Privacy notice

Data Controller: AKTIVNI ODMOR d.o.o.,
Klovićeva 16/B,
21000 Split,
OIB: 69885716463

1. We consider personal data protection a key part of our work
With this privacy policy, Aktivni odmor d.o.o. (hereinafter: Aktivni odmor) sets a standard of data collection, processing, retention and deletion within its business.

Below you can find the types of data we collect and process, the purposes data is intended for, the lawful bases for the processing, the periods during which we store them, the measures we use to protect them, the third parties we transmit them to, and the rights you have regarding the protection of your data – in accordance with the General Data Protection Regulation (GDPR).

Data protection officer: Duje Kozomara
Mail-address: dpo@andadventure.com

2. Purposes we collect data for, types of data and legal basis for processing

Booking contact form on the web site
• Types of data: Name, surname, mail-address, phone number (optional)
• Legal basis: Necessary for the performance of a contract

„Detailed itinerary“ contact form
• Types of data: Name, surname, mail-address, phone number (optional)
• Legal basis: Legitimate interest

Crew list (sailing) and rooming list (guestlist for a hotel)
• Types of data: First name, last name, citizenship, passport / ID number, country of birth, date of birth, place of birth
• Legal basis: Legal obligation

Online card payment
• Types of data: Name, surname, address, telephone, postal code, IP address, Email, City, date and time of payment
• Legal basis: Necessary for the performance of a contract

 

Invoicing
• Types of data: First name, last name, address, city, postal code, country, OIB (for Croats)
• Legal basis: Legal obligation

Data necessary for holding multi-day tours
• Types of data: First name, last name, date of birth, flight number and arrival time, cell phone number, emergency contact, height (for bike tours)
• Legal basis: Legitimate interest

Health data necessary for holding multi-day tours
• Types of data: allergy information, medications, other relevant medical information, dietary restrictions
• Legal basis: Explicit consent

Client photos for marketing
• Types of data: Photo
• Legal basis: Consent

Job ad
• Types of data: Name and surname, phone number, City and country, e-mail address, work experience, previous education info
• Legal basis: Necessary for the performance of a contract

Mail communication about the job competition
• Types of data: Name, e-mail address, resume, sports experience, knowledge of English
• Legal basis: Legitimate interest

2.1. Cookies
Our website uses cookies – small text files that are stored on your device when you visit a particular website. We use two types of cookies: those necessary for the operation of the website, and statistics to understand visitors’ behavior better and improve our services.

3. Lawfulness and fairness of data collection and processing
Aktivni odmor collects and processes data in accordance with contractual obligations, legal obligations, our legitimate interest, or with provided consent.

We respect the fundamental principles laid down in the GDPR: we adhere to legal data processing mechanisms, the data is collected for specified, explicit and legitimate purposes and it’s processed in accordance with them. We collect the minimum amount of data, strive to ensure that it is accurate, and we keep it only for as long as necessary for the purposes they’re processed for. We conduct pseudonymization as well as anonymization of personal data wherever possible.

4. Data subjects rights and their exercise
• Right of access to personal data
• Right to rectification of inaccurate personal data
• Right to erasure of personal data
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to not be subject to automated decision-making

You can request the exercise of the aforementioned rights by making an inquiry to our physical address (Klovićeva 16/B), or the e-mail address of our data protection officer: dpo@andadventure.com

You can also contact us for any interpretation of your rights, as well as request a summary of our data protection impact assessment. We respond to all requests within one month of receiving the request.

You can also submit a complaint to the Croatian Data Protection Supervisor: Personal Data Protection Agency (AZOP), Martićeva 14, Zagreb, azop@azop.hr

5. Relationship with third parties
Each relationship with our trusted partners is contractually specified for data protection. Our partners must not process your information outside of our instructions, they must take adequate measures to protect it securely and can only keep it for an agreed period.

These are the only purposes our partners can process your data for:
• Accomodation providing
• Online card payment processor
• Cloud service for internal use
• Accounting Services
• Website maintenance
• Digital marketing

6. Security of data protection
We use organizational, technical, and physical risk-based measures to protect personal data from destruction, loss, alteration, and unauthorized disclosure or access. Within the company, there is an ongoing dimension of privacy culture: the Director and all employees whose job description involves processing personal data are educated about the obligations and rights prescribed by the Regulation. Regular privacy awareness training is conducted.

The data collected through the website is protected by an SSL certificate, a technology that encrypts the connection between our server and your internet browser, ensuring that no one else has access to the data you give us. We work with trusted and professional partners who are committed to using high standards of protection.

Last update: 01.04.2020

Scroll to Top