MUNDANUS d.o.o. holds all copyrights on the use of photographs, texts and other published materials in the sense of positive legal regulations of the Republic of Croatia. Photographs, texts and other materials may not be published, sold, publicly or privately advertised or used in any other way without the consent of MUNDANUS d.o.o.. Any failure to abide by the above terms implies the liability and obligation to compensate MUNDANUS d.o.o. non-material damages caused by the breach of particular material.
Scope of application
This Policy applies to any processing of personal data by MUNDANUS d.o.o., unless other MUNDANUS d.o.o. policy prescribes otherwise. Exceptionally, with regard to the processing of data of guests and users of MUNDANUS d.o.o. services, this Policy prevails over all other policies when such other policies prescribe rights and obligations regarding the processing of data in a different manner.
Data controller and legal framework
MUNDANUS d.o.o., as the Controller of your data, respects your privacy and undertakes to protect your personal data. The collection and storage of data is carried out in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), the Act on Implementation of the General Data Protection Regulation (Official Gazette, No. 42/2018) and other regulations governing this area that are applicable in Republic of Croatia.
Data protection officer
MUNDANUS d.o.o. has appointed a personal data protection officer, who can be contacted, at any time, at the e-mail address info@hotel-antonija.com or by regular mail addressed to MUNDANUS d.o.o. Gornja Vala br. 3, Drvenik, Republic of Croatia.
Implementation of data-protection principles
MUNDANUS d.o.o., within the framework of the implementation of this Policy, pays special attention to respecting the principles of data processing and processes data:
Transfer of data to third parties
The access to the personal data of guests, where necessary and to a limited extent, may also be granted to third party processors (for example, associates of MUNDANUS d.o.o that provide IT or other services), who store such data in their databases until due processing of such data is completed. We will conclude a detailed contract with such parties regarding their powers and obligations during the processing of personal data, in accordance with the requirements of the Regulation.
In accordance with General provisions on data protection – Croatian GDPR, we must inform you that when placing a reservation and at check-in into your place of accommodation you agree to present your personal identification documents, i.e. submit your personal data (first and last name, type and number of your personal identification document, gender, state and address of residence, with date of birth and citizenship), all for evidence of tourists in the Information System of Tourist Boards of the Republic of Croatia – eVisitor (Law on sojourn tax, National Gazette 152/08).
The personal data is collected for statistic processing and is used by the Tourist boards, public authorities and Ministries relating to this procedure (Ministry of tourism and Tourist inspection, Ministry of internal affairs and Ministry of finances – Customs authorities).
Each unauthorized usage, publication, change, processing, reproduction, distribution, recording or assignment or any other form of unauthorized usage of such personal data is strictly prohibited.
A complaint in regard of processing of your personal data may be submitted by email to the Tourist board of Drvenik: info@drvenik.hr
Under certain circumstances, external parties and MUNDANUS d.o.o may jointly determine the purpose and manner of personal data processing. In that event, such external partners and MUNDANUS d.o.o. will be considered joint data controllers. Joint data controllers, in their mutual relationship, determine their own responsibilities for acting in compliance with obligations prescribed by the Regulation in a transparent manner, especially with regard to the exercise of rights held by data subjects and their duty to process data in a transparent manner, unless their responsibilities are already established by law.
Should, within the data processing, data be transferred to third countries, MUNDANUS d.o.o will ensure the compliance with high standards of protection to in order to comply with the highest possible standard of personal data protection in accordance with the strict requirements of the Regulation. In this respect, MUNDANUS d.o.o will for all international transfers of personal data inform the data subject of its intent to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the European Commission. At the same time, the data subject will be referred to the to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available, as well as whether due transfer is subject to safeguards in accordance with Article 46 of the Regulation, the application of binding corporate rules in accordance with Article 47 of the Regulation or whether the Article 49 paragraph 1 sub-paragraph 2 of the Regulation applies. Any transfer of personal data to third countries will be carried out in accordance with Chapter V of the Regulation.
Purpose of data collection
MUNDANUS d.o.o is required to collect certain personal data in order to execute due accommodation contract and comply with regulations governing hospitality. However, MUNDANUS d.o.o may collect other or the same data for other purposes, primarily maintaining contact. Such purposes include:
MUNDANUS d.o.o guarantees that collected data will be used only for the stated purposes.
MUNDANUS d.o.o may use depersonalised data for statistical purposes.
Legal basis for collection
The legal basis for the stated collection purposes may be:
Points of data collection
MUNDANUS d.o.o collects your data at:
Data storage period
Data that was lawfully collected by MUNDANUS d.o.o is stored for a period of time prescribed by a particular law or other positive regulation.
Data that was contractually collected by MUNDANUS d.o.o is stored only for a period of time necessary to fulfil the contract or provide a service.
Information about the name, surname and e-mail address collected by MUNDANUS d.o.o on the basis of legitimate interest for direct marketing purposes is stored in its guest database for a period of 10 years.
Other information collected by MUNDANUS d.o.o on the basis of guest’s explicit consent (mobile phone number, number of children, marital status, pets, interests, manner of travel, accommodation and destination preferences) is stored in its guest database for a period of 5 years.
MUNDANUS d.o.o may, based on your explicit consent, also collect your web browsing data (so-called cookies) and store them in its database for a period of 2 years. MUNDANUS d.o.o uses such data to inform you about special and personalised offers, news and events organised through online channels (e-mail, web, internet promotions).
Rights of the data subject
Regardless of the basis for data collection, you can, at any time, free of charge, request:
Please send your written request to the contact e-mail address of personal data protection officer at info@hotel-antonija.com or by regular mail addressed to MUNDANUS d.o.o. Gornja Vala br. 3, Drvenik, Republic of Croatia.
MUNDANUS d.o.o., as the data controller, keeps personal data you are required to submit in order to be provided with accommodation services in its database solely for the purpose of concluding the accommodation contract and complying with legal requirements on provision and collection of personal data governing hospitality, and may use such data for other purposes allowed by positive regulations. In the event that you do not provide MUNDANUS d.o.o. with minimum information required for the registration of guests in all relevant registers, MUNDANUS d.o.o. will not be able to provide you with accommodation services in accordance with the contract and the law.
Personal data recorded by MUNDANUS d.o.o. at the time of booking and filling in the registration card at arrival to the facility are collected on the basis of laws regulating hospitality and for the purpose of providing services to guests. These include the following data (subject to change with regard to positive regulations):
MUNDANUS d.o.o. stores such data in its database of guests and shares them with competent authorities of the Republic of Croatia through the E-visitor system (electronic registration system) through the E-visitor system (electronic registration system) in which such data is required to be stored for 10 years. MUNDANUS d.o.o. is also required to store all invoices issued to guests, including their personal information, for 11 years, in accordance with legal regulations.
Furthermore, in order to fulfil its contractual obligations, at the time of booking and filling in the registration card at arrival to the facility MUNDANUS d.o.o. collects the following information:
Other information related to circumstances of your stay, such as the manner of travel, travel companions, marital status, number of children, pets and other interests, will also be collected when they are directly connected to the provision of accommodation services, but will be deleted after your departure from the accommodation facility.
MUNDANUS d.o.o., as the data controller, based on a legitimate interest has the right to store your personal information (name and surname, e-mail address) in its database of guests and use such information for the purpose of direct marketing done solely for the purpose of informing you about MUNDANUS d.o.o. offers and news by e- mail. Under these circumstances, you will have the right to request erasure (right to be forgotten) from the database for that purpose at any time and free of charge.
During and after your stay, MUNDANUS d.o.o. will e-mail you, as our guest, a satisfaction questionnaire which, should you wish to fulfil it, namely, solely with your consent, will be processed by the company (TrustYou), which publicly publishes the data from the questionnaire according to its rules and policies for which MUNDANUS d.o.o. is not responsible. The primary purpose of such satisfaction questionnaire is to collect data on services for the purpose of their improvement by MUNDANUS d.o.o., whereby MUNDANUS d.o.o. depersonalises such data provided in questionnaires and processes them for statistical purposes.
In addition, a person who books accommodation, that is, a guest, can give MUNDANUS d.o.o. a special permission, namely, consent, that all his or her information, such as:
may be collected and used for further profiling of the data subject and for the purpose of maintaining contact and providing information about special and personalised offers, news and events organised by MUNDANUS d.o.o. through online channels (e-mail, web, internet promotions). In this event, the data subject has the right to at any time and free of charge withdraw his or her consent, including the consent for data processing for the purposes of creating a profile to the extent to which such processing is connected with direct marketing, whether in relation to initial or further processing, as well as the right to rectification of data and the right to be forgotten.
Data is stored in the MUNDANUS d.o.o. database of guests for 5 years.
MUNDANUS d.o.o. also collects personal data through the video surveillance system.
When a data subject subscribes to our newsletter, he or she will be given the option to provide the following additional information with his or her consent (in addition to his or her name, surname and e-mail address that MUNDANUS d.o.o. collects on the basis of legitimate interest):
While renewing his or her subscription to our newsletter, the data subject will be will be given the option to provide the following additional information with his or her consent:
Collected data are collected on the basis of an explicit consent for the purpose of providing information about special and personalised offers, news and events organised by MUNDANUS d.o.o. through online channels (e-mail, web, internet promotions).
Data is stored in the MUNDANUS d.o.o. database of guests for 5 years.
Data subject has the right to rectification of data and the right to be forgotten.
MUNDANUS d.o.o. may periodically organize prize draws, in which event it will collect your personal information only should you choose to participate in such prize draw. The information collected in such manner which is necessary to participate in prize draw will be specified in the Prize Draw Rules for each prize draw and may vary depending on the prize draw. The information collected in such manner will represent a type of contractual obligation and be used for the purpose of administering a prize draw in accordance with prize draw rules and will be deleted within 5 years after such prize draw finishes.
In the event that you complete a survey form for participation in survey prize draw by providing information which is not necessary for participation in the prize draw (such information may vary depending on the prize draw) MUNDANUS d.o.o. will, nonetheless, be able to use all such depersonalised data for statistical purposes.
MUNDANUS d.o.o., based on a legitimate interest, has the right to collect and use all information about the name, surname and e-mail address that you provide in a survey form for participation in survey prize draw for the purpose of direct marketing done solely for the purpose of informing you about MUNDANUS d.o.o. offers and news by e- mail. In this event, the data subject has the right to at any time and free of charge lodge a complaint to such processing, to the extent to which such processing is connected with direct marketing, whether in relation to initial or further processing.
The above information is stored in the MUNDANUS d.o.o.database of guests for 10 years.
Data subject has the right to rectification of data and the right to be forgotten.
In addition, the person who participates in the prize draw may give MUNDANUS d.o.o. a special permission, namely, consent, that all his or her information provided by completing a survey form for participation in survey prize (such information may vary depending on the prize draw) may be collected and used for further profiling of the data subject and for the purpose of maintaining contact and providing information about special and personalised offers, news and events organised by MUNDANUS d.o.o. through online channels (e-mail, web, internet promotions). In this event, the data subject has the right to at any time and free of charge withdraw his or her consent, including the consent for data processing for the purposes of creating a profile to the extent to which such processing is connected with direct marketing, whether in relation to initial or further processing, as well as the right to rectification of data and the right to be forgotten.
Data is stored in the MUNDANUS d.o.o. database of guests for 5 years.
As with many other sites, our site may use “cookies” (small files that we save to your computer when you access our websites to enable basic or additional functionality of each site) or other technologies to help us deliver content specific to your interests, to process your reservations or requests, and/or to analyse your visiting patterns. Cookies, by themselves, cannot be used to reveal your personal identity. When you access our websites, such data is used by our server to identify features of your browser but cannot identify you personally.
We use several types of cookies:
MUNDANUS d.o.o. stores cookies in the database and keeps them for up to 2 years for the purpose of providing information about special and personalised offers, news and events through online channels (e-mail, web, internet promotions).
Should you wish to change your cookie settings on the Hotel Antonija website, you can do so at any time by clicking on this link: (link to cookie consent box). You can always delete cookies stored on your computer, thereby disabling further processing of your personal data through such technology. Each web browser uses its own procedure for clearing cookies. Here you can find such procedures for the most popular web browsers:
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hr
Mozilla Firefox: https://support.mozilla.org/hr/kb/Brisanje%20kola%C4%8Di%C4%87a
Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
MUNDANUS d.o.o., as the data controller, has the legitimate interest to implement video surveillance measures to protect property and persons in relation to certain workplace positions and statutory duty to install surveillance cameras that record employees and anyone moving within the surveillance camera field of view.
MUNDANUS d.o.o. indicates all places where video surveillance system is installed in the prescribed manner.
MUNDANUS d.o.o. is aware that the video recordings contain personal data of all the persons moving within the surveillance camera field of view, and therefore handles them with special care. Furthermore, we have implemented a security system and introduced availability and erasure policy regulated by internal MUNDANUS d.o.o. rules on safety.
Video recordings are regularly rewritten and thus automatically deleted after a maximum of 15 days after they are recorded. Exceptionally, video recordings are kept longer when they serve as evidence in proceedings before competent state authorities. Extracted video recordings are stored in a centralised messaging system with extremely limited access.
In the event of judicial and/or criminal proceedings, MUNDANUS d.o.o. may use such video recordings. Access to personal data captured on video recordings may be granted to third parties, data processors and contractual partners of MUNDANUS d.o.o. who are registered and qualified to provide services of personal and property protection and who do not use any of these data independently but participate in activities related to the security of central supervisory and alarm systems. All other details regarding video surveillance are subject to special regulations that govern that area.
MUNDANUS d.o.o. advises parents and guardians to teach their children the importance of being responsible when dealing with personal information on the internet. MUNDANUS d.o.o. does not wish to collect and has no intention of collecting personal information of children. Personal information of children will be neither used nor divulged to third parties. A child may give his or her consent solely in relation to the provision of IT company services, whereby such child must be older than 16 years of age. MUNDANUS d.o.o. may process all other information of children below the stated age limit and children under 18 years of age, except as expressly stated herein, only with the prior consent of the parent.
You can contact us at any time to review your personal information, as well as for the purpose of updating, rectification or erasure of your data. Until such time, we will use your previously recorded data for the aforementioned purposes.
When you in any way provide MUNDANUS d.o.o. with your information (booking, registration card …), you guarantee that the information you have provided is accurate, that you are legally capable and authorised to dispose of the provided information and that you fully agree that MUNDANUS d.o.o. may use and collect your information in accordance with the law and the terms of this privacy policy.
MUNDANUS d.o.o., as the data controller, takes utmost care to meet the highest organisational and technical data protection standards. We, therefore, taking into account state of the art developments, the cost of implementation and the nature, scope, context and purpose of processing, as well as the risks arising from data processing of various levels of probability and severity that may affect the rights or freedoms of natural persons, at the time of choosing the processing resources and at the time of the processing itself, take appropriate technical and organisational measures to enable the effective application of data protection principles.
Furthermore, MUNDANUS d.o.o. takes the appropriate technical and organisational measures to ensure that only personal data necessary for each special purpose of processing are processed in an integrated way. MUNDANUS d.o.o. imposes this measure to the amount of collected personal data, scope of their processing, storage period and their availability. Specifically, such measures ensure that personal data are not automatically, without personal intervention, made available to an unlimited number of persons.
MUNDANUS d.o.o., as the data controller, keeps records on processing activities involving the following data:
MUNDANUS d.o.o., as the data controller, ensures that in the event of personal data breach, the competent supervisory authority is notified of personal data breach without further delays and, if possible, at least 72 hours after such breach has occurred, unless it is not likely that such personal data breach will pose a risk to rights and freedoms of natural persons.
The report submitted to the supervisory authority must contain all information prescribed by the Regulation.
In the event of personal data breach that is likely to pose high risk to rights and freedoms of natural persons, MUNDANUS d.o.o., as the data controller, will notify the data subject of such personal data breach without further delays. Data subjects will not be notified where the Regulation stipulates that such notification is not mandatory.
Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of data subjects, MUNDANUS d.o.o. will, as the data controller, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.
A single assessment may address a set of similar processing operations that present similar high risks.
MUNDANUS d.o.o. performs a data protection impact assessment in the event of:
MUNDANUS d.o.o. ensures an adequate involvement of data protection officers in the performance of impact assessment.
In accordance with the provisions of the Regulation and, when necessary, after the performance impact assessment, we will consult the supervisory authority prior to processing.
This Privacy Policy is available at www.hotel-antonija.com and at reception desks of all our facilities.
Should we decide to make changes to our privacy policy, we will make available and publish such changes on the website www.hotel-antonija.com and at reception desks of all our facilities.