Jadran, which acts as the controller with regard to the processing of your data, respects your privacy and undertakes to protect your personal data. More precisely, Jadran collects and keeps personal data in accordance with the provisions of Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation, GDPR”), the General Data Protection Regulation Implementation Act (Official Gazette No. 42/2018), and other regulations governing personal data protection applicable in the Republic of Croatia.
Data Protection Officer
Generally, no fees are charged in connection with requests for access to information submitted by data subjects. However, if your request is “manifestly unfounded or excessive” (e.g. if it is repetitive), a fee for the administrative costs incurred in connection with responding to or acting upon your requests may be charged.
We will provide a response to your request for access to information within one month from the date of its receipt. If your request is more complex in nature, we may need more time to provide a response, which in any case will not exceed three months from the date of receipt of the request. In such case, you will be fully informed about the progress of the request handling process.
Personal Data – General Information
Personal data are all data which can be used to determine your identity. According to the General Data Protection Regulation (“GDPR”), “personal data” means any information relating to an identified or identifiable natural person, i.e. a person who can be identified, directly or indirectly, in particular by reference to an identifier.
Simply put, the term “personal data” refers to any information which concerns you and can be used to determine your identity, including both obvious data, such as names and contact data, and less obvious data, such as identification numbers, location data, and web identifiers.
Purpose of Data Collection
We will collect and process your personal data if we are legally required to do so, if data collection and processing are necessary for the provision of the services you requested, and if you provide us your consent to the processing of data for a specific purpose. The purposes for which your data are collected and processed include:
• communication with you (if you send us a request for service, a request for offer, or a complaint about our service, we will process the data you have provided in order to respond to and act upon your request/complaint),
• reservation of accommodation and other hotel amenities,
• guest check-in and check-out,
• provision of and collection of charges for hotel services (e.g. use of the bar, the mini bar, the à la carte restaurant, the telephone service, wellness facilities, etc.),
• improvement and personalization of service in relation to you, as our guest,
• event organization,
• protection of property and safety of individuals using video surveillance.
Jadran may use depersonalized data for statistical purposes.
Jadran guarantees that the collected data will be used for the above-mentioned purposes only.
Types of Personal Data We Collect and Sources of Data
We collect only such data that we need to fulfill the above-mentioned purposes. Therefore, depending on the circumstances, we may collect the following information: your contact data, information about your reservation, stay or hotel visit, your first and last name, date of birth, sex, identification document number, credit card number, country of birth, citizenship, visa number (if you are subject to the visa regime), place of entry into the Republic of Croatia, date of arrival to and departure from the facility, impressions about our services (if you decide to provide your personal data in the questionnaires), data about the events organized for you in our facilities/on our premises, and any other data that you provide to us voluntarily, or that we receive in connection with the above-mentioned purposes.
We may collect your personal data directly from you (e.g. via e-mail, phone, mobile phone, in person through individual communication), but also from other people, such as your travel companions, travel agencies, online platforms that you used to make reservations for our hotel services, organizers of events in our hotels, and other contractual partners. Such partners are also required to comply with the applicable personal data protection regulations.
When you provide to us the personal data that concern other people, it is your responsibility to ensure that the person whose data you have provided is aware of that fact and that he/she accepts the manner in which we use personal data.
If your personal data is not collected directly from you, but from other persons, we may be held liable only for what we do with your personal data from the moment they are collected. We will and may not be held liable for the activities involving your personal data performed by the persons from which we have received your data. We therefore kindly ask that you read the privacy protection policies of such other persons to which you provide your personal data.
Legal Basis for Collecting Data
The legal basis for the above-mentioned purposes of collection may be statutory or contractual, it may be a key interest of the data subject, a legitimate interest that overrides the interest of the data subject, data subject consent or explicit consent – depending on the purpose of processing and type of personal information.
• Right to receive information (Art. 13 of the GDPR);
• Right to access (Art. 15 of the GDPR) – you have the right to receive information about which personal data relating to you are processed and the details about how we process them at any time;
• Right to rectification (Art. 16 of the GDPR) – if we process your personal data that are incorrect, you have the right to correct them, and if they are incomplete, you have the right to complete them;
• Right to erasure (right to be forgotten) – (Art. 17 of the GDPR);
• Right to restriction of processing (Art. 18 of the GDPR);
• Right to data portability (Art. 20 of the GDPR) – if we obtain your personal data directly from you and we use the same on the basis of your consent or for the purpose of performing a contract, and if such data are processed in an automated manner, you have the right to request a copy of such personal data for the purpose of reuse and transmission to another data controller;
• Right to object (Art. 21 of the GDPR) - you can lodge a complaint with a supervisory authority at any moment. In Croatia, the relevant supervisory authority is the Croatian Personal Data Protection Agency, Martićeva ulica 14, 10 000 Zagreb, e-mail: email@example.com;
• Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR); and
• Right to compensation of damage (Art. 82 of the GDPR).
The possibility to exercise the above-mentioned rights depends on the reasons and the bases for data processing. There are situations in which we cannot delete your personal data even if you request that we do so.
Personal Data Retention Period
The data that Jadran collects on the basis of the law must be kept for the period stated in the relevant law or other applicable regulation.
The data that Jadran collects on the basis of a contractual relationship are kept only for as long as they are needed for the purpose of executing a particular contract or providing a particular service.
The period during which Jadran keeps personal data is limited to the strictly necessary minimum. In that regard, Jadran defines retention periods or periodic review deadlines for particular personal data in order to avoid retention of such data for longer than necessary to fulfill the purpose for which they were collected.
After the expiry of such period, Jadran will erase the personal data. However, if such data are necessary for the purpose of generating statistical indicators, making analyses or archiving, or on the basis of some other legitimate interest of Jadran, all actions will be taken to ensure that the relevant personal data are anonymized.
Personal Data that We Collect from Guests
Jadran is legally required to collect the following personal data from each guest, upon his/her arrival, for tourist check-in and check-out purposes:
If you refuse to provide the above-mentioned minimum data required for the registration of guests in in all competent registries, Jadran will not be able to provide accommodation services to you.
The above-mentioned data are entered in the e-Visitor system based on the information from your ID card, passport or other appropriate identification document. Your check-in and check-out as a tourist entered in the e-Visitor system is authenticated based on a solution that ensures a secure access to the e-Visitor system through an authentication protocol containing the complete process and conditions for a secure and accurate electronic tourist check-in and check-out, as prescribed under the Ordinance on the Manner of Keeping a Register of Tourists and on the Design and Content of the Form for the Registration of Tourists with the Tourist Board.
The tourists are registered for the purpose of charging the sojourn tax and registration of temporary stay, and the collected data are not used for any other purposes. The data must be kept in the system for a period of 10 years.
Pursuant to legal regulations, Jadran is also required to keep all invoices issued to guests that contain personal data for a period of 11 years.
The data received on this basis will not be used for marketing purposes without your consent, and they will also not be transferred to any third parties.
In connection with our accommodation reservation process, we collect the following personal data:
The data collected for the purpose of making accommodation reservations will be used solely for that purpose and for sending the associated notices. Jadran will not use such data for marketing purposes without an explicit consent of the data subject (guest).
You can subscribe to our newsletter via our website. The purpose of the newsletter is to inform you about the novelties in our offer, as well as about special benefits and deals. We need your first and last name and your e-mail address for registration. The basis for collection of these data is your consent.
The mentioned data will be kept for as long as you agree to receive the newsletter, up to a period of 5 years from the date of consent. You have the right to request that your data be erased and that you be forgotten at any time.
Jadran uses certain tools which enable the analysis of the use of the web portal and collection of certain information about you, which helps us gain knowledge about the needs of our guests and/or users for the purpose of improving the quality of our offer.
For this purpose we use the so-called cookies, and some other tools as well.
On our website, we use first-party cookies.
Cookies are stored in a designated database and we keep them for no more than 2 years.
Children's Personal Data Protection
Jadran advises all parents and guardians to teach their children how to safely and responsibly manage their personal data on the internet. Jadran does not want or intend to collect personal data concerning children, and will not use such data in any manner whatsoever or disclose the same to third parties. A child may, however, give his/her consent exclusively in relation to the potential offer of information society services, in which case the child must be above 16 years of age. All other processing of data concerning children under the above-specified age and any processing of data, other than such as explicitly described herein, concerning children up to the age of 18, will be allowed only with the prior consent of the parent (holder of parental responsibility).
The personal data concerning children and parents will be erased from our database, if the parents so request. As a parent or guardian, you always have the right to inspect all the personal data concerning your child provided via our website, and you can request that such data be erased (if the relevant data are still in our database), and/or forbid us to collect and use the data which concern your child in the future.
Links to other Web Pages
Jadran has a legitimate interest to use video surveillance for the purpose of:
• protecting the safety of guests and other persons who find themselves located on the premises controlled by the Company for any reason, and their property,
• managing the access and exit from the operating facilities and areas, and for the purpose of reducing the exposure of employees to the risk of robbery, burglary, aggression, theft and similar events at work or in connection with work,
• protecting the property of the Company,
• preventing unauthorized access to the Company’s premises.
Jadran applies strict rules with the aim of ensuring that all video recordings are automatically erased after the period of 30 days by recording new content over the old, that access to the video surveillance system is restricted to the persons who need it to perform their tasks, and that the video recordings are only viewed/inspected if there is a justified reason for doing so, i.e. if that is necessary to fulfill any of the above-mentioned purposes.
By exception, if they are used as evidence in procedures held before competent state authorities, the video recordings will be kept for a longer period of time.
Job Applicants – The personal data provided to us voluntarily for the purpose of employment (open job application) will be processed exclusively for that purpose and will not be transferred to a foreign country or provided to persons outside Jadran. The personal data received for employment purposes will be kept until the end of the calendar year, unless you request that they be erased earlier. If you apply to a job announcement, and you are not selected, your data will be erased upon completion of the selection process, unless you explicitly agree that your data be kept longer for future employment purposes.
Pupils and Students – In accordance with the law, we are allowed to hire high school pupils and regular students to work for us. In such cases, we are required to collect particular mandatory personal data concerning such pupils and students, and the data required to perform the contract. Furthermore, we are allowed to exchange such personal data with the relevant high school or student service through which the pupil/student is hired. The personal data of pupils and students are not transferred to any foreign country. We are legally required to keep the personal data collected concerning the pupils and students for a period of 6 years after they stop working for us. After the expiry of that period, they will be erased. The data concerning the pupils and students who are not hired will be erased immediately following the completion of the selection process.
The above also applies to the personal data of high school students participating in practical training at our facilities, in accordance with the plan and program for organizing and performing practical training.
Scholarship Beneficiaries – We may also collect personal data for the purpose of granting scholarships to the pupils and students participating in educational programs that are of interest to us. The persons interested in signing a scholarship agreement may apply for participation in announced scholarship competitions by providing the requested data. If selected, they will be offered to sign a scholarship agreement. The personal data concerning the selected applicants will be kept for a period of no more than 5 years from the date of signing the agreement, while the data which concern the applicants who are not selected will be erased upon completion of the selection process. No personal data concerning scholarship applicants and beneficiaries will be transferred to a foreign country.
For the purpose of contacting our business partners and suppliers in connection with the signing and performance of contracts (e.g. negotiating the handover of goods and provision of services), we collect contact data of our business partners who are natural persons and of their employees (e.g. first and last name, official phone/mobile phone number, e-mail address). Such data are kept until the business cooperation is terminated. We do not provide such data to third parties, or transfer the same to third countries. We also do not collect any data which are private in nature, but only such that are associated with the performance of work-related tasks.
Actions Taken in Case of a Personal Data Breach
In case of a personal data breach, Jadran, as the data controller, will notify the competent supervisory body of the personal data breach that has occurred without undue delay and, where possible, no later than within 72 hours from the moment of becoming aware of the same, unless the relevant breach is unlikely to result in a risk to the rights and freedoms of natural persons. The report which is delivered to the supervisory body in this case contains all information pursuant to the Regulation.
In case of a personal data breach which is likely to result in a high risk to the rights and freedoms of natural persons, Jadran, as the data controller, will notify the data subject of the personal data breach without delay. In cases where the Regulation does not prescribe such a requirement, the data subjects will not be notified of the personal data breach.
Protection of Your Data
To ensure personal data protection, we apply physical, technical and organizational safety measures. The security technology implemented for this purpose is continuously upgraded and tested. Access to your personal data is restricted to employees who need to know such information in order to provide particular benefits or services to you. Furthermore, we make efforts to ensure that our employees are aware of the importance of data confidentiality and privacy and data protection.
The concrete protection measures are regulated in more detail in rulebooks and procedures adopted for this purpose.
All amendments will be published on our website without delay, and it will be considered that you have accepted our Data Protection Policy upon your first use of our website after the amendments have been implemented.
We advise you to visit this page regularly to make sure that you always have the latest information.
Crikvenica, May 24 2018
Member of the Management Board
MON-SAT: 8:00 AM-19:00 PM
SUN: 10:00 AM-16:00 PM
Bana Jelačića 16,
Contact us directly or via the form below and we will send you the best available offer for your ideal vacation.