Privacy Statement (last modification February 23, 2020)

We in Indigo Cavtat Apartments, owned by Pavo Miloglav, based in Cavtat, Stjepana Radica 17 (hereinafter “ICA“ or “we“) highly respect your privacy and we recognize that privacy protection, as well as protection of your personal data, is an important issue.
We take this opportunity to inform you how we process your personal data we collect directly from you or third parties.
By using any of our products or services and/or by agreeing to this Statement,e.g. in the context of registering for any products or services, you understand and acknowledge that we will collect and use your personal data as specified in this Statement. This Statement is subject to change, and the date of the last change is specified in the title of the Statement.

1. Your rights
If you have any questions regarding this Statement or you want to submit the request for exercising your right to protect your personal data, you can contact ICA via e-mail indigocavtatapartments@gmail.com by post to the following address: Stjepana Radica 17, 20 210 Cavtat.
Your rights are stated below:
• the right to access personal data i.e. the right to obtain information about which of your personal data are processed and the details about their processing
• the right to rectification of personal data,
• the right to the erasure of personal data,
• the right to restriction of personal data,
• the right to object to the processing of your personal data,
• the right not to be subject to the decision based solely on automated processing, including profiling. In this respect, we would like to emphasize that we do not apply such a decision-making process as all decisions are made with human involvement.
• The right to lodge a complaint with a supervisory authority. In Croatia that is Croatian Personal Data Protection Agency, Martićeva street 14, 10 000 Zagreb, e-mail: azop@azop.hr

Exercising the above mentioned rights depends on the reason why we process personal data and on what grounds. For example, we cannot erase personal data even if you request so if required by law to keep them for a certain period.

Upon your request, we shall act without delay and inform you about the activities we have undertaken.

You can also contact us if you have any further questions related to your personal data processing.

  1. Measures to protect your personal data

We are aware of how important the protection of your personal data is so we want to justify in all respects the trust you placed in us by choosing our services.

In order to prevent unauthorised access, disclosure,exchange, erasure or any other abuse of your personal data we provide certain technical, organizational and staff -related protection measures. The aim of these measures is to ensure that only those persons who need the information to perform their job tasks have access to those information in electronic or physical form, and to the extent necessary for that purpose.

Our partners and service providers who we share personal data with are required to assume contractual obligations and to provide the same level of personal data protection that you expect from us. Before choosing a partner who will perform data processing for us ( data processor) we take reasonable measures to ensure they do so in compliance with legal obligations related to personal data protection.

3. Users of our services
3.1 Why do we collect and process your personal data?
We collect and process your personal data when it is required by law, to provide services you requested, but also when you give consent for processing your personal data for specific purposes which are specified below:
• communication with you: when you contact us and require information about our services, our offer or you make complaints about our services, we will process the data you have submitted so that we can contact you later and act as you requested
• checking in and checking out: if you use accommodation service in our apartments, it is our legal obligation to collect certain personal data in order to register your arrival.

3.2. What kind of personal data do we collect?
We collect only data necessary for the purposes described in this Statement. Depending on the circumstances following data may be included: your contact information, information related to your reservation, stay or visit to ICA, your preferences, your name, date of birth, gender, identity card number, credit card number, country of birth, citizenship, visa number if you are subject to visa regime, place of entry in the Republic of Croatia, date of arrival to the hotel and date of departure, personal expenses, information about the airline and the vehicle you use to come to our hotel, opinions about our services ( if you decide to provide your personal data in the questionnaires), Besides the information about yourself, we may also require the information about the persons who travel with you.
We will not collect information about your health, religious and philosophical beliefs and other sensitive information unless it is volunteered by you. The purpose of data collection is to provide better service or to meet your special needs and requirements ( e.g. provision of disability access)
Collection of above mentioned data may be required by law, or when it is necessary to close an agreement and provide services agreed upon. The data may also be collected based on your consent. When collecting is based on your consent we shall clearly indicate that.
3.3. What sources do we use when collecting your personal data?
We may collect your personal data directly from you ( via email, telephone, mobile phone, web form, face-to-face communication with you), but also from other persons, e.g. persons that travel with you, tourist agencies, online platforms you make reservations of our hotel services on, credit card providers and other contractual partners. Those partners should act in accordance with applicable laws and regulations related to private data protection.
When you provide personal data of other persons, you make sure that the person whose personal data you have provided is informed about it and accepts the way we use their personal data.
When we do not collect your personal data directly from you but from other persons stated above, we are responsible only for the actions we take related to personal data upon their receipt. We are not responsible and may not be responsible for the actions related to your personal data taken by the persons we receive your data from. Therefore, we kindly ask you to read privacy protection policies related to other persons you give your personal data to.
3.4. Who do we give your personal data to?
We give your personal data only to those recipients who need them for the above stated purposes and only to the extent necessary. We make sure that our partners maintain the confidentiality of personal data as required by the contract.
For example, when you stay in our apartments it is our legal obligation to register your stay with relevant state authorities.
In order to provide certain services, we cooperate with external partners who offer such services, e.g. transport organization, excursion organization, car hire, yacht hire. When you want us to provide such a service, we may disclose your personal data to our partners we cooperate with to the extent necessary for them to provide a service for you ( e.g. getting in touch with you, assessing the compliance with travel regulations or being charged special rates). At your request, we can contact external service providers so that you can create your itineraries by choosing a destination, activities and restaurants from the list we customized for you based on your preferences and the data received from third parties.
Besides above-mentioned cases, your data may be disclosed when required by law, to fulfill the requirements of state authorities we are legally obliged to fulfill in order to protect our rights or the rights of our visitors, employees and public, and to react in emergency.
3.5. How long do we retain your personal data?
We retain your personal data no longer than is necessary for the purposes for which the personal data are processed.
Data about credit card shall be deleted 10 days after your check- out i.e. 10 days after your arranged date of departure in case you do not come. Certain data shall be deleted after one-year period, while some data shall be deleted five years after your stay is completed. Bills (that include the extent of data required by law) shall be retained for eleven years, the minimum period we are obliged to retain them.
Exceptionally, your personal data are retained longer than the periods stated above when necessary to fulfill mutual legal requirements.
When the retention time expires the personal information printed on paper will be destroyed in a secure manner, such as by cross-shredding or incinerating and, if saved in electronic form, will be permanently destroyed to ensure the information may not be restored at a later time.

4. Links to websites and third-party services
Our website may contain links to websites of third parties. Bear in mind that we cannot be held accountable for the data collected, used, maintained, exchanged or published by the third parties. If you offer information on websites of third parties, i.e. use them, the privacy rules and the terms and conditions of use for these websites will apply. We recommend that you read the privacy rules for the websites you visit prior to sharing your personal data.