1. Personal data processing
Hotel Lero d.o.o. shall process personal data with fairness and in accordance with the law.
Hotel Lero d.o.o. shall ensure accuracy, completeness and up-to-dateness of the collected personal data.
2. Purpose of collecting personal data
Hotel Lero d.o.o. shall store personal data in the form which enables identification of data subjects for not longer than required by the purpose for which the data were collected or processed further.
We collect personal data primarily for the purpose of:
- more efficient response to your inquiry
- providing requested services
- promoting our services
- our internal statistical data processing
- possibility of sending publications, brochures and other promotional material
- name and surname
- date of birth
- e-mail address
- telephone and/or fax number
- other data that you mentioned, but wish to keep them confidential
Hotel Lero d.o.o. collects data for the purpose which is known to the data subject (natural person), which is expressly stated and in line with the Law. Personal data shall be processed further only for the purpose for which they were collected initially, i.e. which corresponds with the purpose of collection.
Hotel Lero d.o.o. shall not collect personal data in the volume exceeding the requirements of the set purpose.
Personal data shall be used by Hotel Lero d.o.o. only for the time required to meet the specific purpose, unless a longer period is specified by a special law, and upon the expiry of that period, personal data shall be deleted, unless otherwise specified by a special law.
At the moment of submitting your data, you agree to be contacted by us and you enter our mailing list – the moment of entry represents your explicit consent to be contacted. The protection of privacy of your data is permanent, and you could request to be removed from our mailing list at any moment. After that, the data will not be used by Hotel Lero d.o.o., apart from some internal purposes, e.g. computer data processing or statistical data processing.
4. Basis for collection and further processing of personal data
Hotel Lero d.o.o. shall collect and process data:
- with consent of data subjects and only for the purpose that the data subject has consented to, or
- in cases specified by a specific law, or
- for the purpose of compliance with legal obligations of Hotel Lero d.o.o., or
- for the purpose of entering into or executing a contract that the data subject is a party to, or
- for the purpose of protecting life or physical integrity of the data subject or other person in case where the data subject is physically or legally unable to give his/her consent, or
- if data processing is required for conducting the tasks carried out in the public interest or for the purpose of exercising public authorisations of Hotel Lero d.o.o. or the third party that the data shall be submitted to, or
- if data processing is required for the purpose of legitimate interests of Hotel Lero d.o.o. or the third party that the data shall be disclosed to, except in cases when the interests of protecting the fundamental rights and freedoms of data subjects prevail, or
- if the data have been disclosed by the data subject.
In cases of the above items 1 and 8, Hotel Lero d.o.o. shall entitle the data subjects to revoke their consent at any time and request the suspension of any further processing of their personal data, unless the data are processed for the purpose of statistics, where personal data no longer enable the identification of the persons concerned.
5. Information to be provided to data subjects by Hotel Lero d.o.o.
Prior to any instance of personal data collection, Hotel Lero d.o.o. shall, by all means, provide the data subjects with the minimum of information concerning the following:
- identity of the personal data collection manager,
- purpose of the processing to be conducted by using the data,
- right of access to information and right to correct the data referring to him/her,
- personal data recipients or categories of personal data recipients, and
- classification of data submission as voluntary or mandatory, including the possible consequences of withholding information.
In case of the mandatory data submission, the request to submit data shall also include the legal basis for personal data processing.
Information shall be available through all data collection channels.
Prior to submitting personal data to other users and recipients, Hotel Lero d.o.o. shall inform the data subjects of such intentions by using the existing contact information of the data subjects.
6. Responsibilities of employees
All persons employed by Hotel Lero d.o.o. shall, in accordance with the valid regulations and internal acts, process personal data.
At the same time, the employees shall report any irregularities relating to personal data processing to this e-mail address firstname.lastname@example.org
All employees shall participate in education and trainings.
7. Responsibilities of other persons
All persons who are not directly employed by Hotel Lero d.o.o., and who were appointed to perform tasks on its behalf, undertake to comply with this Regulation and shall be informed about it at the occasion of contracting a business relationship. At the same time, Hotel Lero d.o.o. shall, when contracting any business relationship with the provider of data processing, ensure a proof of adequacy and ability to process personal data in accordance with the legal framework.
8. Delegating the tasks of personal data processing to data processing provider and forwarding data to recipients
On the basis of business-related justification, Hotel Lero d.o.o. may entrust the collected personal data to the provider of data processing and/or forward the data to further recipients in line with the procedure, and in accordance with the legal framework.
9. Taking personal data out of Croatia
Hotel Lero d.o.o. shall take personal data collections, i.e. personal data included in the personal data collections, out of Croatia for the purpose of further processing only if the country or an international organisation to which the personal data are taken, has adequately regulated personal data protection, i.e. if adequate security level is established.
Prior to taking personal data out of Croatia, Hotel Lero d.o.o. shall, in case there is a reason to doubt the existence of adequately regulated personal data protection, i.e. in case of the countries not listed by the European Commission or if there is no other official agreement, obtain an opinion of the competent authority on the basis of a template of contracted business.
List of countries with adequate protection is available on the pages of the Croatian Data Protection Agency (AZOP).
Notwithstanding the above mentioned, personal data included in personal data collections of Hotel Lero d.o.o. shall be taken out of Croatia to the countries or international organisations that provide no adequate protection level only in cases prescribed by the law.
In cases of establishments in several countries, some of which provide no adequate personal data protection level, Hotel Lero d.o.o. shall obtain an approval of the competent authority.
10. Rights of data subjects and protection of data subjects’ rights
No later than [15 days] from receiving a personal request of the data subject, i.e. request of their legal representatives or authorised persons, Hotel Lero d.o.o. shall:
- submit a conformation stating whether personal data referring to him/her are processed or not,
- provide a notification, in an intelligible form, on the data referring to him/her that are processed, as well as on the source of this data,
- enable the data subject to examine the records of the personal data collection and to examine and transcribe the personal data included in this collection that refer to him/her,
- submit excerpts, receipts or printouts of the personal data included in the personal data collection that refer to him/her, which must indicate the purpose and legal basis for collection, processing and use of this data,
- submit a printout of information on the persons who have used this data, on the purpose that the data were used for and on the legal basis for using the personal data referring to him/her, and
- provide information on the logic of any automatic data processing relating to him/her.
Upon the request of the data subject, i.e. their legal representatives or authorised persons, Hotel Lero d.o.o. shall amend, change or delete personal data, if the data were incomplete, inaccurate or obsolete, and if the processing of such data is not in line with the provisions of the Personal Data Protection Act.
Regardless of the data subject’s request, in case of establishing that personal data were incomplete, inaccurate or obsolete, Hotel Lero d.o.o. shall complete or change the data on its own. Within no later than [30 days], Hotel Lero d.o.o. shall notify the data subject, together with the personal data recipients, on any amendments, changes or removal of personal data.
11. Personal data processing for marketing purposes
Prior to collecting personal data, Hotel Lero d.o.o. shall notify the respondent on the intended personal data processing for marketing purposes, and ensure his/her consent, while also enabling them to disapprove of such processing.
12. Unauthorised outflow of personal data
In case of any unauthorised outflow of personal data, i.e. violation of personal data through accidental or intentional operational activities, or by natural persons or legal entities acting on behalf of Hotel Lero d.o.o., which has a significant impact on data subjects’ personal data, as estimated within the assessment of personal data processing, Hotel Lero d.o.o. shall notify the data subjects and the competent authority, within a legally prescribed deadline.
13. Security of personal data processing
In accordance with the possibilities and the personal data protection impact assessment, Hotel Lero d.o.o. shall implement appropriate technical and organisational measures to ensure an adequate security level, and include, when necessary:
- pseudonymisation and encryption of personal data;
- ability to ensure permanent confidentiality, completeness, availability and resistance of the system and processing services;
- ability to ensure timely re-availability and access to personal data in case of physical or technical incident;
- regular testing, evaluation and assessment with regard to efficiency of technical and organisational measures for ensuring the security of data processing
14. Protection of children’s personal data
Hotel Lero d.o.o. advises parents and guardians to teach children about safe and responsible handling of personal data on the Internet. Hotel Lero d.o.o. has no wish or intention to collect personal data of persons under 14 years of age and shall in no way use or disclose these data to the third persons.
We do not enable children to publicly disclose or in any other way distribute, without parents’ consent, any personal information or other material that they send to us, and which could be used to make contact with them.
Upon parents’ request, child’s personal data shall be deleted from our database. As parents or guardians, you will always be entitled to request an insight into all personal data of your child that were received through our web pages, to request that we delete the data (if the data are still in our database) and/or forbid any future collection and use of your child’s data.
If you are a parent and you wish to exercise this right, please contact us. In addition to the above mentioned, Hotel Lero d.o.o. shall guarantee the protection of the personal data of children, as provided by special laws regulating this issue.
15. Your consent
Do you have any wishes or questions?
Please fill in the contact form and we will get back to you shortly. We are looking forward to making this holiday one that will linger on in your memory for a long time to come.
Reservations, Sales & Concierge
MON – SUN
7:00 am – 10:00 pm