Privacy Policy – Maj Residence

Maj d.o.o. based in Poreč, Vala 9, OIB: 38078358025 (hereinafter: Maj), respects the privacy of every person whose personal data it collects. We would like to inform you about what personal data Maj collects, how we protect it, and what your rights are.

Basic Information

Scope of Application

This Policy applies to any processing of personal data.

Data Controller and Legal Framework

Maj d.o.o., as the Data Controller of your data, respects your privacy and is committed to protecting your personal data. Data collection and storage are carried out in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), the Act on the Implementation of the General Data Protection Regulation (NN 42/2018), and other regulations governing this area, applicable in the Republic of Croatia.

Application of Data Protection Principles

Maj d.o.o. particularly ensures compliance with data processing principles when applying this Policy and processes data in accordance with the principles:

Lawfulness, Fairness, Transparency

Personal data of all individuals (data subjects) must be collected and processed lawfully, fairly, and transparently. For this purpose, it is mandatory to inform each individual (data subject) clearly and understandably about the purpose of collecting and processing personal data, the manner and time of storing that data, and the rights that data subjects can exercise regarding their personal data.

Purpose Limitation

The collection of personal data from data subjects must be limited solely to fulfill obligations assumed by the contractual relationship with the data subject or to meet legal obligations.

Data Minimization

When collecting data from data subjects, it is necessary to ensure the collection of only the personal data necessary to fulfill the purpose of individual processing.

Accuracy of Personal Data

Through regular processing and control activities, appropriate measures must be taken to ensure the accuracy and up-to-dateness of the data and to make necessary corrections or delete inaccurate data without delay.

Storage Limitation

The storage and retention of personal data in a form that allows the identification of data subjects are permitted only for as long as necessary to fulfill the purpose of processing, in accordance with defined internal and legal rules and retention periods.

Integrity and Confidentiality

Appropriate technical and organizational measures must be applied in all personal data processing to ensure the appropriate security of personal data, including protection against unauthorized or unlawful processing and protection against accidental loss, destruction, or damage.

Reliability

In personal data collection and processing procedures, appropriate records must be ensured so that we can demonstrate the reliability and compliance of our processing with the principles mentioned above at any time.

Transfer of Data to Third Parties

Third parties, data processors (such as associates of Maj d.o.o. providing IT, accounting, or other services), who store personal data in their databases until processing is completed, may also have access to personal data of guests, as necessary and to a limited extent. Detailed agreements are concluded with such entities regarding their authorities and obligations in the processing of personal data, in accordance with the Regulation’s requirements.

In certain situations, it is possible for external entities to jointly determine the purposes and methods of processing personal data with Maj d.o.o., in which case those external partners and Maj d.o.o. are joint data controllers. In these relationships, joint controllers transparently determine their responsibilities for compliance with the obligations under the Regulation, particularly regarding the exercise of data subjects’ rights and their duties to respect the transparency of processing unless the responsibilities are determined by law.

Purpose of Collection

Maj d.o.o. is obliged to collect some of your personal data to fulfill the accommodation contract and due to regulations governing the hospitality industry, but some other or the same data Maj d.o.o. may also collect for other purposes, primarily for contact, i.e.:

    • fulfillment of the accommodation contract

    • compliance with legal requirements and other applicable positive regulations governing the hospitality industry

    • for direct marketing purposes

    • sending offers

    • for the purposes of improving and personalizing the service to you as a guest.

Maj d.o.o. guarantees that the collected data will be used only for the mentioned purposes. Maj d.o.o. may use depersonalized data for statistical purposes.

Legal Basis for Collection

The legal basis for the mentioned collection purposes are:

    • legal,

    • contractual,

    • the vital interests of the data subject,

    • legitimate interest that outweighs the data subject’s interests or

    • consent or explicit consent of the data subject, depending on the purpose of processing and type of personal data.

Data Collection Locations

Maj d.o.o. collects your data during:

    • accommodation reservations (reservations via the web or phone)

    • when filling out the accommodation contract – registration at the property’s reception, by filling out the registration card.

Data Retention Period

The data that Maj d.o.o. collects based on the law must be kept for as long as specified by the relevant law or other positive regulation. The data that Maj d.o.o. collects based on the contractual relationship will be kept only as long as necessary to fulfill the contract or provide the service.

Maj d.o.o. may also, based on your explicit consent, collect and store data about the content you view on websites (so-called cookies), and in this case, they will be stored in its database for a period of 2 years.

Rights of Data Subjects

Regardless of the basis for data collection, you can request at any time:

    • access, modification, or supplementation of data in all personal data databases, based on which Maj d.o.o. will allow access or modify your data in all its databases depending on your request,

    • deletion (“right to be forgotten”) of personal data in all personal data databases, based on which Maj d.o.o. will delete you from all its databases, except from databases that Maj d.o.o. is obliged to have and keep based on positive regulations, and if there are no stronger legitimate reasons for processing or if processing is not necessary for establishing, exercising, or defending legal claims,

    • restriction of processing your data or object to the processing of such data,

    • that the data we have collected about you be transferred to you or third parties (“right to data portability”), in accordance with positive legal regulations,

    • if the data are given based on consent, you can always withdraw that consent without negative consequences,

    • the right to file a complaint with the supervisory authority – the Agency for Personal Data Protection (more information at www.azop.hr).

Send your written request to the contact address: majresidence@gmail.com or by mail to the address Maj d.o.o. Poreč, Bože Milanovića 20, Republic of Croatia.

Personal Data Collected from Persons who Booked Accommodation and Guests

Your personal data that you must provide to receive accommodation services are stored by Maj as the data controller in its database solely for the purpose of fulfilling the accommodation contract and fulfilling legal obligations of delivery, as well as collecting personal data related to the hospitality industry, and may also be used for other purposes provided by positive regulations. If you do not provide Maj d.o.o. with the minimum data required to register a guest in all relevant registers, Maj will not be able to provide you with accommodation services according to the contract and the law.

Personal data recorded by Maj already at the time of reservation and upon arrival at the property are collected based on laws governing the hospitality industry and for the purpose of providing services to guests. These are the following data (which may change depending on positive regulations):

    • name and surname

    • place, country, and date of birth

    • citizenship

    • type and number of identity documents

    • residence (address) and address

    • date and time of arrival, i.e., departure from the property

    • gender

Maj d.o.o. keeps these data in its guest database and sends them to the e-visitor system (electronic guest registration system) to the competent authorities of the Republic of Croatia, and these data must be kept in the system for 10 years. Also, Maj d.o.o. is obliged to keep all invoices issued to guests with the guest’s personal data for 11 years, in accordance with legal regulations.

According to Maj d.o.o.’s legitimate interest, it collects and stores credit card number data for 5 days after guests’ departure for billing purposes.

Furthermore, to fulfill contractual obligations, Maj collects during the reservation, as well as on the registration card upon arrival at the property, the following data:

    • e-mail

    • phone

Maj d.o.o., as the data controller, has the right, based on legitimate interest, to collect your personal data (name and surname, email address) in its guest database and use them for direct marketing purposes exclusively to inform about offers and news from Maj d.o.o. via email. In this case, you have the right at any time and free of charge to request deletion (“right to be forgotten”) from the database for this purpose.

During and after the stay, Maj d.o.o. sends you a satisfaction survey via email that we received from you, exclusively with your consent. The primary purpose of the satisfaction survey is to collect data on the service to improve the service by Maj d.o.o., and the data from the survey is depersonalized and processed for statistical purposes. The data is kept in Maj d.o.o.’s guest database for 5 years.

Cookies and Internet Technologies

As with many other websites, ours may use “cookies” (small files that we store on your computer when you access our websites to enable basic or additional functionality of those pages) and other technologies that facilitate delivering content based on your areas of interest, processing reservations or requests, and/or analyzing characteristics of your visits. Cookies cannot be used to reveal your personal identity. When you access our websites, this information identifies the characteristics of your browser to our servers but not you.

We use different types of cookies:

    • Necessary Cookies – they are essential for the functioning of the website, and without them, it cannot function. This means that the website cannot be opened or displayed without these cookies. These cookies are used for the purpose of transmitting communication or are necessary to provide the information society service explicitly requested by the user of such a service. Also, these cookies will enable us to perform basic website analysis to improve the functionality of the websites using completely anonymized data, i.e., not based on your personal data or data that can be linked to you in any way. These cookies do not require and we do not request your consent.

Maj d.o.o. stores cookies in the database and keeps them for a maximum of 2 years for the purpose of informing about special and personalized offers, news, and events organized via online channels (email, internet, online promotion).

If you change your mind regarding cookie settings on Maj d.o.o.’s websites, you can change them at any time at the link: (link to the cookie consent box). You can always delete cookies stored on your computer, thereby preventing further processing of your personal data through such technology. Each web browser has its own cookie deletion procedure.

Protection of Children’s Personal Data

Maj d.o.o. advises parents and guardians to teach children about safe and responsible handling of personal data on the internet. Maj d.o.o. does not want and does not intend to collect personal data of children, will not use them in any way, nor disclose them to third parties. A child can give their consent only concerning any information society services, and only if the child is over 16 years old. Any other processing of data of children below the specified age limit and any processing other than explicitly stated here, for children up to 16 years of age, is allowed for Maj d.o.o. only with prior parental consent.

Data Changes

You can contact us at any time to review your personal data, as well as to update, correct, or delete the data. Until then, we use your previously recorded data for these purposes.

Your Consent

When providing information to Maj d.o.o. in any way (reservation, registration card…), you guarantee that the information you provided is accurate, that you are legally capable and authorized to handle the provided information, and that you fully agree that Maj d.o.o. uses and collects your data in accordance with the law and the terms of this privacy policy.

Technical and Integrated Data Protection

Maj d.o.o., as the data controller, takes into account the highest organizational and technical standards of data protection. Therefore, considering the latest developments, implementation costs, nature, scope, context, and purposes of processing, as well as risks of varying likelihood and severity for individuals’ rights and freedoms arising from data processing, at the time of determining processing means and during the processing itself, implements appropriate technical and organizational measures to enable effective application of data protection principles.

Also, Maj d.o.o. implements appropriate technical and organizational measures to ensure that only personal data necessary for each specific processing purpose are processed in an integrated manner. Maj d.o.o. applies this measure to the amount of personal data collected, the scope of their processing, the storage period, and their availability. Specifically, such measures ensure that personal data is not automatically, without individual intervention, available to an unlimited number of individuals.

Records of Processing Activities

Maj d.o.o., as the data controller, maintains records of processing activities with the following information:

    • name and contact details of the data controller, if applicable, joint controller, contact person within Maj d.o.o.;

    • purposes of processing;

    • description of categories of data subjects and categories of personal data;

    • categories of recipients to whom personal data have been or will be disclosed;

    • if applicable, transfers of personal data to a third country or international organization, including identification of that third country or international organization and, in the case of transfers from Article 49(1), second subparagraph, documentation of appropriate safeguards;

    • if possible, the intended retention periods for different categories of data;

    • if possible, a general description of technical and organizational security measures.

Handling Data Breaches

Maj d.o.o., as the data controller, ensures that in the event of a personal data breach, the competent supervisory authority is notified without undue delay and, if feasible, no later than 72 hours after becoming aware of the breach, unless it is unlikely to result in a risk to the rights and freedoms of individuals.

The report submitted to the supervisory authority contains all the information in accordance with the Regulation.

In the event of a personal data breach likely to result in a high risk to the rights and freedoms of individuals, Maj d.o.o. as the data controller notifies the data subject of the personal data breach without undue delay. Data subjects will not be notified in cases where the Regulation prescribes that it is not mandatory.

Data Protection Impact Assessment

If a type of processing, particularly using new technologies and considering the nature, scope, context, and purposes of processing, is likely to result in a high risk to the rights and freedoms of data subjects, Maj d.o.o. as the data controller conducts an impact assessment of the intended processing operations on the protection of personal data before processing. One assessment may address a series of similar processing operations that pose similar high risks.

Maj d.o.o. conducts a data protection impact assessment in cases of:

    • systematic and extensive evaluation of personal aspects relating to individuals, including profiling;

    • extensive processing of sensitive data;

    • systematic monitoring of a publicly accessible area on a large scale.

Transparency

This Privacy Policy is available on the website www.majresidence.com and also at the reception of our facilities. If we decide to change our privacy policy, changes will be posted and published on the website www.majresidence.com and at the reception of our facilities.

Book Now

About Us

Apartments

Amenities

Contact

Contact the reception:
+385 99 4230608
Follow us:
Facebook-square Youtube Instagram
Book Now