I. General

The MARITIME Catering Business based in Krk, in Braće Linardića 10, OIB (personal identification number): 99503692062 is seriously aware of the protection of your personal data and takes all the necessary technical and organisational measures to protect it in accordance with the law of the Republic of Croatia and the European Union, in particular in accordance with the Law on the Implementation of the General Data Protection Regulation (OG 42/18) and the (EU) European Parliament and Council Regulation 2016/679 as of 27 April 2016 regarding the protection of individuals with regard to the processing of personal data and the free movement of such data.

This privacy policy describes which and on which basis we collect personal data, and the purposes we use this data for, how it is kept from unauthorised access, as well as your rights with regard to this data.

The “MARITIME” Catering Business is the Processor of such personal data, being based in Krk in Braće Linardića 10, OIB (personal identification number): 99503692062, and owned by Josip Brusić.

The personal data protection officer at MARITIME Business is Tamara Brusić.

Please send any enquiries you may have to:

Address: Krk, Braće Linardića 10, for the attention of the Data Protection Officer

E-mail address: info@maritime-krk.com

II. Personal data

Personal data is any information pertaining to a natural person who is identified or can be identified; a person who can be identified is a person whose identity can be determined either directly or indirectly, in particular on the basis of an identification number or one or more features that are specific to her/his physical, psychological, mental, economic, cultural or social identity.

The Processor, in accordance with the purposes listed below and in line with the Privacy Policy, collects the following personal information:

• basic data about the data subject (name and surname, address, date of birth, location);
• contact information and data with regard to your communication with the Processor (e-mail address, phone number, date, time and content of postal or email message, date, time and duration of phone calls;
• data on the data subject’s use of the Processor’s website (dates and times of visits to the website, visited pages i.e. URLs, time spent on a particular page, number of pages visited, total time of the website visit, actions on the website) and data on the usage of received messages (email, SMS) of the Processor;
• data from forms that have been voluntarily filled in by the data subject;
• other data given voluntarily by the data subject to the offerer during requests for certain services for which such data is required.

III. Purpose of processing and the legal basis for processing personal data

The specific purpose and means of processing your personal data depends greatly on the type of relationship in which your data is collected. In our work, we are guided by the fundamental principles of personal data protection, which means that we process the data legally, transparently and fairly, and that processing is limited to the purpose for which the data is collected and only data necessary for a specific purpose is processed. Your personal data is only kept for as long as is necessary to achieve the purpose of processing, except when we are bound by certain regulations to store personal data for a longer period of time, or when our legitimate interests require it (for example, to set up, enforce, or protect legal requirements). The accuracy, reliability, confidentiality and integrity of your personal information are also the principles taken into consideration during processing. Access to your personal data is exclusively authorised by you.

As the Processor, the MARITIME catering business, protects your privacy and processes only such personal data that is necessary and that has been acquired in the course of its activity, regardless of whether the data was obtained directly from you, from third parties or from publicly available sources, and for the following purposes:

• execution of contractual obligations - when processing is necessary for the execution of the contract you signed or for taking action at your request prior to the conclusion of the contract
• satisfaction of legitimate interests - when necessary, personal data is processed outside the contractual relationship and in order to satisfy our legitimate interests. For example, such a legitimate interest may be: check in and check out of guests to competent bodies and institutions, conducting court proceedings and keeping records of them, protection of persons and property, answering your inquiries and comments
• fulfilling your requirements and enabling you to exercise your rights
• the necessity to respect legal obligations
• processing personal data for a particular purpose or for a number of special purposes as described in the consent, only after we have received your consent to process will your personal data be used for a particular purpose. Your consent is in compliance with the relevant provisions of the Regulation, it is not conditioned and is given voluntarily. At the same time, you retain the right to revoke your consent at any time.

IV. Freedom of choice

You are the one making the decision with regard to the personal data you give to the Processor. However, should you decide not to provide the data necessary to meet any of your requirements, the Processor will be unable to meet your request.

V. Personal data retention

The Processor will keep your personal data for as long as necessary to achieve the purposes for which the personal data was collected and processed. All personal data processed by the Processor under the law is kept by the Processor within the statutory period.

All personal data processed by the Processor due to the contractual relationship with the data subject shall be kept by the Processor for a period of time necessary for the execution of the contract and for another 5 years after the termination of the contract, except in the event of a dispute between you and the Processor with regard to the contract, when the Processor keeps the data 5 years after the final court judgment or settlement, and should no court case be involved, the Processor will keep the data for 5 years after the day of the peaceful settlement of the dispute.

All personal data processed by the Processor is based on the consent of the data subject or on legitimate interest. The Processor will permanently keep such data until the data subject withdraws his/her consent, i.e. before his/her request to cancel the data processing. This data is only deleted by the Processor prior to retrieving consent from the data subject if the purpose of processing the personal data is achieved or if so specified by law.

VI. Security of personal data processing

The Processor takes all necessary (technical and physical) measures to ensure the security of your personal data. Your data is protected against loss, forgery, manipulation, unauthorised access, and unauthorised disclosure at all times.

Handwritten records of personal data are stored in registers, in lockers, while personal data is stored in the form of electronic records present on personal computers and servers which is encrypted and protected by protection systems (firewall, antivirus software).

VII. Transfer of personal data

The Processor will transfer your personal data to third parties only in cases where this is required by law or other regulations (Croatian Pension Insurance Institute, Croatia Health Insurance Fund, Tax Administration, County of Primorje and Gorski Kotar, Ministry of Interior of the Republic of Croatia, and other competent bodies).

The Processor can entrust your personal data to an IT system administrator who may process such data solely on behalf of and under the authority of the Processor and in accordance with this privacy policy.

VIII. Internet and web page

Data privacy

We would like to make it clear that when you visit the MARITIME Catering Business site at http://www.maritime-krk.com/ your personal data remains confidential unless you wish to disclose it voluntarily. We undertake not to disclose any data we receive to other parties, except in the cases listed in the previous chapter.

Server statistics

Our global network server uses statistical software. These programs are a standard feature of all Internet servers and are not unique to our site. Such statistical programs allow us to customise our pages in such a way as to be as effective and simple for our visitors (determining the information regarding the level of interest of our users, customising pages for individual web browsers, improving the structure of our site, and visiting our sites).

Use of cookies

To facilitate browsing, our web pages and our global network server use cookies. Cookies are very small text files that the server places on a user's computer to track the selection of individual language variants of our pages, as well as when entering the page sections that require a username and password entry. Cookies cannot be used to run programs or set up viruses on your computer. The cookies that our Internet server sets are deleted automatically from your computer at the end of the session, that is, at the moment you leave our site. Browsing through our pages is also possible without the use of cookies if your web browser is set in appropriate way.

E-mail message

When you send us an e-mail with personal identifying information, either via e-mail with registration of your stay, enquiries and/or comments, or contained in a form delivered to us by e-mail, we use this information solely for the purpose and to the extent necessary to meet your requirements.

IX. Video surveillance

Solely for the purpose of protecting its property, the Processor conducts video surveillance of the following facilities in his property: a catering facility (restaurant and guesthouse) at Braće Linardića 10, Krk as well as a boutique hotel and restaurant at Lukobran 5, Krk.

X. Rights of the data subject

• the right to withdraw consent: if you have given consent to the processing of your personal data, you have the right to withdraw this consent; withdrawal of this shall not affect the lawfulness of the processing before the withdrawal itself; the data subject’s withdrawal of consent will not cause any negative consequences, however, it is possible that you will no longer be able to exercise a certain right after you have withdrawn the processing data consent necessary to exercise your rights;
• the right to access personal data: you have the right to receive confirmation of your personal data processing from the Processor and, when they are processed, gain access to personal data and the following information: processing purpose, personal data category, data transfer, data retention period or criteria for determining the same, the existence of the right to a correction or deletion of personal data, processing limitation rights, right to complaint with regard to processing, right to complaint to the supervisory authority, data source (if data was not collected from you personally);
• right to rectification of personal data: you have the right, without unnecessary delay, to obtain rectification from the Processor of any incorrect personal information pertaining to you as well as to complete any incomplete data;
• right to erasure of personal data (“right to be forgotten”): you have the right, without unnecessary delay, to obtain the deletion of personal data relating to you from the Processor if one of the following conditions is met:
  • data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • should consent on which the processing is based be withdrawn and there is no other legal basis for processing;
  • should an objection to the processing be filed, and there are no stronger legitimate reasons for processing;
  • personal data has been illegally processed;
  • personal data must be deleted in order to respect the legal obligation of Union’s law or the law of the Member State to which the Processor is subject;

  except to the extent that processing is necessary:

  • for the exercise of the right to freedom of expression and information;
  • in order to comply with a legal obligation requiring processing in the law of the Union or of a Member State to which the Processor is subject or for the performance of tasks of public interest or in the exercise of the official authority of the Processor;
  • for the purposes of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes to the extent that it is probable that the right of erasure may disable or seriously jeopardise the attainment of the objectives of such processing;
  • for the purpose of establishing, enforcing or defending legal requirements;
• right to restriction of processing personal data: you have the right to obtain a processing restriction from the Processor if one of the following is met:
  • if you deny the accuracy of personal data, for the period during which the Processor may check the accuracy of such personal data;
  • processing is illegal, and you are opposed to the deletion of your personal data and instead seek to restrict its use;
  • the Processor no longer requires personal data for processing purposes but you need it in order to set up, enforce or defend legal requirements;
  • you have filed an objection to processing pursuant to Article 21 paragraph 1 of the General Data Protection Regulation, expecting confirmation whether the Processor’s legitimate reasons go beyond your reasons;
• right to data portability: you have the right to receive the personal information relating to you which you provided to the Processor in a structured, commonly used and machine-readable format and you have the right to transfer this data to another Processor without interruption by the previous Processor to which the personal data was provided if the processing is based on a consent or contract, and if processing is carried out by automated means; when exercising this right you are entitled to direct transfer from one Processor to another if technically feasible; this right shall not apply to the processing necessary to carry out tasks of public interest or to carry out the official authority assigned to the Processor and shall not adversely affect the rights and freedoms of others;
• right to lodge a complaint:
  • a) should processing of personal data be necessary for the performance of tasks of public interest or in the exercise of the official authority by the Processor and when processing is necessary for the legitimate interests of the Processor or third party, you are entitled to lodge a complaint about the processing of data related to you based on your personal situation at any time; should you lodge such a complaint, the Processor may no longer process your personal information unless it demonstrates that there are legitimate reasons for processing beyond your interests, rights and freedoms or for the purpose of establishing, enforcing, or defending legal requirements;
  • b) should the personal data be processed for the purposes of scientific or historical research or for statistical purposes, you have the right, to lodge a complaint about the processing of such data related to you based on your personal situation at any time, unless processing is necessary for carrying out the task performed due to the public interest;
• right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you have a residence, where your workplace is or place where the processing is allegedly violated, if you consider that the processing of personal data pertaining to you violates the General Data Protection Act;
• the right to an effective judicial remedy against a supervisory authority: you have the right to an effective judicial remedy against the legally binding decision of the supervisory authority that relates to you, as well as if the competent supervisory authority does not resolve the complaint or does not advise you of the progress or outcome of the lodged complaint within three months.

All questions and requests related to the exercise of your rights with regard to personal data can be sent to: "MARITIME" Catering Business, Krk, Braće Linardića 10, for the attention of the Personal Data Protection Officer or by email to: info@maritime-krk.com.

For the purposes of the reliable identification of the data subject when exercising his / her personal data rights, the Processor may request the provision of additional information, and in the event that the data subject can not be reliably identified, may refuse to act upon the request.

XI. Notification of a personal data breach

In the case of personal data breach, the Processor shall inform the supervisory authority (Personal Data Protection Agency), unless it is unlikely that such a personal data breach will cause a risk to the individuals' rights and freedoms.

In the event of a breach of personal data likely to cause a high risk to an individual's rights and freedoms, the Processor shall notify the data subject, unless he or she has taken appropriate technical and organisational protection measures (e.g. encryption) or has taken any further action to ensure that he/she is no longer likely to be at high risk for the rights and freedoms of the data subject or that would require a disproportionate effort (in the latter case, there must be public notice or similar measure to inform the data subject in an equally effective manner).

XII. Announcement of changes

Any change to the Personal Data Protection Policy will be posted on the MARITIME catering business website. By using the website you confirm that you accept and agree to the full content of this Privacy Policy.