Processing Information / Privacy Policy

Information on the Processing of Personal Data / Privacy Policy

Effective Date: April 10, 2024

This privacy statement outlines how we collect and utilise information, including personal information, that you provide to us in person, by mail, or through our website. It also explains how we manage your personal data and how you can access and modify it.

Controller

Mima d.o.o., Nikole Tesle 88, 31400 Đakovo,, MBS 030010812, Commercial Court in Osijek, Company ID (OIB): 44747899659

Contact person (Data Protection Officer)

hotel-djakovo@hi.t-com.hr

Definition of personal data processing

Processing personal data refers to any operation or set of operations performed systematically on data related to an individual (the data subject) by a data controller, processor, or an authorised third party. This includes various activities such as collecting, recording, making available, adapting or modifying, retrieving, using, disclosing through transmission, disseminating, storing, exchanging, or combining personal data. It also encompasses blocking and destroying clients’ personal data.

Principles for Processing Personal Data

When handling the personal data of individuals, the data controller must prioritise the highest standards of personal data protection. Specifically, the controller is required to adhere to the following principles:

Personal data must be processed in compliance with applicable laws, specifically Law No. 18/2018 on the Protection of Personal Data and the EU General Data Protection Regulation. The process should be fair and transparent. When handling personal data, the controller must safeguard the rights of data subjects and fully respect those rights. Personal data should be collected only for specific, clearly defined purposes and processed in a particular manner. Only data that is adequate, relevant, and necessary for these purposes should be collected. Additionally, personal data should only be stored for the time required to fulfil the purpose for which it was processed.

Types of Personal Data Collected

You have the choice to decide which personal data you wish to share with us. If you choose not to provide certain information, we will respect your decision. However, please be aware that this might impact the quality of the services we can offer you. This does not apply if we need to process specific personal data to meet a legal obligation.

We collect the following personal data: name, surname, telephone number, country, and email address.

Automatically Collected Personal Data and Third Parties

Our website uses cookies to enhance the quality of the services we provide. Cookies are small text files that contain specific information, allowing the controller to identify a user’s computer during communication.

Cookies are stored on the hard drive of the user’s computer by their web browser. Please note that cookies are only stored with the user’s consent, and you can disable them later in your web browser settings.

Service providers that use cookies are bound by confidentiality agreements, which are valid throughout the EU. They are prohibited from using your personal data for their own purposes or any other unauthorised purposes.

How we will receive your personal data:

– E-mail communication

– Newsletter subscriptions

– E-commerce registrations

Legal Basis and Purpose of Processing

Applicable Legal Bases: To Comply with Legal Obligations: In certain cases, the personal data provided may be used to prepare for pre-contractual relations or to implement the terms of a contract (e.g., donation agreements, cooperation agreements, etc.). Additionally, it may be used to comply with requests from law enforcement authorities when required by law.

To Fulfil Legitimate Interests: This includes providing relevant content on our websites, emails, and newsletters, as well as improving and promoting our products, services, and website content for administrative purposes.

When using your personal data to pursue our legitimate interests, we always prioritise your rights and interests above our own.

If required by applicable law, we will ask you to provide your consent to the processing of your personal data. You can withdraw your consent at any time by emailing the Data Protection Officer.

Furthermore, we use your personal data for the following purposes: sending you news about promotional campaigns, sending you news and updates about our activities, answering questions you may have, for example, via the contact form on the relevant website; improving the user experience on our website. We use your personal data for surveys and analyses that may be carried out by a third party on our behalf. We may share or publish the results of such surveys, in an anonymous and aggregated form, with third parties.

We utilise your personal data for analytical purposes and to enhance our services, user experience, functionality, and overall quality of our online offerings. If we process your personal data using automated methods that could have legal implications or significant effects on you, we will take appropriate measures to safeguard your rights and freedoms. This may include displaying relevant advertisements based on an analysis of your behaviour on our website.

Storage of Personal Data

When your personal data is processed to fulfil a contract, the data controller is legally required to maintain that data for the duration of the contractual relationship, which is typically five years, unless there are regulations that specify a longer retention period.

In other situations, we will retain your personal data until you withdraw your consent and/or for two years. Additionally, we may keep it for a longer period if necessary to provide services, comply with applicable regulations, or resolve any disputes.

Your Rights

We want you to have full control over how your data is used. You have the following rights:

Right to Access Personal Data: You have the right to request confirmation of whether your personal data is being processed. If it is, you are entitled to access that data and receive relevant information. In this case, the controller will provide you with a copy of the personal data being processed.

Right to Erasure (“Right to be Forgotten”): You have the right to request the controller to erase your personal data without undue delay if certain legal grounds apply. This is particularly the case if you withdraw your consent for data processing. However, the controller may not be obliged to fulfil this request if the processing of your data is necessary to comply with legal obligations.

Right to Restriction of Processing: You have the right to request that the controller restrict the processing of your personal data if certain conditions are met. For example, you can request this if the personal data being processed is inaccurate or if its processing is unlawful.

Right to Data Portability: If you have provided your personal data to a controller and the processing of that data is based on your consent or is necessary for a contract, and if it is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request the controller to directly transmit your data to another controller.

Right to Rectification: You have the right to request that the controller correct any inaccurate personal data it holds about you without undue delay. Additionally, you can request that any incomplete personal data be completed, which may include providing a supplementary statement.

Right to Object and Withdraw Consent: If your personal data is processed based on your consent, you have the right to withdraw that consent at any time in accordance with applicable law.

Right to Complain: If you believe that the processing of your personal data violates applicable regulations, particularly the GDPR, you can file a complaint with the Croatian Personal Data Protection Office through their website at the Croatian Personal Data Protection Agency – https://azop.hr.

Questions and Complaints

If you have any questions or concerns about how your personal data is being processed, or if you would like to exercise any of your rights as outlined in this data protection statement, please contact the data protection officer mentioned in this statement. You may also direct your inquiries and complaints to the Croatian Personal Data Protection Agency at https://azop.hr.