In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016, p. 1, hereinafter: General Data Protection Regulation), which has been fully applicable since 25 May 2018 in the Republic of Croatia and all EU Member States, as well as the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter: the Act), i.e., in accordance with the legal framework for the protection of personal data in the Republic of Croatia and the European Union and best European practice, TURISTHOTEL d.o.o., Dražnikova ulica 78, Zaton, 23232 Nin, OIB: 74204012744 (hereinafter: “Turisthotel”), as the controller of the personal data of users of its services, has drafted this Privacy Policy.

This Privacy Policy (hereinafter: the “Policy”) explains how Turisthotel collects, uses, and manages your personal data found on the website and made available to Turisthotel through the use of the following websites:

• https://www.turisthotel.com.hr
• https://www.zaton.hr
• https://hostelforumzadar.com
• https://thpraonica.hr
• https://www.thcatering.hr

The Privacy Policy applies to all services offered by Turisthotel. The purpose of this Policy is to clearly and transparently inform our guests, visitors, partners, and users of our services (hereinafter: “data subjects”) about the procedures for processing their personal data and about their rights.

Turisthotel is committed to protecting and respecting your privacy. Please read this Policy carefully to understand why and how we collect your personal data and how it will be used. Regarding the personal data we collect, Turisthotel is the “data controller,” meaning the one who determines the purposes for which and the means by which personal data is processed.

Turisthotel, as the provider of the website services, is committed to safeguarding the privacy of personal data.

If you wish to contact us regarding this Policy or your personal data, please use the following contact information:

TURISTHOTEL d.o.o.
Dražnikova ulica 78, Zaton
23232 Nin
Croatia
E-mail: dpo@turisthotel.com.hr

For all other inquiries, you can also contact us at: uprava@turisthotel.com.hr.

And now, let’s talk “a little” more about the rights, obligations, and other matters relevant to the protection of your privacy and personal data! The following text is important and is by no means boring or dry.

How and when do we collect your personal data?

We collect your personal data when it is necessary to meet your needs and requests, perform services, fulfil our legal obligations, or for the purposes of our business operations:

1. When booking accommodation, services and our special offers, we collect your personal data such as title, first name, last name, country of origin, residence/home address, e-mail address, telephone and mobile number, information on time of arrival, flight number, vehicle registration number, etc.

For the purpose of guaranteeing a reservation when it is made by credit card, it is necessary to enter data such as name, surname, card type, card number, expiration date, and security CVV code. We do not collect, further process, or store card data in our systems – it is used solely for conducting online payments via the Monri Payments system, for which the independent data controller is Monri Payments d.o.o., Ulica grada Vukovara 269F, 10000 Zagreb, OIB: 82551932122.

We collect and process your personal data in order to execute the contract in which you, as the data subject, are a party, i.e. for the purpose of making reservations and providing accommodation services, which are or may be necessary actions/pre-contractual steps related to the conclusion of the contract. We need the data in order to identify you upon arrival, ensure that your accommodation unit is ready and available on the agreed date, and to make the final calculation of the service price before your departure.

Reservations can be made in person, through the website or by calling our call centre/available phone number, through other contact forms or third-party websites (e.g. Booking.com), or by sending a message to the designated e-mail addresses such as reservations@zaton.hr.

We store your personal data in our database for the purpose of fulfilling the accommodation contract and complying with legal obligations related to hospitality services. If you do not provide us with the data necessary for making the reservation and for registration in the competent registers during your stay, we will not be able to provide you with the reservation or accommodation service in accordance with the contract.

2. In order to offer you accommodation services (which represent our core business), we enter into accommodation contracts with you and, in doing so, as well as in taking the necessary steps/pre-contractual actions related to concluding said contract, we collect the personal data necessary to provide the accommodation service, to perform the contract with you, and to comply with our legal obligations under applicable laws and regulations in the Republic of Croatia.

It is our legal obligation to collect the following data for the purpose of registering and deregistering guests by the obliged provider of accommodation services, under the Act on Tourist Tax and the Ordinance on the eVisitor system: first name, last name, place, country and date of birth, nationality, type, number and place of issuance of identification document, residence address, date and time of arrival at the facility, expected date of departure, date and time of actual departure, gender, note, registration number, basis for exemption from or reduction of tourist tax. These data are entered into the guest database, from which they are automatically sent to the eVisitor system.

In addition, we collect your data in order to comply with our legal obligations for the following lawful purposes:

a) recording, calculation and collection of tourist tax under the Act on Tourist Tax and the Ordinance on the minimum and maximum amount of tourist tax;
b) maintaining the guestbook or guest list by the accommodation provider and monitoring compliance with this obligation by inspection authorities under the Hospitality Act and the State Inspectorate Act;
c) reporting foreign nationals to the Ministry of the Interior and monitoring compliance with this obligation by inspection authorities under the Aliens Act and the Police Duties and Powers Act;
d) maintaining a list of tourists by tourist boards and for statistical processing and reporting under the Act on Tourist Tax and the Act on Tourist Boards and Promotion of Croatian Tourism;
e) supervision of the accommodation provider’s operations with regard to the legality of the business, provision of registered services, and compliance with tax and other public contribution regulations under the State Inspectorate Act and the General Tax Act.

Guest registration data is recorded on the basis of identification documents: ID card or passport, in which case we are required to ask you to present your identification document, as well as provide other information necessary for entry if not contained in the document. We do not keep copies of identification documents.

We store your personal data in our database for the purpose of fulfilling the accommodation contract and complying with legal obligations related to hospitality services. If you do not provide us with the data necessary for the reservation and for registration in the competent registers during your stay, we will not be able to provide you with the reservation or accommodation service in accordance with the contract.

Certain data are necessary in order to take action at your request even before the accommodation contract is concluded, e.g. before making a reservation we will send you accommodation offers upon request, for which we need data such as your name, surname and e-mail address, as well as information on the preferred type of accommodation.

3. When registering as a newsletter (e-leaflet) subscriber or for other notices about our services and offers, we will ask you to provide information such as e-mail address and language (these two data are mandatory in order for us to provide the requested service) as well as your first name, last name and preferred type of accommodation (these data are optional). The legal basis for processing your data is consent. A user subscribing to receive information about our services and offers by entering their data on our website thereby gives consent for the processing of their personal data. The user can withdraw consent at any time by following the “unsubscribe” link at the end of every newsletter received or by sending a request to info@zaton.hr. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

4. When you access our websites, we collect your IP address, date and time of access, information about the hardware, software or browser you use, the operating system of your computer, your language settings, etc. We may collect information about your clicks and site navigation.

The legal basis for processing your data is consent given through the pop-up window when accepting cookies. You can withdraw or modify your consent at any time, except for necessary cookies which we use based on legitimate interest and which are required for the website to function properly. You can read more about cookies in our Cookie Policy.

5. When you contact us through our contact details, by e-mail or by phone to our call centre, or otherwise send an inquiry, request assistance or ask a question in order to exercise one of your rights, we collect the data you provide, such as your name, surname, e-mail address, mobile number, etc., as well as other data needed to respond to your inquiry/request.

Depending on the nature of the contact, the legal basis for data processing may be your consent (so-called presumed consent for persons who send inquiries or voluntarily provide personal data), performance of a contract (e.g. inquiries related to accommodation services), or legitimate interest (e.g. for call recording).

When your conversation with our call centre is recorded, we will always inform you of this when you call, i.e. before the conversation begins. Calls are recorded for the protection of guests and other users of Turisthotel services from inappropriate communication by call centre employees, for evidence in the event of possible complaints or misunderstandings about agreed services based on guest calls, and for employee training and quality improvement purposes.

Also, when sending an inquiry, please do not provide special categories of data, i.e. sensitive information about yourself (such as race or ethnic origin, political opinions, religious or philosophical beliefs, etc.) when it is not necessary. If you still provide them, we will consider that you have given us your explicit consent for their collection. For your own safety, we recommend that you provide only the data necessary for us. Any other data that we do not need will be deleted.

6. When participating in surveys, prize games and competitions, we collect your data only if you choose to participate, and we process them depending on the type of prize game, about which you will be additionally informed in the rules of the game. The data processed may include your first name, last name, address for prize delivery, etc. Participation in surveys is voluntary, and by answering the questions you give your consent for processing the entered personal data. You can withhold consent by simply not answering the questions. Guests who fill out a Turisthotel service quality survey may also have the opportunity to participate in a prize game, which will be clearly stated on the form. In that case, collected data will also be used, based on a kind of contractual obligation, for the purpose of conducting the prize game and awarding prizes, in accordance with the rules. Some participant data (e.g. first name, last name and e-mail address) may, based on legitimate interest, also be used for direct marketing purposes.

7. When you contact us as partners or as interested legal entities regarding our services, we collect your data such as first name, last name, e-mail, phone number, position in the company, occupation, account number, etc. Our partners may be natural persons (e.g. entrepreneurs such as liberal professions (lawyers, doctors, etc.), craftsmen, persons entering into service contracts (singers, painters, photographers, etc.)) or legal entities represented by natural persons (e.g. contract signatories, delivery recipients, invoice recipients, etc.). In contacts with legal entities, we also process data about the natural persons representing them. Such processing is necessary for the performance of the contract, i.e. for the provision of our service, which are or may be necessary actions/pre-contractual steps related to contract conclusion.

8. When you contact us through social networks (Facebook, Instagram, X (formerly Twitter), LinkedIn, and YouTube), we collect the data you have made available when sending inquiries or requests.

9. When you request unilateral termination of a concluded contract, we collect your first name, last name, personal identification number, address, booking/accommodation data, depending on the chosen payment method.

10. When you send us any inquiry regarding our offer, we will process your contact details and/or other information you provide when submitting the inquiry.

11. If you wish to send an open job application, we will process data such as your first name, last name, age, qualifications, occupation, work experience, contact phone and other data contained in your application.

12. When filling out a satisfaction survey regarding our services during and after your stay in our accommodation units, as well as after other services provided, based on legitimate interest and for the purpose of improving our services, we collect data such as first name, last name and e-mail address.

13. For web analytics via Google Analytics, we use the “_gat._anonymizelp” application, through which the IP address of the data subject is shortened and anonymised by Google when accessing Turisthotel’s website from an EU Member State or another state under the jurisdiction of the European Economic Area.

14. When entering/leaving your personal vehicles into/from the tourist resort, we use an LPR system that recognizes license plates, enters them into a table view and links them with the first and last name when such data are entered into the system. This system serves for recording vehicle entries and exits and is used on the basis of legitimate interest, for additional security of guest vehicles, parking availability, and faster vehicle flow.

15. When we photograph and/or video record you for the purpose of promoting Turisthotel services, we process your data such as image, movement, voice, hair colour, etc., all based on your consent. Your photos and video recordings may be used on websites, in newsletters, on Turisthotel’s social media profiles, and in advertisements published online and in printed media. At any time, free of charge and without explanation, you have the right to withdraw your consent and request the termination of further processing and use of said photos and videos, whereby the withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn.

16. During video surveillance, which we introduced to ensure the safety of people and property and to reduce the exposure of employees, visitors and guests to risks of robbery, burglary, violence, theft and similar incidents at work, in connection with work, accommodation or use of our services, we process your personal data based on legitimate interest, such as recordings of your image, manner of walking, physiognomy, etc. Video surveillance recordings are stored for 30 days. Access to the recordings is granted only to persons we have expressly authorised. Upon formal request, recordings may be extracted or shared with state security services and/or courts, in which case the recordings may serve as evidence. All locations under video surveillance are marked with special signs containing additional information on how and in what way you can contact us for more details.

The above categories of your personal data are collected:

• when processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract
• in order for us to fulfil our obligations arising from the applicable regulations of the Republic of Croatia
• on the basis of consent
• on the basis of legitimate interest.

In exceptional cases, we may also process data in order to protect the vital interests of the data subject or another natural person, e.g. in case of illness or injury, which is why we may need to request your personal document or health data belonging to a special category of personal data. This would also apply in extraordinary health situations such as an epidemic, during which we would be obliged to process data on the basis of recommendations by the competent public authorities of the Republic of Croatia.

If processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent must be notified to the controller by e-mail: dpo@turisthotel.com.hr or at the address Dražnikova ulica 78, Zaton, 23232 Nin, marked “for data protection”. Such withdrawal will not affect the lawfulness of processing based on consent prior to its withdrawal.

If processing is based on legitimate interest, we have established procedures to assess that the processing is appropriate to business needs and is as minimally invasive as possible, i.e. we only carry out such processing where the interests of the data subject do not override our legitimate interests. An example of such processing is the use of necessary cookies on our websites to ensure proper website functionality, video surveillance for the purpose of ensuring the safety of people and property, and direct marketing for the promotion of our services and business improvement. In these cases, the data subject always has the right to object to such processing.

Please pay attention to the mandatory scope of data we request, as if you do not provide the requested information determined as mandatory for us to perform the requested or expected service or activity for you, unfortunately you will not be allowed to participate in it because without the requested data the activity cannot be technically carried out.

Processing of personal data in the payment process

For payment of the accommodation reservation guarantee by credit card, Turisthotel uses the services of the partner Monri Payments d.o.o., Ulica grada Vukovara 269F, 10000 Zagreb, OIB: 82551932122, which enables and carries out payment as an intermediary on our behalf and for our account through our websites. During payment, the Monri Payments system will require the provision of certain information (personal data) such as name, surname, type of card, card number, expiry date, and security CVV code. In the case of reservation payment, a contractual relationship is established which is the basis for the processing of your personal data, given the necessity of performing a contract in which you, as a user of our accommodation or services, are a party. The said reservation system is secure and uses the TLS (Transport Layer Security) protocol for the transmission of your personal data.

Data processing during payment is necessary in order to carry out all actions preceding the use of accommodation or the conclusion of a contract with the controller. Regarding the legal basis for data processing, in relation to particular types of payments or legal entities providing such services, payment data such as name, surname, code, amount, account number or other transaction codes are shared with the card company or bank or a third party through which the payment is made, all at the request of the data subject who independently chooses the payment method.

Please note that the payment of the reservation guarantee can also be made by bank transfer, in which case the reservation remains pending (not confirmed) until we receive the payment, with the requirement that bank transfer payment must be made no later than 8 days before arrival.

Turisthotel warns users to take care of the data stated on the card so that such data are not made available to third parties and are not misused.

Therefore, to summarise all of the above, we mainly collect your personal data directly from you, whether in order to conclude a contract with us, to fulfil our legal obligations, to perform an action at your request, when you engage us to provide certain services offered by us or our contractual partners, when you complete a particular form, or when you wish to receive our newsletter.

If you would like us to send you information about our services, events, offers and promotions, please subscribe to the newsletter by giving us your consent for sending.

We treat your personal data as confidential information, properly protected by Turisthotel and/or our trusted partners.

Which data do we collect directly from you and for what purpose?

Typical categories of data we collect from guests and users are the following: name, surname, place, country and date of birth, nationality, type, number and place of issuance of identification document, address of residence, date and time of arrival at the facility, expected date of departure from the facility, date and time of departure from the facility, gender, and other information you provide when filling out forms on the websites or when communicating with us via telephone, e-mail or social networks.

We collect your personal data for the purpose of:

• providing services, fulfilling contracts or otherwise ensuring the provision of the requested service
• use of all services listed on Turisthotel websites
• responding to your inquiry as efficiently as possible and processing your requests
• statistical data processing
• sending materials, offers and contacting you
• handling your inquiries and communicating with you as users of our services
• improving the quality of content, functionality and services.

In our premises as well as in the rooms, you will also find separate notices on the processing of your data as guests.

What privacy rights do you have?

Please note that at any time you have the right to request the following from Turisthotel:

• to provide you with access to your personal data
You can ask Turisthotel which of your personal data it uses, and you may also request access to that personal data. You have the right to know the purpose of processing, which categories of your personal data we store, the bodies or categories of bodies with which we share your personal data, the retention period, as well as the source of the data if the data are collected indirectly.
You can contact us if you would like a copy of some or all of the personal data we hold about you.

• to request the correction of inaccurate data
We want your personal information to be accurate and up-to-date. You can ask us to correct or remove information you believe is inaccurate or outdated.

• to request the deletion of personal data
You can ask Turisthotel to stop processing or even delete your personal data. If we need your personal data to fulfil a contractual obligation towards you, Turisthotel may cease to be able to perform such contractual obligations. Also, if your personal data is required in order to fulfil certain legal obligations (e.g. tax obligations), your request may not be feasible.

• to obtain restriction of processing under certain conditions
If you wish to contest the accuracy of data or we no longer need personal data for the purpose of processing, but you need it for the establishment, exercise or defence of legal claims, or you have objected to processing on a basis that we consider legitimate, you have the right to request the restriction of personal data processing.

• to object to the way we use your data
Remember that you have the right to object to the processing of personal data based on a legal ground that Turisthotel considers legitimate.

• to request the transfer of data to another controller (data portability)
If processing is based on your consent or is carried out by automated means, you have the right to request from Turisthotel the transfer of data to another controller.

To exercise any of the above rights, please use the contact details provided at the beginning of this Policy. Colloquially, when you request any of the above, we may refer to them as so-called GDPR requests.

If you believe your rights are not being respected, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency.

Special note:

When making an inquiry or request regarding the exercise of the rights mentioned earlier, we may also ask you for additional identifiers in cases where we suspect your identity or if you do not have verified or confirmed data in our system through which, after submitting the inquiry, we can clearly establish before providing information or a copy of data that it is indeed you. For your safety, we verify identity because we do not want your data to end up unlawfully in the hands of a third party.

The deadline for responding to your request (so-called GDPR request) is one month, and it may be extended with a written explanation of the extension.

Where are your personal data stored?

The personal data we collect about you are stored in a secure environment. Your personal data are protected from unauthorized access, disclosure, use, modification, or destruction by any organization or individual.

The processed data are stored in our premises and secure IT systems, but sometimes we store data on the servers of our trusted service providers located within the EU.

Turisthotel will ensure that personal data are kept in a secure location (which includes reasonable administrative, technical, and physical safeguards to prevent unauthorized use, access, disclosure, copying, or modification of personal data), accessible only to authorized persons. All authorized persons sign a confidentiality statement.

The collected data for the purposes stated in these Rules will be stored only for as long as is necessary to fulfill the stated purposes. Your personal data will not be kept in a form that enables you to be identified longer than Turisthotel reasonably considers necessary to achieve the purpose for which they were collected or processed. Turisthotel will retain certain personal data for the period prescribed by law or regulation that obliges Turisthotel to retain such data (see more under "How long will Turisthotel retain your personal data?"

In the event that you have given consent (for example, if you subscribed to our newsletter or selected certain categories of cookies to be used), your personal data will be processed until the consent is withdrawn.

If you submit a justified objection to the processing of personal data based on legitimate interest, we will not process your personal data in the future.

In addition, it is important to emphasize the following: if a court, administrative, or extrajudicial proceeding has been initiated, personal data may be stored until the conclusion of such proceedings, including a possible period for the use of legal remedies.

How long will Turisthotel retain your personal data?

Turisthotel will not retain your personal data longer than the period necessary to fulfill the purpose of their use, and at most for a period of 11 years, except in exceptional cases or where a longer retention period is prescribed by law.

We will retain data related to the exercise of your privacy rights for 5 years, data related to prize contests for 5 years, survey data for 5 years, video surveillance recordings for 30 days, photographs and video recordings for 5 years from the date of publication or until withdrawal of your consent, e-mail addresses for the purpose of sending newsletters until the withdrawal of consent, guest book records (kept electronically in accordance with regulations) for 2 years, while we will keep billing data for 11 years. Data related to direct marketing will be retained for 10 years or until your justified objection to processing is accepted. Call center recordings will be retained for 2 years from the date of recording.

Certain data related to requests for offers, booking or cancellation of accommodation, as well as data we need to demonstrate the content of the relationship with the data subject, or for the exercise of legal claims, will be kept for 10 years from your last stay at Turisthotel facilities. For these purposes, we will retain the data necessary for the reservation itself, as well as other data depending on the specific case, e.g. the date of receipt and the content of a complaint, correspondence exchanged with you, etc.

Sometimes, certain data may only be related to the circumstances of your stay at Turisthotel facilities, and in such cases, we will collect and process data only during your stay for the purpose of providing accommodation or another service, e.g. data on special dietary requirements or requests for a baby crib.

Information about the use and duration of cookies on individual Turisthotel websites can be found in the Cookie Policy.

You can obtain more details about data retention periods by contacting us at the above address or by e-mail at dpo@turisthotel.com.hr.

For what purposes will we use your data?

We may use your personal data in several different ways, mainly to fulfill our contractual, legal, and other obligations to you, but sometimes also to improve your website experience, the quality of our services, and for security reasons.

The purposes for which we use your data are described in these Rules, and if your data are to be processed for other purposes, you will be notified before such (new) processing is carried out.

Newsletter

Turisthotel would like to send you information about our offers, activities, and news that may be of interest to you. Please note that you may unsubscribe from receiving them at any time by exercising your rights outlined in these Rules. To sign up for the newsletter, Turisthotel collects and processes your e-mail address and preferred newsletter language as mandatory data, since without them we cannot provide the service, while other data are optional.

The newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic element embedded in an e-mail sent in HTML format, allowing it to be logged and analyzed through log files. This enables statistical analysis of the success of marketing campaigns. Through the tracking pixel, Turisthotel can see when and if an e-mail was opened by you as a data subject and which links you clicked. Personal data collected via tracking pixels in the newsletter are stored and analyzed by Turisthotel as the data controller in order to optimize the newsletter distribution process and tailor the content of future newsletters to the interests of recipients.

Video surveillance

We collect and process your personal data through a video surveillance system covering the indoor and outdoor areas where Turisthotel operates, based on our legitimate interest in protecting people and property and reducing the exposure of employees, visitors, and guests to risks of robbery, burglary, violence, theft, and similar events related to the operation, accommodation, or use of Turisthotel services.

Through the video surveillance system, we process your personal data such as recordings of your image, movements, hair color, etc.

Your personal data will not be processed for purposes other than those stated, unless required for compliance with legal obligations (e.g. providing data to courts or law enforcement authorities) or if otherwise permitted by binding regulations.

Access to your personal data collected via the video surveillance system is restricted to specifically authorized persons designated by the controller’s responsible person and/or another legal entity authorized by us for system maintenance and control. Third parties may need to access your personal data if required or permitted by binding regulations.

Cookies

In order to maintain the websites and ensure that their functionalities are at the expected level, we use a technology known as “cookies”.

Cookies are small files that we send to your computer and can later access. They can be temporary or permanent. Thanks to cookies, you can browse our pages without difficulty. Cookies show us what interests you and other visitors to our website, which helps us improve it.

Read more about cookies in the Cookie Usage Policy.

Does Turisthotel share data with third parties?

Privacy protection is important to us, so we will never share your personal data with third parties except for the purposes described in these rules. We will always inform you about data sharing and transfer.

Turisthotel cooperates with other companies. This means that we sometimes share your personal data using secure IT systems. When we do so, the data is transferred to servers located in the EU or in a country that ensures an adequate level of protection in accordance with EU legislation.

In some cases, our partners who provide services on behalf of or for Turisthotel may process your data outside the European Union. However, the contracts we conclude with such entities oblige them to handle your data with special security measures in accordance with the regulations in force in the member states of the European Union.

On July 10, 2023, the European Commission adopted a new adequacy decision based on which personal data can be freely transferred from the European Union to companies in the USA that participate in the Data Privacy Framework.

The adequacy decision is based on Article 45 of the General Data Protection Regulation and represents a mechanism that ensures safe and lawful data transfer to third countries. Companies in the USA that wish to participate in the Data Privacy Framework must go through a self-certification process and be entered on the list of companies that have joined the Data Privacy Framework.

Also, if our contractual partner is based in the USA, we will review existing contracts and check the security standards that our partner guarantees in order to ensure the protection of all our data subjects with the latest standards approved and recommended by the competent institutions.

The purposes for which we share data with our trusted partners are, for example, marketing needs, reservation systems, software support, delivery and other services inside and outside Turisthotel. According to the relevant contracts, these service providers are obliged to use the entrusted data only in accordance with our guidelines and solely for the purpose we have strictly defined. We also oblige them to adequately protect your data and treat it as a business secret.

Once a year, we conduct an audit of all our partners to ensure that the protection of your personal data remains at the required level and is in accordance with the applicable regulations.

Other websites

Other websites accessible via Turisthotel’s websites have their own privacy and data collection statements, as well as methods of use and disclosure.

Turisthotel is not responsible for the practices and terms of third parties.

Turisthotel collects and processes personal data through user interactions on social networks such as Facebook, Instagram, X (formerly Twitter), LinkedIn, and YouTube. Turisthotel, or responsible persons appointed by Turisthotel, have access to messages and/or posts on the mentioned social networks. However, personal data collected through them, especially those contained in messages, are not stored or additionally processed by Turisthotel except for the purposes stated in these Rules.

Turisthotel uses a business profile through the services of Facebook, Instagram, X, LinkedIn, and YouTube, and you can view their Privacy Policies or confidentiality statements, as well as the way they use your personal data, at:

FACEBOOK ONLINE
https://www.facebook.com/policy.php

INSTAGRAM ONLINE
https://help.instagram.com/519522125107875

X ONLINE
https://x.com/en/privacy

LINKEDIN ONLINE
https://www.linkedin.com/legal/privacy-policy

YOUTUBE ONLINE
https://policies.google.com/privacy?hl=en

Components of Facebook, Instagram, X, LinkedIn, and YouTube are embedded on the following Turisthotel websites:

• https://www.turisthotel.com.hr – LinkedIn
• https://www.zaton.hr – Facebook, Instagram, X, and YouTube
• https://hostelforumzadar.com – Facebook, Instagram, X, and YouTube
• https://www.thcatering.hr – Facebook and Instagram

Everything stated below for the website https://www.zaton.hr equally applies to our other websites. In case you have questions regarding data collection and processing by Facebook, Instagram, X, LinkedIn, or YouTube, or if you want to exercise any of your rights guaranteed by the General Data Protection Regulation, contact:

FOR FACEBOOK:
META PLATFORMS IRELAND Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland

Data protection officer contact:
https://hr-hr.facebook.com/policy.php
https://www.facebook.com/help/contact/540977946302970

If you are not satisfied with the way your personal data is collected and processed, you can contact Facebook’s lead supervisory authority, the Irish Data Protection Commissioner, or the Croatian Personal Data Protection Agency.

On its websites, Turisthotel, as the controller of personal data, has embedded components of Facebook. Facebook is a social network.

A social network is a place for social networking on the Internet, an online community that generally allows users to communicate with each other in virtual space. A social network serves as a platform for exchanging opinions and experiences, or to provide personal or business-related information to the online community. Facebook allows its users to create private profiles, upload pictures, communicate, and connect through friend requests.

Facebook is owned by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a person using Facebook lives outside the USA or Canada, the data controller is Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland. Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, is an independent controller.

When opening the website https://www.zaton.hr, the user’s browser will display the corresponding Facebook component as a result of using the Facebook plugin. An overview of all Facebook plugins can be found at https://developers.facebook.com/docs/plugins/. During this technical procedure, Facebook is provided with information about the specific subpage visited by the user.

If you are logged in to Facebook as a user, at the same time Facebook can detect each of your visits to the website https://www.zaton.hr. This information is collected via the Facebook component and linked to the user’s Facebook account. If the user clicks on any Facebook button integrated into the website https://www.zaton.hr, e.g., the “Like” button, or if the user submits a comment, then Facebook links this information to the user’s personal Facebook account and stores personal data.

Every time the user is logged in to Facebook and simultaneously visits the website https://www.zaton.hr, Facebook will receive this information via the Facebook component. This will happen regardless of whether the user clicks on the Facebook component or not. If the user does not want this type of information transfer, it can be prevented by logging out of the Facebook account before accessing the website https://www.zaton.hr.

FOR INSTAGRAM:
META PLATFORMS IRELAND Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland

Data protection officer contact:
https://hr-hr.facebook.com/policy.php
https://www.facebook.com/help/contact/540977946302970
https://help.instagram.com/155833707900388

If you are not satisfied with the way your personal data is collected and processed, you can contact Instagram’s lead supervisory authority, the Irish Data Protection Commissioner, or the Croatian Personal Data Protection Agency.

Instagram is owned by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the user lives in the EU, the data controller is Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland. Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, is an independent controller.

Instagram is a social network used to share photos and short videos that users, among other things, can edit with filters, organize using hashtags, and connect with locations via geotagging.

FOR X:
X Internet Unlimited Company, 1 Cumberland Place, Fenian Street, Dublin 2, Ireland

Data protection officer contact:
https://x.com/en/privacy
https://help.x.com/en/privacy

If you are not satisfied with the way your personal data is collected and processed, you can contact X’s lead supervisory authority, the Irish Data Protection Commissioner, or the Croatian Personal Data Protection Agency.

The owner of X Internet Unlimited Company, as the data controller for users in the EU, is X Corp. (formerly Twitter, Inc.), 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. X Corp. is an independent controller.

X (formerly Twitter) is a publicly available platform that allows its users to post so-called posts (formerly tweets) to their followers, as well as to address a wider audience, which may include images, videos, GIFs, hashtags, hyperlinks, etc.

FOR LINKEDIN:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Data protection officer contact:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/legal/privacy/eu
https://www.linkedin.com/help/linkedin/ask/TSO-DPO

If you are not satisfied with the way your personal data is collected and processed, you can contact LinkedIn’s lead supervisory authority, the Irish Data Protection Commissioner, or the Croatian Personal Data Protection Agency.

The owner of LinkedIn Ireland Unlimited Company, as the data controller for users in the EU, is LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA. LinkedIn Corporation is an independent controller.

LinkedIn is a publicly available platform for professional networking and career development that allows its users to create profiles and connect with each other in an online social network, including organizing offline events, joining groups, writing articles, posting job ads, publishing photos and videos, etc.

FOR YOUTUBE:
Google Ireland, Ltd., Gordon House Barrow St, Dublin 4, Ireland

Data protection officer contact:
https://support.google.com/policies/contact/general_privacy_form

If you are not satisfied with the way your personal data is collected and processed, you can contact YouTube’s lead supervisory authority, the Irish Data Protection Commissioner, or the Croatian Personal Data Protection Agency.

On the website https://www.zaton.hr, Turisthotel has embedded components of the YouTube service. YouTube is an internet video portal that allows free publishing, viewing, rating, and commenting on video materials. YouTube allows the publication of all types of video content, including full movies, TV broadcasts, music videos, trailers, and user-created videos.

The owner of the YouTube service is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC, which is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is considered an independent controller.

If you, as a user (data subject), are logged in to YouTube, YouTube will recognize every time you open a subpage containing a YouTube video. This information will be collected by YouTube and Google and passed on to the user’s YouTube account.

YouTube or Google will receive information through the YouTube component that the user has visited the website https://www.zaton.hr if, during the visit, they were logged in to YouTube; this will happen regardless of whether the user clicked on the YouTube video or not. If you do not wish to allow such information transfer, you can prevent it by logging out of your YouTube account before opening the website https://www.zaton.hr.

This chapter of the Rules applies only with respect to the controller insofar as it owns and manages the social networks listed in this chapter and depending on which social networks it specifically uses on its websites. In the event of the discontinuation of social networks, this chapter will no longer apply.

Entry into force and changes to the Privacy Policy

These Rules enter into force upon publication on the website.

Turisthotel reserves the right to amend and supplement the Privacy Policy, and the same will be published on the websites.

Date of update and publication: October 07, 2025