Privacy policy

Accommodaties
Verblijfsperiode
madiwodovrzazo
madiwodovrzazo
2 + 0
Volwassenen
2
Kinderen
0

1. Introduction

With this document, we want to provide you with clear and transparent information about what personal data we collect and process when you visit our website, book accommodation in our facilities, stay and use services in our facilities or you communicate with us for some other reasons.

The privacy notice contains the types of your personal data that we collect, the purposes for which we use them, the legal bases with which we do this, the terms for which we keep them, with whom we share them, and how you can exercise your rights related to the processing.

2. About us – contact

Controller:

Sunce hoteli d.d. Za turizam i ugostiteljstvo,

Radnička cesta 43, Zagreb,

PIN: 06916431329

Data Protection Officer: [email protected]

3. Types of personal data we collect

The data we collect and process depends on your relationship with us and the reasons for our communication. The categories of personal data we collect, with examples for each category:

● Identification data

o Name and surname, date of birth, gender, PIN, number of identification document

● Contact information

o Address, e-mail address, telephone number

● Financial data

o Payment information and account number, type and number of credit/debit card.

● Data on stay and use of services

o Period of stay, room number, date and type of service you used (stay, consumption of food and drinks, spa and wellness services, prices)

● Footage of the video surveillance system

● Technical data about the device

o IP address, login data, location data, time zone, browser type and version, operating system and other data about the device you use to access the website

● Usage data

o Information about how and in what way you use our website, products and services. Available data during the availability check of accommodation units.

● Marketing data

o Information about your contact preferences.

● Telephone communication data

o Number of callers, recording of the conversation, duration of the conversation

● Information about your preferences

o Information about what kind of room you want, type of bedding and similar special requests.

Special categories of personal data

● Special categories of personal data are data on race, ethnicity, religious or philosophical beliefs, sexual orientation, political views, union membership, data on your health, genetic and biometric data.

● As a rule, we do not collect these types of data, except in the following exceptional cases:

o We collect and process your health data related to allergies, if you have warned us about it, and only with your express consent;

o As part of providing spa and wellness services, we collect data related to health, in accordance with your express consent;

o If you have publicly published some of the above data.

4. Purposes of data collection and legal bases

Accommodation reservation and stay in the facilities

Purpose of processing

Data type

Legal basis

Accommodation reservation, communication before guest arrival
Reservation of stay dates, selection of facility and room type, choice of payment terms
Sending a booking confirmation
Booking management
Preparation of documentation in accordance with accounting regulations
Communication before guest arrival

Identification data
Contact data
Financial data
Information about your preferences
Data on telephone communication (if this is the reservation/communication channel)

Compliance with legal obligations
Contract conclusion and execution
Legitimate interest (business management and service/product management)

Registration (check-in) / Check-out and related actions
Check-in and check-out of guests, room assignment; guest registration in internal systems, connection to requested offers and services, registration of data in the e-Visitor system
Recording guest preferences and requests and possibilities for further communication
Use of parking, luggage storage, issuing hotel key cards

Identification data
Contact data
Financial data
Data on your preferences
Data on stay and use of services
Marketing data
Car registration number
Compliance with legal obligations
Contract execution
Legitimate interest (guest record-keeping, communication, and business management)
Explicit consent (health and allergy data)
Reservation and use of services during the stay
Examples of additional services include using restaurants, bars, spa and wellness facilities
Booking and organizing excursions and transfers
Booking and using fitness programs
Identification data
Contact data
Financial data
Data on your preferences
Data on stay and use of services

Contract execution
Legitimate interest (guest record-keeping, communication, and business management)
Explicit consent (health data)
Guest complaints
Keeping records of guest complaints
Identification data
Data on stay and use of services
Technical data (IP address)
Data on the complaint

Legitimate interest (business management, service improvement)
Compensation claims
Recording guest compensation claims
Identification data
Data on stay and use of services
Data on the compensation claim

Legal obligation
Legitimate interest (business management, service improvement)
Video surveillance
Use of video surveillance systems for the protection of persons and hotel property

Video surveillance footage Legitimate interest (protection of persons and hotel property)
Enabling the use of the wi-fi network
Connecting the guest to the internet via the hotel wi-fi network
Technical data
Usage data
Contract execution
Legitimate interest (maintaining IT system security)
Marketing, advertising, and website usage


Purpose of processing

Data type

Legal basis

Direct e-mail marketing
Sending emails to guests who stayed at the hotel, with information and offers about related services
Sending emails to individuals who subscribed to the newsletter with promotional materials and special offers

Identification data (name)
Contact data (email address)
Interests

Legitimate interest (communication with the guest, marketing strategy)
Consent

Surveys and satisfaction questionnaires
Sending an email to the guest with a request to fill out a survey or satisfaction questionnaire

Contact data (email address)
Legitimate interest (business management, service improvement)
Website analytics tracking
Monitoring visitor behavior on the website to improve site functionality, identify interests, and optimize services
Technical data
Usage data

Legitimate interest (business development, marketing strategy, strategic planning)
Consent
Social media
Communication via social media profiles
Advertising
Preparing and sending advertisements, tracking the effectiveness of sent ads
Identification data
Contact data
Usage data
Marketing data
Technical data
Preference data

Consent (re-targeting)
Legitimate interest (tracking ad effectiveness, business planning, creating marketing campaigns and business strategy)

● Bluesun rewards: Detailed information about data collection and processing within our loyalty program can be found in the Bluesun Rewards Privacy Notice.

● Cookies: More information about the cookies we use on the website, with whom we share the data collected in this way, and how long we retain it – can be found in the Cookie Notice.

5. Data retention periods

We retain your data only as long as is necessary for the purposes for which the personal data is processed.

● We retain the basic data about the guests' stay for up to five years after the stay, in accordance with the statutory statute of limitations, and the data in the e-Visitor system must be retained for 10 years.

● We delete and destroy data related to the services you use during your stay for which we have no legal obligation to keep (e.g., data on luggage storage, parking lot use, lunch packages, etc.) after the end of the guest's stay.

● The data we save in guest relations management systems, so that we can provide you with recommendations and personalized offers, we retain for a maximum of 24 months from your last request, reservation or communication

● We retain data related to accounting regulations for 11 years. This includes invoices that may contain your personal information.

● We retain data related to surveillance videos for a maximum of 60 days.

● We retain data that we collect on the basis of consent (e.g., e-mail newsletter) until consent is withdrawn.

● The retention periods related to membership in the Bluesun Rewards loyalty program are explained in more detail in the program's Privacy Policy.

6. Recipients and processors

We never sell or share your personal data with third parties for the purpose of advertising their services. In certain cases, there will be a legal obligation or business need for us to share your data with third parties or for them to have access to the data in our systems:

● In cases where it is necessary to share your personal data so that we can fulfill the contract in which you are a party;

● In cases where you have agreed to share your personal data with a third party (e.g., in the case of using cookies);

● With judicial, tax, audit and other competent authorities, when we have reason to believe that we are obliged to share such data based on the law and other regulations (for example, based on the request of the tax authority or in connection with pending litigation);

● With payment service providers with whom we have concluded contracts on the processing of personal data;

● With IT service providers whose systems we use in our business operations, and with whom we have concluded appropriate data processing contracts (e.g., reservation system, guest database, CRM system, Mail system;

● With the e-Visitor system, in accordance with the regulations on the provision of catering services and the way of keeping a list and registration of tourists.

7. The rights of data subjects and their exercise

Data subjects have the possibility to exercise the right to:

● Access to personal data

● Correction of incorrect data

● Data transmission

● Deletion of personal data

● Restriction of processing

● Objecting to the processing of personal data

You can request the exercise of rights:

● by sending an email to our data protection officer: [email protected]

● by sending a request to the physical address: Sunce hoteli d.d. for tourism and hospitality, Radnička cesta 43, 10000 Zagreb.

We respond to all requests within the legal deadline of thirty days.

You can submit an objection to certain processing to the supervisory body for the protection of personal data: The Agency for the Protection of Personal Data (AZOP), at the address: Selska cesta 136, 10 000 Zagreb; email address: [email protected]

Neem contact met ons op voor een offerte op maat

Vul de vereiste gegevens in en we nemen snel contact met je op.

Kies bestemmingen
vantot

Kies Datum

zomadiwodovrza
zomadiwodovrza
voor

Kies Gasten

Volwassenen

2

Kinderen

minder dan 14 jaar

0

Wil je de beste prijzen per e-mail ontvangen?

Voer een e-mailadres in waarmee we je een speciale prijsberekening kunnen sturen voor de door jou geselecteerde data, inclusief actuele kortingen