Podstine Hotel Hvar and the managing company Veli Tadej d.o.o. respect the privacy of every individual who visits our Resort and/or uses any of our websites in accordance with the General Data Protection Regulation (GDPR) which entered into force on May 25, 2018.
is provided to us when you stay or travel with us (or make enquiries to stay or travel with us) either by you or by a third party through whom you have made an enquiry or booking; and
- we collect from you when you visit our websites or which we obtain from any communications with you.
Click on one of the links below to jump to the listed section:
1. Personal data we collect
1.1 Personal data you provide on a voluntary basis
We will collect, store and process information about you if you voluntarily provide us with such information in connection with the following:
- filling in a form on any of our websites;
- filling in a physical registration card;
- opting in to receive marketing information with us;
- creating an on-line account with us and managing your preferences;
- contacting us by telephone or face to face (e.g. in the context of making a reservation);
- sending us a letter, e-mail or social media message;
- subscribing to receive a service from us (e.g. a newsletter, blog or by following us on social media);
- requesting promotional information from us (e.g. information about any of our goods or services including Podstine gift cards);
- participating in a survey, competition or prize draw; or
- contributing content to us (e.g. for display on a Podstine blog).
The types of information we may obtain include:
- passport and visa data, payment data, travel history and details of joint travellers;
- dates of your stay or travel with us and associated charges;
- purchase or delivery of products or services;
- reviews and opinions about our brands, products and services;
- information we receive about you from any third parties through whom you have booked your arrangements; and
‘Special category’ personal data
We do not collect data which is, by its nature, particularly sensitive (e.g. genetic data, biometric data, data revealing racial or ethnic origin, political opinions, sex life, sexual orientation, religion or other beliefs, data concerning health, criminal background or trade union membership) unless it is volunteered by you.
We may use certain sensitive (or “special category”) personal data where you have given your explicit consent to us doing so, to better serve and meet your needs. Such sensitive data is only shared with other members of the Podstine Hotel or our third party service providers acting as data processors (e.g. excursion providers, restaurants, transport providers) for the purpose of providing the services you request and will not be shared or used by us for any other purposes.
Examples of sensitive personal data we may collect and process include:
- food allergies;
- dietary requirements which may imply or suggest your religion, health or other sensitive personal data;
- mobility requirements;
- disabilities; and
- medical conditions.
1.2 Personal data we collect automatically
When you visit a Podstine website, we may also collect certain data through the use of “cookies” and other automated means. Cookies are small pieces of data that are stored by your browser on your computer’s hard drive. Such data may comprise the following data:
- date and time;
- originating IP address;
- domain name;
- type of browser and operating system used (if provided by the browser);
- URL of the referring page (if provided by the browser);
- object requested;
- completion status of the request;
- geographic location; or
- language preferences.
2. Use of personal data
As a provider of luxury hospitality experiences worldwide, Podstine has a legitimate business interest in operating and improving its business and the services it offers. Podstine therefore uses and processes your personal data to:
- help us create content that is relevant to our visitors;
- make improvements to our websites and social media pages and ensure that content on these is presented in the most effective manner for you;
- provide you with information, products or services that you request from us or which we feel may interest you;
- facilitate bookings, payment and other administrative processes related to your stay or travel;
- assess and help us understand general trends and patterns relating to our business;
- provide for the safety and security of our guests and visitors;
- manage general record keeping;
- enable us to compile anonymous, aggregated statistics that allow us to understand how users use our websites and to help us improve the structure of our websites;
- enable you to make reservations, buy Podstine gift cards and payments;
- meet any legal and/or regulatory requirements;
- provide the products or services you request from us including providing personalised services; and
- improve our products and services and to ensure our products and services are of interest to you.
Even where Podstine has a legitimate interest in processing your personal data, it will not do so to the extent that processing would override your interests, rights and freedoms to protect your personal data.
We may also use your personal data to protect against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal requirements, industry standards, and our policies and terms. We use personal data for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by applicable law.
In the situations set out below, we will only process your personal data when you have given us your specific consent and you have the right to withdraw your consent at any time (see Your rights below):
- marketing and profiling purposes which are managed solely by Veli Tadej d.o.o. Hotel Podstine as data controller for the Podstine hotel. Your decision to provide your data for such purposes is optional and will have no consequence on your ability to stay with us or benefit from the requested services;
- all purposes concerning your booking, your stay and to provide you with the services you have requested, which are managed by Hotel Podstine. Your decision to provide personal data (including special category/sensitive personal data) to us is voluntary, however, if you do not provide such personal data you may no longer be able to benefit from our services.
We may process your personal data by both automated and manual means. We may use your personal data in other ways for which we provide specific notice at the time of collection.
3. Sharing personal data
We may share your personal data with third parties as described below:
- third party service providers who have been appointed as data processors to perform functions and services on our behalf and who will be provided only with personal data necessary to perform the services on our behalf but are not authorised by us to use such data for any other purposes (e.g. providers of services in respect of web hosting, payment processing, information technology systems, customer relationship management, booking and reservations management, marketing, auditing, administration);
- third party providers of components of any package holiday, excursion, transfer, concierge arranged activity/experience or other service we arrange for you;
- to our advisors and insurers in the event of a claim, dispute or where otherwise necessary;
- if we are required to do so by law or pursuant to legal process or to comply with any applicable rules or regulations, or in response to a request from a law enforcement authority or other government official; and
4. Your rights
We will only send you marketing communications if you “opted in” to receiving such communications. You have the right to “opt out” of receiving marketing communications, whether by email or otherwise, at any time. You can do this by (i) clicking the unsubscribe link displayed in any of the marketing e-mails you receive, (ii) emailing email@example.com to indicate you no longer wish to receive marketing communications, or (iii) writing to us at the address set out in our contact details.
If you are a “data subject” under applicable EU data protection law, you will have the following rights in relation to personal data that we hold about you:
- Right to Access – to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data;
- Right to Rectification – to request that we rectify or update any personal data that is inaccurate, incomplete or outdated;
- Right to Erasure – to request that we erase your personal data in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;
- Right to Restriction of Processing – to request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;
- Right to Withdraw Consent – where you have given us consent to process your personal data, to withdraw your consent; and
- Right to Data Portability – to request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstances.
To exercise your rights as set out above or to make a complaint or submit an inquiry about our privacy practices, please contact us at firstname.lastname@example.org.
To help protect your privacy and maintain security, we may take steps to verify your identity before we can action your request.
5. Links to other websites
Our websites may provide links to other websites for your convenience and information. These websites operate independently from us. Linked websites may have their own privacy policies, which we strongly suggest you review. To the extent that any linked websites you visit are not owned or controlled by us, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.