Looking after the personal data you share with us is an important part of any services weprovide. We want you to be confident that your data is safe and secure with us, andunderstand that we use it only to provide the services you have requested or booked.
What this Privacy Notice covers
The data controller is RB travel d.o.o.
The data controller determines the purpose and manner in which personal data is used.We are committed to doing the right thing when it comes to how we collect, use andprotect your personal data.
This Privacy notice describes:
• What types of personal data we collect and why we collect it.
• When and how we may share personal data with other organisations.
• The choices you have, including how to access and update your personal data
We have tried to keep this Notice as simple as possible, but if you are still in doubt,
please contact us with any questions.
Personal data we collect
When you contact us, you may provide us with:
• Your personal details, including your name, address, email address, phone
number and date of birth.
When you browse our website we do not collect any personal data, untill you
choose to book a product.
When you buy our products in our office or online, we may collect:
• Passenger information, passport details, other ID document details.
• Insurance details.
• Relevant medical data and any special, dietary, religious or disability requests.
Special categories of personal dana – need special handling and your special consent: This are categories of personal data revealing racial or ethnic origin; politicalopinions; religious or philosophical beliefs; trade union membership; genetic data,biometric data for the purpose of uniquely identifying a natural person; health data; anddata concerning a natural person’s sex life or sexual orientation.
Personal data you provide about other individuals:
• We use personal data about other individuals provided by you, such as those people on your booking.
• By providing other people’s personal data, you must be sure that they agree to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.
Using your personal data
We use your personal dana only to provide the products and services you request
We may use personal data to respond to and to manage security operations, accidentsor other similar incidents, including medical and insurance purposes.
To make contact and interact with you
We want to serve you better as a customer so if you contact us, for example by email,post, and phone or via social media, we may use personal data to provide clarification orassistance to you.
We may invite you to take part in customer surveys, questionnaires and other market
We do not sell your personal data to third parties.
Sharing personal data with suppliers and retail partners
In order to provide products or services requested by you we may share personal datawith suppliers of your travel arrangements, including hotels, guides and transportcompanies.
We also work with carefully selected suppliers that carry out certain functions on our behalf. For example, companies that help us with IT services for processing paymentsand delivering products and services.
We may need to share personal data to establish, exercise or defend our legal rights; this includes providing personal data to others for the purposes of preventing fraud andreducing credit risk.
When we share personal data with other organisations we require them to keep it safe,and they must not use your personal data for their own marketing purposes.
We only share the minimum personal data that enable our suppliers and retail partners toprovide their services to you and us.
Sharing personal data with regulatory authorities
We may share the minimum personal data necessary with other public authorities if thelaw says we must, or we are legally allowed to do so.
Example: our legal obligation is to register all guests ( including babies and children ) upon arrival in our St.Vitus Apartment and Villa „Pa-Pa“ as tourists/visitors in the eVisitorregistration online system.
Protecting your personal data
We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.
We will retain your personal data for only as long as it is necessary for the uses set out inthis Privacy Notice and/or to meet legal and regulatory requirements. After this period,we will securely erase personal data.
Links to other websites
Our website may contain links to websites operated by other organisations that have their own privacy notices. Please make sure you read the terms and conditions and privacy notice carefully before providing any personal data on another organisation’s website as we do not accept any responsibility or liability for websites of other organisations.
Social media features
Our website may contain social media features such as Facebook, Twitter, Google+ andPinterest that have their own privacy notices. Please make sure you read their terms andconditions and privacy notice carefully before providing any personal data as we do notaccept any responsibility or liability for these features.
Accessing and updating your personal data; and complaints
You have a right to ask for a copy of the personal data we hold about you, you can writeto us asking for a copy of other personal data we hold about you.
Please include any details to help us identify and locate your personal data. We want to make sure that the personal data we hold about you is accurate and up todate. If any of the details we hold are incorrect, please let us know.
You can also ask for your personal data to be rectified or erased at any time. We will update or erase your data, unless we have to keep it for legitimate business orlegal purposes.
You can also contact us if you have a complaint about how we collect, store or use yourpersonal data.
Please submit your request or complaint in writing to the Data Protection Officer: By post: RB travel d.o.o. , Maja Brkljacic , Andrije Medulica 8, 51 000 Rijeka, Croatia
Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that youare authorised to make such a request or complaint when you contact us on behalf ofsomeone else.
Legal basis for processing personal data
We will only collect and use your personal data if at least one of the following conditions applies:
• We have your consent;
Example: To provide the products and services you request
We need to process your personal data so that we can manage your booking, provideyou with the products and services you want to buy and help you with any orders andrefunds you may ask for.
• It is necessary for us to comply with a legal obligation;
Example: Sharing personal data with regulatory authorities
So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal datafor immigration, border control, security and anti-terrorism purposes, or any otherpurposes which they determine appropriate.
• It is necessary to protect your vital interests or those of another individual;
Example: In an emergency
Your insurance company, their agents and medical staff may exchange relevant personaldata and special categories of personal data with us in circumstances where we/theyneed to act on your behalf or in the interest of other customers or in an emergency.
• It is in the public interest or we have official authority;
Changes to our Privacy Notice
This Notice replaces all previous versions. We may change the Notice at any time so
please check it regularly on our website(s) for any updates. If the changes are significant,we will provide a prominent notice on our website(s) including, if we believe it isappropriate, electronic notification of Privacy Notice changes.
Last update: June 2018