Proficio d.d., having its registered office at Draškovićeva 12, Zagreb, PIN: 39508009387 (hereinafter referred to as Proficio), is a service providing company registered in the Court Registry of the Commercial Court in Zagreb.
Proficio is primarily engaged in the hospitality and real estate business. In the course of its business, Proficio needs to collect and process certain data about individuals and is therefore considered a controller.
In certain cases Proficio also acts as a processor, but only if the controllers are companies being part of Proficio Group. In such case, there is interest in transferring personal data within the group of companies for internal administrative purposes including but not limited to the processing of customers’ or employees’ personal data.
The purpose of this Policy is to ensure that Proficio provides all information necessary in connection with the personal data of the individuals whose personal data it processes.
All Proficio’s employees are fully familiarized the contents of this Policy and ensure it is implemented when personal data are processed. Employees whose duties involve handling personal data have been adequately trained with respect to their duties in relation to personal data protection.
This Policy applies to all personal data processed by Proficio in relation to any person, irrespective of whether or not such person is or becomes an employee, guest, customer, supplier or contact of Proficio. This Policy does not apply to anonymous data. Anonymous data is data altered in such a way that it cannot be associated with a particular person or cannot be exchanged without disproportionate effort, so it is not considered personal data within the meaning of the applicable legislation.
This Policy was developed for the purpose of improving the services Proficio provides to its customers, to protect customers with respect to the confidentiality of their personal data in the process of providing Proficio’s services, to prevent any damage to Proficio or its employees and its customers as data subjects, and to ensure that the processing of personal data by Proficio is carried out fully in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR) and other applicable regulations. The personal data processed by Proficio in the course of its business are not shared with unauthorized persons, offered, sold or transferred outside the Republic of Croatia.
2. Definition and application:
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The personal data categories processed by Proficio in the course of its business are name and surname, address, PIN, year of birth, e-mail address and other personal data for the respective data subject categories.
Proficio primarily collects and processes personal data for the purpose of providing a data subject with services as part of its business or for the purpose of complying with legal obligations. The legal grounds for personal data processing is the contractual relationship between Proficio and the data subject, Proficio’s legal obligation or data subject’s consent. Proficio treats such personal data adequately and in compliance with the relevant regulations, irrespective of how such personal data are collected, recorded, stored and used – on paper, on a computer or on any other medium. Proficio processes personal data it receives from data subjects and third parties subject to informing them or as instructed by them. Proficio sometimes collects data from publicly available sources such as information contained in public registries, public phone directories, publicly available services or commercial services. Proficio does not forward such data to third countries or to any charities.
For the purpose of protecting persons and property, Proficio collects certain data through video surveillance in its facilities and the areas surrounding them, where it clearly informs data subjects through video surveillance notices displayed at the points of entry in the surveillance perimeter. Access to such data is only allowed to Proficio’s responsible person or a person authorized by such responsible person, subject to all terms set forth in the Act Implementing the General Data Protection Regulation (Official Gazette No 42/18).
Where a data subject sends Proficio an e-mail containing personal data that may identify him in the form of a message including a question or comment or by completing the contact form at www.proficio.hr, www.pinebeach.hr or www.angelodoro.com, Proficio uses such data to respond to data subject’s request or query in connection with a service provided by Proficio. In case the data subject refuses to provide his personal data necessary for the provision of such service or for granting the data subject’s request or to respond to his query, Proficio will not be able to process such request or query or provide such service.
Proficio processes certain personal data for marketing purposes (name and surname, e-mail address), i.e. for the purpose of providing notices of promotions, benefits and campaigns in relation to Proficio’s services, subject always to data subject’s consent. Proficio allows each data subject to withdraw the consent he gave to such data processing in accordance with the data subject’s rights specified below.
As of the time he provides his data to Proficio, the data subject agrees that Proficio may process his personal data according to the indicated purpose and for the time defined. The protection of data subject’s personal data is permanent and the data subject may at any time exercise his rights listed and explained below.
Proficio permanently retains its employees’ employment-related personal data. Proficio retains personal data appearing in accounting and bookkeeping documents (e.g. invoices issued to guests/customers, but also invoices received from suppliers) for at least 11 years, as required under the applicable accounting regulations. Proficio retains personal data of its guests necessary to provide them with accommodation services for at least two years following the end of the calendar year in which they were registered in the Book of Guests or the List of Tourists, in accordance with the regulations defining the contents and the method of maintaining the Book of Guests/List of Tourists. Proficio processes data subjects’ contact information collected for the purpose of providing marketing services (newsletter) until such time they withdraw their consent based on which it processes them.
For the purposes of conducting its business processes, Proficio may outsource certain data processing services to processors, but only those that implement the technical, logical and organizational personal data protection measures implemented by Proficio.
Proficio stores such personal data collected in an appropriate manner and ensures that they remain confidential. Proficio will not forward such collected data to third parties without data subject’s consent, except where this is necessary to comply with its legal obligations (for example, to the Tax Administration, Croatian Pension Insurance Fund, Ministry of Tourism or any other competent authorities) or its obligations under a contract to which the data subject is a party where this is necessary to perform duties being performed in public interest or where the data subject discloses such data himself, as well as in all other cases defined by the applicable regulations.
With respect to the personal data processed for him by Proficio, the data subject has the following rights:
DATA SUBJECT’S RIGHTS (EXPLANATION)
Right to be informed
The data subject has the right to request from Proficio at any time to inform him of whether his personal data are being processed and for what purpose, who the controller is, the contact details of the data protection officer, the categories of personal data being processed, the period for which the personal data will be processed/stored, the source from which such personal data originate and the recipients of such personal data, as well as the right to be informed of his other rights specified in this Policy (right of access, right to rectification, right to erasure, right to restriction of processing, etc.).
Right of access
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed;
- where possible, the envisaged period for which the personal data will be stored or the criteria used to determine that period;
- the right to request from Proficio rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, as well as the consequences.
Right to rectification
The data subject shall have the right to obtain from Proficio without undue delay the rectification of inaccurate personal data concerning him. The data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure / right to be forgotten
The data subject shall have the right to obtain from Proficio the erasure of personal data concerning him without undue delay if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing, the data subject objects to the processing, the personal data have been unlawfully processed, the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Proficio is subject, the personal data have been collected in relation to the offer of information society services to a child.
The foregoing shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing by Union or Member State law to which Proficio is subject or for the performance of a task carried out in the public interest or in the exercise of official authority, for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes, or for the establishment, exercise or defense of legal claims.
Right to lodge a complaint
The data subject shall have the right to object, on grounds relating to his particular situation, at any time to processing of personal data concerning him including profiling. Proficio shall no longer process the personal data unless Proficio demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to data portability
The data subject shall have the right to receive the personal data concerning him, which he has provided to Proficio, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on his consent and the processing is carried out by automated means.
The data subject shall have the right to have the personal data transmitted directly from Proficio to another controller, where technically feasible and such right shall not adversely affect the rights and freedoms of others.
Rights related to automated decision-making and profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or similarly significantly affects him, unless such decision is necessary for entering into, or performance of, a contract between the data subject and Proficio, is authorized by Union or Member State law to which Proficio or is based on the data subject's explicit consent.
Right to withdraw consent
Data subject’s consent is one of the legitimate grounds for processing data relating to the data subject. The data subject may at any time withdraw the consent given by him. Such withdrawal of consent shall not affect the lawfulness of data processing performed before the consent was withdrawn.
Right to effective judicial remedy (complaint and objection)
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority with respect to the processing of his personal data. Each data subject shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them. Such supervisory authority is the Personal Data Protection Agency.
Right to restriction of processing
The data subject shall have the right to obtain restriction of processing of his personal data where: the accuracy of the personal data is contested by the data subject, for a period enabling Proficio to verify the accuracy of the personal data, the processing of his personal data is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead, Proficio no longer needs the personal data, but they are required by the data subject for the exercise of legal claims, the data subject has objected to processing pending the verification whether the legitimate grounds of Proficio override those of the data subject.
For the purpose of exercising his rights, the data subject should contact Proficio’s personal data protection officer by sending a written notice/request to such personal data protection officer by e-mail to the e-mail address provided below or by mail to: Vlaška 64, Zagreb, subject to adequate identification using the code assigned to the data subject by Proficio at the time of making a reservation or receiving an offer of Proficio’s hospitality services. The data subject may also exercise his rights by providing a personal statement directly at Proficio’s business premises, subject to prior notice at _____ and identification by a valid identity document. Proficio reserves the right to set additional requirements regarding the identification of a person requesting to exercise his rights to prevent any abuse of data subject’s rights in connection with the protection of his personal data.
3. Data protection officer:
Proficio has appointed a personal data protection officer and each data subject may contact him in connection with the protection of his personal data at:
4. Personal data protection principles:
Proficio believes that the lawful and proper treatment of personal data is highly important and therefore ensures that personal data are treated lawfully and properly. To that end, Proficio fully supports and complies with the Data Protection Principles.
The personal data protection principles require that personal data be
- processed fairly and lawfully and that they must not be processed unless the relevant regulatory requirements are met;
- collected for one or more specific and lawful purposes and not be further processed in any manner inconsistent with such purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed and that such data be accurate and kept up to date;
- kept for no longer than is necessary for the purposes for which the personal data are processed;
- processed in accordance with the data subject’s rights under the applicable regulations;
- protected by appropriate technical and organizational measures against unauthorized or unlawful processing of personal data and against accidental loss, destruction of damaging of personal data and
- transferred to no country or territory outside the EU, unless such country or territory provided an appropriate level of protection of data subjects’ rights and freedoms in connection with personal data processing.
5. Proficio’s activities in connection with data processing:
Proficio takes the following steps:
- fully complies with the requirements relating to the fair collection and processing of personal data;
- specifies the purpose for which personal data are processed;
- collects and processes adequate personal data to the extent necessary to meet its operating needs or to comply with the relevant legal requirements;
- provides all required information to the Personal Data Protection Agency at its request;
- ensures that personal data are not retained for longer than necessary;
- ensures that the rights of persons whose data are being processed may be fully exercised in accordance with the personal data protection principles;
- implements appropriate technical and organizational measures to protect personal data;
- ensures that personal data are not transferred abroad without appropriate protection;
- treats all persons justly and fairly irrespective of their age, religion, disability, gender, sexual orientation or ethnic origin when acting in connection with their requests for information;
- defines clear procedures for responding to requests for information.
What is a cookie?
A cookie is a piece of information that is stored in the PC at the time of browsing a website you are visiting. Cookies allow easier use because they store the website settings (language or address) of the website visitor and reactivate them each time the website is revisited. This way, such information is consistent with website visitor’s needs and his customary ways of using the website.
How to disable cookies?
If cookies are disabled, they will not be stored in the website visitor’s computer. The cookie settings may be configured and altered in the selected browser. To view the settings, the visitor needs to select the browser he uses (Chrome, Firefox, Internet Explorer 9, Internet Explorer 7 and 8 and Opera or Safari) (English-language pages)). If the visitor disables cookies, he will not be able to use certain functionalities of the website.
What are session cookies?
Session (temporary) cookies are removed from the visitor’s PC when the browser used to browse the website is closed. Websites use these cookies to store temporary data.
What are persistent cookies?
Persistent (stored) cookies will remain stored in the visitor’s PC after the browser is closed. Websites use these cookies to store personal data to facilitate their use. For example, where a website asks for a username and password, it will remember such particulars entered by a particular visitor and such information will appear every time he revisits the site. Persistent cookies will remain stored in the computer for days, months or years.
What are first-party cookies?
First-party cookies originate from a website browsed by a visitor and may be temporary or persistent. This way, websites store data that will help visitors use the website every time they revisit it.
What are third-party cookies?
Third-party cookies reach the visitor’s computer from other sites contained in the website they are browsing. They are, for example, pop-up ads where cookies are responsible for tracking websites for advertising purposes.
What kinds of cookies does this website use?
Session cookies – These are cookies that will be automatically erased when the browser used by the visitor is closed; Persistent cookies – These are cookies that will remain recorded in the visitor’s browser until they expire or until such time the visitor erases them manually. The information collected is anonymous and does not include visitor’s personal data.
Are there any third-party cookies on the website?
There are several external services that store limited cookies and they are not set by Proficio’s website. Such limited cookies are used to allow uninterrupted use of the capabilities that allow users to easily access contents.
The website where this Policy is published allows:
Measuring visit rates
The website uses Google Analytics – This is a visit rate measuring service. If the visitor wishes to disable cookie storing by this service, he needs to opt out using the following link: Google Analytics - https://tools.google.com/dlpage/gaoptout
Additional information about disabling cookies
There are several websites you can use to disable cookies for different services. More information is available through the following links:
7. Review and verification:
Proficio may update this Policy if necessary to reflect the best practices and to ensure compliance with any changes or modifications with respect to personal data protection.
Zagreb, this 23 May 2018
Gavin Michael Susman, CEO