PRIVACY POLICY AND PERSONAL DATA PROCESSING NOTICE

Best Western Premium Hotel Astoria Ltd., Petrinjska 71, 10 000 Zagreb, VAT (Croatian personal identification number): 64685504163, is part of the Best Western Group, which operates 4,200 hotels worldwide. The information contained in this document is based on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation) and the Act on the implementation of the General Data Protection Regulation.

With this personal data processing notice, we would like to familiarize you with the processing of your personal data and the way in which we protect your data in a transparent, understandable, and clear manner.

IDENTITY OF THE DATA CONTROLLER:

HOTEL ASTORIA Ltd., Zagreb, Petrinjska 71, VAT: 64685504163, registered in the Court Register of the Commercial Court in Zagreb, MBS (company’s court reg. no.): 080214383 (hereinafter: Hotel/Controller).

CONTACT INFORMATION OF THE PERSONAL DATA PROTECTION OFFICER:

For all questions regarding the processing of your personal data, you can contact us via our Data Protection Officer at the postal address: Hotel Astoria Ltd., Data Protection Officer, Petrinjska 71, 10 000 Zagreb or via the following e-mail address: disclaimer@hotelastoria.hr.

CATEGORIES OF PERSONAL DATA WE COLLECT:

Categories of personal data we are required to collect to fulfill obligations related to providing services are:

  • name and surname
  • residence (address)
  • place, country, and date of birth
  • nationality
  • type and number of identity document
  • date and time of arrival at the Hotel
  • expected date of departure from the Hotel
  • date and time of departure from the Hotel
  • gender
  • email address
  • mobile phone number
  • data collected through video surveillance

PURPOSE OF PERSONAL DATA PROCESSING:

Your personal data is collected to:

  • Provide the requested accommodation service
  • Respond to your inquiry as promptly and accurately as possible
  • Fulfill our obligations as a hospitality service provider according to applicable regulations
  • Exercise your rights related to the provided service.

If you have given us consent, your personal data is also collected to:

  • Notify you of promotional services (newsletter)
  • Send you promotional materials
  • Enroll you in the Best Western Rewards loyalty program
  • Maintain internal statistics.

LEGAL BASIS:

The legal basis for processing your personal data is Article 6(1)(c) of the General Data Protection Regulation, as processing your personal data is necessary to fulfill the Controller’s obligations (Hospitality Act Article 10, Regulation on the form, content, and manner of keeping guest books and guest lists, Article 2, Tourist Fee Act, Article 22, Regulation on the e-Visitor system, and tax regulations applicable to service providers as invoice issuers, tax reporting obligations related to performing activities).

The legal basis for processing your personal data related to the Hotel’s marketing activities is Article 6(1)(a) of the General Data Protection Regulation, i.e., your consent given for that purpose.

RECIPIENTS/CATEGORIES OF RECIPIENTS OF PERSONAL DATA:

To achieve the purposes of personal data processing stated in this Notice, we are required to submit your data to the unified system for registering and deregistering tourists, eVisitor. Data on tourists’ stays in certain facilities, which contain personal data or are related to a specific person, are available exclusively to the entities that maintain the tourist list via the eVisitor system and authorized persons in the Croatian National Tourist Board. Personal data on tourists and entities can be provided to government authorities and other state bodies and local and regional self-government units based on a written request. Personal data is provided exclusively for official purposes and exchanged officially in accordance with regulations governing personal data protection.

We may also provide your data to third parties with whom we have service contracts solely for the purpose of fulfilling contractual obligations under those contracts, such as maintaining computer programs and/or databases, accounting services, legal services, etc.

We may also provide your data to the Ministry of the Interior or another competent authority if unlawful actions were committed during your stay or related to your stay at the Hotel.

Since the Company is a member of the Best Western Hotels & Resorts group, your data may be provided to a specific group member in case of organizing joint events, offers, participation in Best Western group reward programs, and other promotional activities. Your data may also be provided to third parties conducting client satisfaction surveys, market research, and promotional activities if you have given your consent for that. The Hotel guarantees that the collected data will be used exclusively for the mentioned purposes and will not be provided to third legal and/or physical persons outside the Best Western organization in any way.

TRANSFER OF PERSONAL DATA OUTSIDE THE EU:

Your personal data is stored in the European Economic Area (EEA). Your personal data may be transferred and stored outside the European Economic Area. In such a case, the data is processed by other members of the Best Western group. Data can be transferred outside the European Economic Area only if there is adequate protection such as:

(1) a European Commission adequacy decision regarding the country to which the data is exported;

(2) certification of the existence of a “security shield,” in case data is exported to the USA; or

(3) appropriate and binding corporate rules or other rules in accordance with personal data protection regulations.

PERSONAL DATA RETENTION PERIOD:

We retain your personal data in accordance with prescribed retention obligations, so data collected as part of providing hospitality services contained in the Hotel’s Guest List is kept for two years, and in case of initiated disputes, the data is kept until the final conclusion of initiated proceedings. Data entered into the e-Visitor system is kept for ten years, data collected based on consent is kept until you withdraw the given consent, while video recordings collected by the Hotel’s video surveillance system are kept for six months, unless they are evidence in court, administrative, arbitration, or other proceedings, in which case they are kept until the final conclusion of those proceedings.

COOKIES:

The HOTEL website uses cookies and other technologies such as “pixel tags,” “web beacons,” “clear GIFs,” email links, and similar. Cookies are text files stored on your devices when you visit the website. Based on cookies, we cannot use them to reveal your identity, but we can use them to improve our service and meet your interests.

If you want to delete or stop using cookies on your devices, please update your browser settings. Please note that deleting or stopping cookies affects the ability to recognize your browser on your next visit to our website.

LINKS TO OTHER WEBSITES:

Our website contains links to other websites. Please note that we have no influence over the content of these sites. We also note that we do not take responsibility for the content nor consider it our own. The content provider is solely responsible for any unlawful, incorrect, or incomplete content, as well as any possible damage that may arise from the use of information derived from such content.

PROTECTION OF CHILDREN’S AND YOUNG PEOPLE’S PERSONAL DATA:

The Hotel does not intend to collect, process, or share personal data of children or young people under the age of 16 unless required by applicable regulations. The Hotel also encourages parents to protect the personal data of children and young people.

VIDEO SURVEILLANCE:

The video surveillance system is used to protect property and individuals from unlawful actions such as robbery, burglary, theft, damage, and destruction of equipment, and to control entry and exit from the Hotel premises, reducing the risk of such unlawful actions for guests, employees, and third parties.

Recordings captured by the video surveillance system can be used exclusively for the purpose mentioned above in case of an action harming the Hotel, guests, employees, or third parties.

DATA SUBJECT RIGHTS:

Regarding the processing of your personal data, you have the following rights:

  • Right to information and access: You have the right to contact us at any time and receive confirmation of whether your personal data is being processed, and if so, request access to personal data and information you are entitled to concerning data protection. If the request is submitted electronically, unless requested otherwise, we provide the information in the usual electronic form;
  • Right to rectification: If we process your personal data that is incorrect, you can ask us to correct it at any time, and if it is incomplete, you have the right to complete it;
  • Right to erasure: You have the right to request the erasure of personal data relating to you if we have processed it unlawfully or if the personal data is no longer necessary concerning the purpose of processing, etc. Please note that there are reasons preventing immediate erasure, such as for the establishment, exercise, or defense of legal claims, which we will inform you about in relation to each request;
  • Right to restriction of processing: You can request the restriction of processing your data if you contest the accuracy of the personal data during a period enabling us to verify the accuracy of that data, if the processing is unlawful, but you oppose erasure and request restriction of use instead, if we no longer need the data for processing purposes, but you require them for the establishment, exercise, or defense of legal claims.
  • Right to data portability: You have the right to receive personal data relating to you and the right to transmit that data to another controller without hindrance from the controller.
  • Right to object: If you believe that we have violated the General Data Protection Regulation or other data protection regulations in processing your personal data, please contact our Data Protection Officer to clarify any disputed issues.
  • National supervisory authority to which you have the right to submit a complaint is: Croatian Personal Data Protection Agency, 10 000 Zagreb, Selska cesta 136.

If we process your data based on your consent, you have the right to withdraw your consent at any time. You can direct all your requests, complaints, or inquiries related to your personal data via email at: disclaimer@hotelastoria.hr or in writing to the address: Hotel Astoria Ltd., Petrinjska 71, 10 000 Zagreb. For the sake of reliable identification in case of exercising rights relating to your personal data, we may request additional information for identification purposes. We reserve the right to reject requests if there is doubt about the identity of the applicant.