Privacy Policy

Information on the Collection and Processing of Personal Data

VILLA DUBROVNIK d.d. (hereinafter referred to as “the Company”) places great importance on the protection and processing of personal data. In performing its registered activities, the Company processes personal data in compliance with all relevant laws and regulations.

(1) The data controller is:

VILLA DUBROVNIK d.d., HR – 20000 Dubrovnik, Vlaha Bukovca 6, OIB:66669628743
Tel: +385 (0)20 500 300
Email: privacy@villa-dubrovnik.hr

(2) The Data Protection Officer (DPO) is:

Mr. Marko Rašica, who can be contacted at:
Tel: +385 (0)1 8891 027
Email: info@rasica.eu

(3) If we use external service providers for the processing of your personal data (“Processors”), this is referred to as processing (personal data) on behalf of the Company. Even in such cases, we are responsible for the protection of your personal data. We do not use service providers outside of the EU for processing your personal data. Exceptionally, if necessary, we will only do so if there is an adequacy decision by the European Commission for that third country or if we have entered into appropriate guarantees or binding regulations with the service provider as a Processor.

This Information on the collection and processing of personal data (hereinafter referred to as the “Information”) describes the data we collect, how we process it, and the purposes for which we use it, as well as your rights related to your data. The purpose of this Information is to inform you of all relevant features related to the collection, processing, and storage of your personal data. This applies to all personal data you have provided to us via electronic, written, or verbal communication, or that has been transferred to us through a travel agency or other groups with whom you are in a contractual or similar relationship, as well as data collected from other sources.

 

Personal Data We Collect

We process the following personal data:

a) Your basic personal data which you or third parties provide to us when making a reservation — Name, surname, country and city of residence, address, email address, phone number, child’s age, child’s name and date of birth, special requests and habits, and the data of your companions; data necessary to complete the reservation — credit card number, emergency contact data — name and surname, phone number; other necessary data — email address, health data — in case of requests for special dietary arrangements or medical needs or related to epidemiological measures (COVID-19, etc.), data regarding website use — IP address, website visits, social media data, and similar data related to internet browser usage.

b) Guest check-in and check-out — Name and surname, date of birth, gender, identification document number (ID card, passport, driving license), credit card number, country of birth, nationality, visa number if the guest is subject to visa requirements, border crossing or entry point into the Republic of Croatia, guest arrival date and departure date.

c) Use of hotel services — guest consumption data during their stay at the hotel. We collect data on the type of service provided and its price, e.g., room service, phone call list, minibar usage, bar usage, à la carte, list of movies watched, website usage data — IP address, website visits, social media data, and similar data related to internet browser usage, transportation services, excursions, and similar. We also collect data about special guest requests to ensure we provide the requested service quality.

d) Monitoring and improving the quality of hotel services — Name and surname, gender, age, country of origin, length of stay in the hotel, service ratings, and comments. Data collection is voluntary.

 

Purpose of Collecting Personal Data and Legal Basis for Processing

The Company determines the purpose and means of processing personal data and is therefore considered the data controller. The primary purpose of collecting personal data is to fulfill legal obligations and/or the conclusion and execution of accommodation and hospitality service contracts, or to take actions at your request before and during the contract. The scope of personal data we collect depends on the type of contract you intend to conclude or have concluded or the request for exercising your rights (type of service provided and its price). Actions at your request before concluding a contract include verifying your requests and needs, checking the suitability or appropriateness of products and services for your special circumstances, all aimed at preparing an offer or an informational estimate.

If you are not a contractual party but a person who exercises rights from an allotment contract, a contract with a travel agency, etc., the purpose of collecting your personal data is to fulfill the Company’s obligation arising from the concluded contract, or it is necessary for the conclusion of the contract or for identifying service users (e.g., in the case of online reservation platforms). In this case, the scope of personal data we collect depends on the type of request and the information needed to fulfill the request. The purpose of processing personal data may be the Company’s obligation to fulfill the contracted services with such service providers.

Your basic personal data, as well as check-in and check-out data, are processed based on a legal obligation for input into the eVISITOR system, in accordance with regulations on the registration of tourists and the format and content of the tourist registration form, and the Tourist Tax Act or for the Ministry of Internal Affairs according to the Foreigners Act. Providing these data is necessary when making a reservation (in case of amendments or additions to regulations and/or new regulations, they will apply directly to this Information). These data will be deleted after being transferred to the eVISITOR system or after submission to the Ministry of the Interior.

 

Special Categories of Personal Data

Generally, we do not process the following types of personal data: data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, genetic data, biometric data for the unique identification of individuals, and data relating to health, sexual life, and sexual orientation.

However, the Company processes the above categories of personal data in the following situations:

1. The guest has given explicit consent for the processing of such personal data for one or more specific purposes, unless applicable regulations specify that such consent does not produce an effect;
2. Processing is necessary to protect vital interests of the data subject or another person where the guest is physically or legally incapable of giving consent;
3. Processing concerns personal data that the guest has made public;
4. Processing is necessary for the establishment, exercise, or defense of legal claims or where courts are acting in their judicial capacity;
5. Processing is necessary for the performance of a task carried out in the public interest based on applicable regulations, respecting the essence of the right to data protection, ensuring appropriate and specific measures to protect the fundamental rights and interests of the data subject;
6. Processing is necessary for preventive medicine, medical diagnosis, providing healthcare or social care, or treatment, or managing health or social systems and services based on applicable regulations.

All personal data that you or a third party have provided to us will be processed in accordance with the purpose of its processing (note that if you travel with children under 16, their personal data will be processed only based on your explicit consent).

Book your stay