1) Data processing controller
Travel Croatia DMC with the company headquarters registered in Petrova street number 120 in Zagreb is the data processing controller, in agreement with General Data Protection Regulation.
Data processing covers a range of operations performed on personal data, including the collection, storage, use, consultation or transfer of personal data. Personal data means any information relating to an identified or identifiable natural person who is or can be identified, directly or indirectly.
Travel Croatia DMC has established Personal Data Protection Regulations in accordance with the aforementioned General Data Protection Regulation and applicable to all the personal data of natural persons collected and processed by the data processing controller directly or by his partners.
Data processing controller can be contacted in the following ways:
- By email: firstname.lastname@example.org
- By phone: +385 21 545 104
- By mail: 4. gardijske brigade 5, 21 204 Dugopolje, Croatia
2) The principles of personal data processing
The principles that Data processing controller applies in processing personal data:
- Legality, honesty, and transparency – processing is based on one of the following parameters:
- Processing is necessary for compliance with legal obligations to which the controller is subject
- Processing is necessary to perform the contract in which the data subject is a party, or in order to take steps at the request of the data subject prior to entering the contract
- Processing is necessary to protect the vital interests of the data subject or another natural person
- Processing is necessary for the purposes of legitimate interests pursued by the controller or the third party, except where such interests are overridden by interests of fundamental rights and freedoms of data subjects which require protection of personal data, in particular where the data subject is a child
- The data subject has given his consent to the processing of the personal data concerning him or one or more specific purposes
- Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequacy, relevance and limitedness only to data essential for the execution of the purpose for which they were collected
- Accuracy and up-to-dateness.
- Personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Integrity and confidentiality – personal data are processed in a manner that provides appropriate security for personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by the implementation of appropriate technical and organizational measures.
- Reliability – data controller is responsible for the aforementioned principles and willing to submit proof of their implementation.
3) How your personal data is collected
Travel Croatia DMC collects personal data in the following ways:
- By direct contact, regardless if you contact us by phone, send us an email, complete contact form on our website or come to our office in person.
- If you use our services.
- If our partners provide your data to us in a legitimate way.
4) What data of yours is collected
Travel Croatia DMC collects only the data essential to achieve the purpose for which they were collected. The list of all the data items can be provided to you upon request.
5) How we use your personal data
The collected personal data are used for the following purposes:
- Creating the best tailor-made offer to suit individual and group preferences.
- Fulfilling contractual obligation.
- Disclosing the personal data to third parties in order to fulfill contractual obligation. This includes possible data transfer to the countries outside European Union.
- Assessing satisfaction with the fulfillment of contractual obligation.
- Dealing with possible reclamations.
- Fulfilling legal regulations.
6) Your personal data safety
All your personal data are stored in a business data system, protected by codes and encryption, and accessible only to particular employees necessary to perform business tasks.
7) Your personal data storage length
We keep your personal data as long as it is necessary to fulfill contractual obligation and for legitimate purposes (including reclamations), or until withdrawal of consent if processing is based on consent. In case legal regulations prescribe a longer storage period, personal data are stored in agreement with regulations in force. The data that are no longer stored are permanently erased and anonymised.
8) Your rights
According to General Data Protection Regulation, you have the following rights:
- The right to obtain the following information when the data are being collected:
- Identity and contact information of the data controller o Purpose and legal basis of the processing
- Legitimate interests of the data controller o Recipient or categories of recipients
- Data transfer to third countries
- The right to obtain from the controller confirmation showing:
- Whether your personal data are being processed o How your personal data are being processed
- The purpose of the processing
- Which personal data of yours are being processed
- The right to consult your personal data we possess
- The right to have your incorrect or outdated data corrected
- The right to have your personal data erased
- The right to have your personal data transferred to another data controller
- The right to withdraw your consent
- The right to require limitation of processing