Personal Data Protection Policy
Medora hoteli i ljetovališta d.d.
Mrkušića dvori 2
21327 Podgora, Croatia
Tel: +385 (0)21 601 700
PERSONAL DATA PROTECTION POLICY
Updated on 21/05/2018
We at Medora hoteli i ljetovališta d.d. respect your privacy and protect your personal data in accordance with the relevant personal data protection laws and regulations. Our mission is to surpass the expectations of our guests through the quality of our products and services, and we always seek to satisfy our guests’ needs with the responsible use of the information received.
The purpose of this document is to clarify how and why we collect and use your Personal Data when you browse our website and during your stay in our facilities, with whom and why we share them, your rights regarding the Personal Data we use from you, and how we protect it.
The Personal Data Protection Policy described herein applies to all business and hospitality facilities of Medora hoteli i ljetovališta d.d., the websites www.medorahotels.com
, and social media accounts.
THE PURPOSE OF COLLECTING PERSONAL DATA
The primary purpose of collecting Personal Data is to provide and improve our services, as well as to comply with our legal obligations. Personal Data is collected for the following purposes:
· Improving the functionality of our websites www.medorahotels.com
· Reserving accommodation and communication with clients in response to their enquiries regarding our services (via our websites, email or by phone)
· Fulfilling our contractual obligations to the guest during his or her stay
· The purchase of additional services
· Charging for services
· The internal statistical processing of the data and the preferred services of our guests, and informing our guests about our services, based on our legitimate interest in improving the quality and the sales of our services
· Publishing and collecting job applications via email and our website www.mhr-podgora.com
· Fulfilling our legal obligations according to the Croatian Hospitality and Catering Industry Act in force, as well as associated ordinances, the Act on the Provision of Tourism Services, the Accounting Act, the Occupational Health and Safety Act, and the Act on the Protection of Monetary Institutions.
Your personal data received at the email address firstname.lastname@example.org
, through published job advertisements, or online job applications at www.mhr-podgora.com
will be used exclusively for the purpose of employment in Medora hoteli i ljetovališta d.d. By sending your application and CV, you are giving us your consent to process the personal data we have received for the purpose of employment in the currently opened positions, and also for future employment purposes. You may withdraw your consent at any time by contacting us at email@example.com
, after which we will erase your data or make it unavailable for processing.
When you browse our websites or reserve accommodation, apply for employment, or stay in our facilities, we will be able to collect data that may identify you, directly or indirectly, for the above-listed purposes. Personal Data collected include:
· Your first name and family name
· Your date of birth, address and nationality
· Your contact information
· Your credit card number
· Your identification document number and type
· Your vehicle registration number
· Your additional instructions (e.g. regarding allergies that we should keep in mind during your stay)
· Voice recording of your conversation with our call centre agent
· Video recording from the video surveillance systems in our facilities
· Your IP address during your visit to our website.
STORAGE AND ERASURE OF YOUR PERSONAL DATA
Your personal data will be stored in an identifiable form for no longer than necessary for the purpose for which it is processed. Upon the expiration of that time, which is, for certain processing methods, regulated by local laws obliging us to keep them for a longer period, the data will be erased or made unavailable for further processing.
DATA TRANSFER TO THIRD PARTIES
In certain data processing cases, your data may be transferred to or inspected by Third Parties. In no case do we sell, lease or give ownership of your Data to unauthorised Third Parties. Data transfers or data inspections are performed for the following reasons:
· When we receive your consent to such transfers (e.g. purchase of certain services by Third Parties)
· When the companies or providers of services used by Medora hoteli in certain processing cases access this data in a way that is regulated by a contractual relation with Medora hoteli i ljetovališta d.d. (e.g. charging for services, technical maintenance of certain software tools, archiving and reporting)
· In order for us to fulfil our contractual and legal obligations (e.g. recording guests in the eVisitor system)
When data needs to be transferred for one of the above-mentioned reasons, we strive to reduce the data being transferred to the necessary minimum. Third Parties receiving your data undertake to protect your data in accordance with the laws and regulations in force regarding Personal Data protection.
RIGHT TO ACCESS, MODIFY OR ERASE YOUR PERSONAL DATA
You may at any moment request information on the Personal Data that Medora hoteli i ljetovališta d.d. processes, the purpose of its processing, its recipients, as well as regarding the subjects being transferred your Personal Data. In addition, you have the right to update, modify, block or erase your data in accordance with the legal regulations.
Your request for the erasure of your Personal Data will be gladly complied with in the following cases:
· if your Personal Data is no longer required for the purpose for which they were collected or otherwise processed;
· if you withdraw the consent on the basis of which we process them;
· if you object to processing, and there are no stronger legitimate reasons for processing, or if you object to processing for the purpose of direct marketing.
You can send a request to access your Personal Data to our email firstname.lastname@example.org
or to our address Medora hoteli i ljetovališta d.d., Mrkušića dvori 2, 21327 Podgora, Croatia, enclosing your contact information, with the subject “Request to access Personal Data”. Access to Personal Data cannot be enabled via phone. In order to prevent abuse of your Personal Data, we will send you a predefined form and request that you personally fill it in and return it; we may also ask you for additional proof of identity. Without confirming your identity, we will not be able to comply with your request to access Personal Data.
NOTIFICATIONS ABOUT MEDORA’S SERVICES AND OFFERS
If you were our guest, we want you to come back. With that goal, and in order to allow you to receive notifications about our special offers and discounts related to our services, it is our legitimate interest to occasionally contact you using the email address that you have provided when reserving your accommodation or staying with us. The information that you receive will apply exclusively to services from Medora’s offer that we consider still to be of interest to you as our previous guest. If we have made a mistake and you do not wish to receive our notifications, you may issue a complaint to email@example.com
at any moment, and we will, without delay, cease to send you our notifications.
USING SOCIAL MEDIA AND OUR WEBSITES
Our Personal Data Protection Policy is regularly updated on our websites and is available to all visitors to our websites. By using our websites, filling online job applications or publishing your own content on our websites, you confirm that you accept our Personal Data Protection Policy and that you accept your Personal Data being processed in accordance with the purpose of its processing and the published Personal Data Protection Policy.
Medora hoteli i ljetovališta d.d. also manages and publishes on social media pages such as Facebook, Instagram and Twitter. The visitors to our pages may publish content, photographs or comments related to our facilities, services or accommodation. Medora hoteli i ljetovališta does not encourage nor restrict such posting, as they are based on the exclusive interest and consent of the visitors to our pages. Medora hoteli i ljetovališta shall not be held responsible for any direct or indirect, accidental, tangible or intangible damage or cost incurred as a result of using the websites and pages on Medora’s social media accounts, or content published by visitors to our websites or pages.
Sometimes, for openly published posts related to your accommodation, we will ask your consent to publish these posts on our websites or social media pages. The posts that we publish relate exclusively to publicly available images and comments published on Facebook, Instagram or Twitter for which you have given us your consent. By consenting to such posting, you accept the terms and conditions for using your posts, which will be made available to you when asking you for your consent.
A cookie is information stored on your computer by the website that you are visiting. Cookies usually store your settings for that particular website, such as your preferred language or address. Later, when you load the same website again, the internet browser accesses the cookies owned by that website. This enables the website to show the information tailored to your needs.
There are several types of cookies:
· First-party cookies
· Session cookies
· Persistent cookies
· Third-party cookies
First-party cookies come from the websites that you browse, and they can be persistent or session cookies. These cookies allow websites to store data that will be reused during your next visit to that website (e.g. the choice of language). Session cookies are removed from the computer when you close your internet browser. Persistent or saved cookies remain on your computer after you close your internet browser. They are used by websites to store data such as login and password information, so that you do not have to enter it every time you visit a website. Persistent cookies remain on your computer until you, the user, disable/delete them or until your browser deletes them (as defined in your browser settings).
Third-party cookies come from ads by other websites (such as pop-ups or other ads) on the website that you are visiting. Websites can track internet use for marketing purposes using these cookies.
. We use first-party cookies (session and persistent), and third-party cookies.
Individual user data is not seen by us and the data that we process is anonymous and statistical, as well as demographic data on our users as a whole. This data is used for trend analyses and marketing purposes, and for effective website management, because they help us find out more about the behaviour of our users on ourwebsite, the success of some of our marketing campaigns, and the primary interests of the visitors to our website.
CHILDREN’S PERSONAL DATA PROTECTION
Medora hoteli i ljetovališta d.d. advises parents and guardians to educate children on the safe and responsible management of Personal Data on the internet because, even though Medora does not wish or have the intent to collect data on minors without consent by their parents or guardians, we are not always in a position to know the age of the person accessing our website. As a parent or guardian, you always have the right to request access to all Personal Data on your child that we have received on one of our websites or during your stay. In addition, Medora hoteli i ljetovališta d.d. guarantee child Personal Data protection, as required by separate laws regulating this subject.
PERSONAL DATA PROTECTION SECURITY MEASURES
Medora hoteli i ljetovališta d.d. recognises the importance of information security, and so we continuously evaluate and upgrade our technical, physical and organisational security measures and procedures. The users of the reservation system are guaranteed the highest data protection level. We use SSL technology with strong encryption for the safe transfer of data between your PC and our servers. All personal data, identification documents, credit card, or other payment method numbers submitted by users via the reservation system are transferred solely through a safe connection with data encryption. Your data being processed in our systems is only accessed by authorised employees in accordance with the needs of business processes requiring individual processing, and, in certain cases, Third Parties, which undertake to protect your data in accordance with the laws and regulations in force regarding Personal Data protection. All our employees are trained to handle Personal Data in accordance with the legal regulations.