights
If you feel we have violated any of your rights arising out of the laws regulating the data protections, you have the right to object to us processing your personal data by sending us an objection via email: email@example.com
We will respond latest within 30 days from receiving your letter.
Also, you have the right to lodge a complaint with the competent supervisory authority.
IX How can you contact us
If you have any queries about how we use your personal data, you can contact us by email or post as follows:
firstname.lastname@example.org / Brnini 23, 51215 Kastav, Croatia
We will post an up-to-date version on our web site.
This data protection policy was made on 24th of May 2018.