Privacy Statement (last modification August 6, 2021)
We in Noemia d.o.o., the company based in Zagreb, Radnička cesta 45, OIB: 78896407361 (hereinafter “Neomia“ or “we“) highly respect your privacy and we recognize that privacy protection as well as protection of your personal data is an important issue.
We take this opportunity to inform you how we process your personal data we collect directly from you or third parties.
By using any of our products or services and/or by agreeing to this Statement, e.g. in the context of registering for any products or services, you understand and acknowledge that we will collect and use your personal data as specified in this Statement. This Statement is subject to change, and the date of the last change is specified in the title of the Statement.
1. Your rights
If you have any questions regarding this Statement or you want to submit the request for exercising your right to protect your personal data, you can contact our data protection officer via e-mail firstname.lastname@example.org or by post to the following address: Noemia d.o.o., Radnička cesta 45, 10000 Zagreb.
Your rights are stated below:
Exercising the above mentioned rights depends on the reason why we process personal data and on what grounds. For example, we cannot erase personal data even if you request so, if required by law to keep them for a certain period.
Upon your request we shall act without delay and inform you about the activities we have undertaken.
You can also contact us if you have any further questions related to your personal data processing.
2. Measures to protect your personal data
We are aware how important the protection of your personal data is so we want to justify in all respects the trust you placed in us by choosing our services.
In order to prevent unauthorised access, disclosure, exchange, erasure or any other abuse of your personal data we provide certain technical, organizational and staff -related protection measures. The aim of these measures is to ensure that only those persons who need the information to perform their job tasks have access to those information in electronic or physical form, and to the extent necessary for that purpose. We recognize he importance an individual person has in personal data protection, we provide internal and external trainings to make sure that our employees and other persons we hire are well informed about the legal obligations and internal procedures related to personal data protection. Specific protection measures are detailed in by-laws and procedures we have set out for that purpose. Depending on technological advances, a regular review of technical protection measures will be carried out so as to adapt to market standards.
Our partners and service providers who we share personal data with are required to assume contractual obligations and to provide the same level of personal data protection that you expect from us. Before choosing a partner who will perform data processing for us (data processor) we take reasonable measures to ensure they do so in compliance with legal obligations related to personal data protection.
For online transactions, we use reasonable technological measures to protect the personal information that you transmit to us via our site (e.g. when you write a credit card number SSL encryption is used to provide secure transaction). Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure to prevent interception or other illegal use of personal data.
In order to protect your own privacy, do not send the number of credit cards by e-mail or excessive amount of personal data.
We shall not contact you by mobile phone, text message or email in order to request confidential personal data or credit card details. If you receive such a request, do not reply to it. We shall request credit card details by telephone only when you book your accommodation or promotional package. We kindly ask you to inform our data protection officer about such messages.
3. Users of hotel services 3.1. Why do we collect and process your personal data?
We collect and process your personal data when it is required by law, to provide services you requested, but also when you give consent for processing your personal data for specific purposes which are specified below:
When you participate in or visit the event taking place on our premises, we collect data allowing us to to provide instructions or information about the events:
3.2. What kind of personal data do we collect?
We collect only data necessary for the purposes described in this Statement. Depending on the circumstances following data may be included: your contact information, information related to your reservation, stay or visit to the hotel, your preferences, your name, date of birth, gender, identity card number, credit card number, country of birth, citizenship, visa number if you are subject to visa regime, place of entry in the Republic of Croatia, date of arrival to the hotel and date of departure, personal expenses, information about the airline and the vehicle you use to come to our hotel, opinions about our services (if you decide to provide your personal data in the questionnaires), information about promotional program you are part of or our partners ‘prize winning competition, information about the events you organize on our premises and the names of the participants of such events, but also other information you decide to provide or that we obtain for the purposes described above. Besides the information about yourself, we may also require the information about the persons who travel with you.
We will not collect information about your health, religious and philosophical beliefs and other sensitive information unless it is volunteered by you. The purpose of data collection is to provide better service or to meet your special needs and requirements (e.g. provision of disability access, not serving the food you are allergic to etc.).
Collection of above mentioned data may be required by law, or when it is necessary to close an agreement and provide services agreed upon. The data may also be collected based on your consent. When collecting is based on your consent we shall clearly indicate that.
3.3. What sources do we use when collecting your personal data?
We may collect your personal data directly from you (via email, telephone, mobile phone, web form, face-to-face communication with you), but also from other persons, e.g. persons that travel with you, tourist agencies, online platforms you make reservations of our hotel services on, event planners in our hotels, credit card providers and other contractual partners. Those partners should act in accordance with applicable laws and regulations related to private data protection.
When you provide personal data of other persons, you make sure that the person whose personal data you have provided is informed about it and accepts the way we use their personal data.
When we do not collect your personal data directly from you but from other persons stated above, we are responsible only for the actions we take related to personal data upon their receipt. We are not responsible and may not be responsible for the actions related to your personal data taken by the persons we receive you data from. Therefore, we kindly ask you to read privacy protection policies related to other persons you give your personal data to.
3.4. Who do we give your personal data to?
We give your personal data only to those recipients who need them for the above stated purposes, and only to the extent necessary. We make sure that our partners maintain confidentiality of personal data as required by the contract.
For example, when you stay in our hotels it is our legal obligation to register your stay with relevant state authorities.
In order to provide certain services, we cooperate with external partners who offer such services, e.g. transport organization, excursion organization, wellness and SPA, car hire, yacht hire and hire of other equipment, event organization on our premises etc. (if appropriate, we can share the data with the guests who participate in such an event). When you want us to provide such a service, we may disclose your personal data to our partners we cooperate with to the extent necessary for them to provide a service for you (e.g. getting in touch with you, assessing the compliance with travel regulations or being charged special rates). At your request, we can contact external service providers so that you can create your intineraries by choosing a destination, activities and restaurants from the list we customized for you based on your preferences and the data received from third parties.
When you organize the event that takes place on our premises and you require services related to such an event, at your request we can share information about your event with third parties who can send you offers for the services you require (which are usually restricted and include only your name and contact information) or we can give you contact information of our partner so you can contact them directly.
In our business operations we use various software solutions and we hire specialized companies for their maintenance, such as software solutions for booking and hotel business management, web page maintenance and provision of secure exchange of credit card numbers and payments. As our partners may have access to your personal data when providing those services, they assume contractual obligations to conform to the highest standars of personal data protection. Personal data are usually stored on the servers in the European Union. The data you exchange via our website (except for the booking via our website) are stored on the server in the USA, and the adequate protection is guaranteed by signing standard contractual clauses between the company that maintains our webpage and their partner in the USA.
Besides above mentioned cases, your data may be disclosed when required by law, to fulfill the requirements of state authorities we are legally obliged to fulfill in order to protect our rights or the rights of our visitors, employees and public, and to react in emergency.
3.5. How long do we retain your personal data?
We retain your personal data no longer than is necessary for the purposes for which the personal data are processed.
Data about credit card shall be deleted 10 days after your check-out i.e. 10 days after your arranged date of departure in case you do not come. Certain data shall be deleted after one-year period, while some data shall be deleted five years after your stay is completed. Bills (that include the extent of data required by law) shall be retained for eleven years, the minimum period we are obliged to retain them.
Exceptionally, your personal data are retained longer than the periods stated above when necessary to fulfil mutual legal requirements.
When the retention time expires the personal information printed on paper will be destroyed in a secure manner, such as by cross-shredding or incinerating and, if saved in electronic form, will be permanently destroyed to ensure the information may not be restored at a later time.
4. Newsletter, marketing and social networks Newsletter
Via our web page you can sign up for our newsletter, which will keep you informed about the news and special offers. In order to register, you are required to provide your name and email address. Upon entering these data in the web-form, verification link will be sent to the email address you indicated, which needs to be confirmed in order to complete the registration process. Your consent is the basis for collecting these data.
The above data will be retained as long as you agree to receive our newsletter. You can terminate your subscription at any moment by clicking the „unsubscribe“ link, in which case we will consider your consent to receive the newsletter withdrawn and will erase your personal data that were collected for that purpose.
Marketing and social networks
If you decide to participate in events or offers through social media we sponsor, we will be able to collect certain data from your account in the social media which are compatible with your settings within the social media service. We can enable you to participate in photography contests, for example photographs of your stay in our hotel, which you can share with your contacts on social networks for voting, sharing offers or other promotions.
If you participate in some of the prize winning games or competitions your information can be exchanged with our sponsor or a third party sponsor.
With your consent, we can also use user-generated content (such as photography) from social media for the purpose of advertising on websites or on our website and applications.
When you visit and communicate with our websites, we collect other information that cannot be used to identify you in relation with your use of websites, such as the number of visits to our websites, parts of our web page you browse and the length of time you spent on them (“Other data”). Such data are collected and analysed in order to improve our services and make sure that you find our website, our products and services interesting.
On our web page we use the following types of cookies:
In order to gain better understanding of our users, we can also use information that we collected and combined or information received from third parties (for example, using Google Analytics in order to establish the percentage of our visitors who belong to a specific age group or are located in a specific area).
We use Google Analytics, which creates numerous first-party cookies. They enable us to make sure that later visits to our web page are assigned to the same (unique) visitor, and they tell us how you have found us. Google Analytics is a tool that helps website owners measure the users’ behaviour when interacting with the web content. Google Analytics does not collect any personal information about the users of our web pages. If you do not want Google Analytics to process data that refer to you, you may download the plug-in available at https://tools.google.com/dlpage/gaoptout.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
6. Links to websites and third party services
Our website may contain links to websites of third parties. Bear in mind that we cannot be held accountable for the data collected, used, maintained, exchanged or published by the third parties. If you offer information on websites of third parties, i.e. use them, the privacy rules and the terms and conditions of use for these websites will apply. We recommend that you read the privacy rules for the websites you visit prior to sharing your personal data.
Noemia can also collaborate with a limited number of Internet service providers in order to allow Internet access to our guests. Your use of Internet services on our premises is subject to terms and conditions of use and privacy rules set by the Internet service provider of the third party. These terms and conditions and rules can be accessed using links on the service registration page or by visiting the website of the Internet service provider.
7. Video surveillance
We use video surveillance on our premises for the following purposes:
We base the application of video surveillance on our legitimate interest in protecting people and property, while in case of money exchange it is our legal obligation to provide video surveillance of the exchange office.
We have introduced strict rules the purpose of which is to make sure that the recordings are automatically erased after 7 days by recording new content over the old one, that video surveillance can be accessed only by those who need it to do their jobs and that the recordings are to be viewed only in case when we find out there is a good reason for it, i.e. fulfilling one of the above stated purposes (and that only with the consent of the authorised person), these being the only recordings to be kept longer, until there is a need for it.
Recordings obtained through video surveillance are not to be delivered to third parties, except in case there is a request or order of the competent state authority (e.g. the police, state attorney, courts, labour inspectorate). They may be used as evidence in court, administrative, arbitral or other equivalent proceedings, in accordance with current procedural rules applicable in such proceedings. The recordings are not to be transferred abroad.
The video surveillance we use does not belong to intelligent video surveillance systems, it is not connected with other systems nor shall we use video surveillance for profiling or automated decision making.
8. Business partners
For the purpose of contacting our business partners and suppliers, and related to concluding and executing contracts (i.e. arrangements for delivery of goods and service execution), we gather contact information of our business partners who are natural persons and their employees (e.g. name, number of company phone/mobile, email address). These data are retained until the termination of business relationship and we do not deliver them to third parties nor we export them to third countries. The data collected are not of personal nature but are related to the completion of work tasks.
9. Job applicants, high school students, college students, scholarship recipients Job applicants
You can send us your open job application to our email address email@example.com or by mail to our address. Providing data is voluntary. Personal data received in this way are processed only for recruitment purposes and are not exported to other countries nor to individuals outside Noemia. The received CVs will be retained no longer than one year and will be erased earlier upon your request.
In case you have applied for an advertised job and have not been selected, your data will be erased upon the completion of the selection procedure, unless you specifically agree that we retain them longer for possible future employment.
High school students and college students
In accordance with law, we can hire high school students and full-time college students. In these cases it is our obligation to collect the personal data of high school students and college students that are required by law as well as those required for the execution of the contract. The personal data may be shared with high school and the Student Job Centre through which the students are employed. Personal data of high school students and college students are not exported to other countries. We have legal obligation to retain their data for 6 years after they stop working and then we erase them. Personal data of high school students and college students who have not been hired are erased upon the completion of the selection procedure.
The above is also applied to personal data of high school students who do their apprenticeship in accordance with the curriculum for the organisation and provision of apprenticeship training.
Personal data may be collected for the payment of scholarship to high school students and college students who are being educated for our business interest. The students interested in concluding a scholarship contract may apply for an advertised scholarship by delivering the required data, after which a contract is concluded with the selected candidates. The personal data of the selected candidates are retained no longer than 5 years from the conclusion of the scholarship contract, while the data of the candidates that have not been selected are erased upon the completion of the selection procedure. Your personal data are delivered to the Ministry of Tourism, which subsidises the scholarship. No personal data are exported to other countries.