1. WE TAKE PRIVACY SERIOUSLY
The protection of your privacy when processing personal data is important to us. In the following, we therefore inform you about the details of the processing of your personal data and your related rights.
By default, when you visit our website, our web servers store the IP address of your internet service provider, the website from which you visit us, the websites you visit, the date and duration of the visit. This information is mandatory for the technical transfer of websites and secure server operation. A personalized evaluation of this data does not take place.
2. DATA CONTROLLER AND DATA PROTECTION OFFICER
For all processing activities of your personal data in connection with the use of this website, we are "data controller" within the meaning of Art. 4 No. 7 GDPR.
You can contact us as follows:
Zrnovo 712, Zrnovska Banja
Tel: +385 (0) 20 721 555
Legal representative: Mrs Dennis BANDACK
You can contact our Data Protection Officer as follows:
Andromeda Group D.o.o.
20275 Žrnovo (Žrnovska Banja)
Korcula Island - CROATIA
Tel: +385 20 721 555
3. TYPE AND SCOPE OF DATA PROCESSING
3.1 SERVER LOG FILES
You can browse our website without having to provide any personal data. We only store the following types of access data in so-called server log files, such as:
· - your IP address
· - the type and version of your Internet browser
· - the parts of our website you are browsing
· - the referrer website (the website from which you are browsing us)
· -the time, date, location, language, screen resolution, flash version, java, and duration of your browsing
The IP address can be regarded as personal data, since, under certain conditions and with additional information provided by the respective Internet service provider, it allows to obtain the identity of the subscriber of the Internet connection.
The data within the server log files is used by us exclusively to ensure the smooth operation of the website for which we have a legitimate interest in the sense of Art. 6 para. 1 lit. f) GDPR. Your IP address will be deleted within 26 months.
3.2 INQUIRIES BY YOU
We offer you the opportunity to contact us by email. In this case, we process the personal data you voluntarily provide to us when contacting us which includes at least your email address. We will only process these data for the correspondence with you and for the purpose for which you have given us the data in the course of this communication, such as to contact you at your request. In this case, processing takes place on the basis of your consent in the sense of Art. 6 para. 1 lit. a) GDPR. Insofar as processing is necessary for the performance of a contract to which you are party or in order to take, at your request, steps prior to entering into a contract, processing is based on Art. 6 para. 1 lit. b) GDPR. After completing your request, your data will be erased in compliance with statutory retention periods, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.
4. FOR WHAT PURPOSES DO WE USE PERSONAL DATA AND ON WHICH LEGAL BASIS DO WE PROCESS?
4.1 MANDATORY DATA
If you want to make a booking through our site or if you want to apply with us, you have to provide certain data within the scope of the contract to be concluded. In any other context, the provision of personal data is neither required by law nor by contract, nor are you required to provide personal information. However, the provision of personal data for the use of our services may also be partially required within the services we provide. In other words, if you do not provide us with the information, we specify to be necessary, we may not be able to provide you with the full scope of services. When you visit our website, we store certain information for administrative and technical reasons.
On our website, you can subscribe to our email newsletter. In this case, we process the following data from:
· - your email address
· - the time and date of granting your consent
· - your IP address
The e-mail address is required to send you our newsletter, the legal basis for the processing therefore stems from your consent, Art. 6 para. 1 lit. a) GDPR. Regarding the other types of data, we have a legitimate interest to document your granting of consent to receive the newsletter in order to be able to prove this in case of doubt, Art. 6 para 1 lit. f) GDPR. In order to obtain your consent, we use the so-called double opt-in procedure, which means that we will only send you a newsletter by email if you have previously explicitly confirmed to us that we should activate your account. After entering your email address into the input mask, we will send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a link in this email.
Alternatively, we may send you our newsletter, if
· - we have obtained your email address in connection with the sale of goods or services,
· - use your address for direct advertising of our own similar goods or services,
· - you have not objected to this use, and
· - you have been clearly and unequivocally advised when the address is collected and each time it is used that you can object to such use at any time without costs arising by virtue thereof, other than transmission costs pursuant to the basic rates.
We will send you newsletters for an indefinite period of time until you unsubscribe, or we decide to stop sending newsletters to you. If you no longer wish to receive newsletters from us, you can object to them at any time without costs arising by virtue thereof, other than transmission costs pursuant to the basic rates.
4.3 HOTEL BOOKINGS AND CANCELLATIONS
You can book a hotel stay via our website. In this case, we process the following data:
· - title
· - first and last name
· - email address
· - phone number
· - address
· - city
· - country/region
· - credit card information
· - confirmation number
These data are transferred via our reservation system to the hotel for the arrangement of the contractual relationship.
In case you cancel your booking, we will process above data.
Should you wish so, with each booking on our website, the indicated email address and the associated booking information will be automatically registered with an account that stores the booking, such as the given email address, full name, and address provided during the booking. In order to access the account, it must be activated by following the instructions of the welcome email. In any case, the legal basis is Art. 6 para 1 lit. b) GDPR.
Your bookings will be recorded for the purpose of making the specific information accessible to you and the statistic information available to us. This is necessary due to our legitimate interests of providing relevant offers to our customers and improving the user experience of our website, Art. 6 para. 1 lit. f) GDPR.
We will store such data in accordance with statutory retention periods.
4.4 WEBSITE AND NEWSLETTER PERSONALISATION
We aim for the best user experience on taraslodge.com. Therefore, when you register to our newsletter, we will personalize content based on what pages you visit to show you the information that interests you the most. We will not create a personalised user profile. The underlying data is anonymised.
The legal basis is Art. 6 para. 1 lit. a) GDPR.
The data will only be used to decide whether to accept your hotel into our membership portfolio. It will be forwarded internally only to the responsible contact persons who will decide on the admission. All data will be erased in accordance with statutory retention periods erased, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise
4.5 APPLICANTS DATA
In the event that you apply for a job via our website, you first need to register with an account. We collect the following data:
· - title
· - first and last name
· - email address
· - password
· - phone number
· - cover letter
· - résumé
· - information on how your heard about us
You may additionally add you LinkedIn or Xing profile and other documents.
Your data will only be used for the decision on whether to establish an employment relationship with you. It will be forwarded internally to the responsible contact persons only who will decide on the staffing of the position you are interest in. In case you do not apply for a specific vacancy, we will use your data with regard to all positions vacant at the moment of your application that meet your requirements.
The legal basis for the processing is Art. 88 GDPR in conjunction with section 26 para. 1 German Federal Data Protection Act.
We will erase your data after completion of the application process upon expiry of a six months retention period.
4.6 WEBSITE TECHNOLOGY AND TRACKING
4.7.1 AUTO LOG IN
If you choose to stay logged in on our website, we will store your login information in a cookie on your computer so that you do not have to authenticate upon return to our website but will be automatically logged in ("auto log in"). The cookie and thereby the auto login expire automatically after 60 days.
We use technology of ADFORM (Hovedvagtsgade 6, 1103 Kopenhagen, Danmark). In this context a cookie is stored on your computer as part of so called conversion tracking, if you have clicked on an ad from or have accessed our website through an ad. This allows us to analyse the behaviour of users on our website, that have accessed our website through ads, in order to adapt our ads and the website to user needs. You will find more information about adform and can opt out from the collection of data by Adform at: http://site.adform.com/privacy-policy/en/.
On our website we use different services provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereafter "Google".
Google is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=EN). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
184.108.40.206 GOOGLE TAG MANAGER
220.127.116.11 GOOGLE ANALYTICS WITH ANONYMIZATION FUNCTION
Your IP address will not be merged with other data provided by Google. You can prevent the storage of cookies in your browser settings. You can also prevent the storage of cookies by installing a browser plug-in which can be downloaded here: https://tools.google.com/dlpage/gaoptout?hl=en.
Your personal data will be erased after 26 months. If you do not agree, you can opt-out of this through the "My Account" section of your Google Account.
18.104.22.168 GOOGLE REMARKETING
This website uses the Google Remarketing feature. The feature is designed to present interest-based ads to web page visitors within the Google Network. The technology allows us to post automatically generated, targeted ads after you visit our website. The advertisements are based on the products and services you clicked on the last visit to our website. For this purpose, a cookie is stored in the browser of the website visitor, which makes it possible to recognize the visitor when he calls web pages belonging to the advertising network of Google. Google usually stores information such as your web request, IP address, browser type, browser language, and the date and time of your request. This information is used to associate the web browser with a particular computer. On the pages of the Google Network, advertisers can then be presented with ads related to content that the visitor previously viewed on web pages that use Google's remarketing feature.
If you visited https://www.google.com/settings/u/0/ads/authenticated you agree to linking your browsing history of Google with your Google Account, and information from your Google Account is used for ad personalization, as well as the remarketing feature across devices. Google collects your Google ID and uses it for cross-device discovery.
If you do not wish to use Google Remarketing, you can disable it by following Google ads settings here: https://adssettings.google.com/authenticated.
22.214.171.124 GOOGLE SITESEARCH (GOOGLE AJAX SEARCH API)
126.96.36.199 GOOGLE GOOGLEADSERVICES / GOOGLE ADWORDS CONVERSION
4.7.4 MICROSOFT BING ADS
On our website, we use the conversion and tracking tool "Bing Ads" of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft is certified under the Privacy Shield Agreement, which is why it guarantees to comply with European data protection law. Microsoft Bing Ads places a cookie on your device if you have accessed our website via a Microsoft Bing ad. Microsoft Bing as well as we can thus recognize that someone clicked on an ad, was redirected to our website and reached a previously determined landing page (conversion page). We only get to know the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user will be shared. If you do not want information about your behaviour to be used by Microsoft as explained above, you can refuse the cookies in your browser settings. In addition, you may prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by using the following link: http://choice.microsoft.com/en-EN/opt-out and objecting to the use of these cookies. For more information about privacy and cookies used by Microsoft and Bing Ads, visit the Microsoft Web site at https://privacy.microsoft.com/en-us/privacystatement.
188.8.131.52 FACEBOOK IMPRESSIONS
In this context we use the function Facebook Impressions. Through this feature information about the frequency with which a post of our site is displayed is gathered. Here the frequency of the page views is recorded by the visitors of our website. The information generated by these cookies, such as time, location and frequency of your website visit, including your IP address, will be transferred to the Facebook servers in the United States.
184.108.40.206 FACEBOOK CUSTOM AUDIENCES PIXELS
To promote interest-based advertisements to visitors to our website while visiting Facebook, we use Custom Audiences Pixel from Facebook. It connects to the Facebook servers when visiting our website. The information that you have visited our website is transmitted to the Facebook server and Facebook assigns this information to your personal Facebook user account.
This website uses Mouseflow, a web analytics tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to collect randomly selected individual visits (using an anonymous IP address only). The mouse movements, mouse clicks and keyboard interactions are logged at random, along with the intention of individual visits to this site as so-called session replays to reproduce and evaluate the so-called heat maps and determine potential improvements for this site. The data collected by Mouseflow are non-personal and will not be disclosed to third parties. The storage and processing of the collected data takes place within the EU. If you do not want to be tracked by Mouseflow on any websites using this cookie, you may object to this at the following link: https://mouseflow.com/opt-out/
5. RECIPIENTS OF DATA
As explained above we will share your personal data with the hotel if you make a booking and we will use external parties as data processors as follows:
· - A reservation system for bookings provided by Little Hotelier whom we have entered a contract under the standard contractual clauses (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=EN) with, that guarantees an adequate level of data protection.
· - Stripe, Inc., California, 185 Berry Street, Suite 550, San Francisco, California 94107, USA that is used by Squarespace for payment services. Stripe is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=EN). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4&status=Active.
6. YOUR RIGHTS
In connection with the processing of your personal data, you have the following rights. These can be basically exercised free of charge. However, where your requests for the rights set out in numbers 2 to 5 are manifestly unfounded or excessive, in particular because of their repetitive character, we may either
- charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or
- refuse to act on the request.
6.1 WITHDRAWAL OF CONSENT
You have the right to withdraw any consent you have given us for processing your data. However, this will only affect future processing. The lawfulness of processing carried out on the basis on your original consent will not be affected.
6.2 CONFIRMATION AND ACCESS
You have the right to request confirmation as to whether your person data is being processed. If this is the case, you are entitled to have access to the personal data in the sense of Art. 15 GDPR.
6.3 RECTIFICATION AND ERASURE
You have the right to demand rectification of incorrect personal data and the completion of incomplete data (Art. 16 GDPR) as well as, under the conditions of Art. 17 GDPR, erasure of your data.
6.4 RESTRICTION OF PROCESSING
You have the right to restrict the processing of your personal data under the conditions of Art. 18 GDPR.
6.5 RIGHT TO DATA PORTABILITY
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without our hindrance. However, this right exists only insofar as the processing is based on your consent pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b); and the processing is carried out by automated means.
This right is precluded as far as rights and freedoms of other persons (in particular personal data of third parties, business or company secrets existing on our parts, copyrights) are concerned.
6.6 OBLIGATION TO PROVIDE DATA
There is no obligation for you to provide your personal information. However, if you do not provide the data required according to this privacy statement, you may not be able to use certain services or features in whole or in part.
6.7 RIGHT TO LODGE A COMPLAINT
Insofar as you believe that we do not properly comply with the obligations stipulated in data protection law, you have the right to lodge a complaint with a supervisory authority.
The competent supervisory authority would be:
· Berliner Beauftragte für Datenschutz und Informationsfreiheit
· Friedrichstraße 219
· 10969 Berlin, Germany
· Tel: +49 (0)30/138890
· Email: firstname.lastname@example.org
7 RIGHT TO OBJECT
On grounds relating to your particular situation and where processing is based on Art. 6 para. 1 lit. e) or lit. f) GDPR, you may object to the processing of your personal data at any time. We then will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
New legal or regulatory requirements or new features on our website may require an update of this Privacy Notice. In these cases, we will provide further information here. It is therefore recommended to periodically review this Policy for any changes. The latest version of this Policy can be found as conclusion.