Data protection policy

Data protection policy

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the General Data Protection Regulation), and in accordance with the Act Implementing the General Data Protection Regulation (OG 42/18) and other applicable regulations, we hereby issue this Privacy Statement in order to inform all interested parties about the manner in which personal data is collected, processed, used, stored and protected in the course of our business, and about the rights that our users and employees have in relation to the processing of personal data. This data protection policy applies to all personal data that we process.

1. DEFINITIONS OF BASIC TERMS

For the purpose of easier familiarization and use of this Statement, the following is an explanation of the basic terms used in the content, which are defined in accordance with the provisions of positive regulations:

“Personal data” means all data relating to an identified or identifiable individual.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Data subject/user” is a natural person whose identity can be determined, directly or indirectly, in particular by reference to one or more factors specific to his/her physical, psychological, mental, economic, cultural or social identity. Simply put, in this situation, the data subject/user is you.

“Controller” means the natural or legal person or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Third party” means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor or persons authorised to process personal data under the direct authority of the controller or the processor.

“Recipient” means the natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether or not it is a third party.

“Consent” of the data subject/user means any voluntary, specific, informed and unambiguous indication of the data subject/user’s wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him/her.

“Personal data breach” means a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

2. PROCESSING MANAGER

The Controller responsible for processing your personal data is: FESHTA EVENTS d.o.o., travel agency, Hegedušićeva 14, 10000 Zagreb, Republic of Croatia, OIB: 19418237965 (hereinafter referred to as: Controller/Agency).

Contact of the Data Controller:

e-pošta: bynd@byndtravel.com
email: Hegedušićeva 14, 10000 Zagreb, RH
Phone: +385 91 6384 410

In certain situations, the agency may also be the processor of personal data, for example when it processes your personal data when mediating in the provision of package arrangements and/or other services organized by other travel agencies or service providers. In such cases, the controller of your personal data is the other travel agency or service provider.

3. PRINCIPLES OF PERSONAL DATA PROCESSING

LEGALITY, TRANSPARENCY AND HONESTY

The Agency approaches the processing of your personal data in accordance with the principles of lawfulness, transparency and fairness, which means that any processing is in accordance with a specific legal basis, and you are informed about the processing procedure and its purposes. In doing so, the Agency provides you with all the information necessary to ensure fair and transparent processing, taking into account the specific circumstances and context of the processing of personal data.

PURPOSE LIMITATION

Personal data is collected for specific, explicit and lawful purposes and is not further processed in a manner that is inconsistent with these purposes.

REDUCTION OF DATA AMOUNT

The Agency processes only personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. This means that the Agency will not ask you for personal data that is not necessary for it to fulfil the purpose for which the personal data is provided.

ACCURACY OF PERSONAL DATA

Personal data must be accurate and, if necessary, up-to-date, therefore the Agency will take every reasonable measure to ensure that personal data that are inaccurate, taking into account the purposes for which they are processed, are deleted or corrected without delay.

RESTRICTION ON STORAGE OF PERSONAL DATA

Personal data is kept in a form that allows you to be identified only for as long as is necessary for the purposes for which the personal data are processed or as required by applicable regulations.

If personal data is processed based on your consent, the data will be stored until you withdraw your consent. You can withdraw your consent at any time by sending a request to the email address: bynd@bynd.com or regular mail address: Hegedušićeva 14, 10000 Zagreb, Republic of Croatia.

INTEGRITY AND CONFIDENTIALITY

The Agency processes personal data in a manner that ensures an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

RELIABILITY

The Agency is responsible for complying with all principles of personal data processing, and is able to demonstrate compliance with the provisions of the General Regulation at any time.

4. LEGAL BASIS AND PURPOSES OF PROCESSING PERSONAL DATA

Personal data is collected from you as the data subject/user, from third parties or from publicly available sources. Personal data may be collected based on your consent, but also in accordance with other lawful legal bases for collecting personal data. Personal data is collected for the following purposes:

  • performance of contractual obligations – when processing is necessary for the purpose of performing a contract or taking action at your request, and prior to entering into a contract
  • necessary compliance with the Agency’s legal obligations – e.g. for the purpose of processing employee data (sending employee data to the Croatian Insurance Institute (HZMO), the Croatian Health Insurance Institute (HZZO), the Tax Administration, accounting services, etc.)
  • Meeting the legitimate interests of the Agency – when necessary, the Agency processes personal data outside of the contractual relationship, for the purpose of meeting its legitimate interests. For example, but not exclusively, such legitimate interest may be: conducting court proceedings and keeping records of them, detecting perpetrators of criminal acts and preventing fraud, protecting people and property
  • protection of the vital interests of the data subject/user or other natural person
  • improving the Agency’s operations or for the Agency’s internal needs, such as auditing, data analysis and research to improve our products, services and communication with respondents/users
  • responding to your inquiries and comments
  • sending promotional offers and other information related to the Agency’s operations, based on your consent
  • promotion of the Agency, based on the consent you have given us

In the event of a need to process personal data for purposes not described here or outside the purpose for which you have given us consent, prior to such processing we will provide you with information about that other purpose and all other relevant information about the processing and, if necessary, request consent for such processing.

All data that the Agency receives from you is provided to the Agency voluntarily for processing.

The agency may process your personal data for marketing purposes, based on your specific consent.

5. PERSONAL DATA PROCESSED

The Agency processes your personal data that is necessary to fulfill the contractual and legal obligations assumed, and to satisfy legitimate interests, or to perform actions within the scope of our business, such as: name and surname, place of residence or temporary residence, city/town and postal code, country, OIB, type and number of travel document, date of validity of travel document, travel document issuer, ID card number, date of validity of ID card, ID card issuer, number, date and place of visa issuance, day, month and year of birth, gender, citizenship, email address, telephone number, photo, credit/debit card number or data on another means of payment, handwritten signature, IP address, etc.

As part of the business/contractual relationship for the purpose of organizing and realizing travel and providing other services of the Agency, all previously mentioned personal data may be processed, and in the specific situation, the personal data necessary for the establishment and implementation of the business/contractual relationship and the fulfillment of related contractual obligations will be processed. Without this information, we are usually forced to refuse to conclude a contract, implement an order or suspend implementation and terminate an existing contract. You are not obliged to provide personal data for processing that are not relevant or required by law for the execution of the contract.

Within the framework of the employment relationship between the employee and the Agency, the Agency processes the employee’s personal data, such as: name and surname, place of residence or temporary residence, city/town and postal code, country, OIB, type, number and validity period of the identification document, day, month and year of birth, gender, citizenship, email address, telephone number, handwritten signature, employee’s professional qualifications, employee’s work experience, bank account number, etc.

As part of marketing activities, based on your consent, we process the following personal data: name and surname, email address, telephone number.

As part of the Agency’s promotion, based on your consent, we process the following personal data: name and surname, email address, telephone number, photographs, video materials, etc.

The agency can also process your personal data from a special category of personal data, namely data related to your health. Personal health data is collected for the purpose of organizing and implementing travel and other Agency services, based on your express consent, and if it is necessary to protect your vital interests or another individual.

Personal data related to health is also processed when it is necessary for the purposes of fulfilling the obligations and exercising the special rights of the Agency or respondents/users in the field of labor law and the law on social security and social protection, i.e. for the purpose of preventive medicine or occupational medicine to assess the employee’s work ability.

6. RESPONDENTS/USERS’ RIGHTS

In accordance with all applicable regulations, the data subject/user has the following rights:

RIGHT TO INFORMATION AND ACCESS TO DATA

You have the right to obtain from us confirmation as to whether we are processing personal data concerning you, and if we are processing such personal data, access to the personal data as well as the following information: the purpose of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria for determining that period, the right to request rectification, erasure and restriction of processing of personal data or the right to object to such processing, the right to lodge a complaint with a supervisory authority, if personal data are not collected from you, any available information about their source, information on the automated decision-making system, which includes profiling, and the safeguards if personal data are transferred to a third country.

The Agency provides a copy of the personal data being processed. You can submit your request through the Agency’s contacts listed above, and unless you request otherwise, the information will be provided to you in the usual electronic form. The right to obtain a copy is exercised to the extent that it does not adversely affect the rights and freedoms of others.

RIGHT TO CORRECTION

You have the right to obtain the correction of inaccurate data concerning you without undue delay.

Taking into account the purposes of the processing, you have the right to complete incomplete personal data, and in that case the Agency is obliged to act in accordance with your request without undue delay.

RIGHT TO DELETION

You have the right to obtain the erasure of personal data concerning you without undue delay if one of the following conditions is met:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
  • you have withdrawn the consent on which the processing is based and there is no other legal basis for the processing,
  • you have objected to the processing, in particular if the data subject is a child,
  • personal data has been processed unlawfully,
  • personal data must be deleted to comply with a legal obligation in accordance with applicable regulations

The right to erasure is not an absolute right and does not apply in cases where processing is necessary to exercise the right to freedom of information and expression, to comply with legal obligations to which the Agency is subject, to establish, exercise or defend legal claims and the like.

RIGHT TO RESTRICTION OF PROCESSING

You have the right to obtain restriction of the processing of personal data if one of the following conditions is met:

  • you dispute the accuracy of personal data, for a period that allows the Agency to verify the accuracy of personal data,
  • the processing is unlawful and you oppose the erasure of your personal data and instead request the restriction of their use,
  • The agency no longer needs personal data for processing purposes, but you request them in order to establish, fulfill or defend legal claims,
  • you have lodged an objection to the processing, awaiting confirmation whether the Agency’s legitimate reasons outweigh those of the data subject/user.

RIGHT TO DATA PORTABILITY

You have the right to receive the personal data you have provided to the Agency in a structured, commonly used and machine-readable format and to transmit it to another controller without hindrance from the Agency.

RIGHT TO OBJECT

You have the right to object at any time to the processing of personal data concerning you.

If you believe that the Agency does not have a legal basis to process your personal data, you can file a complaint at any time to the Agency at the email address: bynd@bynd.com or regular mail: Hegedušićeva 14, 10000 Zagreb, Republic of Croatia and to the national supervisory authority, the Agency for Personal Data Protection (AZOP).

In this case, Agemcija will no longer process your personal data, but may not be able to provide you with its services or have a business relationship with you.

AUTOMATED DECISION MAKING INCLUDING PROFILING

You have the right not to be subject to a decision based solely on automated processing, including profiling, unless it is necessary for entering into or performing a contract between you and the Agency, or is based on your explicit consent.

7. IDENTITY CONFIRMATION AND MISUSE OF RIGHTS ISSUES

In case of doubt about your identity, we may request additional information to verify your identity. Such verification serves to protect your rights.

If you use any of the indicated rights too frequently and with obvious intent to abuse them, we may charge an administrative fee or refuse to process your request.

8. METHOD OF COLLECTING PERSONAL DATA

The Agency collects your personal data through the website through your access to the website, including through registration/profile creation, through contact and inquiry forms, through “cookies”, through e-mail, and through documentation and communication that is forwarded and takes place between you and the Agency, by any means of communication. The Agency may also collect your data through third parties, for example, but not exclusively, through merchants and intermediaries who sell the Agency’s services, through government authorities, etc.

9. RESPONDENT/USER CONSENT

The agency will not use your personal data without your consent for any purposes for which consent is required under applicable regulations.

You have the right to withdraw your consent at any time by sending a request to:

  • e-pošta: bynd@bynd.com
  • mail: Hegedušićeva 14, 10000 Zagreb, Croatia

Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Ako se obrađuju osobni podaci maloljetnika za koje je potrebna privola, takvu privolu daje ili odobrava nositelj roditeljske skrbi nad djetetom.

GO BACK HOME