Privacy policy

1. The data controller and legal framework

Club Adriatic d.o.o., a joint-stock company for the hotel industry and tourism, abbreviated as Club Adriatic d.o.o., with headquarters in Kralja Petra Krešimira IV 11, Baška Voda, OIB: 44661735229

is a joint-stock company that manages and develops tourist and catering facilities and as such operates in accordance with the legislation of the Republic of Croatia and the acquis communautaire.

In accordance with EU Regulation 2016/679 of the European Parliament and the Council of April 27, 2016, on the protection of individuals in connection with the processing of personal data and the free movement of such data (General Data Protection Regulation), the Law on the Implementation of the General Data Protection Regulation (OG 42 /2018) and other regulations governing that area, which apply in the Republic of Croatia Jadran d.d. collects and processes your data.

Given that Club Adriatic d.o.o. respects the privacy of every person whose personal data it collects, we would like to inform you about the personal data Club Adriatic d.o.o. collects, how we protect them, and your rights.

This Privacy Policy also defines your rights in connection with our processing of your personal data and our access to your personal data that we process. In processing your personal data, we adhere to the personal data processing principles set forth in Article 5 of the General Data Protection Regulation.

2. Data protection officer

Club Adriatic d.o.o. has appointed a Data Protection Officer whom you can contact by e-mail at [email protected] or by mail at Club Adriatic d.o.o., Kralja Petra Krešimira IV 11, Baška Voda, indicating “DPO”, for all matters regarding personal data protection and exercise of your rights guaranteed by the General Data Protection Regulation.

Other requests submitted to the Data Protection Officer’s address that are not associated therewith (such as job applications, queries regarding reservations in our properties, etc.) will be forwarded to our relevant departments.

3. Personal data – general information

Personal data are all data which can be used to determine your identity. According to the General Data Protection Regulation (“GDPR”), “personal data” means any information relating to an identified or identifiable natural person, i.e. a person who can be identified, directly or indirectly, in particular by reference to an identifier.

Simply put, the term “personal data” refers to any information which concerns you and can be used to determine your identity, including both obvious data, such as names and contact data, and less obvious data, such as identification numbers, location data, and web identifiers.

4. Purpose of data collection

We process your personal data in accordance with Article 6 of the General Data Protection Regulation for the following purposes:

a) data provided by the data subject based on his/her consent within the meaning of Article 6(1)(a) of the General Data Protection Regulation such as consent to personal data processing via cookies for better functioning of all website features and enabling a better user experience,  consent to posting photographs on social networks, etc., in which case you cam withdraw your consent at any time without suffering any adverse consequences, provided, however, that the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal;

b) data necessary to perform a contract and contractual obligations within the meaning of Article 6(1)(b) of the General Data Protection Regulation between Club Adriatic d.o.o. and another party, as well as potential future contractual arrangements;

c) data necessary to comply with legal obligations of Club Adriatic d.o.o. within the meaning of Article 6(1)(c) of the General Data Protection Regulation – for this purpose, we collect and process data necessary to perform our legal obligations such as registration and deregistration of employees with the Croatian Health Insurance Fund and Croatian Pension Insurance Fund, registration of customers in the e-Visitor system, provision of information to the Tax Administration etc.;

d) data necessary to protect vital interests of data subjects or other natural persons within the meaning of Article 6(1)(d) of the General Data Protection Regulation based on the principle of proportionality; and

e) data processed for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child meaning of Article 6(1)(f) of the General Data Protection Regulation, in which case Jadran d.d. ensures that the processing is appropriate and minimally invasive, e.g. processing for administrative purposes, sending promotional e-mails to former users, security of computer networks, video surveillance to protect persons and property, etc. In this case, you have the right to object to processing at any time.

Types of Personal Data We Collect and Sources of Data

We collect only such data that we need to fulfill the above-mentioned purposes. Therefore, depending on the circumstances, we may collect the following information:

your contact data, information about your reservation, stay or hotel visit, your first and last name, date of birth, sex, identification document number, credit card number, country of birth, citizenship, visa number (if you are subject to the visa regime), place of entry into the Republic of Croatia, date of arrival to and departure from the facility, impressions about our services (if you decide to provide your personal data in the questionnaires), data about the events organized for you in our facilities/on our premises, and any other data that you provide to us voluntarily, or that we receive in connection with the above-mentioned purposes.

We may collect your personal data directly from you (e.g. via e-mail, phone, mobile phone, in person through individual communication), but also from other people, such as your travel companions, travel agencies, online platforms that you used to make reservations for our hotel services, organizers of events in our hotels, and other contractual partners. Such partners are also required to comply with the applicable personal data protection regulations.

When you provide to us the personal data that concern other people, it is your responsibility to ensure that the person whose data you have provided is aware of that fact and that he/she accepts the manner in which we use personal data.

If your personal data is not collected directly from you, but from other persons, we may be held liable only for what we do with your personal data from the moment they are collected. We will and may not be held liable for the activities involving your personal data performed by the persons from which we have received your data. We therefore kindly ask that you read the privacy protection policies of such other persons to which you provide your personal data.

Most of the data collected by Jadran d.d. are provided by data subjects – please do not provide any sensitive information (e.g. your racial or ethnic origin, political opinions, religious or philosophical beliefs, etc.) unless necessary. If you do provide such sensitive personal data for any reason whatsoever, you thereby give your explicit consent to the collection and use of such information as described in this Policy or as described at the time of disclosure of such information.

Sharing data with third-party entities

Club Adriatic d.o.o. only shares data with others if permitted to do share them.

For the purposes of complying with its legal obligations, Club Adriatic d.o.o. is required to provide data to third parties. This, for example, includes providing customer data via the e-Visitor system, providing employee data to the relevant institutions: the Croatian Pension Insurance Fund, Croatian Health Insurance Fund, Tax Administration, Central Registry of Insured Persons and pension companies. In certain cases, Club Adriatic d.o.o. is also required to provide or present employment-related data to the Croatian Employment Service, for example, to include its employees in active employment policy measures, provide data to the relevant police stations and the Ministry of the Interior and data necessary for the issuance of work permits, provide data to the Ministry of Tourism in case it employs scholars, provide data to the Ministry of the Economy and Entrepreneurship in case it uses investment aid, and provide data to insurance companies and banks and when required under the applicable regulations.

In addition, certain data of employees are sent to banks or pension funds as part of salary disbursement and may also be sent to creditors in accordance with the applicable enforcement regulations. Data are sometimes sent for the purposes of contractual obligations, for example in case of students performing their practice where data is shared with schools and faculties. If you fail to perform your contractual obligations, we may, for the purpose of protecting ourselves as the creditor, forward your relevant personal data and retain the services of natural or legal persons for the purpose of collecting debt owed to us (e.g. law firms, debt collection agencies, etc.). Before we take such steps, we will notify you thereof using the contact details provided by you to give you an opportunity to respond.

Certain personal data are also provided to business entities for the purpose of obtaining specific services, such as medical examinations of employees (additional health insurance), to institutions arranging legally prescribed trainings (workplace safety, minimum hygienic requirements, toxicology) or auditors for mandatory audit purposes, to notaries public for notarization purposes, to the Financial Agency for the purpose of obtaining business certificates, and to other entities for the purpose of assigning and use of corporate credit cards, company mobile devices or purchasing of fuel.

Data may be provided to processors that process data on behalf of Club Adriatic d.o.o. as the controller. These are mostly entities that provide IT services and store such data in their databases or have access to personal data until completion of processing. We enter into contracts with such entities that detail their authorities and obligations with regard to personal data processing, as required by the Regulation.

In certain situations, such contractors and Club Adriatic d.o.o. may jointly determine the purposes and methods of personal data processing, in which case such contractors and Club Adriatic d.o.o. act as joint controllers. In such arrangements, the joint controllers transparently define their responsibilities for compliance with the obligations set forth in the Regulation, in particular with respect to the exercise of data subject rights and duties regarding the transparency of processing, unless such responsibilities are legally defined.

Club Adriatic d.o.o. may in particular provide data to third-party entities with which it has commercial contracts in place, based on which it conducts its tourism-related activities.

If data are exported to third countries as part of processing, Club Adriatic d.o.o. ensure that the highest standards of personal data protection are applied, as specifically required under the Regulation. In case of international transfer of data, Club Adriatic d.o.o. will inform the data subject of its intention to export personal data to a third country to transfer them to an international organization and of whether or not the European Commission has rendered its adequacy decision.

Personal Data Retention Period

The data that Club Adriatic d.o.o. collects on the basis of the law must be kept for the period stated in the relevant law or other applicable regulation.

The data that Club Adriatic d.o.o. collects on the basis of a contractual relationship are kept only for as long as they are needed for the purpose of executing a particular contract or providing a particular service.

The period during which Club Adriatic d.o.o. keeps personal data is limited to the strictly necessary minimum. In that regard, Club Adriatic d.o.o. defines retention periods or periodic review deadlines for particular personal data in order to avoid retention of such data for longer than necessary to fulfill the purpose for which they were collected.

After the expiry of such period, Club Adriatic d.o.o. will erase the personal data. However, if such data are necessary for the purpose of generating statistical indicators, making analyses or archiving, or on the basis of some other legitimate interest of Club Adriatic d.o.o., all actions will be taken to ensure that the relevant personal data are anonymized.

5. Rights of respondents

Your right of access

If you ask us, we undertake to answer whether we are processing your personal data and, if so, to deliver a copy of the personal data we are processing. If you are looking for additional copies, Club Adriatic d.o.o. retains the possibility of charging a fee.

Your right to rectification

The personal data you provide should be updated, and you update it by contacting us directly by mail, e-mail, or when registering at the front desk. If these data are incorrect or incomplete, you can request their correction. If we have shared your personal data with others, we will notify them of the correction if possible. Also, if it is legal and possible, we will inform you with whom we have shared your personal data so that you can contact them.

Your right to erasure

You can submit a request to erase your personal data in certain circumstances – in the event that we no longer need it or when you want to withdraw your consent (when applicable)

If we have shared your personal data with others, we will notify them of the erasure if possible. Also, if it is legal and possible, we will inform you with whom we have shared your personal data so that you can contact them.

Your right to restriction of processing

You can ask for the restriction of the processing of your personal data in certain circumstances – in case you dispute its accuracy or object to their processing. If processing restrictions occur, we will inform you initially. If we have shared your personal data with others, we will notify them of the restriction of processing if possible. Also, if it is legal and possible, we will inform you with whom we have shared your personal data so that you can contact them.

Your right to data portability

You have the right to receive the personal data we have collected from you (in certain circumstances) and transfer it to a third party.

Your right to object

If we distribute your data for the purpose of performing tasks of public interest or tasks of public bodies, or when processing them, we refer to our legitimate interests, you can file an objection against such data processing if there is an interest in protecting your data.

If you have any questions regarding this Privacy Policy or wish to submit a request to exercise your rights regarding the protection of your personal data, you can contact our personal data protection officer by e-mail at [email protected] or by mail at address Club Adriatic d.o.o., Kralja Petra Krešimira IV 11, Baška Voda.

Your right to withdraw consent

If we rely on your consent as our legal basis for processing your personal data, you have the right to withdraw such consent at any time.

Your right to submit a complaint to the supervisory authority

If you have objections related to our privacy practice and handling of your personal data, you can submit a complaint to the supervisory authority – Personal Data Protection Agency (AZOP), whose information is available on the Agency’s website or by phone at +385(0) 1 4609-000.

Children’s Personal Data Protection

Club Adriatic d.o.o. advises all parents and guardians to teach their children how to safely and responsibly manage their personal data on the internet. Club Adriatic d.o.o. does not want or intend to collect personal data concerning children, and will not use such data in any manner whatsoever or disclose the same to third parties. A child may, however, give his/her consent exclusively in relation to the potential offer of information society services, in which case the child must be above 16 years of age. All other processing of data concerning children under the above-specified age and any processing of data, other than such as explicitly described herein, concerning children up to the age of 18, will be allowed only with the prior consent of the parent (holder of parental responsibility).

The personal data concerning children and parents will be erased from our database, if the parents so request. As a parent or guardian, you always have the right to inspect all the personal data concerning your child provided via our website, and you can request that such data be erased (if the relevant data are still in our database), and/or forbid us to collect and use the data which concern your child in the future.

Links to other Web Pages

Club Adriatic d.o.o. website may contain links to other web pages administered by Club Adriatic d.o.o. or to certain web pages administered by other organizations that have their own privacy rules. We therefore urge you to read their terms of use and privacy rules before providing any personal data, since Club Adriatic d.o.o. will not be held liable for such web pages or organizations administering the same.

Video Surveillance

Jadran d.d. has a legitimate interest to use video surveillance for the purpose of:

  • protecting the safety of guests and other persons who find themselves located on the premises controlled by the Company for any reason, and their property,
  • managing the access and exit from the operating facilities and areas, and for the purpose of reducing the exposure of employees to the risk of robbery, burglary, aggression, theft and similar events at work or in connection with work,
  • protecting the property of the Company,
  • preventing unauthorized access to the Company’s premises.

Jadran d.d. applies strict rules with the aim of ensuring that all video recordings are automatically erased after the period of 30 days by recording new content over the old, that access to the video surveillance system is restricted to the persons who need it to perform their tasks, and that the video recordings are only viewed/inspected if there is a justified reason for doing so, i.e. if that is necessary to fulfill any of the above-mentioned purposes.

By exception, if they are used as evidence in procedures held before competent state authorities, the video recordings will be kept for a longer period of time.

Check Availabity

1 Room , 1 Adult , 0 Children