Pravilnik o zaštiti osobnih podataka

Data Protection & Privacy Policy

0. DEFINITIONS

Personal Data – any information relating to an identified or identifiable natural person.

Processing – any operation or set of operations that is performed on Personal Data or sets of Personal Data.

Data subject – a natural person whose Personal Data is being Processed.

We/us/Agency (either capitalized or not) – Balkans Luxury Concierge jdoo

Data processing controller - a person in charge to process personal data

1. INTRODUCTION

We extremely value the privacy of our clients and therefore we treat your personal information with seriousness and responsibility. The information we collect is required only in matter to provide you with a complete and professional service, by our business.

When providing services from our professional activity, we act per General Data Protection Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 (GDPR) and the provisions of the Law on Implementation of the General Regulation on Personal Data Protection (NN 42/18) and other applicable regulations that protect personal information.

Our goal is to provide all the necessary information on how we process and protect the personal data of our clients and the rights that belong to them regarding the processing of personal data.

Also, the use of personal information within our business system focuses on processing your requests so that we can notify you about news regarding our services and business. Therefore, please inform us if there is a change in your personal information or if you have made a mistake while submitting it so that we can act per the principles of personal data protection as well as provide a professional and complete service.

In case you notice any deviation from these principles or have any comments regarding our business practices, feel free to contact us at e-mail: info@balkansluxuryconcierge.hr to improve our service and business.

2. PRINCIPLES OF PERSONAL DATA PROCESSING

A Client is considered a person who has requested a service or a service offer from an Agency.

Personal data is any data relating to an individual whose identity has been identified or can be identified (Article 4 of the General Data Protection Act).

Data processing means any procedure or set of procedures that are carried out on personal data or personal data sets (Article 4 of the General Data Protection Regulation).

Client Privilege means any voluntary, specifically, informed and unambiguous expression of the wishes of a respondent who expressly or explicitly acknowledges the consent of the processing of personal data relating to him (Article 4 of the General Data Protection Regulation). Without the client’s privacy, we will never use any client’s personal information for any purpose that is required by the applicable regulations.

Accordingly, we will act according to the following principles:

Lawfulness, Fairness, and Transparency – Data is processed lawfully, fairly, and in a transparent manner concerning the data subject following the best business practice of data protection.

Purpose limitation – We collect data for specified, explicit, and legitimate purposes and only follow the purpose for which this data was collected.

Data minimization – We collect and process only those data that are necessary, adequate, relevant, and limited to what is necessary concerning the purposes for which they are processed.

Data accuracy – We pay particular attention to the accuracy of the data collected. We use every reasonable step to ensure that inaccurate personal data are erased or rectified without delay, regarding the purposes for which they are processed.

Storage limitation – Data that enables client identification is only kept for as long as is necessary to fulfill the purpose for which the data was collected or as required by the applicable regulations.

Integrity and confidentiality – The data is processed in a way that ensures the proper security of personal data, including protection against unauthorized or illegal processing, and from accidental loss, destruction, or damage by applying appropriate technical and organizational measures.

Accountability – All our employees who collect or process the personal information of our clients are acquainted and educated following the principles of the Regulation and act in a legitimate, fair, and transparent manner with the personal information of their clients.

3. PERSONAL DATA COLLECTION MODE

We collect information –personal data about our customers in the following ways:

Collecting Data during the booking process – When making a reservation or offer, we ask the Client for the personal information needed for the reservation or offer,
The client may leave his or her data personally or in the name of the Client, or another Client can be contacted by us by phone or mail,
Data collection via web- On our website when making a reservation or asking for a quote, we collect the information needed to make a reservation or offer; The customer submits the information via the form on the website or when registering the invoice.

4. TYPES OF PERSONAL DATA WHICH WE COLLECT

We only collect data that is necessary for data collection and per applicable legal regulations.

The information that we collect is name and surname, date of birth, date of birth of children (e.g. discounting), phone number and e-mail address for contact, location, sex, citizenship, passport number, or other appropriate personal documents where necessary for enforcement legal obligations (e.g. when crossing the border, airfare purchase, etc.), credit card number or other asset information.

Due to the nature of passenger services, there may be a need for processing specially protected categories of personal information that reveal, for example, religious or philosophical beliefs, union membership, and data related to client health, exclusively to execute a contract between Agency and a client, that is, performing the activities that precede the conclusion of the contract.

It will be considered that the client, who voluntarily reveals data from a special category of personal data to the Agency, is explicitly giving his or her privacy, in processing such data.

5. PURPOSE OF PERSONAL DATA COLLECTION

We collect personal information for the following purposes:

to execute the Tour or prepare for the execution of the Tour, we collect personal information so that we can perform the service to the Client or make a service offer to the Client.
to inform the Client about services and products, if the Client has given the privilege, we can use the Client’s information to inform the customer about our services and products that may be of interest to the Client.

for internal purposes – to protect the interests of their clients as well as their legitimate interests, per the applicable regulations.

We are obliged to provide or allow access to certain personal data of the client to the competent state bodies, based on a written request, according to the applicable regulations, (e.g. courts, police, tourist inspections, etc.). The legal basis for the processing of data for these purposes is the fulfilment of the legal obligations of the Agency.

6. PROVIDING DATA TO THIRD PARTY

We will provide the third party with the Clients’ data in the following cases:

to execute a Tour or prepare for the execution of a Tour with a client,
when it is necessary to provide the customer with a contracted service or required information, we pass the data to a third party. This includes, for example, sending a client’s data to a hotel or carrier when it is needed to perform a service or make a bid for the service,
when the Client granted us the privilege

We will provide the third party if it is necessary for the purpose for which the Client has explicitly granted the privilege.

when engaging subcontractors to perform certain jobs

If we engage the subcontractors as executives for the execution of certain jobs, in that case, we will pass the personal data to the subcontractor.

7. CLIENT RIGHTS

Following the General Data Protection Regulation (GDPR), the client has the following rights:

Right of access by the data subject

The Client is entitled to receive confirmation that we are processing his or her data and, if processed, he or she is entitled to receive information about the purpose of the processing, the category of personal data we are processing, the recipients or categories of recipients of the data we are processing, the estimated period in which the data will be stored or the criteria to determine the period, the right to request correction, deletion, and limitation of data processing, the right to complain with the supervisory authority, automated decision-making system information, such as profile design, of safeguards if the data is transferred to a third country.

Right to Rectification – The Client has the right to obtain the correction of incorrect data related to it, as well as to request the completion of incomplete data.

Right to erasure (“Right to be forgotten”) – The Client has the right to obtain deletion of data (“Right to be forgotten”) unless the data is necessary for the purpose for which they are collected or should be kept following the applicable legal regulations. The agency must notify the customers of the change or erasure of the data executed at its request.

Right to restriction of processing – The Client has the right to access the data processing limit, under the terms defined in the General Data Protection Regulation. The agency must notify the client about the processing limit made at the client’s request.

Right to data portability – The Client has the right to receive the personal data concerning him or her, which he or she has provided to the Agency, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

Right to Object – The client always has the right to object to the processing of personal data. The client always has the right to a direct marketing complaint, in which case the data will no longer be used for that purpose.
Automated individual decision-making, including profiling - The client has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

8. PERSONAL DATA PROTECTION

When protecting the personal information of our clients, we handle a business practice in the field of tourism as well as information and communication technologies. We are improving every day in our activity, and we are of particular interest to the client’s satisfaction, which of course implies the protection of his or her data.

For this reason, we have invested additional resources and efforts to protect our customers from any unauthorized insight, change, loss, theft, or other misuse of data.

The client can exercise his rights under the General Data Protection Regulation (GDPR) by submitting a request to the electronic mail address: info@balkansluxuryconcierge.hr as well as filing a claim with the Personal Data Protection Agency.

The Policy comes into force and begins to apply on the day of its publication and is available on the internet site and at the Agency. On the possible amendments to the Policy, clients will be timely informed, including through the publication on the website.

The right to transfer personal data, deletion of data, and the limitation of personal data processing shall have the client no later than the date of application of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 (GDPR) and the provisions of the Law on Implementation of the General Regulation on Personal Data Protection (NN 42/18).