users of the services of Hotel Medena d.d. (hereinafter: “Company”) and all the others whose personal data the Company processes on any grounds, as of 25 May 2018, the General Data Protection Regulation (EU 2016/679, hereinafter: “Regulation”), is obligatorily and directly implemented in all European Union Member States, and therefore, in the Republic of Croatia as well.
Pursuant to the Regulation, the Company is responsible for the protection of the personal data of natural persons whose personal data it processes and, in accordance with the Regulation, it implements the relevant technical, human-resources and organisational measures for enabling the efficient application of the data protection principle, in order to ensure a safety level which complies with the requirements of personal data protection regulations and which is proportionate to the risks related to personal data processing, all in order to ensure the level of protection necessary for preventing the accidental or illegal destruction, loss, modification, unauthorized disclosure of personal data or unauthorised access to transmitted, stored or otherwise processed personal data.
Rights of the data subject
The Company enables the exercise of the rights of the data subject whose data it processes (Articles 12-23 of the Regulation):
– right of access to data;
– right to rectification;
– right to erasure;
– right to restriction of processing;
– right to data portability;
– right to object.
If the data subject wishes to exercise any of the indicated rights, he or she can do that by filling out the request form for the exercise of the rights of the data subject (downloadable here).
Your approval – consent
Procedure in case of personal data breach
If the data subject believes that the Company, while processing his or her personal data, has violated the provisions of the Data Protection Regulation, he or she can directly contact the Company’s personal data protection officer for the purpose of identifying potential problems.
In case of a personal data breach, the data subject has the right to file a complaint with the Data Protection Agency at the following email address: email@example.com, address: Martićeva 14, 10000 Zagreb.
If a breach of personal data is established and if it is likely that the breach will endanger the rights and freedoms of the data subject, the Company will notify, without delay, the Croatian Personal Data Protection Agency, as the supervising authority, of the personal data breach, not later than 72 hours from the establishment of the breach. If the breach is likely to gravely endanger the rights and freedoms of the data subject, the Company will, by suitable and effective means, notify the data subjects about the personal data breach.
Use of social networks and our websites
Our Personal Data Protection Policy is regularly updated on our website and available to all of its visitors. By using our website or publishing your own contents on it, you confirm that you agree with our Personal Data Protection Policy and that you consent to the processing of your personal data in accordance with the processing purpose and with the published Personal Data Protection Policy.
Hotel Medena d.d. also manages and edits profiles on the Facebook and Twitter social networks. The followers of our social network profiles can post contents, photos or comments related to our facilities and services or their stay with us. Hotel Medena d.d. does not encourage or discourage such posts, as they are based only on the interest and consent of our profile followers. Hotel Medena d.d. is not liable for any direct or indirect, accidental, material or non-material damage or costs incurred through the use of the Hotel Medena d.d. website and social network profiles or by posting content by the visitors of our site or our profile followers.
The content which we may publish concerns only the publicly available images and comments posted on Facebook and Twitter for which you have given us consent. By consenting to the publication of such posts, you also consent to the right to use your content, which will be presented to you at the time of requesting your consent.
The Company has appointed a personal data protection officer.
The personal data protection officer ensures the legality of personal data processing and the exercise of the right to personal data protection, cooperates with the Croatian Personal Data Protection Agency regarding the conduct of supervision of personal data processing and enables the exercise of the rights of the data subject according to the provisions of the Regulation.
The official contact details of the personal data protection officer are as follows: firstname.lastname@example.org