Privacy policy
1. Introduction
With this document, we want to provide you with clear and transparent information about what personal data we collect and process when you visit our website, book accommodation in our facilities, stay and use services in our facilities or you communicate with us for some other reasons.
The privacy notice contains the types of your personal data that we collect, the purposes for which we use them, the legal bases with which we do this, the terms for which we keep them, with whom we share them, and how you can exercise your rights related to the processing.
2. About us – contact
Controller:
Sunce hoteli d.d. Za turizam i ugostiteljstvo,
Radnička cesta 43, Zagreb,
PIN: 06916431329
Data Protection Officer: [email protected]
3. Types of personal data we collect
The data we collect and process depends on your relationship with us and the reasons for our communication. The categories of personal data we collect, with examples for each category:
● Identification data
o Name and surname, date of birth, gender, PIN, number of identification document
● Contact information
o Address, e-mail address, telephone number
● Financial data
o Payment information and account number, type and number of credit/debit card.
● Data on stay and use of services
o Period of stay, room number, date and type of service you used (stay, consumption of food and drinks, spa and wellness services, prices)
● Footage of the video surveillance system
● Technical data about the device
o IP address, login data, location data, time zone, browser type and version, operating system and other data about the device you use to access the website
● Usage data
o Information about how and in what way you use our website, products and services. Available data during the availability check of accommodation units.
● Marketing data
o Information about your contact preferences.
● Telephone communication data
o Number of callers, recording of the conversation, duration of the conversation
● Information about your preferences
o Information about what kind of room you want, type of bedding and similar special requests.
Special categories of personal data
● Special categories of personal data are data on race, ethnicity, religious or philosophical beliefs, sexual orientation, political views, union membership, data on your health, genetic and biometric data.
● As a rule, we do not collect these types of data, except in the following exceptional cases:
o We collect and process your health data related to allergies, if you have warned us about it, and only with your express consent;
o As part of providing spa and wellness services, we collect data related to health, in accordance with your express consent;
o If you have publicly published some of the above data.
4. Purposes of data collection and legal bases
Accommodation reservation and stay in the facilities
Purpose of processing |
Data type |
Legal basis |
|---|---|---|
| Accommodation reservation, communication before guest arrival Reservation of stay dates, selection of facility and room type, choice of payment terms Sending a booking confirmation Booking management Preparation of documentation in accordance with accounting regulations Communication before guest arrival | Identification data Contact data Financial data Information about your preferences Data on telephone communication (if this is the reservation/communication channel) | Compliance with legal obligations Contract conclusion and execution Legitimate interest (business management and service/product management) |
| Registration (check-in) / Check-out and related actions Check-in and check-out of guests, room assignment; guest registration in internal systems, connection to requested offers and services, registration of data in the e-Visitor system Recording guest preferences and requests and possibilities for further communication Use of parking, luggage storage, issuing hotel key cards | Identification data Contact data Financial data Data on your preferences Data on stay and use of services Marketing data Car registration number | Compliance with legal obligations Contract execution Legitimate interest (guest record-keeping, communication, and business management) Explicit consent (health and allergy data) |
| Reservation and use of services during the stay Examples of additional services include using restaurants, bars, spa and wellness facilities Booking and organizing excursions and transfers Booking and using fitness programs | Identification data Contact data Financial data Data on your preferences Data on stay and use of services | Contract execution Legitimate interest (guest record-keeping, communication, and business management) Explicit consent (health data) |
| Guest complaints Keeping records of guest complaints | Identification data Data on stay and use of services Technical data (IP address) Data on the complaint | Legitimate interest (business management, service improvement) |
| Compensation claims Recording guest compensation claims | Identification data Data on stay and use of services Data on the compensation claim | Legal obligation Legitimate interest (business management, service improvement) |
| Video surveillance Use of video surveillance systems for the protection of persons and hotel property | Video surveillance footage | Legitimate interest (protection of persons and hotel property) |
| Enabling the use of the wi-fi network Connecting the guest to the internet via the hotel wi-fi network | Technical data Usage data | Contract execution Legitimate interest (maintaining IT system security) |
Marketing, advertising, and website usage
Purpose of processing |
Data type |
Legal basis |
|---|---|---|
| Direct e-mail marketing Sending emails to guests who stayed at the hotel, with information and offers about related services Sending emails to individuals who subscribed to the newsletter with promotional materials and special offers | Identification data (name) Contact data (email address) Interests | Legitimate interest (communication with the guest, marketing strategy) Consent |
| Surveys and satisfaction questionnaires Sending an email to the guest with a request to fill out a survey or satisfaction questionnaire | Contact data (email address) | Legitimate interest (business management, service improvement) |
| Website analytics tracking Monitoring visitor behavior on the website to improve site functionality, identify interests, and optimize services | Technical data Usage data | Legitimate interest (business development, marketing strategy, strategic planning) Consent |
| Social media Communication via social media profiles Advertising Preparing and sending advertisements, tracking the effectiveness of sent ads | Identification data
Contact data Usage data Marketing data Technical data Preference data | Consent (re-targeting) Legitimate interest (tracking ad effectiveness, business planning, creating marketing campaigns and business strategy) |
● Bluesun rewards: Detailed information about data collection and processing within our loyalty program can be found in the Bluesun Rewards Privacy Notice.
● Cookies: More information about the cookies we use on the website, with whom we share the data collected in this way, and how long we retain it – can be found in the Cookie Notice.
5. Data retention periods
We retain your data only as long as is necessary for the purposes for which the personal data is processed.
● We retain the basic data about the guests' stay for up to five years after the stay, in accordance with the statutory statute of limitations, and the data in the e-Visitor system must be retained for 10 years.
● We delete and destroy data related to the services you use during your stay for which we have no legal obligation to keep (e.g., data on luggage storage, parking lot use, lunch packages, etc.) after the end of the guest's stay.
● The data we save in guest relations management systems, so that we can provide you with recommendations and personalized offers, we retain for a maximum of 24 months from your last request, reservation or communication
● We retain data related to accounting regulations for 11 years. This includes invoices that may contain your personal information.
● We retain data related to surveillance videos for a maximum of 60 days.
● We retain data that we collect on the basis of consent (e.g., e-mail newsletter) until consent is withdrawn.
● The retention periods related to membership in the Bluesun Rewards loyalty program are explained in more detail in the program's Privacy Policy.
6. Recipients and processors
We never sell or share your personal data with third parties for the purpose of advertising their services. In certain cases, there will be a legal obligation or business need for us to share your data with third parties or for them to have access to the data in our systems:
● In cases where it is necessary to share your personal data so that we can fulfill the contract in which you are a party;
● In cases where you have agreed to share your personal data with a third party (e.g., in the case of using cookies);
● With judicial, tax, audit and other competent authorities, when we have reason to believe that we are obliged to share such data based on the law and other regulations (for example, based on the request of the tax authority or in connection with pending litigation);
● With payment service providers with whom we have concluded contracts on the processing of personal data;
● With IT service providers whose systems we use in our business operations, and with whom we have concluded appropriate data processing contracts (e.g., reservation system, guest database, CRM system, Mail system;
● With the e-Visitor system, in accordance with the regulations on the provision of catering services and the way of keeping a list and registration of tourists.
7. The rights of data subjects and their exercise
Data subjects have the possibility to exercise the right to:
● Access to personal data
● Correction of incorrect data
● Data transmission
● Deletion of personal data
● Restriction of processing
● Objecting to the processing of personal data
You can request the exercise of rights:
● by sending an email to our data protection officer: [email protected]
● by sending a request to the physical address: Sunce hoteli d.d. for tourism and hospitality, Radnička cesta 43, 10000 Zagreb.
We respond to all requests within the legal deadline of thirty days.
You can submit an objection to certain processing to the supervisory body for the protection of personal data: The Agency for the Protection of Personal Data (AZOP), at the address: Selska cesta 136, 10 000 Zagreb; email address: [email protected]
Ota yhteyttä meihin saadaksesi räätälöidyn tarjouksen
Anna vaaditut tiedot, ja otamme sinuun pian yhteyttä.