This Privacy Notice shall become effective as of 25 May 2018.
At Croatia Gems, we understand that we have a responsibility to protect and respect your privacy and look after your personal data.
This Privacy Notice, inclusive of our Booking Conditions, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely.
For clarity, Croatia Gems may be both data controller and data processor for your personal data under certain circumstances.
We must advise that this policy is subject to change, so please check our website on a regular basis for any further changes.
Data Protection law will change on 25 May 2018.
This Privacy Notice sets out your rights under the new laws.
Who are we?
Croatia Gems is an “accommodation only” supplier of holiday villas in Croatia (tour operator), based in Bristol. Croatia Gems have a registered office at Unit 1C, Crucible Close, Mushet Industrial Park, Coleford, Glos GL16 8RE and company number 5262834.
How the law protects you
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The reasons we process your personal data include, but are not limited to, your consent, performance of a contract, billing and to contact you.
How do we collect personal data from you?
We receive information about you from you when you use our website, complete forms on our website, if you contact us by phone, email, live-chat or otherwise in respect of any of our products and services or during the purchasing of any such product. Additionally we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter.
If you provide us with personal data about a third party (for example members of your party who will be staying at your villa with you), you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.
Your personal data may be automatically collected when you use our services, including but not limited to, your Name, address, landline and/or telephone number, email address.
What type of data do we collect from you?
The personal data that we may collect from you includes your name, address, email address, phone numbers, payment information and IP addresses. We may also keep details of your visits to our site including, but not limited to traffic data, location data, weblogs and other communication data. We also retain records of your queries and correspondence, in the event you contact us.
How do we use your data?
We use information about you in the following ways:
• To process bookings that you have submitted to us;
• To provide you with products and services;
• To comply with our contractual obligations we have with you;
• To help us identify you and any bookings you have with us;
• To enable us to review, develop and improve the website and services;
• To provide customer care, including responding to your requests if you contact us with a query;
• To administer accounts, process payments and keep track of billing and payments;
• To detect fraud and to make sure what you have told us is correct;
• To carry out marketing and statistical analysis;
• To review job applications;
• To notify you about changes to our website and services;
• To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes; and
• To inform you of service and price changes.
We will keep your personal data for the duration of the period you are a customer of Croatia Gems. We shall retain your data only for as long as necessary in accordance with applicable laws.
On the completion of your booking/cancellation of your booking, we may keep your data for up to 7 years. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.
Who has access to your personal data?
Here is a list of all the ways that we may use your personal data and how we share the information with third parties. For clarity, we have grouped them into the specific products and services that we offer:
We process your data for administration, billing, support and the provision of services
o Emails & Website Form Enquiries
– Email address
– Telephone Number
• Booking Contract, Form & Security Deposit Mandate
o Telephone number
o Email address
• Arrival Information shared with and used by Croatia Gems local Representatives and Villa Owners – used to administer the booking (to establish customer requirements for their holiday and arrival).
o Email address (Reps only)
o Contact telephone numbers
• Key Booking Information shared with villa owners
• Additional Services Requests – eg Car hire, Transfers and Excursions. Data is passed onto third party suppliers in Croatia and the UK at the customer’s request if they have asked for something to be arranged on their behalf or have asked to be contacted regarding a quote (guests are informed in advance that any additional service will be arranged on their behalf with a 3rd party supplier and are informed of who the supplier is and that they agree to the 3rd party terms and conditions). Details passed to 3rd party suppliers are:
o Mobile phone number
• Credit Card Information used for holiday payment at the customer’s request and also for Security Deposit Mandate Forms – credit card details are requested over the phone verbally only but if customer accidentally email us the emails are immediately deleted and online files blanked (or paper copies stored in safe) – where credit card details are given by the customer for payment purposes the details are entered into the payment system for the payment to be taken and are not stored. Where credit card details are taken for the Damage Deposit they are kept in the secure company safe and stored for a maximum of 12 months in case of damage claims and disputes.
For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes.
We work closely with a number of third parties (including business parties, service providers and villa owners) in order to provide the products and services you have booked with us or asked us to book on your behalf and we may receive information from them about you. These third parties may collect information about you including, but not limited to, details of service you have booked with them, invoices you may not have not paid, complaints or queries you may have and information about damage claims.
We may pass your personal data to third parties for the provision of services on our behalf (for example processing your payment). However, we will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal data is secure and will not be used for any marketing purposes.
We may share your information if we are acquired by a third party and therefore your data will be deemed an asset of the business. In these circumstances, we may disclose your personal data to the prospective buyer of our business, subject to both parties entering into appropriate confidentiality undertakings. Similarly, we may share your personal data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of Croatia Gems, our customers, or others. This includes but is not limited to exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction and dispute policies. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we shall be unable to provide our services or process the cancellation of your service.
You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.
Our Privacy Notice shall be made clear to you at the point of collection of your personal data.
You can view, edit or delete your personal data by making a request to Croatia Gems. You can also make choices about Croatia Gems’ collection of your data and how we use it.
We will not contact you for marketing purposes unless you have given us your prior consent. You can change your marketing preferences at any time by contacting Croatia Gems.
Accessing and updating your data
You must maintain the accuracy of your information and ensure all your details, including but not limited to, name, address, title, phone number, e-mail address and payment details are kept up to date at all times. You must do this by contacting Croatia Gems.
You have the right to access the information we hold about you. Please email your requests to email@example.com so that we can obtain this information for you.
• the Internet domain and IP address from which you access the web site;
• the type of browser (Internet Explorer or Netscape) and operating system (Windows, UNIX) you use;
• the date and time of your visit;
• the pages you visit; and
• the address of the web site from which you linked to us (if applicable).
This is solely statistical data that enables us to analyse customer trends and does not identify personally identifiable information.
We work closely with third parties who may also supply us with analytical services. These third parties may provide us with analytical cookies for us to review.
For further information about cookies, you may like to visit www.allaboutcookies.org.
Links to other sites
Croatia Gems may provide links to third party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third party sites. Any information that is supplied on these sites will not be within our control and we cannot be responsible for the privacy policies and practices of these.
Where we store your personal data
We follow accepted ISO standards to store and protect the personal data we collect, including the use of encryption if appropriate.
All information you provide to us is stored on our secured servers within the EEA. From time to time, your information may be transferred to and stored in a country outside the EEA in relation to provision of the services. The laws in these countries may not provide you with the same protection as in the EEA; however, any third party referred to above outside of the EEA has agreed to abide by European levels of data protection in respect of the transfer, processing and storage of any personal data. By providing your data to us, you agree to this transfer and storage. However, we will ensure that reasonable steps are taken to protect your data in accordance with this privacy notice.
As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Any sensitive data (payment details for example) are encrypted and protected.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.
We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our Booking Conditions.
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Please e-mail any questions or comments you have about privacy to us at [email protected]
Your right to make a complaint
You have the right to make a complaint about how we process your personal data to the Information Commissioner:
Information Commissioner’s Office
Tel: 0303 123 1113