Privacy Policy

Hotel Prišćapac Resort & Apartments (Balaton d.o.o. za turizam)

This Privacy Policy sets out how Balaton d.o.o. za turizam („Balaton d.o.o.” or „we”) uses and protects your personal data. Balaton d.o.o. is the Controller for personal data given to us by guests or prospective guests using the sites priscapac.com or dalmatnyar.hu, as well as for other groups of individuals identified in the policy such as guests interacting with us through different channels, business contacts, and our staff.

The recording of bookings on priscapac.com or dalmatnyar.hu is managed by Hospitality and Retail Systems („HRS International”). HRS Privacy Policy is available here: HRS Privacy Policy. Our contractual arrangements with HRS Croatia (local chapter of HRS International) include suitable safeguards over your personal data in order to protect the rights you have under EU legislation. In the course of its business activities, Balaton d.o.o. requests, obtains, and processes personal data from guests, prospective guests, business contacts, staff, and other individuals. We aim to process the minimum personal data we need in order to provide a good service. We recognise and respect the legal rights and reasonable expectations of individuals over their personal data and privacy.

This Privacy Policy explains how we protect personal data and privacy. Many of the principles we follow are driven by the EU’s General Data Protection Regulation (GDPR). However, we comply with all applicable legal requirements on personal data protection and privacy.

We have tried to make this Privacy Policy easy to use and to understand, within the constraints of the complexity of the information we have to communicate. If you have any questions on the material or any comments or suggestions, please contact us at: info@priscapac.com with indicative subject.

Main sections of this Privacy Policy cover:

Your rights under GDPR
The different processing activities at Balaton d.o.o.
Legal reference information (including contact details)
Terms and abbreviations used in this Policy

1) Legal rights of individuals („data subjects”) under GDPR

The „data subjects” covered by GDPR are living individuals anywhere who deal with a „controller” in the EU, or living individuals in the EU who deal with a controller outside the EU. A „controller” is the legal entity which defines how personal data is processed. „Personal data” is any data which can be linked to a data subject.

As explained below, data subjects have the following specific rights under GDPR:

Right to receive transparent information
Right of access to own data
Right to rectify inaccurate data
Right to erasure („Right to be forgotten”) in specific circumstances
Right to withdraw consent
Right to request restriction of processing
Right to object to processing
Right not to be subject to automated decisions
Right to data portability
Right to complain to a „Supervisory Authority”
Right to an effective judicial remedy against a controller or processor

This Policy addresses all of these rights. Under your request on any of them, we will respond without undue delay and in any case within one month, and we will do our best to resolve even complex cases within three months. We will respond to you electronically or by such other medium as you request. We will not charge a fee for an initial request, but we reserve the right to charge an administrative fee for handling a request repeated within a year, or in case of otherwise manifestly unfounded or excessive request.

Note that we will need to verify your identity to be able to act on any request.

If we believe that we should not act on your request, we will write to inform you of the basis for our decision, and also of your options for legal remedy.

Separately from these rights, if you believe that Balaton d.o.o. has mistreated you with regard to your personal data or your privacy, please contact us so that we can rectify the situation and improve our service to all guests. You can send a formal complaint to us by email or by post to the address given in section 1.12 „Contacting Balaton d.o.o. regarding GDPR” below.

We will aim to respond without undue delay and in any case within 30 working days.

1.1 Right to receive transparent information

We will provide all information required by GDPR to you in a concise, transparent, intelligible and easily accessible form, using clear and plain language, particularly for any information specifically for children. We shall provide the information in writing or by electronic means. If you request, we will provide information orally.

We will facilitate your exercising your rights as described in the rest of section 1 below.

Section 1.12 „Contacting Balaton d.o.o. regarding GDPR” below gives email and postal addresses for contacting us. Certain sections on individual activities in section 2 give dedicated addresses for specific enquiries.

1.2 Right of access to your own data

You have the right to obtain from Balaton d.o.o. confirmation as to whether personal data on you is being processed, and, if so, to access the data and the following information:

the purpose of the processing
the categories of personal data concerned
the recipients to whom we have disclosed or will disclose the personal data, in particular recipients in countries outside the EU
the period for which the personal data will be stored
the existence of your right to request us to rectify or erase personal data or to restrict processing of personal data or to object to such processing
your right to lodge a complaint with a Supervisory Authority
where the personal data are not collected directly from you, information as to their source
whether there is any automated decision-making from the data, and, if so, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you
where we transfer your personal data to a country outside the EU, the appropriate safeguards we have in place to protect your rights

1.3 Right to rectify inaccurate data

If we hold inaccurate or incomplete personal data on you, we will rectify this without undue delay on receiving your request.

1.4 Right to erasure („Right to be forgotten”)

You have the right to request us to erase your personal data and for us to act on the request without undue delay, where one of the following grounds applies:

Your data are no longer necessary in relation to the purposes for which they were originally processed
You withdraw consent and we have no other legal basis for processing your data
Our basis of lawfulness for processing is our legitimate interests, and you claim that we have no legitimate grounds for the processing which override your interest, rights, and freedoms
The processing is for direct marketing, and you object to this
We have been unlawfully processing your data
We have to erase your data for compliance with a legal obligation in EU or Member State law to which we are subject
Our basis of lawfulness for processing the data is consent given by a guardian for a child, and either (I) you are the guardian and the child is still under the age of consent, or (II) you are the child now older than the age of consent.

Please note that we cannot erase your personal data to the extent that processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing;
for reasons of public interest in the area of public health;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the request is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
for the establishment, exercise or defence of legal claims.

Your data will continue to exist temporarily on backup files after this deletion, but we use IT security techniques to ensure that these are accessible only for the purpose of restoring the database in the event of a loss of data and that they cannot be copied to reveal data. We regularly destroy backup files on a rotating basis.

1.5 Right to withdraw consent

Where you have given us consent for any processing, you have the right to withdraw consent at any time.

You can do this by sending a request to the email address given in the relevant subsection of section 2 „Data processing” below, which lists the different activities for which we manage personal data. Alternatively, you can write to us at the address in section 1.12 below.

Note that your withdrawal of consent will not affect processing which we have already done.

1.6 Right to request restriction of processing

You can request that Balaton d.o.o. restricts the processing of your personal data where one of the following applies:

You contest the accuracy of the personal data
We no longer have a basis of lawfulness for processing, but you oppose us erasing the data and you request that we restrict their use instead
We no longer need the data for the original purpose, but you require them for the establishment, exercise, or defence of legal claims
You object to our processing on the grounds that we state our legal basis as „our legitimate interests” but you claim that your „interests, rights, and freedoms” override these.

Where processing is restricted under your objection, except for continuing to store the data we shall process them only with your consent or:

for the establishment, exercise or defence of legal claims
for the protection of the rights of another person, or
for reasons of important public interest of the EU or of a Member State.

Where we restrict processing we shall inform you before we lift the restriction.

Operational practicalities may prevent us restricting processing precisely as envisaged by GDPR, but in such a case we will work with you to try to find a satisfactory resolution.

1.7 Right to object to processing

You have the right to object to our processing your personal data where:

Our basis of lawfulness for processing is „our legitimate interests” but you claim that your „interests, rights, and freedoms” override these
We process your data for direct marketing purposes, including „profiling” to the extent that it is related to such direct marketing. (Profiling is automated decision making which analyses or predicts aspects such as your economic situation, personal preferences, behaviour or location.) Where you make such an objection we shall no longer process your data for such purposes.

1.8 Right not to be subject to automated decisions

You have the right not to be subject to a decision based solely on automated processing, if this produces legal effects on you or similarly significantly affects you.

However this does not apply:

if the decision is necessary for us to perform a contract with you or if we have your explicit consent, or
if the automated process is authorised by an EU or Member State law which also defines measures we have to follow which safeguard your rights, freedoms, and legitimate interests.

In case (a), we have to implement suitable measures to safeguard your rights, freedoms, and legitimate interests. This includes at least your right to make us ensure human intervention and your right to express your point of view and to contest the decision.

1.9 Data portability

GDPR gives a data subject the right in certain circumstances to receive the personal data concerning him or her „in a structured, commonly used and machine-readable format”. The right includes having the personal data transmitted directly from one controller to another, where technically feasible.

Where you apply under section 1.2 above for access to your own personal data, we will normally supply this in a commonly-used electronic format, unless you specifically ask us to send you a written copy.

1.10 Right to complain to a „Supervisory Authority”

If you believe that we have treated you unfairly or unlawfully under GDPR, you can complain to a Supervisory Authority for data protection. If you are normally resident in an EU country, you have the right to raise a complaint with the Supervisory Authority of that country. This link will give you the name and contact details.

1.11 Right to an effective judicial remedy against a controller or processor

If you believe that your rights under GDPR have been infringed as a result of the processing of your personal data in non-compliance with GDPR, you have the right to an effective judicial remedy.

Proceedings against a controller or a processor shall be brought before the courts of the EU Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the EU Member State where your habitual residence is.

In Croatia, regional courts shall have jurisdiction in handling the case. Data subjects can also choose to bring actions at regional courts of their domicile or residence. Even individuals with no locus standi can be parties to the proceedings. The Authority has the option to intervene for the data subject to succeed in the proceedings.

1.12 Contacting Balaton d.o.o. regarding GDPR

Certain sections on individual activities in section 2 give dedicated contact addresses for specific enquiries. Otherwise, to exercise one of the rights described above or to make a complaint directly to Balaton d.o.o. or to contact us with a general enquiry regarding GDPR or privacy, the email and postal addresses are:

Email: info@priscapac.com
Address: Balaton d.o.o.; Prišćapac b.b. HR-20271 Prižba-Blato, Otok Korčula, Hrvatska

2) Data processing

A separate document attached to this Policy contains the list of intra-EU data transfers and controllers; data transfers to third countries are further highlighted in this Policy.

2.1 Reservations

For reservations made online, in person at a hotel, or by phone, we ask for some or all of the following personal data fields:

Full name
Arrival date
Departure date
Number of adults and kids in room
Type of room
Full credit card details
Email address
Full postal address
Free text – including for example any preferences

Purpose of data processing:
The purpose of our collecting this data is to enable us to identify the guest making the reservation, so that we can keep the room for the right person at check-in, and to record a means of payment so that we avoid financial risk if the guest does not check in to the hotel.

We will use your email address for:

reconfirming your reservation,
in the unusual situation where we have to advise you of a change impacting your reservation,
some days after you leave to ask for comments on your stay, in order that we can improve our service for future visits for you and other guests.

Legal basis of data processing:
The basis of lawfulness of our processing this data is that we need them in order to fulfil a contract to reserve a room for you. We process your email address in addition to send you a post-stay email for „legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject”. Our legitimate interests here are maintaining a high quality of service, and we believe that sending you the post-stay email does not affect your fundamental rights.

If you do not give us the data requested we will either be unable to reserve a room for you or be unable to contact you if any problem occurs concerning your reservation.

Period of data processing:
We manage retention of personal data at the level of individual data fields, rather than at the level of the total data for a guest. For example, we may retain a record of your name and check-in date for longer than your email address. Data processed for the purposes of providing our services are retained for up to 8 years, depending on such data.

In some cases we have a statutory obligation to hold personal data for an extended period. The main categories are:

Where information is needed for an invoice or other tax records, we have a statutory obligation to retain this for 8 years after the end of the calendar year. Thus if we invoice you on check-out on 30 June 2018, we have to keep the data until 31 December 2026.
A hotel has a statutory obligation to make a report to its Municipality for all guests who check-in and a report to Police for all guests from outside the EU who check-in. We have a statutory obligation to keep the information included in these reports for 6 years from the date of check-in.

We delete all personal data after the longest of the relevant retention periods above.

If you wish to exercise any of your rights referred to in Section 1, regarding the data recorded in the course of the above activities, or if you wish to contact us for any other reasons, please inform us by sending an email to info@priscapac.com with indicative subject.

2.2 Hotel registration cards

Scope of data and legal basis of data processing:

Personal data to be provided on a compulsory basis (provision of these data by the Guest is a precondition for the use of hotel services):

Processing of the following data is required by law, e.g. first name, last name, mother’s name, billing data.
In order to provide the requested services on a contractual basis we also process the following data: contact details, loyalty programme registration number and mode of payment, credit card details, room number, and number of guests.
On the basis of the Company’s legitimate interest to improve its services, some days after you leave we process your name and email address in order to ask you for your opinion on our services and thus to improve them.

Non-compulsory statistical data:

For statistical purposes, the following data are processed separately from personal data:

how you got to our hotel (questionnaire),
your opinion on our services (questionnaire),
your car registration number (which is duly destroyed after your check-out).

By the time you check in, some data will be filled on the basis of your reservation in order to prove your safety and comfort (such as card registration number). You are kindly asked to always check the accuracy of your data.

Purpose of data processing:
Provision of hotel services, including communications and the improvement of services.

In some cases we have a statutory obligation to hold personal data for an extended period. The main categories are:

Where information is needed for an invoice or other tax records, we have a statutory obligation to retain this for 8 years after the end of the calendar year. Thus if we invoice you on check-out on 30 June 2018, we have to keep the data until 31 December 2026.
A hotel has a statutory obligation to make a report to its Municipality for all guests who check-in, and a report to Police for all guests from outside the EU who check-in. We have a statutory obligation to keep the information included in these reports for 6 years from the date of check-in.

2.3 Guest survey and evaluation scheme

As part of the quality assurance process within the Company, Guests can express their opinion on the services provided by Balaton d.o.o. through an email-based or paper-based guest survey, as well as through the evaluation scheme. When completing the survey, you can enter the following personal data:

Name
Date of visit
Room number
Contact details (address, email address, phone number, home address)

Data provision is not compulsory; these data merely help us investigating any possible complaints and ensure giving feedback.

Opinions obtained this way and eventual data linked to such opinions, that cannot be traced back to the Guest and cannot be combined with Guest’s name, can be used by the Company for statistical purposes only.

If you provide your opinion in an anonymous way, we will not process any personal data. If you require feedback, our colleague will contact you on one of the contact details provided (email, postal address, telephone), within 30 days at the latest.

Purpose of data processing:
Communication with the person expressing the opinion and handling of complaints.

Legal basis of data processing:
Your implied voluntary consent. Please note that if we do not receive your consent to the processing of your data or if you withdraw such consent, we will not be able to answer your question. The withdrawal of consent shall not affect the lawful processing before such withdrawal.

Period of data processing:
After answering the relevant request, question or complaint, the messages and the personal data obtained in this context shall be deleted after the year following the given year. Email address and user name provided for the evaluation scheme will be deleted upon your request.

2.4 Video surveillance system

Cameras are used on the premises of the hotel in order to guarantee the safety of Guests and their assets. Video surveillance is indicated by an icon and a written warning.

Video surveillance is used for the protection of property, that is assets of considerable value, and of the Guests’ personal belongings, taking into consideration that otherwise it would not be possible to detect offences, catch perpetrators in the act, prevent such unlawful acts and provide evidence.

For further information on data processing in connection with such video surveillance, contact Front Desk staff at the hotel. We will send you the Privacy Policy of such video surveillance systems at your request. Such requests shall be sent to the general email or postal address of our hotel.

2.5 Newsletter

When sending you newsletters, we process your name, email address and occasionally your language setting preferences.

Purpose of data processing:
The purpose of processing your data is to be able to notify you of our special offers and news.

Legal basis of data processing:
Your voluntary consent. Please note that if we do not receive your consent to the processing of your data we will not be able to send you newsletters.

Period of data processing:
We will only send you newsletters as long as you request them. If you no longer wish to receive newsletters you can unsubscribe at any time either by using the dedicated link at the end of each newsletter or by notifying us at newsletter@priscapac.com. The withdrawal of consent shall not affect the lawful processing based on consent before its withdrawal.

2.6 Credit card data

In case of room reservations, we request you to give the following credit card data:

Name on credit card
Type of credit card
Number of credit card
Expiry date of credit card / debit card

Purpose of data processing:
Providing reservations and charging the total amount of your reservation or only a part of it, depending on relevant cancellation terms.

Legal basis of data processing:
The performance of the contract entered into for the provision of room reservation as a service. Giving the data is mandatory; it is the requirement for the provision of the service.

Period of data processing:
Credit card data shall be encrypted and shall be revealed exclusively for transaction purposes and only to authorized persons. After the departure from the hotel, these data shall not be revealed; access to these data is prevented. The data shall be deleted after 8 years.

2.7 Social media (e.g. Facebook, Instagram)

Hotel can also be contacted individually via Facebook and Instagram social media portals. By clicking the „like” and „follow” buttons on the given page, Facebook users may subscribe to the newsfeed published on the wall; by clicking the „dislike” button they may unsubscribe; and by adjusting the newsfeed settings, news they don’t wish to follow may also be deleted from their Facebook wall. We are able to access our „followers'” profiles, however we never record or process them in our own internal system.

Purpose of data processing:
Sharing contents, other news and offers, maintaining contact. You may reserve rooms, participate in prize drawings and learn about the latest offers e.g. via our Facebook page.

Legal basis of data processing:
Your voluntary consent which can be withdrawn at any time by unsubscribing. The withdrawal of consent shall not affect the lawful processing based on consent before its withdrawal. In case of a withdrawal, you will not get notifications on your newsfeed, our news will not be posted in your newsfeed and yet you can still access our newsfeed since our page is public.

Period of data processing:
Data are processed until you unsubscribe.

Data shall not be transferred and data controller shall not be engaged.

Facebook and Instagram are separate data controllers, independent from us. Please visit the following links for more information regarding their data protection directives and regulations:

In the course of using Facebook applications and prize drawings, data processing shall be carried out in compliance with Section 2.8.

When making a room reservation, the system automatically redirects the Guest to our website. Data processing shall be carried out in compliance with Section 2.1.

We also publish photos/videos about various events in hotel, restaurant, on beach etc. on our Facebook page. Unless it is a photo of a group of people, we shall always request the prior written consent of the data subjects before publication.

2.8 Prize drawings

On its own or in cooperation with other contracted partners, Balaton d.o.o. occasionally organizes prize drawings. Participants may sign up for a prize drawing through a paper-based or online registration (at hotel’s website or Facebook page), usually by providing the following principal data:

Name
Address
Phone number
Email address

It is possible that there is no need to give the above data (e.g. in case of Facebook prize drawings) or you are requested to give other data, therefore the scope of data may vary.

Purpose of data processing:
Organizing prize drawings, maintaining contact in order to enable us to forward relevant prize to the winner.

Legal basis of data processing:
Your voluntary consent. You can withdraw your consent by writing an email to info@priscapac.com or sending a letter to our address any time with indicative subject. The withdrawal of consent shall not affect the processing based on consent before its withdrawal. The consent is required for the participation in the prize drawing.

Period of data processing:
Data processing shall be carried out until the end of the prize drawing; within 30 days of the drawing, the data processed in this context shall be deleted (except for the data of the winner(s) and substitute winner(s)). Data of the winner(s) and substitute winner(s) shall be retained by us for 8 years, in accordance with the provisions of the prevailing tax and accounting laws, and shall be deleted after that period.

Information about any data transfer and data processors as well as details of data processing that are different than the ones indicated in this information guide shall always be provided in the course of the given prize drawing.

2.9 Contact

You can contact us at any of our contact details (email, Facebook messaging, phone, by post or through the forms developed for this purpose, e.g. inquiry). In such cases, we assume your consent to the processing of personal data shared with us.

Purpose of data processing:
Maintaining contact with the requesting person, answering and resolving the question/request.

Legal basis of data processing:
Since you contacted us, the legal basis of data processing is your (presumed) voluntary consent. You may withdraw your consent at any time, however, in this case we cannot answer your request. The withdrawal of consent shall not affect the lawful processing based on consent before its withdrawal.

Please note that the data fields of certain forms have been developed according to our experiences, thus you are only requested to give the data utmost necessary for answering the question/request. The mandatory fields are marked with a red asterisk.

Period of data processing:
After answering the relevant request, question or complaint, the messages and the personal data obtained in this context shall be deleted after the year following the given year. However, for tax and accounting purposes or if it is necessary to protect the applicant’s rights and interests, these data are archived and retained for as long as necessary, which period is individually defined in each case.

2.10 Complaint management protocol

During the consumer complaint handling, if you do not agree with the handling of your complaint or immediate investigation of the complaint is not possible, we are obliged to immediately issue a protocol about the complaint and its related position.

The protocol shall contain the following data:

The name and address of the customer
The place, time and mode of submitting the complaint
The detailed description of the complaint of the customer, the list of documents and other evidences provided by the customer
Our declaration of our position regarding the complaint of the consumer, if immediate investigation of the complaint is possible
The signature of the person issuing the protocol and of the customer – except for verbal complaints communicated by phone or email
The place and time of the issuance of the protocol
In case of a verbal complaint communicated by phone or email, the unique identification number of the complaint

Purpose of data processing:
Investigation of the complaint and maintaining contact with the complainant.

Legal basis of data processing:
Provisions of related Sections of 110/2015 Act on Amendments to the Consumer Protection Act (Zakon o izmjenama i dopunama Zakona o zaštiti potrošača) which makes the above processing mandatory.

Period of data processing:
5 years from issuing the protocol.

2.11 Automatically recorded data, cookies and „remarketing codes”

2.11.1 Automatically recorded data

When you open our website on a device (such as a laptop or desktop computer, a smart phone or a tablet), select data of that device will be automatically recorded. The data automatically recorded include the IP address of your device, the date and time of your visiting our website, the browser type and the domain name and address of your Internet provider. The recorded data will be automatically logged by the web server of the website, without requiring your consent or any dedicated activity on your part. The system uses the recorded data to automatically generate statistical data. These data cannot be associated with other personal data except where such an association is mandated by law. These data will exclusively be used in an aggregated and processed form, to correct errors and improve the quality of our services and for statistical purposes.

Purpose of data processing:
The technical development of the informatics system, to monitor the service, and to generate statistical data. In case of fraudulent activities these data can also be used – in cooperation with the user’s Internet provider and the law enforcement authorities – to determine the source of such fraudulent activities.

Legal basis of data processing:
The requirement of the provision of the service as per 42/2018 Implementation Act of the General Data Protection Act.

Period of data processing: 30 days from your opening our website.

2.11.2 Cookies and similar technologies

What are cookies?

Cookies are small, text-based files which are stored on the hard disk drive of computers or smart devices until their validity end date set within the cookie file, and are activated (sending a notification to the web server of the website) every time the website is opened in a browser on the device. Websites use cookies for the purpose of recording information regarding the use of the website (pages visited, time spent on the pages, browsing information, logouts etc.) and personal settings – but these data cannot be associated with the visitor’s identity. Cookies allow the websites’ operators to maintain user-friendly sites and enhance the user experience.

On platforms where cookies are not available or cannot be used, other technologies are applied to achieve goals similar to those of using cookies – examples include the ad-IDs used on Android-based mobile devices.

Cookies come in two types: „session cookies” and „persistent cookies”.

Session cookies are only stored on the computer or smart device temporarily while the visitor is using the website; these cookies allow the system to „remember” certain information, so the visitor will not have to provide them every time they open the website. The validity period of session cookies is limited to the duration of the use of the website; the purpose of the use of session cookies is to prevent the loss of data (for example when filling in a longer form). At the end of each use of the website – each session – as well as when the browser is closed, cookies of this type are automatically deleted.

Persistent cookies will remain stored on the computer or smart device after the website is closed. Cookies of this kind are used to allow the website to identify returning visitors. Persistent cookies identify returning visitors by associating the server-side ID with the user, therefore they are an essential part of the functionality of websites which require the users to be authenticated.

The persistent cookies do not contain personal data; they can only be used for the unique identification of users by associating them with the proper item in the database stored on the web server of the website. The inherent risk of using persistent cookies is that they can only identify the web browser as opposed to the user themselves, so if a user uses a public access point – such as a computer in an Internet café or a public library – to log in to a web store and fails to log out of the store at the end of their session, another person can have unauthenticated access to the web store, being falsely identified by the system as the original (and therefore authenticated) user.

How can I allow and disable cookies?

Most Internet browsers automatically allow cookies, but the users can delete or reject them. As every browser is different you can set your cookie preferences manually in the Settings section of your browser. If you do not want to allow any cookies of our website on your device you can modify your browser settings so you are notified of cookies sent to your device or you can simply reject all cookies. You can also delete the cookies stored on your computer or mobile device any time. For more information on modifying the browser settings please consult the Help function of your browser. Please note that if you choose to disable cookies you limit the functionality of the website.

What cookies do we use?

1. Cookies essential for the operation of the website:

These cookies are essential for the proper functionality of the website.

a) Fill-in guide
Purpose: To facilitate the filling-in of forms by automatically providing the user with the data deemed correct by the system.
Period: The duration of the visit to the website.

b) Search aid
Purpose: Aids search sessions to minimize search time.
Period: The duration of the visit to the website.

c) Spell check
Purpose: Automatic notification regarding suspected typing errors.
Period: The duration of the visit to the website.

d) Language setting identification
Purpose: The system uses the normal cookie to uniquely identify the visitor while they are using the website, being able to „remember” the visitor’s language settings.
Period: This cookie is stored for 29 days.

e) Social network cookie (Facebook, Instagram, Google+, YouTube)
Purpose: This cookie allows the sharing of content of the website on social media.
Period: This cookie is stored for the duration of sharing the content. Regarding Facebook please read Section 2.7.

f) Multimedia player (YouTube, Vimeo)
Purpose: This cookie allows the playing of videos on the website.
Period: This cookie is stored for the duration of playing the video.

2. Cookies to obtain statistical data

The sole function of these cookies is to obtain statistical data, which means they do not involve personal data. They monitor the visitor’s use of the website: which topics they prefer, what they click on, how they scroll on the website, what pages they visit. It is important to note that these cookies strictly obtain anonymous data. These cookies let us know, for example, how many visitors landed on our website per month. The obtained statistical data allow us to improve our website so they reflect the preferences of our users even more. Google Tag Manager (and Google Analytics) and Hotjar help us obtaining such statistical data.

3. Marketing cookies

The purpose of using marketing cookies is to create and send personalised ads.

Legal basis: Using these cookies always requires the recipient’s consent which the recipient may grant us in a pop-up window on the website. The user may withdraw their consent any time; however, the withdrawal of consent shall not affect the lawful processing based on consent before its withdrawal. Upon the withdrawal of consent the personalised ads created for the user will not be published on other sites.

a) Categorisation based on the location of the visit
Period: 269 days

b) Personalised offers on Facebook
Period: A maximum of 180 days

c) Monitoring clicks on Company ads
Period: 2 years

2.11.3 Web links

Our website may contain web links to sites which are not managed and operated by us however are linked to our site for the purpose of providing information to the users. We have no influence over, and therefore may not be held responsible for, the content and the safety situation of the websites managed by such third companies (motorway or ferry info sites). Please consult their privacy policies before providing any information on such websites you visit.

2.12 Job advertisements

You can apply for positions advertised by Balaton d.o.o. or might contact us for job requests on your own on a voluntary basis.

Purpose of data processing:
The purpose of data processing is to allow the provision of information to the job seekers regarding the advertised jobs, the selection of the qualifying applicants and to contact the selected applicants.

Legal basis of data processing:
Your consent, which is implicit for applications via email or in printed format. You have the right to withdraw your consent at any time via email or in letter form. The withdrawal of consent shall not affect the lawful processing based on consent before its withdrawal. Please note that while you provide the requested data on a voluntary basis, we cannot proceed with your application in lack of any requested document or data or if you withdraw your consent.

Period of data processing:

Having made the selection we process the CVs, personal data and documents of the applicants to specific job advertisements sent to us as part of their application as follows:

We ask via email or in a letter the applicants we did not select for the job whether they wish their application to be retained in our applicant database for a period of one year. Upon receiving a negative or no answer within 30 days of the inquiry, the application and data of the applicant is deleted from our system.
We transfer the data of the applicant selected for the job to our employee database and delete them from the applicant database.

The processing of general, non-specific applications:

We store the application we receive in a letter or email for a period of one year. After one year the CVs and data contained by such applications are deleted from our system.

If an applicant’s data are deleted from our system for any reason, the applicant must register again to be included in the database.

Transfer of data:
Upon data subject consent the data are transferred to the HR and accounting department of Balaton d.o.o. za turizam. For more information please refer to Section 3. Balaton d.o.o. processes the data obtained regarding their job advertisements as per this Policy.

2.13 Staff

All of the information in this Policy and all of the rights described in Section 1 also apply to the staff of Balaton d.o.o. za turizam and to our processing of their personal data.

We provide staff directly with full information of our Employee Privacy Policy and of our processing of their personal data.

2.14 Business contacts

In common with most companies, we deal with individuals at other organisations and store their name, business function and business contact details.

Purpose of data processing:
This is done by mutual agreement in order to enable our two companies to communicate with a view to working together.

Legal basis of data processing:
Our basis of lawfulness for doing this is „our legitimate interests in the performance of the contract or keeping contact between companies”. We will not use the data on these business contacts other than to facilitate business with the other company. For example, we will not market services to the individuals whose data we hold or transfer the data to any third parties.

Period of data processing:
At least annually we will review our records of business contacts and delete those which are no longer current.

The same policy applies to the processing of personal data of press contacts.

2.15 Wi-Fi

The system used in our hotel records the IP address of your device.

Purpose of data processing:
The purpose of data processing is ensuring that services are reached during Wi-Fi usage, while following your departure, handling of complaints and detection of fraud or abuse.

Legal basis of data processing:
The legal basis for data processing is the „performance of the contract”, considering the fact that reaching Wi-Fi is one of the services provided by our hotel. However, following your departure the legal basis is „the legitimate interest of the controller related to the handling of complaints and detection of fraud or abuse”. Providing your data is an indispensable condition for using the services.

Period of data processing:
The data are erased within 1 (one) year of the year under review.

3) Legal reference information (including contact details)

Under GDPR, Balaton d.o.o., as the controller of the personal data which it processes, must publish information about its legal name and how to contact it, together with other mandatory company details.

This section contains all the information required by GDPR, together with some useful additional legal information.

Hotel Prišćapac Resort & Apartments is 100% owned by Balaton d.o.o. za turizam.

Full legal name	Balaton d.o.o. za turizam
Abbreviated name	Balaton d.o.o.
Hotel’s marketing name	Hotel Prišćapac Resort & Apartments
Registered seat	Prišćapac b.b. HR-20271 Prižba-Blato, Otok Korčula, Hrvatska
Name of Registration Court	Registration Court of Dubrovnik
Registration number	090008295
EU Tax number	HR34272364825
Represented by	Mr László Romácz, GM
Legal associate for data protection	Available at info@priscapac.com
Business activity	Hotel operation and services

4) Terms and abbreviations used in this Policy

Most of the definitions refer to the EU’s General Data Protection Regulation (GDPR). This is a legal document and it is not possible to give a short definition in simple language which is fully exact. The aim here is to give a clear explanation which will facilitate the reader’s understanding; this may sometimes exclude detail of the full legal definition. Our policy is to comply with the full requirement of GDPR and your rights are not affected by any simplification in the explanations here.

Term	Explanation
Controller	The legal entity which determines the purposes and means of the processing of personal data.
Data subject	A living individual inside or outside the EU dealing with an organisation in the EU. Such an individual is a „data subject” and under GDPR has rights over the processing of his or her personal data.
EU	The European Union
GDPR	The General Data Protection Regulation of the EU, which came into force 25 May 2018.
Personal data	Any information relating to an individual who is or can be identified through a wide variety of methods, including but not limited to: the individual’s name, identification number, address, mother’s birth name, or one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
Processing	Any operation or set of operations which is performed on personal data, whether or not by automatic means, including but not limited to: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, combination, restriction, erasure, or destruction.
Processor	A legal entity which processes personal data on behalf of a controller.
Profiling	Automated processing which uses personal data in order to analyse or predict aspects of performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements of an individual.
Pseudonymisation	Encrypting or otherwise holding personal data in a way in which it cannot be linked to a specific data subject without additional information. The additional information has to be kept separately and protected by technical and organisational measures to prevent its unauthorised use.
Special categories of data	There are very strict restrictions on processing of personal data within „special categories”. These are: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership; the processing of genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or a person’s sex life or sexual orientation; or criminal convictions.
Supervisory Authority	An independent public body set up by an EU state to monitor the application of GDPR and, as necessary, to intervene to protect the rights of individuals under GDPR.
Third Country	Any country outside the EU.
Transfer	Sending of personal data from the controller or processor to a legal entity outside the EU.

Hotel Prišćapac

Üzemeltető: Balaton d.o.o.
Székhely: Prišćapac 46 – Prižba, Korčula Sziget, Horvátország
Telefon: +385/20 861 178
Fax: +385/20 861 150
E-mail: hotel@priscapac.com

Térképen: Google térkép

Cégjegyzékszám: 090008295
Cégbíróság, Dubrovnik
Törzstőke: HRK 22.494.400,

Ügyvezető

Laszlo Romacz, ügyvezető
Telefon: +385/20 861 178
E-mail: director@priscapac.com

Értékesítési iroda Budapest

Gombos Nóra, értékesítési vezető
Telefon: +385/20 861 178
Mobil: +36/30 289 2279
E-mail: sales@priscapac.com

Bank Adatok

Bankszámla tulajdonosa: Balaton d.o.o. za Turizam
Számlavezető bank: Privredna Banka
Bank címe: 10000 Zagreb, Račkoga 6.
IBAN: HR94 2340 0091 1101 4656 2
Swift: PBZGHR2X