MONDO FERIO d.o.o. turistička agencija, turizam i usluge (tourist agency, tourism and services), from Novigrad, Svetog Antona 36, Personal ID no.(OIB): 86304016104, (hereinafter: the Company), brought in November 2020, especially determined to protect your personal data in accordance with applicable regulations, including the Regulation (EU) No. 2016/679 from 27 April 2016 (hereinafter: “General Regulation“) and the Law on the Implementation of the General Regulation on Data Protection (NN 42/2018), the following document which regulates the collection, processing and the use of your personal data, i.e. in general the protection of your privacy
This Policy is intended for respondents in order for them to have a correct and complete information on how their personal data is collected, used, given for inspection or processed in any other way by the Company, as well as up to what measure this personal data is processed or will be processed.
The purpose of this Policy is to give a transparent possibility to individuals using this web portal to familiarise themselves with the rules, protective measures, rights and risks related to processing of personal data.
Personal data is all data from which a person’s identity may be determined. By providing online services, the Company can collect some of the following personal data:
– name, surname, place of residence, date of birth, personal identification number, personal identification card number or number of another identification document, citizenship;
– data on your stay, including data on your accommodation, date of arrival, date of departure, bought products or services, information on your preferences related to services (room type etc.);
– data on services ordered;
– additional information on you that we can receive from third parties which we do business with (e.g. agencies, tour-operators);
LEGAL GROUNDS FOR COLLECTION OF PERSONAL DATA
The Company collects and processes your personal data only if one of the following requirements listed below has been met
We have your consent. Example: Subscription to newsletters or marketing news. If you want to subscribe to the newsletter, you will mark that on the corresponding place and you will enter your e-mail address.
The processing is necessary for performance of the agreement or in order to conduct activities on the request of the respondent prior to the conclusion of the agreement. Example: Booking accommodation via internet. In that case, your personal data is necessary in order to agree, i.e. fulfil mutual rights and obligations.
The processing is necessary in order to respect legal obligations of the data processing manager. Example: Forwarding data to the eVisitor system or complying with orders by the competent authority. This circumstance is important considering the fact that every stay of the guest has to be registered at the tourist board and police according to the place of stay, which is conducted through this system. In the second example, personal data is given to the competent body based on a legal order.
The processing is necessary for the needs of legitimate interests of the data processing manager or the third party. Example: In order to personalise your experience and offer you other services or products that could be of interest to you. In this case we want to bring our service closer to you, and that would not be possible without having the data that we ask you to share with us and that helps us better understand your interests, affinities and wishes.
PERSONAL DATA THAT IS COLLECTED
The Company collects the data listed below during the reservation process, i.e. the use of services and when accessing the website www.villasholiday.com:
(I) In the process of accommodation reservation, the following is collected:
Name, surname, place of residence, personal identification document number, e-mail address, telephone number, personal identification number.
(II) When you access the website, the following is collected:
Information on your accommodation interests; information on the use of the website; information on clicks to our ads, including those published on other websites; Notification on how you access digital services, e.g. IP address;
(III) By sending inquiries and providing support, consultations or replies to complaints, questionnaires and research, the following is collected:
Data that you usually deliver to us upon reservations or purchases of services, including name, surname, e-mail address or if you connect via social networks, then name and username and contact details. The content of digital communication, selected links and your comments and remarks.
(IV) By subscribing to the newsletter, the following is collected:
HOW YOUR PERSONAL DATA IS USED
In the situation in which you give personal data of other persons to the Company, the following should be taken into account:
– The Company uses data on other persons that you submit to us, for example persons that are included in the accommodation reservation;
For marketing and promotional purposes:
• In order to understand you as a client as best as possible and to adjust our services and marketing communication, Villas Holiday may combine personal data collected during the sales of services with data collected via our web sites, applications or other sources,
• To send you notifications about new services, updates to services, events and special offers we believe you may be interested in;
• To send you notifications about other companies and products we believe you may be interested in, but only if you have agreed to this type of communication beforehand,
• Marketing research to improve our services, in which case you are always free to refuse to cooperate.
The collected personal data are processed by the Company for the purpose for which they were given and/or for the purpose based on the relevant regulation or a legitimate interest arising from or related to the use of the Internet portal www.villasholiday.com.
WHO CAN SEE YOUR DATA
The Company does not sell, rent or lend your personal information to third parties.
The company can share data with reliable partners who perform certain functions for us, such as maintenance of IT systems and applications, marketing campaigns and payment processing.
We forward certain personal data to the competent authorities on the basis of legal obligations, such as registration of guests in the eVisitor system for the purpose of paying the sojourn tax, guest list and registration of the residence of foreigners.
In any case, when the Company needs to share the collected personal data, then we demand that they be protected and not used for marketing purposes.
HOW TO PROTECT YOUR RIGHTS
It is your right to request a copy of your personal data that we have collected, and you can see the data that we collected during the reservation process from the reservation itself. You may request a copy of other data we have collected from you. In that case, provide all the details to help us identify and locate your personal data. The delivery of data is free of charge, but the Company reserves the right to charge a reasonable fee in the case of special requests, such as multiple copies, a special format or the like. The Company will provide you with the information, within a reasonable time, by e-mail, to the e-mail address specified in the request.
We want all of your data to be accurate and up to date, and if you notice that some of the data we hold are inaccurate, please let us know. We also remind you that you have the right to request the correction or deletion of your personal data, as well as the right to object to the processing of personal data, i.e. to deny your consent to the processing of personal data. The Company will correct or delete your personal data unless we need to retain it for legitimate legal or business interests.
If you have any remarks to the processing, use or storage of your personal data, please feel free to contact us. If you are not satisfied with our answer, you can contact the supervisory body – the Agency for Personal Data Protection (Agencija za zaštitu osobnih podataka – AZOP), based in Zagreb, Selska cesta 136, HR 10 000 Zagreb, E: firstname.lastname@example.org.
Any requests or remarks regarding personal data collected by the Company shall be submitted in writing to the personal data protection officer. The request must include the e-mail address you provided at the time of registration as well as the e-mail address to which you wish to receive a response (if it is not the same as the e-mail address from which you submitted the request). The address of the Company’s personal data protection officer is: email@example.com. We reserve the right to request more information from you in order to establish your identity, i.e. the authority to submit a request on behalf of a third party.
SECURITY OF YOUR PERSONAL DATA
It is our special mission to fully ensure the protection of your personal data from unauthorised access, disclosure or deletion, regardless of the place of storage or processing, as well as the format in which it can be found. The company pays special attention to the implementation of highly professional computer solutions and standards.
The company applies recognised information security standards:
– we apply technical and organizational protection measures based on the risk analysis,
– we strive to minimise the exposure of data at all levels of business and examine organisational and technical protection measures,
– we check the collection of information, storage and processing methods,
– where possible, we protect data, pseudonymise and anonymise data,
– we restrict access to personal data in such a way that it can be accessed only by persons who need it for the performance of professional tasks, and who are obliged to respect strict confidentiality obligations.
LINKS TO OTHER WEBSITES
PERSONAL DATA RETENTION PERIOD
The period in which the Company keeps personal data is limited to a strict minimum, and the Company accordingly defines retention deadlines or periodic review of certain personal data so that they are not kept longer than necessary to fulfil the purpose for which they were collected.
After the deadline, the Company will delete personal data, and if the data is necessary for the purpose of compiling statistical indicators, analysis or archiving, or any other legitimate interest, all measures will be taken to anonymise personal data.
THE PRODUCTS WE OFFER ON THE WEBSITE www.villasholiday.com ARE THE FOLLOWING:
Accommodation in luxury villas and holiday homes
Accommodation in other types of holiday accommodation
Organization of additional activities for guests
The prices are shown separately for each facility, below each individual facility.
STATEMENT ON DATA PRIVACY, COLLECTION AND USE
Mondo Ferio d.o.o. undertakes to protect the personal data of its customers, namely by collecting only the necessary/basic customer/user details required to fulfil our obligations; it informs the customers of the way the collected data are used, and it regularly offers them a possibility to choose how their data are used, including the possibility to decide whether or not to have their name removed from the lists used for marketing campaigns. All user details are handled with strict confidentiality and are only available to the employees who need them to perform their work tasks. All employees and business partners of Mondo Ferio d.o.o. are subject to our privacy principles.
Our prices are expressed in different currencies, but all payments are made in HRK (the Croatian kuna). The amount charged to your credit card account is obtained by converting the price in foreign currency to domestic currency (HRK) at the current exchange rate of the Croatian National Bank. When charging a credit card, the amount is converted to your local currency at the exchange rate of the group to which your bank belongs. Thus, it is possible that there will be a slight difference from the original price shown in our offer or on the website.
STATEMENT ON THE PROTECTION OF TRANSFER OF PERSONAL DATA
WSPay, as the executor of credit card authorization and charging, handles personal data as the processor, in accordance with the General Data Protection Regulation No. 2016/679 of the European Parliament and of the Council, as well as the strict rules of the PCI DSS L1 standard on data entry and transmission protection.
WSPay uses a 256-bit encryption SSL certificate and the TLS 1.2 cryptographic protocol as the highest protection levels when data are entered and transferred.
The personal data used for authorization and collection purposes, i.e. in the performance of the obligations referred to in the Agreement or under the Agreement, are considered to be confidential data.
The following customer details are required for the performance of the (authorization and collection) agreement:
· Name and surname
· Phone number
· Postal code
· Card type
· Card number
· Card’s validity period
· CVV code
WSPay does not process or use these personal data, except for the purpose of performing the authorization and collection agreement.
WSPay guarantees the compliance with all the conditions set by the applicable regulations on personal data protection for personal data processors, particularly when it comes to taking all necessary technical, organizational and security measures, which is also attested by the PCI DSS L1 certificate.
WSPAY USAGE STATEMENT
Mondo Ferio d.o.o. (point of sale) uses WSPay for online payments.
WSPay is a secure system for online payment, real-time payment, as well as payment by credit and debit cards and other payment methods. WSPay provides the customer and merchant with a secure entry and transfer of entered card details, which is attested by the PCI DSS certificate held by WSPay. WSPay uses a 256-bit encryption SSL certificate and the TLS 1.2 cryptographic protocol as the highest protection levels when data are entered and transferred.