This data protection info sheet informs you which personal data Hoteli ML d.o.o., in what way and for what purpose, in an automated manner, and what your rights as affected person (data subject) are.
2. Controller (Responsible)
Controller (hereinafter referred to as “the Controller”) is the ML Hoteli d.o.o., Sklanica 65, 51217 Klana, Croatia, e-mail: firstname.lastname@example.org.
3. Collection and processing of persona data
The protection of your personal data is a matter of special importance to us. Your personal data will therefore only be processed to the extent that is permitted by law and required for the fulfillment of the respective purpose (registration, provision of services, medical treatments, fulfillment of legal obligations and legitimate interests, sending information material and advertising, sending a newsletter, customer analyzes).
Following personal data is collected and processed for the purpose of providing our services:
1. For the purposes of hotel registration and registration to the competent authority:
- First name and last name
- date of birth
- place of birth
- residence: city, state and zip code
- gender (male or female)ID type (ID card or passport) and ID number
- name of children: first and last name, date and place of birth, gender, nationality,
- ID details of spouse
2. For the purpose of fulfilling the contractual obligations and obligations deriving from the business relationship:
- First name and last name,
- personal address,
- telephone number,
- car plate number/ license plate,
- travel document,
- issuing authority,
- date of issue,
- expiry date,
- tax number,
- member or loyalty card,
- family relationship to other profiles
- name of spouse, date and place of birth,
- special requirements
- credit card/payment details
- copy of ID card for exchange office transactions
- other ways of transportation: flight number, arrival time, GPS co-ordinates
- guest preferences (sea view or park view, room type)
- additional packages (baby sitter, wellness, …)
- date of birth, various anniversaries, divorces, family death cases
- room set up: romantic, corporate clients
We need your explicit consent in order to process the above-listed health data (allergies and special requirements). You can revoke your consent at any time. Please note that in the event that you do not give your consent or revoke it during our business relationship, we cannot fully provide our services, hence, you take advantage of our services at your own risk.
3. For the purpose of being informed about offers and services of the Hotel Olea**** and to be contacted for customer surveys:
- postal address
- mobile phone number
- e-mail address
In doing so, we use the following communication channels: e-mail, post and sms
In order to inform you about offers and services and to contact you for customer surveys we need your consent which you give in a Double-Opt-In-form. Without giving your consent we cannot send you any information or contact you in this regard.
4. For the purpose of providing and improving the services and personalizing the offers and services to suit your needs (profiling):
- date of birth
- dates of anniversaries, shoe and T-shirt size for MICE group participants
- enrolling into animation activities (puzzle games, camps, competition …)
Profiling is the process in which a responsible person (data controller) collects process personal data for the purpose of providing and improving the services and personalizing the offers and services to suit guest’s needs. However, no decisions which could have legal effect or could harm you in any way will be made by automated means.
We can process the following data in our system Protel: Name, gender, title, personal address, nationality, region, telephone number, email-address, birthday, license plate, travel document, issuing authority, date of issue, expiry date, company, occupation, tax number, member card, photo, remarks, family relationship to other profiles.
We can allocate the following reservation-related data to your profile: past reservations, future reservations, invoices, offers, confirmations, notes and questionnaires.
Personal data you provide will be processed until you revoke your consent.
You can revoke your consent at any time, free of charge and without stating reasons at the hotel reception, by email to email@example.com.
5. Taking photos at events and courses
We have a legitimate interest to take photos at events and courses and to publish them on our website for marketing purposes.
If you do not agree with this, you can object to this processing and the publication any time at the hotel reception, by email firstname.lastname@example.org
6. Video surveillance
For the purpose of public security there may be video surveillance at the hotel entrance, hotel reception, exchange offices, kitchen areas, garage entrances, beach and pool-bars, area around wellness buildings and staff houses. Videos are stored on stand-alone hard disks at each location, and access is provided to external security companies, IT administration person and GM hotels.
Taken videos can be stored for the maximum period of 6 months (Croatia). Taken videos at the exchange office legally have to be stored minimum 72 hours in Croatia.
For the purpose of public security in tourist resorts, there may be a main entrance gate to the resort, where guest needs to provide the name and/ or reservation number in order to proceed, car registration plates/ license plates are input into registration list manually.
7. Transmitting personal data to third parties
Your personal data are not transmitted to third parties except in the following cases:
- when we are legally obliged to transmit the data based on e.g. Criminal Law, Criminal Procedure Law,
- for services outside the hotel area, upon your request (e.g. taxi, restaurant reservation, yacht, etc.)
- in case of medical emergencies, data has to be transmitted to authorized medical personnel;
- based on your explicit, written consent;
For payment processing purposes, your bank details are forwarded to electronic payment services.
8. Data processing on behalf of the Controller
Where processing is to be carried out on behalf of the Controller by the Processor, the Controller remains liable for the protection of your personal data.
External Processors are arranged only to perform activities that are necessary to provide our services, such as mailing services, services provided by tourist agencies, tourist guides etc. All external Processors are committed to comply with the applicable data protection regulations. Processing agreement based on Article 28 GDPR has been concluded with every external data processor.
Your personal data is transmitted to the following external data processors:
- Protel Hotelsoftware Austria GmbH
- A1 Telekom Austria AG, Wien
- Point d.o.o., Split, HR
- MC Sistemi d.o.o., Ljubljana, SLO
- Revinate Inc., San Francisco, CA, USA
- Facebook Inc., Menlo Park, CA, USA
- Instagram Inc., San Francisco, CA, USA
- Twitter Inc., San Francisco, CA, USA
- YouTube LLC, San Bruno, CA, USA
- Nor1 Inc; Santa Clara, CA, U.S.A.
We primarily arrange external processors within the European Union. We will only arrange processors outside the European Union if (i) there is a European Commission adequacy decision for the third country concerned or (ii) we refer to the standard contractual clauses of the European Commission or (iii) if there are appropriate guarantees, e.g. the EU / US privacy shield with the third country or (iv) there are binding internal contractual data protection clauses with the processor.
For further information about the external processors you can send your enquiries to email@example.com .
9. Google Analytics
Our websites use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies” (text files stored on users’ computers) which allow an analysis of the website usage. The information generated by the cookies about the use of the websites by the users are usually transmitted to a Google server in the USA and are stored there.
In the case of the IP anonymization activation on our websites, the Google users IP address will be shortened beforehand within European Union.