+385 52 500 401 - 08:00 - 22:00

Privacy policy

MONDO FERIO d.o.o. turistička agencija, turizam i usluge (tourist agency, tourism and services), from Novigrad, Svetog Antona 36, Personal ID no.(OIB): 86304016104, (hereinafter: the Company), brought in November 2020, especially determined to protect your personal data in accordance with applicable regulations, including the Regulation (EU) No. 2016/679 from 27 April 2016 (hereinafter: “General Regulation“) and the Law on the Implementation of the General Regulation on Data Protection (NN 42/2018), the following document which regulates the collection, processing and the use of your personal data, i.e. in general the protection of your privacy

INTRODUCTION


This Policy is intended for respondents in order for them to have a correct and complete information on how their personal data is collected, used, given for inspection or processed in any other way by the Company, as well as up to what measure this personal data is processed or will be processed.

The purpose of this Policy is to give a transparent possibility to individuals using this web portal to familiarise themselves with the rules, protective measures, rights and risks related to processing of personal data.

This Policy also applies with regard to collection, processing and protection of your personal data and use of cookies and similar analytical tools when visiting, registering and using the web portals www.villasholiday.com with all their subdomains, websites and applications for mobile phones that are part of the above-mentioned domains owned by the Company when sending electronic mail which contains the link to this Privacy policy. With regard to specific questions that are possibly not regulated by this Policy, General Terms and Conditions, that can be found here, are applied.

PERSONAL DATA

Personal data is all data from which a person’s identity may be determined. By providing online services, the Company can collect some of the following personal data:

– name, surname, place of residence, date of birth, personal identification number, personal identification card number or number of another identification document, citizenship;

– data on your stay, including data on your accommodation, date of arrival, date of departure, bought products or services, information on your preferences related to services (room type etc.);

– data on services ordered;

– additional information on you that we can receive from third parties which we do business with (e.g. agencies, tour-operators);

LEGAL GROUNDS FOR COLLECTION OF PERSONAL DATA



The Company collects and processes your personal data only if one of the following requirements listed below has been met


We have your consent. Example: Subscription to newsletters or marketing news. If you want to subscribe to the newsletter, you will mark that on the corresponding place and you will enter your e-mail address.

The processing is necessary for performance of the agreement or in order to conduct activities on the request of the respondent prior to the conclusion of the agreement. Example: Booking accommodation via internet. In that case, your personal data is necessary in order to agree, i.e. fulfil mutual rights and obligations.

The processing is necessary in order to respect legal obligations of the data processing manager. Example: Forwarding data to the eVisitor system or complying with orders by the competent authority. This circumstance is important considering the fact that every stay of the guest has to be registered at the tourist board and police according to the place of stay, which is conducted through this system. In the second example, personal data is given to the competent body based on a legal order.

The processing is necessary for the needs of legitimate interests of the data processing manager or the third party. Example: In order to personalise your experience and offer you other services or products that could be of interest to you. In this case we want to bring our service closer to you, and that would not be possible without having the data that we ask you to share with us and that helps us better understand your interests, affinities and wishes.

PERSONAL DATA THAT IS COLLECTED


The Company collects the data listed below during the reservation process, i.e. the use of services and when accessing the website www.villasholiday.com:


(I) In the process of accommodation reservation, the following is collected:
Name, surname, place of residence, personal identification document number, e-mail address, telephone number, personal identification number.

(II) When you access the website, the following is collected:
Information on your accommodation interests; information on the use of the website; information on clicks to our ads, including those published on other websites; Notification on how you access digital services, e.g. IP address;

(III) By sending inquiries and providing support, consultations or replies to complaints, questionnaires and research, the following is collected:
Data that you usually deliver to us upon reservations or purchases of services, including name, surname, e-mail address or if you connect via social networks, then name and username and contact details. The content of digital communication, selected links and your comments and remarks.

(IV) By subscribing to the newsletter, the following is collected:
e-mail address



HOW YOUR PERSONAL DATA IS USED

In the situation in which you give personal data of other persons to the Company, the following should be taken into account:
– The Company uses data on other persons that you submit to us, for example persons that are included in the accommodation reservation;
– When you submit data on other persons, you have to be sure that they agreed to it and that you have the authorisation to do it in their name. Whenever possible, you should make sure that you also familiarize them with the processing of personal data from this Privacy Policy.

For marketing and promotional purposes:
• In order to understand you as a client as best as possible and to adjust our services and marketing communication, Villas Holiday may combine personal data collected during the sales of services with data collected via our web sites, applications or other sources,
• To send you notifications about new services, updates to services, events and special offers we believe you may be interested in;
• To send you notifications about other companies and products we believe you may be interested in, but only if you have agreed to this type of communication beforehand,
• Marketing research to improve our services, in which case you are always free to refuse to cooperate.

The collected personal data are processed by the Company for the purpose for which they were given and/or for the purpose based on the relevant regulation or a legitimate interest arising from or related to the use of the Internet portal  www.villasholiday.com.

WHO CAN SEE YOUR DATA



The Company does not sell, rent or lend your personal information to third parties.
The company can share data with reliable partners who perform certain functions for us, such as maintenance of IT systems and applications, marketing campaigns and payment processing.
We forward certain personal data to the competent authorities on the basis of legal obligations, such as registration of guests in the eVisitor system for the purpose of paying the sojourn tax, guest list and registration of the residence of foreigners.

In any case, when the Company needs to share the collected personal data, then we demand that they be protected and not used for marketing purposes.

HOW TO PROTECT YOUR RIGHTS

It is your right to request a copy of your personal data that we have collected, and you can see the data that we collected during the reservation process from the reservation itself. You may request a copy of other data we have collected from you. In that case, provide all the details to help us identify and locate your personal data. The delivery of data is free of charge, but the Company reserves the right to charge a reasonable fee in the case of special requests, such as multiple copies, a special format or the like.  The Company will provide you with the information, within a reasonable time, by e-mail, to the e-mail address specified in the request.

We want all of your data to be accurate and up to date, and if you notice that some of the data we hold are inaccurate, please let us know. We also remind you that you have the right to request the correction or deletion of your personal data, as well as the right to object to the processing of personal data, i.e. to deny your consent to the processing of personal data. The Company will correct or delete your personal data unless we need to retain it for legitimate legal or business interests.

If you have any remarks to the processing, use or storage of your personal data, please feel free to contact us. If you are not satisfied with our answer, you can contact the supervisory body – the Agency for Personal Data Protection (Agencija  za zaštitu osobnih podataka – AZOP), based in Zagreb, Selska cesta 136, HR 10 000 Zagreb, E: [email protected].

Any requests or remarks regarding personal data collected by the Company shall be submitted in writing to the personal data protection officer. The request must include the e-mail address you provided at the time of registration as well as the e-mail address to which you wish to receive a response (if it is not the same as the e-mail address from which you submitted the request). The address of the Company’s personal data protection officer is: [email protected]. We reserve the right to request more information from you in order to establish your identity, i.e. the authority to submit a request on behalf of a third party.

SECURITY OF YOUR PERSONAL DATA

It is our special mission to fully ensure the protection of your personal data from unauthorised access, disclosure or deletion, regardless of the place of storage or processing, as well as the format in which it can be found. The company pays special attention to the implementation of highly professional computer solutions and standards.

The company applies recognised information security standards:
– we apply technical and organizational protection measures based on the risk analysis,
– we strive to minimise the exposure of data at all levels of business and examine organisational and technical protection measures,
– we check the collection of information, storage and processing methods,
– where possible, we protect data, pseudonymise and anonymise data,
– we restrict access to personal data in such a way that it can be accessed only by persons who need it for the performance of professional tasks, and who are obliged to respect strict confidentiality obligations.

Notwithstanding the above privacy policies, we encourage you to take steps to make your personal data secure (including your password) and to always log out of the Internet portal after use. If the personal data we process is transferred outside the European Union and the European Economic Area because it is necessary to technically perform the service requested by the user, then the Company will take reasonable steps to ensure that the data subjects outside the EU take appropriate measures to protect the said data and to provide protection in accordance with these Privacy Policy.

LINKS TO OTHER WEBSITES



This website may contain links to other websites operated by another entity (including Facebook, Google, Instagram, etc.) that has its own specific privacy policy, so we draw you attention to familiarise yourself with their terms of use and privacy policies before submitting any personal data. The Company assumes no responsibility for these websites or the entities that manage them in relation to the protection of privacy.

PERSONAL DATA RETENTION PERIOD

The period in which the Company keeps personal data is limited to a strict minimum, and the Company accordingly defines retention deadlines or periodic review of certain personal data so that they are not kept longer than necessary to fulfil the purpose for which they were collected.

After the deadline, the Company will delete personal data, and if the data is necessary for the purpose of compiling statistical indicators, analysis or archiving, or any other legitimate interest, all measures will be taken to anonymise personal data.

USE OF COOKIES



The Company uses cookies. Rules on the use and purpose of cookies can be found here.

CHANGES TO THE PRIVACY POLICY


This Privacy policy was adopted in November 2020
The Company reserves the right to make changes, modifications and/or amendments to this Privacy Policy at any time. We will publish all changes to the Policy on the Company’s internet portal www.villasholiday.com, and possibly inform you additionally if we deem it necessary (e.g. for major or significant amendments/additions).

THE PRODUCTS WE OFFER ON THE WEBSITE www.villasholiday.com ARE THE FOLLOWING:

Accommodation in luxury villas and holiday homes

Accommodation in other types of holiday accommodation

Organization of additional activities for guests

The prices are shown separately for each facility, below each individual facility.

STATEMENT ON DATA PRIVACY, COLLECTION AND USE

Mondo Ferio d.o.o. undertakes to protect the personal data of its customers, namely by collecting only the necessary/basic customer/user details required to fulfil our obligations; it informs the customers of the way the collected data are used, and it regularly offers them a possibility to choose how their data are used, including the possibility to decide whether or not to have their name removed from the lists used for marketing campaigns. All user details are handled with strict confidentiality and are only available to the employees who need them to perform their work tasks. All employees and business partners of Mondo Ferio d.o.o. are subject to our privacy principles.

Our prices are expressed in different currencies, but all payments are made in HRK (the Croatian kuna). The amount charged to your credit card account is obtained by converting the price in foreign currency to domestic currency (HRK) at the current exchange rate of the Croatian National Bank. When charging a credit card, the amount is converted to your local currency at the exchange rate of the group to which your bank belongs. Thus, it is possible that there will be a slight difference from the original price shown in our offer or on the website.

STATEMENT ON THE PROTECTION OF TRANSFER OF PERSONAL DATA

WSPay, as the executor of credit card authorization and charging, handles personal data as the processor, in accordance with the General Data Protection Regulation No. 2016/679 of the European Parliament and of the Council, as well as the strict rules of the PCI DSS L1 standard on data entry and transmission protection.

WSPay uses a 256-bit encryption SSL certificate and the TLS 1.2 cryptographic protocol as the highest protection levels when data are entered and transferred.

The personal data used for authorization and collection purposes, i.e. in the performance of the obligations referred to in the Agreement or under the Agreement, are considered to be confidential data.

The following customer details are required for the performance of the (authorization and collection) agreement:

· Name and surname

· Email

· Phone number

· Address

· Place

· Postal code

· State

· Card type

· Card number

· Card’s validity period

· CVV code

WSPay does not process or use these personal data, except for the purpose of performing the authorization and collection agreement.

WSPay guarantees the compliance with all the conditions set by the applicable regulations on personal data protection for personal data processors, particularly when it comes to taking all necessary technical, organizational and security measures, which is also attested by the PCI DSS L1 certificate.

WSPAY USAGE STATEMENT

Mondo Ferio d.o.o. (point of sale) uses WSPay for online payments.

WSPay is a secure system for online payment, real-time payment, as well as payment by credit and debit cards and other payment methods. WSPay provides the customer and merchant with a secure entry and transfer of entered card details, which is attested by the PCI DSS certificate held by WSPay. WSPay uses a 256-bit encryption SSL certificate and the TLS 1.2 cryptographic protocol as the highest protection levels when data are entered and transferred.