Hotel A’mare, that is HOSTEL 4 YOU d.o.o. za turizam i ugostiteljstvo, having its registered office at Nikola Tesla Street 12B, Zadar, PIN: 64747198806, company’s (court) registration number: 110048329 (hereinafter referred to as “we” or “Hotel”), respects your privacy and hereby, in accordance with the applicable personal data protection provisions, including the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the “GDPR”), wishes to provide you with information regarding the personal data we collect, how we collect it, and the legal basis on which we process your personal data.
We are aware of our responsibility to protect your personal data, to keep it secure, and to comply with applicable personal data protection provisions. For the purpose of this Privacy Notice, “personal data” has the meaning given to it by applicable personal data protection provisions, including the GDPR.
The data controller and the company responsible for processing your personal data is HOSTEL 4 YOU d.o.o. za turizam i ugostiteljstvo, having its registered office at Nikola Tesla Street 12B, Zadar, PIN: 64747198806, company’s (court) registration number: 110048329. In order to ensure that your data is secure and to protect it from unauthorised access, loss or modification, we apply technical and organisational measures. We have ensured that your data can be accessed only by those persons who have a business need for it, solely for the purposes that are permitted and of which you have been notified, and that these persons are obliged to keep your data confidential. If you suspect any unauthorised use, loss or unauthorised access to your personal data, please notify us. If you have any questions regarding the protection and processing of your data by us as the Data controller, please feel free to contact us via email: email@example.com or by mail to the address of our Hotel at: Ulica bana Josipa Jelačića 4A, 23000, Zadar, “Attn.: Data Protection Officer”.
2. The types of personal data we collect
Personal data includes any data relating to an identified natural person or other data by which a person can be identified. We collect and process different types of your personal data, depending on our relationship with you and services you use.
When you book accomodation, you enter into an agreement for accommodation service with us. We collect information about you that are necessary to establish a contractual relationship and make the reservation. Prior to your arrival, we will collect and process information necessary to provide you with the best possible service and to prepare ourselves for your arrival.
In any case, we collect and process your personal data for legitimate purposes and based on valid legal grounds, which you can read more about in the Legal Basis for Personal Data Processing section below.
Personal data we collect (including, but not limited to):
- full name, gender, preferred gender pronoun, date of birth, Personal Identification Number (OIB), and similar identifiers, as well as data found on personal identification documents (ID card, passport, or driver’s license);
- address, email address, phone number, language preference;
- payment information and account or credit/debit card details;
- information regarding you stay, including arrival and departure dates, purchased goods and services, specific requests, preferences for certain services (e.g., cleaning), dialled telephone numbers;
- marketing data, including information about your contact preferences;
- technical data such as IP address, login data, location data, time zone, browser type and version, operating system, and other data about the technology you use to access our website and how you interact with it, our products, and services.
Special categories of personal data
As a general rule, we do not collect special categories of personal data, such as data concerning race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, data concerning health, genetic or biometric data, or data concerning criminal offenses. However, we may collect and process your health data when it relates to allergies you have informed us about (e.g., before or during the consumption of food in our restaurant) in order to fulfil our contractual obligation and with your explicit consent. Additionally, as part of providing spa and wellness services, we may collect health-related data, again with your explicit consent. Furthermore, if you have made publicly available any data from special categories of personal data, we may also collect and process such data.
3. Reasons and methods for collecting personal data
We are a business entity engaged in providing, among other services and activities, hospitality accommodation services. In course of our operations and activities, we collect various types of your personal data, depending on our relationship with you and the reasons for our communication. We collect your personal data directly from you, indirectly, or automatically.
Directly from You
We collect your personal data directly from you (including, in some cases, special categories of personal data):
- when you book an accommodation reservation, submit a request, or otherwise provide us with your personal data;
- in the registration process (check-in and check-out activities);
- when you make a payment;
- when you have any additional requests or complaints;
- when you communicate with us on social media or via email;
- during your stay at our hotel or when using our services (restaurant, spa, wellness);
- when you inform us about your preferences and allergies in relation to our restaurant services;
- when you as u guest attend events organized by us;
- when you leave comments about your stay;
- when you provide us with your contact information;
- when you join our loyalty program;
- when you contact us in relation to the job applications and/or you submit to us an open job application.
Please note that this is a general list of cases and scenarios in which we may collect personal data from you, and the specific data collected may vary depending on the circumstances and the services provided.
We collect your personal data indirectly when it is provided to us by another legal or natural person, for example, if the data about you is provided to us by our business partner, or an agency or intermediary through which you have arranged an accommodation service in our hotels (e.g. accommodation booking platform). We may also obtain data about you from your payment service provider or advertising service provider or if another person makes a booking for you. When reservation is made for you by another person, we consider that the latter person has your consent or is relying on an applicable legal basis to provide us with your personal data.
Where you provide personal data of third parties (for example, names and contact details of your family members in connection with bookings or family memberships), you confirm that you have their consent or rely on applicable legal basis to provide their personal data to us. We recommend referring them to this Privacy Notice.
We collect your personal data through automated systems, for the purpose of improving our service or for security, for example, we record certain data about your device when you connect to our network (for security reasons and to enable you to use the free internet), when you use this website we collect certain information about how you use our site, as well as device data (such as IP address, browser type), electronic systems in our rooms record the time of you entering the room, our telephone devices in our hotel rooms automatically record incoming and outgoing calls, etc.
4. Legal bases for the use of personal data
In order to respect the lawfulness of processing personal data, we process personal data only if and to the extent that at least one of the following is met:
- you gave your consent for processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you are a party or in order to take certain actions at your request prior to the conclusion of the contract;
- processing is necessary to comply with our legal obligations as the controller;
- processing is necessary to protect the vital interests of you or other natural persons;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the legitimate interests pursued by us or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
We usually process your personal data in cases where processing is necessary or on the basis of:
- for the purpose of performing a contract, for example, when you make a reservation for accommodation at our hotel, you enter into an agreement for accommodation service with us. We collect information and data about you that is necessary for us to establish a contractual relationship, make a reservation, and later fulfil our contractual obligation.
- for compliance with legal obligations, for example, issuing invoices and other documentation in accordance with accounting regulations, registering guests in the e-Visitor system, which we also do to comply with our legal obligation.
- with your consent:
i. when you have shared with us health data, biometric data, data about disabilities, sensitive data from official identification documents if applicable, data about religious or philosophical beliefs, sexual orientation, political views etc.,
ii. when you join our loyalty program,
iii. for any other purposes for which we have obtained your explicit consent, in accordance with applicable laws.
- based on our legitimate interests, for example, to protect property and for security reasons, we use surveillance cameras to record shared areas in our facilities (e.g., reception), or for guest record keeping, communication and business management when we contact a guest via their email address or by delivering a leaflet to request completion of a guest satisfaction survey or questionnaire, or when we send promotional offers (direct marketing). We rely on legitimate interests as a basis only if our legitimate interests as the data controller are not overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the data subject is a child.
However, for certain types of personal data processing, multiple legal bases may be applicable. For example, when booking an accommodation at our hotel, we process your personal data (identification, contact, and financial data) based on three legal bases: the performance of a contract, compliance with a legal obligation and legitimate interests.
5. Direct marketing and statistical data analysis
Ever once in a while we would like to use your personal data to send you our marketing messages and information that we think may be of interest to you, including, but not limited to information about our hotel, tours, new products and services, news about our membership program, satisfaction surveys, offers and promotions, etc (direct marketing). The latter will be sent to you either by email, SMS/MMS messages, phone calls, push notifications etc., all based on a legitimate interest.
Please be informed that you may choose not to receive any kind of communication from A'mare Hotel (including direct marketing communication) and you can opt-out from receiving such communications at any time, free of charge, by following the unsubscribe instructions contained in such communications or by sending a written request by e-mail to: firstname.lastname@example.org
Also, for purpose of our strategic planning and improving our service, we use statistical data analysis. This means that, based on a legitimate interest, we will process the data we have collected and processed about you on other legal basis – for another purpose. When we process your data for statistical purposes, we continue to use it exclusively in an aggregated, depersonalised form. This means that this data can no longer be linked to you in any way and no longer represents your personal data.
We and our service providers use various technologies to collect information, including cookies. Cookies are small data files stored on your hard drive or in device memory that help us improve our site and your experience. We do not use this data to identify you, nor do we use third party cookies for this purpose. Some cookies we collect last only during your use of our site, and some last a little longer, so that we can recognise you when you access our site again. For more information about cookies, and how to disable them, please see our Cookies Policy.
7. Third Party Recipients of personal data
We share your personal data with others only when it is permitted by the law, when it is necessary in order for us to fulfil our contractual obligation or in cases where you have agreed to share your personal data with a third party (e.g. in the case of using cookies). Below please find few examples of when we will share your personal data with other recipients:
- with the e-Visitor system, in accordance with the regulations on the provision of hospitality services and the manner of keeping a list and registration of tourists;
- with service providers for the reservation system and the guest database system that we use in our business, with whom we have concluded appropriate data processing agreements;
- with payment service providers with whom we have concluded agreements on the processing of personal data;
- in case of an investment, a merger or acquisition in the future, we may share your personal data with the new owners of the company, and certain personal data may also be transferred during the purchasing process, to potential customers and their advisors, as part of the due diligence process;
- with advisory service providers, consultants, professional advisors such as attorneys at law, auditors, or accountants, marketing and market research agencies, technical support service providers and IT consultants, etc.
8. Cross-border data transfers
9. Data storage and retention periods
We store your data as long as it may be necessary in accordance with the purpose for which it was collected. After the expiry of the retention period, we will delete the data, and in cases where this is not technically possible, we will make the data unreadable. In the event that we still need some data for legitimate business purposes after the retention period has expired, we will take appropriate steps to anonymise that data.
We store data based on our legitimate interest in accordance with justified and reasonable business needs.
We store the data we collect on the basis of consent, until the consent is withdrawn.
According to the law, we must keep data stored in e-Visitor system for 10 years, and we keep data on our guests for at least two years from the year they stayed in our hotel.
If we use your credit card data for the purpose of guaranteeing your reservation, we will keep this information in our systems for a maximum period of 30 days after your check-out. If the guarantee is used and we charge your card, this information will be retained for a longer time period, in line with accounting regulations.
Video recordings are kept for a maximum of 6 months unless the law prescribes a longer retention period or they serve as evidence in court, administrative, arbitration, or other equivalent proceedings.
10. Your rights (data subject rights)
Right of access. You have the right to access your personal data at any time by sending a request requesting that we provide you with all your personal data that we process.
Right to rectification and right to erasure. You have the right to request an update, rectification or supplementation of your personal data at any time. You have the right to request the deletion of your personal data. We will comply with your request if we do not have a legal obligation or a valid reason of a legal or business nature for which we should continue to keep it. Right to restriction of processing. You have the right to object to certain processing activities, for example, if we process your personal data on the basis of a legitimate interest. Right to data portability. You have the right to request a transfer of personal data to another service provider.
Right to withdraw your consent. In the event that we process your data on the basis of consent, you are entitled to withdraw your consent at any time. We will stop processing personal data collected on this legal basis without delay. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to submit a complaint. You are also entitled to submit a complaint to the supervisory authority for data protection: the Croatian Personal Data Protection Agency, Selska cesta 136, 10000 Zagreb, tel: +385 (01) 4609-000, e-mail: email@example.com, web: www.azop.hr
If you have any questions regarding the protection and processing of your data by us as the Data controller, please feel free to contact us via email: firstname.lastname@example.org or by mail to the address of our Hotel at: Ulica bana Josipa Jelačića 4A, 23000, Zadar, “Data Protection Officer”.