Bluesun Rewards – Privacy Notice
1. CONTROLLER
Sunce hoteli d.d. za turizam i ugostiteljstvo,
Radnička cesta 43, Zagreb,
OIB: 06916431329.
Data protection officer: [email protected]
2. DATA PROCESSING FOR BLUESUN REWARDS
Registration of a new member
Information that a new user must provide in order to become a member of the Program
- Type of data: first name, last name, gender, date of birth, mobile phone number, e-mail address, language (according to the url during registration)
- Legal basis: Information required for concluding an agreement
- Retention period: Until membership ends* or 42 months** after the last check-out from the last booked facility
Record of overnight stays for earning points
The points required for benefits are obtained by realizing overnight stays in the Company's Hotels
- Type of data: e-mail address/member ID number, reservation number for hotel accommodation
- Legal basis: Data required for the execution of the agreement
- Retention period: Until membership ends* or 42 months** after the last check-out from the last booked facility
User account data
Member data related to his Bluesun Rewards user account
- Type of data: data provided during registration, current membership level, realized rights and benefits within the Program, active reservations, benefits and promotional offers.
- Legal basis: Data required for the execution of the agreement
- Retention period: Until membership ends* or 42 months** after the last check-out from the last booked facility
Service notices
Important notices to the member related to their user account
- Type of data: name, mobile phone number, e-mail address?
- Legal basis: Legitimate interest of the Company
- Retention period: Until membership ends* or 42 months** after the last check-out from the last booked facility
Marketing communication about news and offers of the Bluesun Rewards loyalty program
Sending notifications to members about news and offers closely related to the loyalty program
- Type of data: name, mobile phone number, e-mail address
- Legal basis: Legitimate interest of the Company
- Retention period: Until membership ends* or 42 months** after the last check-out from the last booked facility
Website usage data
Data we collect about how a loyalty program member uses Bluesun websites - only if the member gives consent for cookies
- Data type: Time zone, how they got to the website, conversions via the form and other information
- Legal basis: Consent
- Retention period: Until membership ends* or 42 months** after the last check-out from the last booked facility
* Deactivation of Bluesun Rewards membership is done through the online interface for members or by communicating via e-mail to the address: [email protected]
**Data on Bluesun Rewards member's overnight stays are valid for up to 3 years after the last check-out from Sunce Hoteli d.d. facilities; after which we allow a period of 6 months for the member to realize additional overnight stays. If the additional overnight stays are not realized, the user account will be deleted.
3. RIGHTS OF DATA SUBJECTS AND THEIR EXERCISE
Members of the Program have the opportunity to exercise the right to:
- Access to personal data
- Correction of incorrect data
- Data transmission
- Deletion of personal data
- Restriction of processing
- Objecting to the processing of personal data
You can request the exercise of rights:
- Access and correction of incorrect data can be partially achieved through the online interface for members of the loyalty program (for data entered by the member themselves).
- Deleting personal data can be done entirely through the online interface for members of the loyalty program - by deleting your own account
- by sending an e-mail to our data protection officer: [email protected]
- by sending a request to the physical address: Sunce hoteli d.d. za turizam i ugostiteljstvo, Radnička cesta 43, 10000 Zagreb,
We respond to all requests within the legal deadline of thirty days.
You can submit an objection to specific processing to the supervisory authority for the protection of personal data: Croatian Personal Data Protection Agency (AZOP), at the address: Selska cesta 136, 10 000 Zagreb; e-mail address: [email protected]
4. PROCESSING RECIPIENTS AND PROCESSING ENTITIES
To implement the loyalty program, we use certain IT systems, whose service providers have access to personal data during maintenance and technical support - which is why Data Processing Agreements have been signed with them. Such service providers are:
- B.I.D. GRUPA D.O.O. (web server and technical support for membership)
- HubSpot, Inc. (CRM - all membership information)
- Phobs d.o.o. (channel manager and booking system - all information about reservations)
- Oracle Corporation (PMS system - contains reservation information)
- Microsoft (Mail communication)
- Meta (communication with a member via Messenger)
- Rakuten Viber (communication with a member via Viber)
We may share data with judicial, tax, audit and other competent authorities in situations where we are legally obliged to share data.
Recent changes to the privacy notice: 01/02/2023
Get in touch for a custom quote
Enter the required details and we'll get back to you shortly.