PRIVACY NOTICE

IKADOR LUXURY BOUTIQUE HOTEL & Spa, owned by AUTO ZUBAK – ZAGREB Ltd., Sesvete, Ljudevita Posavskog 7/a, PIN: 34970126847 (hereinafter referred to as: “AZZ” or “we”), pays particular attention to the protection of personal data of its users (hereinafter referred to as: “data subjects”), which it collects and processes in performing its operations. Accordingly, we take special measures to ensure that the processing of personal data that we perform is lawful, fair and transparent. We collect, process and use such data in accordance with the relevant data protection regulations, and the terms used in this Notice have the meanings as defined under Regulation (EU) 2016/679.

More precisely, pursuant to Regulation (EU) 679/16 AZZ may have different roles with regard to your personal data, i.e. it may be the controller and/or the processor. This Notice serves to inform you, our users, of:

  • the identity and contact details of the controller and/or processor (Section 1),
  • the legal bases for processing personal data of data subjects, the purposes for such processing and the manner in which personal data of data subjects are processed (Section 2),
  • the recipients of personal data (Section 3),
  • the period for which your personal data are stored (Section 4),
  • the personal data safeguards in place (Section 5),
  • your rights with regard to the processing of your personal data and the manner in which you can exercise those rights (Section 6),
  • your obligation to provide personal data (Section 7),
  • whether automated decision-making and profiling are used or not (Section 8), and
  • the application of cookies on our web pages (Section 9).

1. Basic information about AUTO ZUBAK – ZAGREB Ltd. as the controller and/or processor

1.1. Identity and contact details:

IKADOR LUXURY BOUTIQUE HOTEL & Spa, owned by AUTO ZUBAK – ZAGREB Ltd., Sesvete, Ljudevita Posavskog 7/a, PIN: 34970126847, Republic of Croatia; info@ikador.com; www.ikador.com

1.2. Contact details of the data protection officer: e-mail: info@ikador.com

2. How do we collect your data, on what basis do we process them and for which purposes do we use them?

We process your data in the following manner and for the following purposes:

2.1. Accommodation inquiries and reservations (via phone, e-mail, our website)

When you make an accommodation inquiry or a reservation request (via phone, e-mail or our website), you will be asked to provide such personal data which we need to give you the requested information, or confirm your reservation, for the purpose of signing an accommodation agreement.

The personal data that we collect when an accommodation inquiry or a reservation request is made are:

  • first and last name of the guest (main guest or all guests arriving under the reservation),
  • sex,
  • phone number,
  • e-mail address,
  • permanent address (optional),
  • country,
  • language,
  • credit card details (booking guarantee) – type of credit card, credit card number, cardholder, date of expiry, CVC (optional).

2.2. Registration at the accommodation facility (check-in)

Upon registration of guests at the accommodation facility (check-in), we collect and keep such personal data which we need to provide accommodation services, comply with our statutory obligation to collect and enter the personal data associated with the hospitality services which we provide into a designated system (i.e. eVisitor – a guest check-in/check-out information system), as well as to ensure you the best possible service. If for some reason you are unable or unwilling to provide the requested data, you will not be able to use our accommodation services.

The personal data that we collect upon check-in are:

  • first and last name,
  • city, country and date of birth,
  • citizenship,
  • identification document type, number and place of issue,
  • permanent address (current address),
  • sex,
  • date and time of arrival to and departure from the accommodation facility.

We keep the above-mentioned data in our databases and enter them into the eVisitor system. Pursuant to the relevant legal regulations, such data are stored and retained for a period of 10 years.

Upon registration at the accommodation facility (i.e. upon check-in), you may also be asked to provide certain additional data (e.g. your nutritional preferences, and similar), which will allow us to personalize the service provided to you. Additional data are marked as optional and are not required for the provision of accommodation services. However, without such additional data, we will not be able to provide you a personalized service.

2.3. Video surveillance

On the basis of a legitimate interest and for the purpose of protecting people and property, we have put in place appropriate security and technical measures, i.e. we have installed a video surveillance system. The recordings obtained through video surveillance are kept for up to 6 months.

2.4 Newsletter subscription

When you sign up to receive our newsletter, you will be requested to provide the following data:

* first and last name,

* e-mail address.

The above data will be used for the purpose of sending you various promotional offers, news and event info. You are not required to provide the relevant data for this purpose, i.e. the provision of the requested service is not contingent on the provision of such data. You can also remove your name from the list of subscribers at any time in order to stop receiving the relevant information.

2.5. Satisfaction surveys/questionnaires

In principle, customer satisfaction surveys and questionnaires are anonymous and you are therefore not required to provide your personal data when completing the same. If you are, however, willing to provide your personal data for this purpose, we will only ask that you provide your first and last name. The data collected in this manner will be used exclusively for the purpose of increasing the quality of service.

2.6 Complaints

Upon submitting a complaint, you will be required to provide the following data:

  • first and last name,
  • period of stay,
  • number of guests who stayed at the facility,
  • names of guests who stayed at the facility,
  • reservation number,
  • phone number,
  • e-mail address.

We will use the above data for the purpose of sending an answer to your complaint, and we will store and retain such data for a period of 1 year from the date of receipt of the same in writing, in accordance with the relevant legal regulations.

2.7. Consent

We may ask you to give us your consent to the processing of your data for a purpose which, considering its ultimate intention, is not a precondition for the execution of a contract, does not represent a statutory obligation of AZZ, is not necessary for entering into or executing a contract, or is not in your legitimate interest (e.g. for the purpose of marketing activities, offering services, sending personalized offers, and similar). You are not required to provide such consent, but you are free to give it if you are willing and have the right to withdraw it at any time. The request for consent must be presented to you in a manner which ensures that it is clearly distinguishable from other matters, in an intelligible and easily accessible form, using clear and simple language.

2.8. Use of website

You can view and use our web pages anonymously since we do not collect any data which could identify you as an individual when you view our pages, and you are also not required to provide your personal data as a precondition for using our website. When you use our website, we may, however, store certain data associated with you for various security reasons. Such data may include the name of your internet service provider, the website that linked you to our website, the web pages you have visited while using our website, and your IP address. The mentioned data could allow us to identify you, but we do not use them for that purpose. We use such data from time to time for statistical purposes, but we also ensure that user data are anonymized, thus rendering the users unidentifiable. Furthermore, by entering your personal data in the designated fields available on our web pages, you confirm that you have voluntarily put such data at our disposal and that you allow us to use them for the purpose for which they are given.

2.9. Information from other sources

We can also obtain your personal data from other sources. Such other sources include our online partner agencies or travel agencies whose services you have used to book accommodation with us, which have later forwarded your personal data to us. We need the data obtained and processed in this manner for the purpose of confirming your reservation and signing an accommodation agreement with you.

Through our online partner agencies and travel agencies we collect the following data:

  • first and last name of the guest (main guest or all guests arriving under a reservation),
  • sex,
  • phone number,
  • e-mail address,
  • permanent address (optional),
  • country,
  • language,
  • credit card details (booking guarantee) – type of credit card, credit card number, cardholder, date of expiry, CVC (optional).

3. Do we share your data with third parties – recipients of personal data?

3.1. The data collected from you and other data that concern you remain stored in AZZ’s databases. Your data may be shared with third parties:

a) in cases where we are required by law to disclose such data (e.g. obligation to submit data to the Tourist Board via the eVisitor system), or where disclosure of such data is necessary in order to respond to a legal action or to a request made by competent law enforcement

institutions in connection with minor offense, criminal offense or court procedures (on the basis of a written order);

b) for the purpose of protecting our rights, privacy, safety or property, and that of the public;

c) for the purposes of administrative or technical support (e.g. to our partners performing accounting, information system maintenance, and similar operations), or for other business purposes with a view of facilitating transactions with you;

d) for the purpose of analyzing our data, conducting mobile analytical services, or for the purpose of maintaining or improving our services (subject to non-disclosure agreements, where appropriate);

e) for the purpose of finding appropriate legal remedies and limiting possible damage;

f) for the purpose of complying with the terms and conditions of any contract or our business relationship with you, or with the terms and conditions applicable to our online service (e.g. for the purpose of providing accommodation reservations services, for the purpose of providing accommodation services, and similar);

g) for the purpose of processing transactions with our branches, business partners, agents or agencies whose services you have used to arrange or request our services;

h) in other cases subject to your consent.

3.2. Your personal data may be transferred to another legal entity in the event of a transfer, change of ownership, reorganization or merger of AUTO ZUBAK – ZAGREB Ltd. or a certain part of that company with another legal entity, or in the event of a transfer of the company’s property to another legal entity.

3.3. Your personal data may be disclosed to third parties – service providers (e.g. to a payment service provider for the purpose of collecting our service charges, to an e-mail service provider responsible for sending you e-mail notifications on our behalf or to subcontractors responsible for performing operations from the scope of our customer service). Such service providers may be located in some other country (i.e. not your home country), such as the US or an EU member state, and they are contractually bound to protect the confidentiality and security of your data. However, if required under applicable laws, your data may be made available to certain state authorities.

3.4. In cases where it shares your data with third parties, AZZ will require that such third parties refrain from using your data for purposes other than the agreed one, and will also obligate its business partners to protect the confidentiality of personal data.

4. Period for which your personal data will be stored

4.1. The period for which your data will be stored/retained depends on the type/category of data, the purpose for which they were provided or collected, and the laws or legal obligations that AZZ is required to comply with. The personal data will be kept for a period prescribed by the law, or for a period deemed necessary to provide the requested service or perform the service or purpose for which you have given your consent, unless otherwise required by the law (e.g. in connection with an ongoing court procedure).

4.2. The data that refer to statutory and legal obligations of AZZ are stored for the period prescribed by the respective laws (e.g. the obligation to store and the period for which invoices and bookkeeping records (which, among other, contain your data) are to be retained is prescribed under the Accounting Act. Accordingly, such invoices and records are kept for 11 years.

4.3. The data in respect of which a specific storage (retention) period is not prescribed under any laws or regulations will be stored and retained for a period deemed reasonable depending on the category of the relevant data and the purpose for which they were collected in the first place. The data collected for a specific purpose will be used for that purpose only. After the expiry of the reasonable period of storage (retention) and after the relevant purpose is fulfilled, such data will no longer be actively used. However, anonymized data may continue to be used for statistical and marketing purposes, as well as for archiving and other analytical purposes. When providing such data, you will be informed of the applicable storage (retention) period, and the criteria in accordance with which such period is determined.

5. Personal data safeguards

5.1. When we process your personal data, we implement appropriate technical, organizational and legal personal data protection safeguards to prevent unauthorized access and any further unauthorized processing.

6. Your rights with regard to data processing

6.1. With regard to all your personal data stored in our databases and depending on the purpose and legal basis for storing and retaining such data, you have the following rights:

a) the right to access your personal data – you have the right to request and receive information from us regarding whether your personal data are being processed. If they are being processed, in addition to the right to access such data, you have the right to receive additional information regarding the purpose of processing, the categories of personal data that are being processed, the recipients or categories of recipients of personal data, the period for which personal data are stored (retained), the rights you have as data subjects, the right to lodge a complaint with a supervisory authority, the source of your personal data if not collected directly from you, the use (or non-use) of automated decision-making and profiling, as well as the transfer of personal data to third countries or international organizations;

b) the right to rectify or supplement your personal data – without undue delay, you will have the right to rectify inaccurate or supplement incomplete personal data which concern you;

c) the right to erase your personal data (“the right to be forgotten”) – you have the right to request that your personal data be erased at any time, and we will honor your request and act upon it if the relevant personal data are no longer needed for the purposes for which they were collected, if you withdraw the consent on the basis of which such data are processed, if you object to the processing performed on the basis of a legitimate interest, if the data are unlawfully processed, or if they are contrary to the provisions of the Regulation on any other basis. The right to erasure is not an unrestricted right. More precisely, we will not be able to honor your request and act upon it if there is a legal or some other obligation on the basis of which we are required to store and retain your personal data (e.g. storing and retaining invoices and book-keeping records), of which you will be informed timely;

d) the right to restrict the processing of your personal data – you will have the right to request that the processing of your personal data be restricted if you believe that the data are inaccurate (for a period allowing us to check the accuracy of the relevant data); if the processing is unlawful, without requesting erasure, however; if we no longer need the relevant data but you need them for the purpose of establishing, exercising or defending a legal claim; or if you have objected to the processing on the basis of a legitimate interest (e.g. restricting the use of an e-mail address for sending certain notifications/information).

e) the right to data portability – if you have provided your personal data in a structured, commonly used and machine-readable format, you have the right to obtain such data and transmit them to another controller, provided the processing is based on consent or on a contract, and provided the processing is carried out by automated means. If technically feasible, you may request that your data be directly transmitted to another controller;

f) the right to object to the processing – you have the right to object to the processing performed on the basis of a legitimate interest at any time (e.g. direct marketing);

g) the right to lodge a complaint with the relevant supervisory authority – if you consider that any of your rights, which arise in connection with the processing of your personal data, is breached, you may lodge a complaint with the Personal Data Protection Agency (AZOP), Martićeva 14, 10 000 Zagreb, azop@azop.hr), in accordance with the applicable personal data regulations;

h) if the processing of your personal data is based on consent, you have the right to withdraw your consent at any time, where such withdrawal will take effect on the date it is made.

6.2. Requests to exercise the rights from the preceding section (except for requests under point g)) may be submitted in writing and sent to the address specified in Section 1 or via e-mail to info@ikador.com. If you cannot be identified as the owner of the relevant personal data, your request may be denied.

7. Are you required to provide your personal data to us?

7.1. When you request AZZ’s services, submit a particular request, ask for an offer to be made to you, file a complaint in connection with a particular agreement or execution thereof, you must provide to us such personal data that allow us to identify you as a user of our services, and to enter into and execute

a contract with you, handle your request, or resolve your complaint. In such situations, provision of your personal data represents your legal and contractual obligation, and a precondition for entering into and executing a contract, for handling a request, or resolving a complaint.

8. Does AZZ use automated decision-making and profiling?

8.1. AZZ does not use automated decision-making.

8.2. By collecting additional data about you, we create your profile in order to be able to personalize our service and to adjust it to your specific interests.

9. Online security of personal data

9.1. On our website, your personal data are protected from unauthorized access, use or disclosure. The data stored on computer servers are kept in a controlled and safe environment, with safeguards against unauthorized access, use or disclosure in place.

10. Application of cookies

10.1. On our web pages we use cookies, i.e. textual files stored on the user’s computer by the internet server that they use. Such files are created when the browser on the user’s device uploads the visited web destination, which sends the data to the browser and creates a textual file (a cookie). The browser then retrieves such file and sends it to the web destination server (location, page) when the user returns to the same.

10.2. The cookies are used to allow the functioning of all website features as well as to ensure a better customer experience, and they may be either temporary (stored only during the visit to a web page) or permanent (they remain stored on the user’s computer even after the visit is ended).

Third-party cookies are used to obtain statistical data about how frequently our web pages are visited and in what manner they are used. The data which are collected include: the user’s IP address, browser data, language data, operating system data, and other standard data which are collected and analyzed on a massive scale and in an anonymized form, unless user data are concerned. AZZ’s web pages do not contain cookies that allow running of programs or installation of viruses onto your computer.

10.3. Where our web pages are concerned, we use the Google Analytics statistical services. The rules regarding third-party cookies are available on the Google Analytics site. From time to time we may also collect information about the manner in which the users use our web pages using other tools similar to Google Analytics.

10.4. Disabling cookies: If you do not want to accept cookies, you can easily delete (or disable) them on your computer or mobile device by adjusting your browser settings. You can find out more about the manner in which cookies are managed on your browser pages or on www.allaboutcookies.org.

Since the purpose of cookies is to improve the functioning and allow the use of our web pages and the related processes, please bear in mind that by disabling or deleting cookies you might affect the proper functioning of our website features, or cause them to function or appear differently in your browser.