Privacy Policy - Pucić Palace Hotel

Introduction

Welcome to Pucić Estates d.o.o. privacy policy. Pucić Estates d.o.o company is the owner of The Pucić Palace hotel and the website https://www.thepucicpalace.com

Pucić Estates d.o.o., Ulica grada Vukovara 237 c, 10000 Zagreb OIB: 61614818439 (hereinafter Pucić Estates d.o.o. – The Pucić Palace hotel) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

Scope of application

This Policy applies to any processing of personal data by The Pucić Palace hotel unless other The Pucić Palace hotel policy prescribes otherwise. Exceptionally, with regard to the processing of data of guests and users of The Pucić Palace hotel services, this Policy prevails over all other policies when such other policies prescribe rights and obligations regarding the processing of data in a different manner.

Data controller and legal framework

Pucić Estates d.o.o., as the Controller of your data, respects your privacy and undertakes to protect your personal data. The collection and storage of data is carried out in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), the Act on Implementation of the General Data Protection Regulation (Official Gazette, No. 42/2018) and other regulations governing this area that are applicable in Republic of Croatia.

Data protection officer

Pucić Estates d.o.o. has appointed the personal data protection officer, who can be contacted, at any time, at the e-mail address dpo@thepucicpalace.com or by phone: ++ 385 20 326 222 or regular address to Ulica od Puča 1 – 20000 Dubrovnik 20 000 Dubrovnik, Croatia EU

Implementation of data-protection principles

Pucić Estates d.o.o. within the framework of the implementation of this Policy, pays special attention to respecting the principles of data processing and processes data:

Lawfully – data processing is made possible when it is permitted by law and only within the limits permitted by law.
Fairly – by taking into account the specifics of each relationship, applying all appropriate measures for the protection of personal data and privacy in general, and allowing data subjects to exercise their rights.
In a transparent manner – by informing data subjects about the processing of personal data. From the beginning of data collection itself, when data subjects are informed about all aspects of data processing, until the end of data processing, data subjects are in accordance with the provisions of the Regulation granted simple and quick access to their own data, including the ability to inspect and obtain a copy thereof. Access to certain information may be restricted only when this is required by law or necessary for the protection of third parties.
By ensuring purpose limitation – personal data is processed for the purposes for which they are collected and may be processed for other purposes only when the requirements laid down in the Regulation are fulfilled. Data may be processed for duplicate purposes only by taking into account
(a) any link between the purposes for which the personal data have been collected and the purposes of the intended further processing;
(b) the context in which the personal data have been collected, in particular regarding the relationship between data subjects and Pucić Estates d.o.o.;
(c) the nature of the personal data, in particular, whether special categories of personal data are processed, pursuant to Article 9 of the Regulation, or whether personal data related to criminal convictions and offenses are processed, pursuant to Article 10 of the Regulation;
(d) the possible consequences of the intended further processing for data subjects; and
(e) the existence of appropriate safeguards.
By ensuring storage limitation – data must be stored in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed and may be stored longer only when this is allowed by the Regulation.
By ensuring data minimization – data is processed only when they are adequate, relevant, and limited to what is necessary. Special attention is given not to collecting data for which there is no justified need for processing.
By ensuring accountability – data must be accurate and kept up to date, and every reasonable step must be taken to erase inaccurate data.
With integrity and confidentiality – processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures. Relevant measures are applied to take into account the risk related to each type of data processing.

Transfer of data to third parties

Access to the personal data of guests, where necessary and to a limited extent, may also be granted to third-party processors (for example, associates of Pucić Estates d.o.o.that provide IT or other services), who store such data in their databases until due processing of such data is completed. We will conclude a detailed contract with such parties regarding their powers and obligations during the processing of personal data, in accordance with the requirements of the Regulation.
Under certain circumstances, external parties and Pucić Estates d.o.o. may jointly determine the purpose and manner of personal data processing. In that event, such external partners and Pucić Estates d.o.o. will be considered joint data controllers. Joint data controllers, in their mutual relationship, determine their own responsibilities for acting in compliance with obligations prescribed by the Regulation in a transparent manner, especially with regard to the exercise of rights held by data subjects and their duty to process data in a transparent manner, unless their responsibilities are already established by law.

Should, within the data processing, data be transferred to third countries, Pucić Estates d.o.o. will ensure compliance with high standards of protection to in order to comply with the highest possible standard of personal data protection in accordance with the strict requirements of the Regulation.

Purpose of data collection

Pucić Estates d.o.o. is required to collect certain personal data in order to execute due accommodation contracts and comply with regulations governing hospitality. However, Pucić Estates d.o.o. may collect other or the same data for other purposes, primarily maintaining contact. Such purposes include:

Execution of accommodation contracts;
Compliance with legal requirements and other applicable positive regulations governing hospitality;
Direct marketing;
Submission of bids;
Improvement and personalization of services offered to guests;
Protection of property and the safety of individuals is achieved through the implementation of video surveillance measures.

Pucić Estates d.o.o. guarantees that collected data will be used only for the stated purposes.
Pucić Estates d.o.o. may use depersonalized data for statistical purposes.

Legal basis for the collection

The legal basis for the stated collection purposes may be:

Legal;
Contractual;
Key interests of data subjects
Legitimate interest is overridden by interests of data subjects; or
Consent or explicit consent of data subject, depending on the purpose of processing and the type of personal data.

Subject’s electronic consent

The subject may give its consent in an electronic form. Taking the fact that the consent must be unequivocal and voluntary into account, it is necessary to keep in mind that it is not allowed to “force” the consent, especially by checking the consent box in advance, or in some other way that significantly affects the use of a web page, or by adjusting the technical settings, but rather the choice in hand must be “neutral”.

Points of data collection

Pucić Estates d.o.o. collects your data at:

Booking of accommodation (booking through the website The Pucić Palace hotel or booking by phone call to our call center);
Conclusion of accommodation contract – registration at the reception desk The Pucić Palace hotel filling in the registration card;
Subscription to our newsletter on the The Pucić Palace hotel website,
Places under video surveillance.

Data storage period

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Data that was lawfully collected by is stored for a period of time prescribed by a particular law or other positive regulation.
Data that was contractually collected by the Pucić Estates d.o.o. is stored only for a period of time necessary to fulfill the contract or provide a service.
Information about the name, surname, and e-mail address collected by Pucić Estates d.o.o. on the basis for direct marketing purposes is stored in its guest database for a period of 1 year.
Other information collected by Pucić Estates d.o.o. on the basis of guest’s explicit consent (mobile phone number, number of children, marital status, pets, interests, manner of travel, accommodation, and destination preferences) is stored in its guest database for a period of 1 month.
Pucić Estates d.o.o. may, based on your explicit consent, also collect your web browsing data (so-called cookies) and store them in its database for a period of 1 year. Pucić Estates d.o.o. uses such data to inform you about special and personalized offers, news, and events organized through online channels (e-mail, web, internet promotions).

Rights of the data subject

Regardless of the basis for data collection, you can, at any time, free of charge, request:

Access to data, the rectification of data, or completion of incomplete data in all databases of personal data, upon which Pucić Estates d.o.o. will grant you access or rectify your data, depending on your request, in all its databases;
Erasure (“right to be forgotten”) of personal data from all databases of personal data, upon which the Pucić Estates d.o.o. will erase such data from all its databases except those that the Pucić Estates d.o.o. is required to maintain and keep on the basis of positive regulations and when there are no overriding legitimate reasons for processing or when processing is not necessary for the establishment, exercise or defense of legal claims;
Restriction of processing of your data or lodge a complaint regarding the processing of such data;
Transfer of data we have collected about you to you yourself or to third parties (“right to data portability”), in accordance with positive legal regulations;
Withdrawal of consent, when data were given on the basis of consent, without any negative consequences;
To lodge a complaint with a supervisory authority – Personal Data Protection Agency (for more information, please visit www.azop.hr).

Please send your written request to the contact e-mail address of personal data protection officer Pucić Estates d.o.o. e-mail dpo@thepucicpalace.com or by phone: ++ 385 20 326 222 or regular address to Ulica od Puča 1 – 20000 Dubrovnik 20 000 Dubrovnik, Croatia EU

Personal data collected from persons who booked accommodation and guests

Pucić Estates d.o.o., as the data controller, keeps personal data you are required to submit in order to be provided with accommodation services in its database solely for the purpose of concluding the accommodation contract and complying with legal requirements on provision and collection of personal data governing hospitality and may use such data for other purposes allowed by positive regulations. In the event that you do not provide Pucić Estates d.o.o. with the minimum information required for the registration of guests in all relevant registers, Pucić Estates d.o.o. will not be able to provide you with accommodation services in accordance with the contract and the law.
Personal data recorded by Pucić Estates d.o.o. at the time of booking and filling in the registration card at arrival to the facility are collected on the basis of laws regulating hospitality and for the purpose of providing services to guests. These include the following data (subject to change with regard to positive regulations):

Name and surname;
Address of residence (Croatian citizens);
Date of birth;
Number, type, and place of issue of the identification document;
Nationality;
Name of the facility;
Number of accommodation units;
Date of arrival and departure of guest;
Sex.

Pucić Estates d.o.o. stores such data in its database of guests and shares them with competent authorities of the Republic of Croatia through the E-visitor system (electronic registration system) through the E-visitor system (electronic registration system) in which such data is required to be stored for 10 years. Pucić Estates d.o.o. is also required to store all invoices issued to guests, including their personal information, for 11 years, in accordance with legal regulations.
Furthermore, in order to fulfill its contractual obligations, at the time of booking and filling in the registration card upon arrival to the facility Pucić Estates d.o.o. collects the following information:

E-mail address;
Language;
Telephone number.

Other information related to the circumstances of your stay, such as the manner of travel, travel companions, marital status, number of children, pets, and other interests, will also be collected when they are directly connected to the provision of accommodation services but will be deleted after your departure from the accommodation facility.
Pucić Estates d.o.o. as the data controller, based on a legitimate interest has the right to store your personal information (name and surname, e-mail address) in its database of guests and use such information for the purpose of direct marketing done solely for the purpose of informing you about Pucić Estates d.o.o. offers and news by e- mail. Under these circumstances, you will have the right to request erasure (right to be forgotten) from the database for that purpose at any time and free of charge.
During and after your stay, Pucić Estates d.o.o. will e-mail you, as our guest, a satisfaction questionnaire which, should you wish to fulfill it, namely, solely with your consent, The primary purpose of such satisfaction questionnaire is to collect data on services for the purpose of their improvement by, Pucić Estates d.o.o. whereby Pucić Estates d.o.o. depersonalizes such data provided in questionnaires and processes them for statistical purposes.
In addition, a person who books accommodation, that is, a guest, can give Pucić Estates d.o.o. special permission, namely, consent, that all his or her information, such as:

Name;
Surname;
E-mail address;
Date of birth;
Country;
Other personal information collected during stay (for example, mobile phone number, telephone number, sex, number of children, marital status, language, pets, interests, and activities enjoyed during stay, manner of travel, accommodation preferences, destination preferences, etc.).

Opting out

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

Video surveillance system

Pucić Estates d.o.o. as the data controller, has a legitimate interest to implement video surveillance measures to protect property and persons in relation to certain workplace positions and statutory duty to install surveillance cameras that record employees and anyone moving within the surveillance camera field of view.
Pucić Estates d.o.o. indicates all places where video surveillance system is installed in the prescribed manner.
Pucić Estates d.o.o. is aware that the video recordings contain personal data of all the persons moving within the surveillance camera field of view, and therefore handles them with special care. Furthermore, we have implemented a security system and introduced an availability and erasure policy regulated by internal the Pucić Estates d.o.o. rules on safety.
Video recordings are regularly rewritten and thus automatically deleted after a maximum of 7 days after they are recorded. Exceptionally, video recordings are kept longer when they serve as evidence in proceedings before competent state authorities. Extracted video recordings are stored in a centralized messaging system with extremely limited access.
In the event of judicial and/or criminal proceedings, Pucić Estates d.o.o. may use such video recordings. Access to personal data captured on video recordings may be granted to third parties, data processors, and contractual partners of the Pucić Estates d.o.o. who are registered and qualified to provide services of personal and property protection and who do not use any of these data independently but participate in activities related to the security of central supervisory and alarm systems. All other details regarding video surveillance are subject to special regulations that govern that area.

Protecting the personal information of children

Pucić Estates d.o.o. advises parents and guardians to teach their children the importance of being responsible when dealing with personal information on the internet Pucić Estates d.o.o. does not wish to collect and has no intention of collecting the personal information of children. Personal information of children will be neither used nor divulged to third parties. A child may give his or her consent solely in relation to the provision of IT company services, whereby such child must be older than 16 years of age. Pucić Estates d.o.o. may process all other information of children below the stated age limit and children under 18 years of age, except as expressly stated herein, only with the prior consent of the parent.

Rectification of data

You can contact us at any time to review your personal information, as well as for the purpose of updating, rectification, or erasure of your data. Until such time, we will use your previously recorded data for the aforementioned purposes.

Your consent

When you in any way provide the Pucić Estates d.o.o. with your information (booking, registration), you guarantee that the information you have provided is accurate, that you are legally capable and authorized to dispose of the provided information, and that you fully agree that may use Pucić Estates d.o.o. and collect your information in accordance with the law and the terms of this privacy policy.

Technical and integrated data protection

Pucić Estates d.o.o., as the data controller, takes utmost care to meet the highest organizational and technical data protection standards. We, therefore, taking into account state-of-the-art developments, the cost of implementation, and the nature, scope, context, and purpose of processing, as well as the risks arising from data processing of various levels of probability and severity that may affect the rights or freedoms of natural persons, at the time of choosing the processing resources and at the time of the processing itself, take appropriate technical and organizational measures to enable the effective application of data protection principles.
Furthermore, the Pucić Estates d.o.o. takes the appropriate technical and organizational measures to ensure that only personal data necessary for each special purpose of the processing are processed in an integrated way. Pucić Estates d.o.o. imposes this measure on the amount of collected personal data, the scope of their processing, storage period, and their availability. Specifically, such measures ensure that personal data are not automatically, without personal intervention, made available to an unlimited number of persons.

Records of processing activities

Pucić Estates d.o.o. as the data controller, keeps records on processing activities involving the following data:

Name and contact details of data controller or, where applicable, joint data controller, and data protection officer;
Processing purposes;
Description of data subject categories and personal data categories;
Categories of recipients to whom personal data are or will be disclosed, including recipients in third countries or international organizations;
Where applicable, the transfer of personal data to a third country or an international organization, including the identification of such third country or international organization and, in the event of transfer referred to in Article 49, paragraph 1, sub-paragraph 2, documentation on appropriate safeguards;
When possible, planned deadlines for the erasure of different categories of data;
When possible, a general description of technical and organizational safeguards.

International Transfers

Many of our External Third Parties are based outside the EU so their processing of your personal data will involve a transfer of data outside the Eu.
Whenever we transfer your personal data out of the EU, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further European Commission: Adequacy of the protection of personal data in non-EU countries.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Personal data breach

Pucić Estates d.o.o. as the data controller, ensures that in the event of personal data breach, the competent supervisory authority is notified of personal data breach without further delays and, if possible, at least 72 hours after such breach has occurred, unless it is not likely that such personal data breach will pose a risk to rights and freedoms of natural persons.
The report submitted to the supervisory authority must contain all information prescribed by the Regulation.
In the event of personal data breach that is likely to pose high risk to rights and freedoms of natural persons, Pucić Estates d.o.o., as the data controller, will notify the data subject of such personal data breach without further delays. Data subjects will not be notified where the Regulation stipulates that such notification is not mandatory.

Data protection impact assessment

Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of data subjects, the Pucić Estates d.o.o. will, as the data controller, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.
A single assessment may address a set of similar processing operations that present similar high risks.
Pucić Estates d.o.o. performs a data protection impact assessment in the event of:

Systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
Processing on a large scale of special categories of data referred to in Article 9, paragraph 1, or of personal data relating to criminal convictions and offenses referred to in Article 10 of the Regulation;
Systematic monitoring of a publicly accessible area on a large scale;
Any other situation defined by the competent supervisory authority.

Pucić Estates d.o.o. ensures an adequate involvement of data protection officers in the performance of impact assessment.
In accordance with the provisions of the Regulation and, when necessary, after the performance impact assessment, we will consult the supervisory authority prior to processing.

Transparency

This Privacy Policy is available at the official website Pucić Estates d.o.o. and at reception desks of all our facilities.
Should we decide to make changes to our privacy policy, we will make available and publish such changes on this website and at the reception desks of all our facilities.
If you have any questions about this Privacy Policy or concerns about the way we process your Personal Data, please contact us by emailing us using the contact form provided here.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Information

Follow us