Personal Data Protection Policy
Aminess Hospitality Group d.o.o., with its registered office in Zagreb, Ulica kneza Branimira 71E, PIN (OIB): 87429101081 (hereinafter: “Aminess” or “we” or “our”) issues this Personal Data Protection Policy so as to provide you with information regarding the purpose and conditions of processing your personal data.
Our Policy describes the type of personal data which we collect and process, reasons for processing data, data retention periods, safety measures implemented so as to protect personal data from any misuse, as well as procedures to follow if you have any questions or requests regarding your personal data.
This Policy shall apply to all personal data processing operations carried out by Aminess as data controller, as well as any processing operations carried out by Aminess as data controller for data subjects who are also data subjects of companies with which Aminess has concluded contracts on the management of tourist facilities (Aminess d.d., Hoteli Njivice d.o.o., HTP Korčula d.d., HTP Orebić d.d., Romana d.o.o., Nova Camping d.o.o and Hotel Lišanj d.d.) and, in that sense, Aminess and companies with which Aminess has concluded contracts on the management of tourist facilities may act as joint data controllers.
The data shall be processed in accordance with the provisions of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/2018) and other regulations governing the subject area, applicable in the Republic of Croatia.
We shall only process personal data when there is a clearly defined and documented legal basis, arising from a contractual relationship or a legitimate interest, while any other personal data processing shall be carried out with the consent of the data subject or their proxy.
Aminess shall process the following personal data categories:
- contact data and other master data;
- account and expenditure data;
- access control system data;
- video materials;
- audio materials;
- data on user behaviour on websites;
- information on clicks on our ads, including those published on other websites;
- information on how you access digital services, such as your operating system, browser, IP address;
- if you are connecting through social media, your name and username, as well as your contact, digital communication contents, as well as links you have visited during your communication.
Except for directly from the data subject, Aminess may also collect data from other sources, such as:
- specialised companies which provide information (e.g. credit rating agencies), business partners (e.g. tour operators), and public registries (e.g. trade registry);
- if you are registering via a social media site, such as Facebook, Google+, you accept that we are using your user data (e.g. first and last name, e-mail address, any other information you have consented to sharing).
If you are providing Aminess with the personal data of other persons, you need to take care of the following:
- Aminess shall use the data you provide on third persons, such as persons included in the booking of accommodation;
- when you provide data on third persons, you need to make sure they consent to this and that you are authorised to do so on their behalf. Whenever possible, you need to make sure they are familiar with the procedure processing of personal data described in this Personal Data Protection Policy.
Aminess shall process your personal data for the following purposes:
Once you submit a booking inquiry, we shall collect your first and last name, address, e-mail address, and telephone number, as well as any other data necessary to provide you with information on available accommodation.
Users of our booking system shall be provided the highest level of data protection. We shall use an SSL certificate issued by a reputable provider, as well as communication encryption so as to verify the authenticity of our websites and for a secure data transfer between your computer and our servers. All personal data, personal document numbers, credit card numbers and numbers of other means of payment submitted by users through the booking system shall be transferred exclusively over an encrypted connection in accordance with applicable international standards.
Following a successful booking procedure, we shall further process personal data in order to fulfil our legal obligations, i.e. registration in the national tourist check-in and checkout system e-Visitor, as well as to ensure and increase quality of service, which is why, along the aforementioned data, we shall also collect the number, date and place of issuance of your ID, your nationality, country of residence, date and place of birth. In order to enable you to park your vehicle in our parking area, we shall also collect and process the license plate number of your vehicle.
So as to ensure a personalised service provided by our staff and make your stay as pleasant as possible, based on a legitimate interest to increase service quality, we shall also collect the photo from your ID.
We will also process your personal data for a limited period for the purpose of sending you service notifications, including information about those special offers, benefits, discounts, and novelties in our offer for which we find that you have expressed a clear interest, in pursuit of our legitimate interest.
Users may also give special consent to the collection of additional personal data (for example: number of children, marital status, pets, interests, mode of travel, accommodation preference and destination preference) that Aminess shall collect and use to profile users and to contact and inform you about offers designed just for you.
At any time, you may object to this processing, be it initial or further, including profiling to the extent that it is related to such direct marketing, and opt out of receiving further messages of the kind by choosing the appropriate option in the received message.
Surveys and questionnaires
We shall use surveys and questionnaires to collect information in order to determine your satisfaction with the level of service provided by our hotels and campsites. Participation in surveys shall be completely voluntary, as is the registration of your personal data in questionnaires available for you in our establishments. We shall also use the collected data and results of the surveys so as to adapt our services to your wishes and needs.
We shall occasionally organise contests and other competitions. The personal data collected in this way shall be processed solely for the purpose of the contest, i.e. competition (e.g. publishing the names of winners, contacting the winners, delivering the prize, etc.). If you want to participate in a contest or competition, you will need to provide your first and last name, e-mail address, contact telephone number, and address for the delivery of the prize. The collected data will be erased 30 days after the winner has been announced.
Resolving complaints and answering questions
So as to answer all of your questions or possible complaints we need data regarding your first and last name, as well as an e-mail address to which we can send the requested information. If you contact us with a question, we shall process the data you provide us therein solely in order to provide you with the requested information, and we shall erase these data after we have answered your question. Personal data necessary in order to resolve complaints for the services provided shall be kept for one year from the date of their receipt, in accordance with the regulations governing the rights of the consumer and provision of hospitality services.
Participation in the AMI+ loyalty programme
Personal data of the AMI+ loyalty programme members shall be processed in accordance with the General terms of AMI+ loyalty programme provided to the members before they enlist. The General terms of AMI+ loyalty programme are available here: https://www.aminess.com/en/loyalty/terms-and-conditions-ami-loyalty-programme
Personal data recipients
Aminess is required to deliver employee data to the competent institutions, such as the Croatian Pension Insurance Institute, to the Croatian Health Insurance Institute, the Tax Administration and the Central Register of Insured Persons and pension companies. In certain cases, we are also required to submit or make available employment data to the Croatian Employment Service, for example to include employees in active employment policy measures, as well as for the issuance of work permits, to the ministry responsible for tourism in the case of employing scholarship holders, to the ministry responsible for the economy and entrepreneurship when it comes to the use of investment aid, to insurance companies, banks and other cases as required by law.
Certain employee data shall be sent to banks or pension funds as part of salary payments, and data may also be sent to creditors in accordance with enforcement regulations. We shall also send personal data as contractually obligated, e.g. to schools and universities in case of students involved in training.
We are required to deliver personal data regarding our visitors to the national visitor registry – the e-Visitor system.
By way of exception, and based on a written request in line with regulations in force, we are required to deliver certain personal data or enable access of competent state authorities (e.g. courts, police, regulatory bodies, etc.) to such data.
Only when this is essential for our services, we will also forward personal data to trusted partners (data processors) so as to enable customer support, IT system maintenance or for other needs, all the while ensuring that data protection measures are being implemented.
Certain personal data shall also be provided to business entities for the purpose of providing specific services such as the workers’ health examinations (contracted occupational medicine), further, to institutions that organise legally mandatory training (occupational safety, hygiene, toxicology) or audit companies when conducting mandatory audits, notaries when certifying, the Financial Agency for the purpose of obtaining business certificates, public procurement payers when Aminess applies for public procurement tenders, further for the purposes of awarding and using official cards, official mobile devices or for the purchase of fuel.
If the personal data we process are transferred outside the European Union and the European Economic Area as this is necessary for the technical performing of a service requested by the user, Aminess will take reasonable measures that the persons with whom the data are shared, and who are located outside the EU, take the appropriate data protection measures and that protection is ensured in accordance with this Personal Data Protection Policy.
Personal data protection measures
We shall process the collected personal data by applying the appropriate legal, technical and organisational safety measures so as to prevent any unauthorised data processing. We shall only collect data necessary for the purpose of processing and we shall not keep them for longer than necessary in accordance with the regulations.
Rights of users in the processing of personal data
Depending on the purpose and legal basis for the processing of personal data, you may at any time request:
- access to personal data
- correction of personal data
- erasure of personal data
- limitation of the processing of personal data.
If you would like to access the personal data we have collected from you, you need to state all the necessary details which could help us identify and locate your personal data. There is no fee for the delivery of the data, but we reserve the right to request a reasonable fee in case of a special request, such as multiple copies, certain formatting, etc. Upon your request, Aminess will limit the processing of your personal data, as well as correct or erase them, unless we need to keep them due to legitimate legal or business interests.
If you find that some of your rights have been violated, you shall be entitled to submit a complaint regarding the processing of your personal data to the national supervisory authority. The supervisory authority for the Republic of Croatia is the Croatian Personal Data Protection Authority, Selska cesta 136, 10 000 Zagreb, firstname.lastname@example.org.
Contact information regarding personal data protection
Any request, complaint or query related to processing and protection of personal data may be sent:
- by e-mail to: email@example.com,
- by post to: Aminess Hospitality Group d.o.o., Ulica kneza Branimira 71E, Zagreb (Grad Zagreb)
Pursuant to the applicable legislation regulating personal data protection, all requests/questions shall be resolved as soon as possible, and no more than 30 days since their receipt.
Upon contacting and making the aforementioned requests, we will make every effort to confirm your identity and prevent an unauthorised processing of your personal data. Please note that before we answer your request, we may ask you for additional information so as to confirm your identity, as well as for the delivery of the necessary authorisation for submitting a request if you are doing so in someone else’s name.
Contact information of the data protection officer:
Ulica kneza Branimira 71E, Zagreb (Grad Zagreb)
All requests not related to personal data protection, which are delivered to the address of the data protection official, e.g. offers of job candidates, booking inquiries in Aminess properties, etc. will be forwarded directly to the relevant departments within Aminess, without special response to the sender by the data protection official.
Amendments to the Policy
This Policy shall apply as of 18 July 2023.
A notification regarding any amendments to the Personal Data Protection Policy will be made available on this web-site in due time.