Privacy Policy

  • IMG 5507 2 | GDPR

Privacy Policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter also referred to as “GDPR”, the most important information about your personal data processed by ARIA VITA d.o.o. HR50427396024, with its registered office at adranska Turisticka cesta 22I, 23210, Drage, Croatia (hereinafter referred to as the “controller”).

1. What data do we process?

Based on your reservation (or stay without reservation), we process your personal data to the following extent:

  • identification and contact details (name and surname, address of permanent residence, number of ID card or similar document and, where applicable, e-mail address and telephone number),
  • identification and contact details (first name and surname, permanent address, ID card number or similar document number, and, where applicable, email address and telephone number),
  • v případě služebních cest nepodnikajících osob také údaje o organizaci, která pobyt objednala, či uhradila,
  • in the case of business trips by non-business persons, also information about the organization that booked or paid for the stay,
  • information about your stay and the services used, as well as the amount and method of payment for the services provided (in the case of cashless payment, your bank account number or payment card details),
  • in the case of foreign nationals, in addition to the above information, also date of birth, nationality, travel document number, visa number, permanent address abroad.
2. On what basis and for what purpose do we process your personal data?

Processing necessary for compliance with legal obligations

The provision and processing of all the above personal data, with the exception of email addresses and telephone numbers, is necessary for the purposes of fulfilling our legal obligations, in particular those arising from the Local Fees Act and the Act on the Residence of Foreigners in the Republic of Croatia.

Processing necessary for the performance of a contractual relationship

First and foremost, we use your personal data to complete and manage your reservation, which is necessary in order to provide you with this service. The processing of your identification data and data about your stay and the services provided, as well as the amount and method of payment, is necessary for the purposes of fulfilling the contractual relationship relating to your stay, i.e. securing orders and reservations, concluding and fulfilling contracts relating to the accommodation and related services we offer and provide.

Without providing the above information, we cannot provide you with our accommodation services.

Processing based on legitimate interest

We process your personal data, including your name, last name, email address, and information about your stay is processed on the basis of our legitimate interest for direct marketing purposes. The purpose of processing is exclusively to send you commercial communications, i.e., information about interesting news, discounts, etc., which are similar and related to the services you have already used with us.


You have the option to refuse to receive commercial communications in advance. If you receive commercial communications, you can object to the processing of your personal data for the purpose of sending commercial communications at any time, and we will stop sending you these communications.

We also process personal data to the same extent for sending satisfaction questionnaires after your stay in our villas, in order to verify your satisfaction with our services and continuously improve the quality of our services for you.

3. Source of personal data

We obtain the above data either directly from you in connection with negotiations on the conclusion of a contract and the provision of accommodation and catering services; or if another person has made a reservation for our services on your behalf (typically an employer in the case of business trips), we obtain your identification and contact details directly from that person; or, for reservations made through booking portals, the booking portal provides us with your identification and contact details.

4. How long do we process your personal data?

We process your personal data for the duration of your stay in our villas. After your stay, we only process:

Data for which we are required to process under relevant legislation, and only for the period necessary under such legislation. (For example, accounting and tax documents that we issue to you also contain some of your personal data, such as your first and last name, the type of service provided, and the date of issue. We store these documents solely for the purpose of fulfilling the obligations set out in the relevant accounting and tax legislation, for the period specified by these regulations, but for a maximum of 10 years).

Your first name, last name, email address, and information about your stay for the purposes of Buqez direct marketing (sending information about interesting news or discounts on our services, etc.) and for sending satisfaction surveys.

5. To whom do we disclose or transfer your personal data?

Transfer to third parties

We disclose your personal data to public authorities where the obligation to transfer data arises from valid and effective legal regulations (this is typically the case for data that we process on the basis of the Local Fees Act or the Act on the Residence of Foreigners in the Republic of Croatia).

Processors

We use processors to provide certain support services (e.g., sending marketing communications, improving communication and segmenting offers, processing cookies). This processing is always carried out exclusively for our company and based on our instructions. We take care to select all processors based on their trustworthiness and quality of service, including the security of the personal data they process. Processing is only possible on the basis of a contract between the controller and the processor, which obliges the processor to provide the same level of personal data protection as the controller itself. Our processors are based and process personal data in the Czech Republic or another EU country.

6. How does the administrator ensure the protection of personal data?

All persons who come into contact with personal data on our side are obliged to maintain confidentiality regarding the personal data being processed and the security measures taken to protect it. This obligation remains in force even after the termination of their legal relationship with the controller.

7. Your rights under applicable law

Under current data protection legislation, you have the right to access your personal data that we process; this includes the right to obtain the following from the controller:

  • confirmation as to whether the controller processes your personal data and access to such personal data,
  • information about the purposes of processing,
  • information about the categories of personal data concerned,
  • information about the recipients or categories of recipients to whom the personal data will be disclosed,
  • information on the planned retention period or criteria for determining it,
  • information about the existence of the right to request the rectification or erasure of personal data, or the restriction of their processing, or the right to object to such processing,
  • information about all available information about the source of personal data, if not obtained from the data subject – from you,
  • information on whether automated decision-making, including profiling, is taking place,
  • provided that the rights and freedoms of other persons are not adversely affected, a copy of personal data.

You also have the right to:

  • to have your personal data rectified if it is incorrect, inaccurate or incomplete in any respect; the rectification will be carried out by the controller taking into account technical possibilities;
  • request the erasure of personal data in cases provided for by the GDPR, e.g. in the event of withdrawal of consent to processing or objection to processing, in the event of unlawful processing of personal data, in the event that personal data is no longer necessary for the purposes for which it was processed, etc., this option does not apply in the event that processing is necessary to comply with a legal obligation, and in certain other cases provided for by the GDPR;
  • request the restriction of the processing of personal data in cases provided for by the GDPR;
  • to the portability of the data that you have provided to us and that we process by automated means, on the basis of your consent or on the basis of the necessity of their processing for the performance of a contract with you or for the implementation of pre-contractual measures taken at your request. In such cases, we will allow you to obtain your personal data in a structured, commonly used and machine-readable format or, if technically feasible, we will transmit it directly to another controller designated by you,
  • object to the processing of your personal data based on the necessity of the processing for the purposes of legitimate interests, including processing for direct marketing purposes. Unless we can demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms or for the establishment, exercise or defence of legal claims, we will no longer process your personal data in such a case.
  • withdraw consent to the processing of personal data at any time by sending an explicit communication to our address at the beginning of this communication or email address. Withdrawal of consent is effective upon delivery of such communication to the controller. According to the GDPR, the withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.
  • not be subject to any decision based solely on automated processing, including profiling, which has legal effects for you or significantly affects you in a similar way, except as expressly provided for in the GDPR,
  • in addition to the above, if you believe that the processing of your personal data violates the GDPR, you have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7.