DATA PROTECTION REGULATIONS acc. to EU-GDPR
1. General Regulations
Romeoandjuliet.hr, ROMEO & JULIET, obrt za turizam i nekretnine, vl. Terezija Radošević (further on: R&J), reserves the right to amend the existing data protection regulations in strict accordance with prevailing legal norms at any time.
Personal Data
Your voluntarily transmitted personal details (through submission in the online forms, by phone or mail, respectively sent by your group coordinator) will be collected, saved and processed in accordance with the most recent legislation on data protection (EU-GDPR 2018).
Flight bookings, additional bookings & hotel bookings – Bookings via R&J can only be carried out by collecting, saving and processing your personal data. This is solely for the purpose of organising and realising the event. Your data will only be passed on to third parties who are directly involved in running the event and if the organisational process makes it necessary – in accordance with your bookings (airline, hotel, transport companies, travel insurance, etc.).
Photos/Films
By signing the contract, you grant permission to R&J to use photos/films taken from you respectively your company presence by our official photographer (team) onsite during the meeting for marketing purposes (event reporting, promotion of follow-up events & self-marketing) for an indefinite period of time. If you do not want to have any photos/films published, taken of you, you may contact us at any time: info@romeoandjuliet.hr
Links to other websites
Links provided by R&J (program booklets, invitation management etc.) may contain links to other websites. R&J is not responsible for the data you provide on other websites. Out partner companies are also bound to act according to EU-GDPR, the implementation however rests with each company individually. Our data protection guidelines are solely applicable to data controlled by us (R&J).
2. Information Obligation acc. to Art. 12-14 EU-GDPR (EU-DSGVO)
We are pleased to provide you with all information on the type, purpose and scope of the processing activities of your personal data.
Purposes of Processing
Depending on the participant status and the bookings of the data subject, the data are processed for one or more of the purposes listed below.
Processing Purpose | Data Categories |
---|---|
Travel Bookings, Additional Bookings, Settlement and Controlling | name contact data address data/invoice data credit card data hotel length of stay contact person frequent flyer number travel data (only if necessary) passport data (only if necessary) special diet (sensitive data) |
General Organisation /Accounting | name contact data additional bookings hotel booking data bank data (only if necessary) credit card data (only if necessary) |
Marketing & Development | name contact data photos/films |
Legal Basis for the data processing purposes
Processing Purpose | Legal Basis |
---|---|
Travel Bookings, Additional Bookings, Settlement and Controlling |
|
Marketing & Development |
|
Third Party Data Recipients – Categories
The recipients only receive the data they require, not your full data record. Your data will only be forwarded if the organisational process makes it necessary – in accordance with your bookings – and if a legal basis exists.
Processing Purpose | Data Categories | Recipient Categories |
---|---|---|
Travel Bookings, Additional Bookings, Settlement and Controlling | name contact data address data/invoice data credit card data hotel length of stay contact person frequent flyer number travel data (only if necessary) passport data (only if necessary) | flight companies, service providers (fulfillment agents) |
special diet (sensitive data) | flight companies, service providers (fulfillment agents) | |
General Organisation / Accounting | name contact data registration data additional bookings hotel booking data bank data (if necessary) cedit card data (if necessary) | responsible authorities, bank, fiscal office, tax consultant, service providers (fulfillment agents) |
Marketing | name contact data | online mailing provider |
Transfer to Third Country
Due to the GDPR Art 49, 1b: The transfer of data to third countries is necessary for the performance of a contract/business relation between the data subject and the controller. Only data that is actually required for the specified purpose may be collected and processed.
Data Storage Period
Credit card guarantees (such as for hotel bookings) are reviewable and saved until 2 weeks after event start and irrecoverably deleted thereafter. Sensitive data (for example: special nutritional requirements), which are collected with the consent of the data subject, will be irrecoverably deleted after the end of the booking. All other data are stored for 11 years, to meet the retention period according to the Croatia Value Added Tax Act.
3. Data Subject Rights
We hereby inform you about your rights according to EU-GDPR:
Data Subject Rights acc. to Art. 15-21 EU-GDPR:
- Right of access by the data subject
- Right to rectification
- Right to erasure ‘right to be forgotten’
- Right to restriction of processing
- Right to data portability
- Right to object (in case of legitimate interest of the controller)
Here you will find detailed descriptions:
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
© European Union, http://eur-lex.europa.eu/ 1998-2018
Right to withdraw consent acc. to Art. 7 EU-GDPR
Depending on your participant status, we kindly ask you for different declarations of consent. These are queried within the online forms or directly inquired from the affected person/group coordinator/company representative. The declarations of consent are not compulsory according to the EU GDPR.Each data subject has the right to withdraw his/her given consent(s) at any time. The withdrawal of the consent does not affect the legality of the processing carried out based on the declaration of consent until the withdrawal.
Right to lodge a complaint with a supervisory authority acc. to Art. 77 EU-DSGVO
Every data subject has the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him/her infringes to the EU-GDPR.
Description of other Purposes Legitimate Interests of the Controller acc. to Art. 6 (1) f) EU-GDPR
Advertising/Marketing
Processing data of the data subject to inform him/her about the above-mentioned event, as well as future and topic-related events.
Privacy Policy for the use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help the website analyse how visitors use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States . Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
You can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en.
Please note that this website initializes Google Analytics with the setting “anonymizeIp” This guarantees anonymized data collection by masking the last part of your IP address.
Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or at http://www.google.com/intl/en_uk/analytics/privacyoverview.html
Data Privacy for the use of social networks
Facebook (Like Button)
On our websites plug-ins of the social network Facebook, 1601 South California Avenue,Palo Alto, CA 94304, USA are integrated. You recognise these plug-ins by the Facebook logo or the Like-Button on our site. For an overview of Facebook plug-ins, please see here: http://developers.facebook.com/docs/plugins. If you visit our websites, a direct connection between your browser and the Facebook server is established by this plug-in. By that Facebook receives information that you have visited our websites with your IP-address. If you click the Facebook “Like” button while you are logged on to your Facebook account you may link the contents of our websites to your Facebook account. Thereby Facebook can associate your visit of our websites to your Facebook account. We would like to point out that we as providers of these websites do not obtain knowledge about the contents of the transmitted data as well as the use of such by Facebook. For further information, please check the Privacy Policy of Facebook under http://de-de.facebook.com/policy.php. If you do not wish that Facebook associates your visit of our websites to your Facebook account, please log out of your Facebook account.
On our websites functions of the service Twitter are integrated. These functions are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using Twitter as well as the function “Re-Tweet” websites visited by you are linked to you Twitter account and posted to other users. In doing so, data will be transmitted to Twitter. We would like to point out that we as providers of this websites do not obtain knowledge about the contents of those data. For further information, please check the Privacy Policy of Twitter: http://twitter.com/privacy. The privacy settings of your Twitter account can be adjusted under http://twitter.com/account/settings
4. Consent for processing personal Data
Making a booking is only possible with the collection, storage and processing of your personal data. This is done in accordance with the latest legislation on data protection (EU-GDPR 2018). Therefore you agree in your own name that Romeoandjuliet.hr by ROMEO & JULIET, obrt za turizam i nekretnine, vl. Terezija Radošević, as a travel agency or tour operator
may process personal data, in particular
- master data (name, first name, address, e-mail address, telephone number
- data in travel documents (in particular passport number, passport data, date of birth, issuing authority, duration, biometric data, national origin)
- duration, biometric data, national origin)
- data regarding payment method and EC cards, credit cards and debit cards
- destinations, hotels, length of stay, contact persons, conditions, special services, health data, frequent flyer number
- health data including medication, e.g. related to allergies and diseases of all kinds, as well as data on special needs and to marriage/partnership
for the following purposes:
- travel bookings, flights, tourist guides, hotels, restaurants
- rental vehicles, transfers, insurances, events, tickets, tours
- vouchers including customer data, billing and verification (B2B, B2C, FIT)
Furthermore, I agree with the transmission of the data to
- R&J by ROMEO & JULIET, obrt za turizam i nekretnine, vl. Terezija Radošević, [Marketing, Accounting]
- service providers that are necessary for booking
- emergency hotline
- online booking platforms
and their vicarious agents
All travel and related services that you entrust to R&J by ROMEO & JULIET, obrt za turizam i nekretnine, vl. Terezija Radošević, in the future should be carried out as effectively and expeditiously as possible. In order that your special customer requests can be considered continuously for the purpose of optimal care
- all your data mentioned in this statement may be stored beyond the duration of the business relationship with R&J by ROMEO & JULIET, obrt za turizam i nekretnine, vl. Terezija Radošević, and
- a maximum of 3 years beyond the longest statutory storage requirement applicable to R&J by ROMEO & JULIET, obrt za turizam i nekretnine, vl. Terezija Radošević,
- so that this data is processed in the case of a new booking you requested and
- may be transmitted to third parties to the extent necessary
Due to bookings in other EU countries, data transfer may also be necessary to third countries under certain circumstances. R&J by ROMEO & JULIET, obrt za turizam i nekretnine, vl. Terezija Radošević, refers here to Art. 49,1b GDPR law.
You are entitled to withdraw this consent at any time from R&J by ROMEO & JULIET, obrt za turizam i nekretnine, vl. Terezija Radošević, in full or in part. You can contact us at any time via email (info@romeoandjuliet.hr).