Rules on protection of privacy
The company MEUS d.o.o. having its registered seat in Zagreb, Ulica Ivane Brlić Mažuranić 2C, PIN: 53383792707 (hereinafter: the Company and/or the Controller
), as registered tourist agency My Istria, considers protection
of Your privacy and safety very important. The Company is committed to protection of all personal data of the users of its services.
These Rules on protection of privacy do not regulate protection of personal data of property owners and of other providers and business associates of the Company whose protection of personal data is regulated separately.
By these Rules on protection of privacy the Company wishes, with a view of ensuring fair and transparent processing, to provide the users of its services clear information on processing and protection of their personal data and enable them with simple supervision and management over their personal dana and consents.
We reserve the right to amend these Rules on protection of privacy at any time and for any reason. The users shall be informed about each amendment to these Rules on protection of privacy on the web page www.myistria.com (hereinafter: the Webpage
These Rules shall enter into force on the day of their publishing on the Webpage.
If you have any questions relating to protection of personal data, please contact us by sending an e-mail message on the e-mail address: [email protected]
These Rules on protection of privacy explain:
• Which personal data we collect and process from You;
• Manner in which we obtain Your personal data;
• Purpose of processing and period of storage of personal data;
• Legal basis pursuant to which the Controller uses Your personal data;
• With whom the Controller shares Your personal data;
• How does the Controller safeguard Your personal data;
• Rights of the Data Subject and
Which personal data we collect and process from You
We collect only necessary, basic data on users required for fulfilment of our obligations i.e for achievement of a specific legal purpose of processing.
The Controller can collect Your personal data when performing its business, including when You contact the Controller, ask information from the Controller, use the Webpage of the Controller or use the services of the Controller.
The personal data the Controller collects and processes from the user of its services and/or Webpage (hereinafter: the Data Subjects
• personal data for identification
: name and surname;
• contact details
: e-mail address, number of mobile phone and/or phone;
• history of purchases of services of the Controller
• technical data
(number of visits of the Webpage or receipt and use of materials and communications sent by the Controller to the Data subject by means of electronic communication) collected with the cookies;
• data on transactions
: partial number of the bank card, amount, time and location of the transaction;
• and other data
which the Data subject provides the Controller with (for e.g. number of persons who will be staying in the villa, number of children/babies (without their personal data designation).
The Controller does not process special categories of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, data concerning health or data on sex life or sexual orientation of the individual nor personal data relating to criminal convictions or offences.
Manner of collection of personal data
The Controller collects personal data of the Data subject in various manners, including:
• as part of the business processes of the Company and during fulfilment of obligations from the contract on provision of the services of the Company, especially in relation to reservation of property (villas) and processing of Your reservation;
• during browsing of the Webpage, including also e-mail communication sent to and from the Company;
• during participation in the Webpage contest or survey;
• when the Data subject delivers information during the direct communication with the Company, including personal communication with the Company and online communication via Webpage or e-mail.
When the Controller collects Your personal data in any of the aforesaid manners, it uses them solely for the purpose designated at the moment of collection of such data.
Depending on the type of the activities, some of the required data are designated as mandatory and some as voluntary. If You do not provide mandatory data for the activity requiring them, You will not be allowed to engage in such activity.
Purpose of processing and period of storage of personal data
When the Controller collects and processes personal data, he does so in order to:
- A. fulfill its obligations from the contract on provision of services of the Company;
- B. offer the services of the Company on the market, including by sending newsletters to the Data subjects and improvement of the services of the Company, measuring satisfaction with the services of the Company and undertaking contests and surveys on the Webpage;
- C. manage the relations with the Data subjects (users of the services of the Company and/or Webpage) and other persons while conducting its business and analyze and administer the Webpage, including supervision of the use of the Webpage and make available the data requested by the Data subject;
- D.- fulfil any of its legal obligations.
A. USE OF THE SERVICES OF THE COMPANY
The Controller as the provider of tourist agency services processes from the users of its services (Data subjects) the following personal data: name and surname, number of mobile phone and/or number of phone and e-mail address and data on transactions (partial number of the bank card, amount, time and location of the transaction).
Said personal data are collected with a purpose of entry into and execution of the contract on provision of services of the Company (reservation of the property (villa) by the Controller as the provider of the service, and execution of business processes which include resolution of the requests from the users (Data subjects) and disputes with the users of the services (Data subjects).
Within the scope in which it is reasonably necessary in relation to the services of the Company, it is possible that we will have to share Your personal data with third parties. Please see part of these Rules under heading Persons withwhich the Controller shares Your personal data.
Personal data collected with a purpose of execution of contractual obligations of the Controller are, in general, stored for five years at maximum as of the date of termination of contractual relations between You and the Company, depending on the circumstances of the subject case, except if a longer period of storage of personal data is determined by applicable national or EU regulations. The Controller shall not storage Your personal data longer than it is necessary and legal and shall process them solely for purposes for which such data were collected.
Data on transactions are stored permanently due to legal obligations of the Controller pursuant to applicable accounting regulations.
B. MARKETING AND DEVELOPMENT AND ADVANCEMENT OF THE SERVICES OF THE COMPANY
Personal data You have delivered to the Controller during the registration (name, surname number of mobile phone and/or phone and e-mail address) the Controller can use in order to find out:
• do You read e-mails of the Company, including newsletters, whether by downloading attachments in the e-mails or by opening links;
• do You open web links, link for un-subscription or other links included in the e-mail messages and marketing materials (newsletter) of the Company;
Some of the said data on Data subjects (name and surname, e-mail address) the Controller is using to send marketing messages (newsletters, e-mail notification on the services of the Company) to the users of the services of the Company, provided the Data subject consented to the same.
If You do not wish to receive said marketing messages (newsletters, e-mail notifications about services of the Company), You can unsubscribe at any moment on the Webpage www.myistria.com, by clicking on the unsubscribe link at the bottom of each newsletter or by sending an e-mail at: [email protected]
When the Company organizes contests and/or surveys with a purpose of its promotion You can be required to deliver some additional personal data, above the identification data which are defined by the contest rules.
The Controller stores Your personal data collected for this purpose permanently i.e. until the recall of Your consent (if the same was required for specific purpose for which the personal data was collected) after which they will be deleted i.e. destroyed. Exceptionally, in relation to the personal data collected for the purpose of the contest, the Controller shall store personal data of the Data subject only as necessary for fulfilment of the purpose for which they are collected and not longer that six months as of closing the contest and after that the same are deleted i.e. destroyed.
C. MANAGING RELATIONS WITH THE USERS
The Controller, as provider of the services of the Webpage www.myistria.com, for the purpose of visit of the Webpage, resolving problems, execution of administrative tasks and/or making contact with the users of the Webpage, processes the following personal data: name, surname, e-mail address, number of mobile phone and/or phone, IP address of the Data subject.
Personal data collected for this purpose are kept permanently or until the Data subject requests the deletion of its data.
D. FULFILMENT OF LEGAL OBLIGATIONS OF THE CONTROLLER
Asides from the aforesaid, the data on name, surname, number of mobile phone and/or phone, e-mail address of the Data subject and data on transactions (partial number of the bank card, amount, time and location of the transaction) the Controller processes also in order to fulfil its legal obligations for example from accounting and bookkeeping regulations and consumers protection regulations.
Personal data collected for this purpose are stored in accordance with the deadlines prescribed by applicable regulations.
Basis for processing of personal data
The Controller processes Your personal data pursuant to the following basis:
• execution of contract on provision of services of the Company;
• legitimate interest of the Controller for: provision of services of the Webpage and management of the same, for resolution of disputes and procedures between the Controller and the Data subject, for sharing personal data with third parties as in details defined by these Rules on protection of privacy; for screening habits of the users of services of the Company for the purpose of advancement of the services of the Company;
• explicit consent of the Data subject for receiving the marketing messages (newsletters, e-mail notifications on services of the Company), participation in contests and/or surveys of the Controller, and
• fulfilment of legal obligations of the Controller.
Persons with which the Controller shares Your personal data
The data delivered to the Company, the Controller can based on its legitimate interest share with the owner of the property (villa) You have made reservation for using the services of the Company, and in order to conclude the reservation process. For the said purpose the Controller delivers to the owner of the property (villa) data on Your name, surname, number of mobile phone and/or phone and data on transactions (partial number of the bank card, amount, time) (if applicable) as well as additional data relating to the reservation, if You have delivered them to us. After the executed reservation the Controller will deliver to You the contact details of the owner of the property (villa) and if available please read the privacy statement of the owner of the property (villa) in order to understand how the owner processes Your personal data. Processing of personal data by the owner of the property (villa), except for those data shared with the owner by the Controller is not under control of the Company and the Company does not undertake any responsibility for the same.
The Company can share Your personal data with third parties in accordance with the contractual obligations with the same. Said represents legitimate interest of the Controller. Such third parties (business partners of the Controller) include:
• providers of the insurance services;
• advisors and auditors,
• providers engaged by the Company for performance of services on behalf of the Company, including IT services providers; and
• other persons engaged by the Company in order to provide You with the services including delivery services, lawyers, professionals and translators.
Security of Your personal data
1. The Company takes the security of personal data seriously and has undertaken various precaution measures to secure Your personal data. The personal identification data of the Data subjects are kept on the server accessible only to designated persons and providers.
2. Unfortunately, not single transfer of data through the internet or any wireless network is 100% safe, and the Company cannot guarantee protection of any information transferred to or from the Webpage and shall not be liable for actions of any third party to which such data become available.
This Webpage can contain links to other web pages. My Istria cannot be held responsible for any processing of Your personal data by such pages. For further information we advise You to read the rules on privacy (if applicable) on the subject web page.
3. In accordance with the applicable regulations on protection of personal data, the Company uses technical and organizational measures for security of personal data from unauthorized access, use, disclosure or destruction.
4. In order to secure the personal data of the Data subjects and privacy of the same the Company upholds appropriate physical, technical and organizational measures of protection and performs maintenance and safety tests on permanent basis. The Company restricts access to the Data subjects data in a manner it grants access to the same exclusively to the authorized persons directly working on provision i.e maintenance of the service and upgrading the quality and billing of the services. Additionally, the Company continuously trains its personnel on importance of keeping confidentiality and privacy and safety of personal data and we engage partners with whom we stipulate appropriate safety measures.
Rights of the Data subjects
1. Right to an objection
– The Controller is trying to ensure the highest standards of processing of personal data and has serious approach to resolving each objection of the data subject.
If You consider the processing of personal data by the Controller contrary to data protection regulation please inform thereabout in written form at the address of the Controller (Stari Pazin 23, Pazin, to attn. of the Controller – do not open) or by sending an e-mail at: [email protected]
You can submit Your objection also to the supervisory authority – Data Protection Agency, Zagreb, Martićeva 14 and supervisory authority within the EU.
2. Right of access
: Any data subject is entitled to request details on personal data the Controller is processing in relation to her/him and on the manner of processing.
3. Right to rectification
: If the Controller processes Your personal data which are incomplete or inaccurate, You can request at any time the Controller to compete or rectify such data. Please inform us in case of any changes of Your personal data by sending an e-mail at: [email protected]
for us to be able to update Your data.
4. Right to erasure
(„right to be forgotten“): You can request from the Controller the erasure of your personal data if processed unlawfully or such processing represents disproportionate intrusion in Your protected interests. Please take into account that there are reasons disabling the immediate erasure, for e.g. in relation to mandatory archiving obligation prescribed by the law.
5. Right to restriction of processing
: You can obtain from the Controller restriction of processing of Your data:
• if You contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of such data;
• if the processing is unlawful, but you oppose to the erasure and request the restriction of their use instead;
• if the data are no longer needed for the purposes of processing, but they are required for the exercise of legal claims; or
• if you have objected to processing of such data.
6. Right to Data Portability
: You can request the Controller to receive the personal data which You have provided to the Controller in a structured, commonly used and machine -readable format:
• if such data are processed based on consent given which can be redrawn or for performance of a contract and
• if the processing is carried out by automated means.
7. In specific circumstances, any data subject is also entitled to right to request cessation of any unauthorized transfer
of his/her personal data to third parties
and request that the Controller does not transfer personal data relating to him/her to the third parties.
8. Exercise of right: If you wish to exercise any of the aforementioned rights, please contact us by using our contact details from the heading of these Rules.
9. Confirmation of identity: In case of doubt we can request additional information to check Your identity. The purpose is to protect Your rights and private sphere.
10. Misuse of rights: If you use any of the abovementioned rights with a clear intention of misuse the Controller can charge You with the administrative fee or refuse to process Your request.
11. When You object to processing of Your personal data by the Controller or when you redraw Your previously issued consent, there is a possibility that the Company will not be able to achieve the purpose of processing explained in these Rules on protection of privacy or that You will not be able to use our services. The redrawing of consent does not affect the lawfulness of processing based on the same consent until the moment when it was redrawn.
12. When You object to processing of Your personal data by the Controller or when you redraw Your previously issued consent, it is important You understand that the Company can continue to process Your personal data in a scope necessary or in other manner permitted by the law.
Consequences of refusal to provide personal data and management of consent
1. In case You do not provide Your personal data requested by the Company in order to conclude and perform the contract on provision of services of the Company, the contract cannot be executed since the Controller will not be able to perform the contract.
2. In case You do not consent or subsequently redraw the consent for receipt of our marketing messages, You will not receive our marketing messages (newsletters, e-mail notifications on services of the Company) or surveys the Company sends in order to improve its services.
3. The consent You have issued to the Controller for specific purpose of processing You can redraw at any time in which case Your personal data collected based on such consent we will no longer use for such specific purpose.
4. Granting and redrawing of consent can be executed at any time on the Webpage www.myistria.com, by clicking the unsubscribe link at the end of each newsletter or by sending an e-mail at: [email protected]
5. If You wish to grant a new consent, You can do so at the Webpage.
If You have any questions regarding these Rules on protection of privacy, please contract the Controller at: [email protected]
or by regular mail at the address of the Controller stipulated at the heading of these Rules on protection of privacy.
Notice on cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
For further information, visit allaboutcookies.org.
What type of cookies do we use?
- Improvement and personalization of users experience
- Understanding how You use our Website
There are a number of different types of cookies, however, theWebsite uses:
– we use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
– the Website uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our Website.
How to manage cookies?
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.