1. Introductory Provisions
Under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons about the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 04/05/2016, p. 1, hereinafter referred to as „General Data Protection Regulation“), which is in the full application as of 25 May 2018 in the Republic of Croatia and the European Union, and the General Data Protection Regulation Implementation Act (Official Gazette number 42/18, hereinafter referred to as ‘Act’), i.e. by the legal framework for the protection of personal data applicable in the Republic of Croatia and the European Union and European best practices, Rentals Dubrovnik d.o.o (hereinafter referred to as ‘Agency’), as Controller of the processing of personal data of its customers, has developed this Customer Privacy Protection Policy.
Personal data processing is performed under the responsibility of the Agency:
Rentals Dubrovnik d.o.o.
Gornji Kono 69a
20 000 Dubrovnik
MB: 04516745
OIB: 29760106329
Contact information of the data protection officer:
e-mail: info@rentalsdubrovnik.com
2. How and which data do we collect
The services offered by the Agency require the collection of customers’ data. Basic data is collected in the following ways:
1. Directly
by the customers themselves in such a way that the customers deliver to the Agency, as data processing controllers, their data in a certain amount of information relevant to the provision of the corresponding services. To provide the appropriate services, the customer is obliged to provide the Agency with the following data that is necessary to establish a contractual relationship for the provision of tourism-related or rent-a-car services:
a) name and surname;
b) address;
c) personal identification number (OIB)
d) date of birth;
e) gender;
f) phone and/or mobile number;
g) email address;
h) ID card information (address and country of residence, identity card number;
i) passport number;
j) bank account information and credit card number necessary to make the payment;
k) driving license number.
2. From other sources i.e. from our business partners (for instance, data received by a partner agency for accommodation booking) and from our affiliates Experience, Uniline Celje, and Uniline Plus.
3. Automatically by visiting our website; only personal data associated with online identifiers is collected (internet protocol addresses and cookie identifiers, such as Google Analytics used to track user’s and/or customer’s engagement).
A cookie is a small data file stored on your computer or mobile device each time you visit a website. Cookies are used to improve the user experience and to remember website preferences to make web browsing more efficient, as well as to track and analyze the web traffic and number of visits to the Company’s website. Cookies are also used for tracking internet usage for the creation of user profiles, and afterward for showing personalized digital ads based on customer preferences.
After disabling and/or blocking cookies, a customer can still navigate on the Agency’s website. However, it is possible that some options and/or functions of the website will not be available to such customers, i.e. the time needed to access certain functions of the website will be longer than usual.
Uniline’s cookies do not collect any personal data of our customers, but third-party cookies do. If you want more information, you can visit Google’s website (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage).
3. For what purposes personal data is collected and processed further
The Agency collects personal data to provide, maintain, protect, and improve its purchase-related services, to understand how users and/or customers use the services provided and use the Company’s website, and to perform its contractual obligations. Such information is collected by the Company based on consent given by the customer for one or more specific purposes, as well as in one of the cases below.
Fulfillment of contractual obligations
The Agency collects and further processes customers’ data for stipulating and delivering contracts and other acts associated with contract conclusion and delivery by the relevant regulations.
The legal basis for the processing of customers’ data for the foregoing purposes is the necessity of entering into a contract, i.e. if the customer refuses to provide essential information, the Agency will not be able to enter into a contract and/or undertake certain activities related to the execution of the contract concluded.
Fulfillment of legal obligations
Following a written request submitted by a customer to the above-indicated data protection officer’s address, the Agency is obliged to provide the customer access to the personal data being processed, rectification of inaccurate personal data, erasure of personal data or restriction of processing of his/her data, and to inform the customer of the right to object to processing personal data concerning him or her and of the right to data portability.
Direct marketing
The customer’s contact details may be used for sending advertising notifications about the Agency’s services if the customer has given consent for this type of processing or if there is a legitimate interest of the Agency for this type of action unless such interest is overridden by customer’s interests or fundamental rights and freedoms that require personal data protection.
The Agency may use contact details and personally turn to customers whose personal data it already has based on a legitimate interest for sending advertising notifications about all products and services provided by the Agency, using all available marketing channels, unless the customer objects to such processing.
For a customer to receive notifications in line with his/her wishes and habits, it is required that the Agency uses certain customer’s data to create personalized advertising notifications, as long as the customer does not expressly object to such processing of data i.e. withdraw his/her previously given consent for processing.
Internal purposes
The Agency uses certain customers’ data only for its records, for the protection of the legitimate interests of customers and/or the Agency. For instance, the above includes the use of personal data for the creation of offers that satisfy customers’ needs and wishes, market research, and analysis.
Information of potential users
The Agency is also entitled to collect information on potential users of its services. Such data include the basic data (name and surname, email address), but also the interests of potential customers that turn to the Agency wishing to be informed and/or sent an offer for certain products and services.
In the above case, the legal basis for data collection is the customer’s consent.
4. Personal data storage and processing period
Depending on the purpose and the legal basis on which the customer’s data is collected, the Agency is in some cases obliged to keep personal data for some time that for a particular purpose is prescribed by applicable regulations or until the termination of the purpose for which they were collected.
In cases where the basis for data collection and processing is the legitimate interest of the Agency or the customer’s consent, the personal data is kept for the following periods:
a) data on existing customers: during the contractual relationship and 10 years after termination;
b) data on potential customers: 10 years.
Data processed based on a legitimate interest of the Agency and/or the customer’s consent may be deleted even before the expiration of the time limit specified in this Policy if such deletion is requested by the customer or if the customer objects to such processing.
5. Customer’s rights
• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure of personal data
• Right to restriction of data processing
• Right to object
Customer may exercise his/her rights in writing, by sending a filled request to the Agency’s address, or by clicking on the link forma.uniline.hr, by filing an online request.
Location of personal data processing
The Agency processes customers’ data in the Republic of Croatia.
Conditions on which personal data are shared with third parties
Customer data are transferred by the Agency to third parties (partner agencies, associated companies, and competent authorities) only in the following cases:
a) based on the customer’s consent;
b) to fulfill a contractual obligation towards the customer, provision;
c) to fulfill the legal obligations of the Company;
d) when such processing is required for the protection of the customer’s key interests.
Consent Management
The active role of the customer in the protection of privacy is reflected in his/her giving of consent as a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data. The consent management implies the possibility that the customer, by an active and unambiguous action, authorizes the Agency to collect and process specific personal data for one or more purposes (consent of the data subject), or that the customer withdraws, in the same way, his or her previously given consent to collection and processing of personal data, for one or more purposes.
Who can you turn to
In the event of any questions about the protection of personal data by the Agency, customers may contact the Personal Data Protection Officer via email at the e-mail address specified in this Privacy Policy or in writing at the following address:
Rentals Dubrovnik d.o.o.
Gornji Kono 69a
20000 Dubrovnik
Amendments to the Privacy Protection Policy
The Agency reserves the right to amend this Policy at any time, without giving any special notice to the persons concerned. For this reason, it is recommended to all interested parties to regularly review the Agency’s website content for information on the updated content of this Policy.