1. Definitions
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data subject
The data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.
g) Controller or controller responsible for the processing
The controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
h) Processor
Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor, and persons authorized to process personal data under the direct authority of the controller or processor.
k) Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
2. Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in member states of the European Union, and other provisions related to data protection is:
Tourist Guide Croatia
Website: https://touristguidecroatia.com/
Email: lea@tourguidecroatia.com
Phone: +385-97-728-1113
3. Cookies
The website of Tourist Guide Croatia uses cookies. Cookies are text files that are stored in a computer system via an Internet browser. Many Internet sites and servers use cookies. Through the use of cookies, Tourist Guide Croatia can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.
Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, for example, does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is stored on the user’s computer system.
Data subjects may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used and may thus permanently deny the setting of cookies. Already set cookies may be deleted at any time via an Internet browser or other software programs.
4. Collection of general data and information
The website of Tourist Guide Croatia collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be:
- the browser types and versions used
- the operating system used by the accessing system
- the website from which an accessing system reaches our website (so-called referrers)
- the sub-websites
- the date and time of access to the website
- an Internet protocol address (IP address)
- the Internet service provider of the accessing system
- any other similar data and information that may be used in the event of attacks on our information technology systems
When using these general data and information, Tourist Guide Croatia does not draw any conclusions about the data subject. Rather, this information is needed to:
- deliver the content of our website correctly
- optimize the content of our website as well as its advertisement
- ensure the long-term viability of our information technology systems and website technology
- provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack
This anonymously collected data and information is therefore analyzed statistically and further with the aim of increasing the data protection and data security of our enterprise.
5. Contact possibility via the website
The website of Tourist Guide Croatia contains information that enables a quick electronic contact to our company, as well as direct communication with us, which also includes a general email address. If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
6. Routine erasure and blocking of personal data
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
7. Rights of the data subject
a) Right of confirmation – Each data subject has the right to obtain confirmation as to whether or not personal data concerning them are being processed.
b) Right of access – The data subject has the right to obtain free information about their stored personal data and a copy of this information.
c) Right to rectification – The data subject has the right to obtain the rectification of inaccurate personal data.
d) Right to erasure (Right to be forgotten) – The data subject has the right to request the erasure of personal data concerning them without undue delay.
e) Right of restriction of processing – The data subject has the right to request restriction of processing where a legal ground applies.
f) Right to data portability – The data subject has the right to receive the personal data concerning them, which was provided to a controller, in a structured, commonly used and machine-readable format.
g) Right to object – The data subject has the right to object to processing of personal data.
h) Automated individual decision-making, including profiling – The data subject shall have the right not to be subject to a decision based solely on automated processing.
i) Right to withdraw data protection consent – The data subject has the right to withdraw their consent to processing of their personal data at any time.
8. Legal basis for the processing
Article 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, processing is based on Article 6(1) lit. b GDPR.
If our company is subject to a legal obligation by which processing of personal data is required, the processing is based on Article 6(1) lit. c GDPR.
9. Period for which the personal data will be stored
The criteria used to determine the storage period of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted.
10. Existence of automated decision-making
We do not use automatic decision-making or profiling.
11. Data protection for job applicants
The controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. If the controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship. If no employment contract is concluded, the application documents shall be deleted six months after notification of the refusal decision.
12. Security
We use appropriate technical and organizational security measures to protect your personal data against loss, manipulation, destruction or unauthorized access.
13. Changes to this Privacy Policy
We may update this privacy policy from time to time. We encourage you to review this policy periodically to stay informed about how we are protecting your information.
14. Data Protection Provisions About the Application and Use of Instagram
We have integrated components of the service Instagram on this website. Instagram is a service that may be qualified as an audiovisual platform, which allows users to share photos and videos.
17. Data Protection Provisions About the Application and Use of YouTube
We have integrated components of YouTube on this website. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review, and commenting on them.
18. Legal Basis for the Processing
Article 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract, the processing is based on Article 6(1) lit. b GDPR.
19. The Legitimate Interests Pursued by the Controller or by a Third Party
Where the processing of personal data is based on Article 6(1) lit. f GDPR, our legitimate interest is to carry out our business in favor of the well-being of all our employees and shareholders.
20. Period for Which the Personal Data Will Be Stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted.
21. Provision of personal data as statutory or contractual requirement; requirement necessary to enter into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
The provision of personal data may be partly required by law (e.g., tax regulations) or can also result from contractual provisions (e.g., information required for a contract). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data when our company signs a contract with them. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.
Before personal data is provided by the data subject, the data subject must contact us. We will clarify on a case-by-case basis whether the provision of the personal data is required by law or contract, or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and the consequences of non-provision of the personal data.
22. Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.
