Terms of use
I. WHAT THE NOTICE OF PERSONAL DATA PROCESSING CONTAINS
In accordance with the applicable regulations, especially the General Data Protection Regulation (hereinafter: General Regulation) and According to the Law on the Implementation of the General Regulation on Data Protection (hereinafter: the Law), Villas Borghetto, i.e. a legal entity F.I.N.M.A.V.I. d.o.o. (which manages Villas Borghetto) (hereinafter: the Company) informs you, as the data controller on the method of processing your personal data.
II. WHOSE PERSONAL DATA WE PROCESS AND FOR WHAT PURPOSE
We process your basic personal data that you or third parties make available to us when making a reservation: - name, surname, country and city and address of residence, e-mail address, telephone habits number, age of the child, first and last name of the child and date of birth, special requirements and, and details of your companions; data required to make a reservation - credit card number, contact information in case of emergency - first and last name, phone number; other necessary data - e-mail address, health information - in case of a request for a special diet or the need for a doctor or related to epidemiological measures (COVID-19, etc.).
For the purposes of guest registration and check out, we process the following data: first and last name, date of birth, gender, social security number, documents (identity card, passport, driver's license), credit card number, country of birth, citizenship, number of visa if the guest is subject to the visa regime, the border crossing, i.e. the place of entry into the Republic of Croatia, the date of arrival of the guest to the facility and date of departure.
For the use of in-villa services, we process the following data: data on the guest's consumption during the stay in the villa. Data are collected on the type of service provided and the price, for example: room service, list of phone calls, usage minibar, use of a private chef and catering, bicycle rental, boat rental, home delivery, yoga, swimming lessons, data related to the use of the web - IP address, website visits, data from social networks and similar related data using Internet browsers and the like. Data on the guest's special requests are also collected so that the Company can could perform the required quality service.
In order to monitor and improve the quality of services, we collect the following data: first and last name, gender, age, country of origin the guest arrives and the period of stay in the villa, rating of a particular type of service, comment. Data collection is voluntary.
As can be read from the above, the basic purpose of collecting personal data is a legal obligation and/or concluding and executing contracts on accommodation and the provision of hospitality and tourism services, or in order to took actions at your request before and during the contract. At the same time, the scope of personal data that we collect depends on the type of contract you intend to conclude or are concluding or the request for the exercise of rights (type of service provided and price).
Actions at your request before concluding a contract include checking your requirements and needs, as necessary checking the appropriateness or suitability of products and services for your special circumstances, all with the aim of making an offer and/or informative calculation. If you are not a contracting party, but a person exercising a right from the allotment contract, contract with a travel agency and the like, the purpose of collecting your personal data is to fulfill the Company's obligations which results from the concluded contract or the collection of your data is necessary in order to conclude the contract or identified by users of the service, for example with Internet platforms for online booking. In this case, the scope of personal the data we collect depends on the type of request and the information that will be needed in order to request fulfilled. The purpose of personal data processing may be the Company's obligation to fulfill the contracted services with such service provider.
We process your basic personal data and guest registration and check out data based on the legal obligation to enter them listed in the eVISITOR system, in accordance with the regulations on the way of keeping the list of tourists and on the form and content of the form applications of tourists to the tourist community and the Tourist Fee Act or for the needs of the Ministry of the Interior in accordance with the Immigration Law, and the provision of the specified data is necessary at the time of booking (in case of changes and amendments to regulations and/or new regulations, they are directly applicable to this Information).
We delete the specified data after transfer to the eVISITOR system, i.e. after submitting the data to the MUP.
Accordingly, the collection of personal data with regard to the defined purpose is legal and contractual obligation and condition necessary for concluding a contract. If you refuse to provide certain information, we will not be able to fill in ours legal or contractual obligations that will result in the impossibility of concluding a contract on accommodation and catering services and tourism activities or the impossibility of fulfilling obligations under the contract.
We need the data required to perform the contractual obligation to use our services in order to confirm the advance payment reservation, in accordance with the internal rules of the Company, and it is not possible to make a reservation and thus not to conclude the contract in question providing accommodation without disclosing the above data, which is kept until the termination of the contract on providing accommodation.
The credit card number is collected because it is needed to conclude and execute the contract with the guest. It is used as insurance for payment of accommodation costs and other services that could arise in the event that the guest does not pay himself debt to the Company. The specified data is also used to pay for the service.
Data on the use of our services are subject to collection and processing for the purpose of fulfilling contractual obligations. Information about consumption of the guest during the stay in the villa are also collected for the purpose of executing the contract with the guest and in order to could issue an invoice for the services rendered.
In case of emergency, we process contact data based on legitimate interests, i.e. the potential situation when it is necessarily and without delay to convey certain relevant information to people close to you (in case of extraordinary circumstances such as illness, accident, etc.). We process other necessary data, i.e. e-mail address legitimate interest in quality communication between the contracting parties for the purpose of fulfilling all aspects contract, that is, easier communication in terms of organizing your arrival and booking the accommodation itself, which we also delete the data upon termination of the contract on the provision of accommodation services.
III. WEBSITE ANALYSIS
By using the Villas Borghetto website, you agree to the method of data collection and processing described in our Privacy Policy and in this Notice on the processing of personal data of clients/guests.
When analyzing the Villas Borghetto website, we use Google Tag Manager, Google Analytics Universal 3 and Google Analytics 4, Google Ads conversion tracking code, Facebook Ads conversion tracking code and Hubspot.
Google Tag Manager is the system through which all user tracking codes are implemented and it serves primarily for the implementation of codes on the website and does not collect personal data.
The Google Analytics Universal 3 and Google Analytics 4 system tracks user data in the form of traffic channels from which users come to the website, their behavior on the page (which pages they looked at, how long they spent conducted and similar), and user results (number of clicks on phone numbers, number of clicks on email addresses, number of inquiries sent and similar to). As such, the system does not collect the user's personal data, if the user's IP address is stored are necessarily anonymized. It is about the so-called "first party" cookies. Using this system, we also do "remarketing" campaigns, i.e. once the user leaves our website, we show him ads on external portals. Every user has the possibility of (not) giving consent to the so-called cookies for marketing on our cookie banner when you first arrive at our website, consent to marketing also implies consent to remarketing campaigns.
The Google Ads conversion tracking code is used for better optimization of the Google Ads campaigns we run and it belongs to so called. "third party" cookies. We do not collect user personal data using this system.
We use the Facebook Ads conversion tracking code for better optimization of the Facebook campaigns that we also run belongs to "third party" cookies. Using this system, we do not collect personal data of users, but we do remarketing campaigns. Each user has the option of (not) giving consent to the so- called cookies for marketing on our cookie banner when you first visit our website, consent to marketing implies consent to remarketing campaigns.
We use the Hubspot system as a CRM and the data of users who have filled out the contact forms on the website goes into it.
The contact forms on the website belong to the Hubspot system. Through the Hubspot system, we also conduct a newsletter (email) campaign.
IV. WHICH PERSONAL DATA WE DO NOT PROCESS AND PROCESSING WE DO NOT CARRY OUT
As a rule, we do not collect or process specific personal data related to your racial or ethnic identity origin, political opinion, religious or philosophical beliefs, trade union membership, biometric data, data which relate to your health, sex life or sexual orientation.
The above categories of personal data may be processed by the Company in the following situations:
1) is a guest gave express consent to the processing of such personal data for one or more specific purposes, unless applicable regulations state that such consent does not produce effect;
2) processing is necessary to protect vital interests of the respondents or another individual if the guest is physically or legally unable to give consent;
3) processing refers to personal data, data for which it is obvious that they were published by the guest,
4) processing is necessary for the purposes of significant public interest based on applicable regulations that are proportionate to the desired goal and which respect the essence of the right to data protection and ensure appropriate and special measures for the protection of fundamental rights and interests of respondents;
5) processing is necessary for preventive purposes medicine, medical diagnosis, provision of health or social care or treatment or management of health or social systems and services based on applicable regulations.
V. HOW WE COLLECT PERSONAL DATA
We collect your basic personal data in such a way that you or third parties make it available to us and use of accommodation and our in-villa services.
Also, for the purposes of guest registration and check-out, we collect (previously mentioned) data directly from guests, i.e. clients or through their documents or through third parties, such as travel agencies and the like.
VI. WHO HAS ACCESS TO PERSONAL DATA AND TO WHOM WE TRANSMIT IT
Our employees who are authorized to do their work can have access to your personal data tasks are carried out by certain personal data processing operations (for example, employees in charge of reception, check-in, etc check-out of guests, provision of catering services, accounting, administration, etc.).
The company ensures that your personal data is processed exclusively for the purposes specified in this notice. Purpose processing of personal data will require that your personal data be disclosed and that it is processed by others in addition to the Company companies and persons acting as processors. Categories of processors to whom your data will be disclosed include state and public authorities in accordance with the Company's legal obligations, health institutions, providers IT and legal services, delivery service providers and the like. We may forward the collected personal data entrepreneurs who provide services that could be of interest to you, and in accordance with your inquiry (e.g. regarding rent bicycle, boat rental, etc.).
Executors of personal data processing, with the exception of state and public authorities, process data exclusively according to the Company's instructions, while respecting technical and organizational measures to ensure the protection of your rights.
We take all necessary actions so that the transfer of personal data to third parties is in accordance with the regulations on protect personal data.
In the event that personal data is transferred outside the EU, we will take the necessary measures to protect your personal data to ensure that the third party to whom your personal data is transferred provides an equal level of protection.
Your personal data such as that in the EU. At any time, you can get information from us as to whether they are being transmitted outside the EU, your personal data as well as the protection measures taken on the contact details listed below.
VII. STORAGE PERIOD OF PERSONAL DATA
Your personal data will be stored only for as long as is necessary to fulfill the purpose for which it is provided they process. The period of storage of personal data depends on the purpose of collection. If it is about concluding a contract on accommodation, in-villa services and the provision of hospitality and tourism services, that period will be determined during the duration of the contract itself, i.e. the payment of these services in terms of the legal obligation to keep documents.
The extension of this period is prescribed by the Company's internal rules, which in turn depend on the deadlines prescribed by law claims expire or these periods can be extended with regard to the storage periods defined by law, such as in in the case of accounting documents.
VIII. PROTECTION OF YOUR PERSONAL DATA
We take appropriate technical and organizational measures with the aim of protecting the collected personal data and preventing accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data.
In protecting your personal data, we are obliged to act in accordance with our Privacy Policy.
The way we act, which is determined by the Privacy Policy, ensures that we use your personal data only with the purpose for which they were collected, that the data is used by authorized persons, that your data is not disclosed to third parties, except in cases that are specifically determined, to keep your data for as long as necessary needed.
All our employees are aware of their tasks and responsibilities in the procedures for processing your personal data.
If certain actions of processing your personal data are carried out by our processor, we ensure that they carry out the same at least the same level of protection of your personal data as we implement ourselves.
IX. CONSENT FOR THE PROCESSING OF PERSONAL DATA
If the processing of a certain type of personal data is based on consent or is for the publication or transfer of personal data required consent, we will obtain the same from you in writing. When giving consent, we will inform you about the purpose giving consent and the consequences if you refuse to give consent. Your consent must be voluntary and unequivocal. Written consent is kept as long as the personal data to which it relates is kept.
If you have given your consent for certain processing of personal data, you have the right to withdraw your consent at any time. Withdrawal consent does not affect the legality of the processing before its withdrawal. When giving consent, we will inform you about this inform. You can withdraw your consent by submitting a written statement.
X. EXERCISE YOUR RIGHTS
As a respondent, you have the right to contact us with a request to exercise one of your rights:
- the right to access data,
- the right to correction,
- the right to be forgotten (deletion),
- the right to limit processing,
- the right to data portability.
For the orderly and documented implementation of the procedure, we require that you submit the application for the exercise of rights to in written form. The request is submitted directly at our headquarters or by post. The request can also be submitted by message or electronic mail. The request is considered regular if it is delivered from the applicant's address. The person who submitsthe request must be identified. If the request is anonymous, and we cannot make the determination in an easy and accessible way identity, the request will not be acted upon. Within one month of receiving your request, we will inform you about our decision and actions taken.
XI. SUBMISSION OF COMPLAINTS TO THE PERSONAL DATA PROTECTION AGENCY
You have the right to submit a complaint to the Personal Data Protection Agency if you believe that our decision or acted in violation of your rights.
XII. CHANGES TO THE NOTICE ON THE PROCESSING OF PERSONAL DATA
Depending on the needs, it is possible that we will change this Notice in order to improve our actions and achieve greater protection of your right to privacy or if this will require changes in regulations. Every change of this we will publish notifications accordingly. Please check back periodically to see if we have changed this one Notice.
XIII. CONTACT INFORMATION
You can contact us with your requests and inquiries regarding the processing of personal data on phone number 091 428 40 00 by e-mail to the address: borghetto@finmavi.hr
The notice on the processing of personal data is published on our website and is available at our headquarters. We can deliver the notice to you at your request.
Valid from: 01.07.2022.
Last update: 07/01/2022