KAMINSKY Ltd., Zagreb, Predanić 7A, registration number (MBS): 081209066 registered in the Commercial Court Registry in Zagreb, OIB 49454711795 as the data controller, has prepared this Notice for you in order to inform you about the processing and protection of your personal data.

We have posted this notice on our website to make information about the processing of your personal data available to you at any time.

This notice is effective from April 1, 2024.

DATA WE COLLECT

The data we collect falls into three categories:
(a) information you provide to us;
(b) information we collect automatically; and
(c) information we collect from other lawful sources.

Generally, we collect data directly from you and you provide it to us voluntarily. We will inform you when providing your personal data is necessary for the provision of a service or is required by law. Please note that if the data is necessary for the provision of a service or required by law, if you do not provide us with the necessary information, we will not be able to provide our service.

Data Collection Directly from You

You may provide us with the following data:

  • personal data, such as your name, postal and email address, telephone number, date of birth, and other contact details when you register for our online or SMS services, participate in any of our competitions, or contact us by phone or through online services to make an inquiry, give praise, or make a complaint about our products and/or services;
  • transaction data, including data about the products you purchase, prices, payment methods, and payment details;
  • your account data, such as your username and password that you use to access our online services or to purchase, use our products and services.

We collect the above data for the conclusion and performance of contracts with you, the fulfillment of our legal obligations, or on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. b, c, and f of the General Data Protection Regulation (hereinafter referred to as GDPR).

In addition to the above, based on your consent pursuant to Art. 6 para. 1 lit. a of the GDPR, we may collect the following data:

  • information about your profile, including products and services you like, and the time you most frequently visit us; and
  • other personal data voluntarily disclosed to us during communication with us.

Data Collection by Automated Means

We may use automated technology to collect data from your computer or mobile device when you visit our restaurants, use our online services, or use technologies in our restaurants. Automated methods of data collection may include "cookies," local shared objects, and web beacons. Below is more information about "cookies" and other technologies.

In this way, we may collect data about:

  • Internet Protocol (IP) address;
  • the operating system of your computer or mobile device and the Internet browser used;
  • the type of mobile device and its settings;
  • unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device;
  • device and component serial numbers;
  • advertising identifiers (e.g., IDFA and IFA) or similar identifiers;
  • your communication with us or about us on social media; and
  • your activities related to how you use our online services, such as the content you visit on our mobile applications.

We will endeavor, whenever technically feasible and reasonably expected of us, to request and obtain your consent for the collection and processing of this data from our side. You can refuse such consent for data collection by refusing to issue the requested consent, as well as by using your device or internet browser settings and following the instructions of your mobile service provider, device manufacturer, or internet browser provider, to whom you can address this purpose. Some online services and technologies in restaurants may not function correctly if they do not have information about your location, about which we will endeavor to inform you. If you wish for us to delete information we have collected that may reveal your location, please contact us at the address provided below. It is possible that we are required by law to retain some of this data.

Data Collection from Other Sources

We may collect information about you from other legitimate sources, ensuring that the data is legally collected. We may also collect publicly available data. For example, we may collect data that you have posted on your public profile while communicating with us through that profile.

 

NOTICE TO BUSINESS PARTNER REPRESENTATIVES

KAMINSKY Ltd. undertakes to handle the collected personal data of owners, representatives, or other representatives of PARTNERS in accordance with the provisions of the General Data Protection Regulation and the relevant applicable data protection regulations. For this purpose, KAMINSKY Ltd., in accordance with Articles 12 and 13 of the General Data Protection Regulation, provides the following information:

Personal data collected in the process of concluding and fulfilling the contract as a data controller is collected by KAMINSKY Ltd., Croatia, Zagreb, Predanić 7A, OIB 49454711795. The contact person for personal data protection is info@hotelmagdalena.hr

KAMINSKY may use the collected personal data for the purpose of drafting and fulfilling cooperation contracts. Accordingly, the data is collected on the basis of KAMINSKY's legitimate interest, for the purpose of concluding and fulfilling contractual relationships.

The data collected includes contact information of partner contacts - directors, owners, and/or employees responsible for contacting KAMINSKY (name, job title, official mobile phone, and official landline).

The collected data may be disclosed to competent authorities in accordance with the provisions of applicable regulations (e.g., police, courts, tax authorities, etc.). The collected data is not exported outside the EU.

The collected data is retained within the time limits prescribed by positive regulations (tax and accounting regulations), and additionally for a period of 2 months from the expiration of the statute of limitations for the rights and obligations of KAMINSKY.

KAMINSKY respects the rights of data subjects to access, rectify, erase, and restrict the processing of personal data, as well as the right to object to processing and the right to data portability. Data subjects may exercise these rights by submitting a written request to KAMINSKY and/or the Data Protection Officer. The right to lodge a complaint is exercised by lodging a complaint with the Croatian Personal Data Protection Agency.

HOW WE USE THE DATA WE COLLECT

The data we collect may be used in the following ways:

To provide you with our services and fulfill contractual obligations:

  • to fulfill your requests, process orders, and process payments for our products and services;
  • to communicate with you regarding your orders, purchases, or accounts with us, as well as regarding your requests, questions, or comments;
  • to enable you to use our online services (including mobile applications); and
  • to provide customer support services, including handling complaints about our services.

To offer or improve our services and for other legitimate business reasons:

  • to inform you about our products and services, competitions, offers, promotions, or special events that we believe may interest you (if you give us permission to do so);
  • to personalize your experience in our restaurants and online services, or to use analysis and profiling technologies to personalize your experience, deliver content tailored to your estimated interests, and adapt to how you use our online services or restaurant technologies, to which you always have the right to object;
  • to manage our business, including developing new products and services, conducting customer and business research, evaluating the effectiveness of our sales, marketing, and advertising;
  • to manage our business, diagnose technical problems or service issues, manage our online services and restaurant technologies, prevent fraud, collect demographic data about our customers, and determine usage patterns of our services;
  • for maintaining, managing, and improving our products, offers, promotions, online services, and other technologies;
  • for selecting our employees in job competitions

For compliance with legal requirements:

  • for the purpose of protection against, detection, and prevention of fraud and other criminal offenses, as well as protection against or filing of our lawsuits and claims based on liability;
  • for compliance with legal obligations and our policies;
  • for establishing, exercising, or defending legal claims against us; and
  • monitoring and reporting on compliance matters.

With your consent, the data we collect may be used for the following purposes:

  • for providing location-based services;
  • for providing online services to minors under the age of 16 (with parental consent);
  • for the use of cookies and similar technologies;
  • for providing online services (including mobile applications) to you.

The data we collect about you may also be used in other ways, about which we will inform you at the time of data collection or for which we will seek your consent.

HOW WE SHARE THE DATA WE COLLECT

We do not sell your personal data, and we only share it with others as described in this Privacy Statement.

We may share your personal data with suppliers who perform certain services for us, such as order fulfillment, data processing, or other information technology services, conducting promotions, contests, prize draws, conducting research and analysis, and personalizing the user experience with Hotel Magdalena. In such cases, we take measures (such as using standard data protection clauses) necessary to ensure an appropriate level of protection for your personal data. We do not allow these suppliers to use or share this data for any purpose other than to provide services to us.

For strategic or other business reasons, we may decide to sell or transfer all or part of our business. As part of such sale or transfer, we may transfer the data we have collected and stored, including personal data, to anyone involved in such sale or transfer.

Sometimes, we may share data that does not directly identify you. For example, we may share anonymous, aggregate statistical data about your use of our online services. Or we may combine data about you with data about other users and share it with someone else in a way that cannot lead to the identification of individual subjects.

Additionally, we are authorized to use and share data when necessary to comply with legal or regulatory requirements, protect our online services and technologies in restaurants, raise or defend against lawsuits and other legal claims, protect the rights, interests, and safety of our company, our employees, or third parties, or as part of a fraud investigation or other criminal activities, or violations of our policies.

CHILDREN'S PRIVACY

We are aware of the importance of protecting your privacy when using our online services. We are particularly committed to protecting the privacy of children who visit or use our online services.

Persons under the age of 16 may only use our online services with the consent of a parent or guardian, as applicable. We will not knowingly collect and retain personal data of persons under the age of 16 (regarding online services) or minors regarding all other services, without seeking the consent of a parent or guardian.

We encourage parents to regularly check and monitor their children's online activities. If you have any questions about our approach to children's privacy protection, please contact us at the contacts provided below.

YOUR OPTIONS AND CHOICES

If you have given us consent to receive marketing information, you can later opt out by following the unsubscribe instructions found in the marketing messages we have sent you. Similarly, in the general instructions found in the section of your user profile on the online services you use, you can find communication preference options, including opt-out instructions. Also, there may be an option to adjust your communication settings on your device. You can also opt out by contacting us at the address, telephone number, or email address provided below.

If you opt out of receiving our marketing messages, we may still send you messages regarding your transactions, your user accounts, as well as any competitions, sweepstakes, or draws you have entered.

Opting out of one form of communication does not mean you have opted out of others. For example, if you opt out of receiving marketing email messages, you may still receive text (SMS) messages with marketing content if you have chosen to do so.

We do not sell or make personal data available to third parties for their direct marketing activities unless you allow us to do so. Upon our notice and your consent, we will share your personal data with third parties in accordance with your instructions.

We retain your data for as long as necessary to fulfill the purposes stated in this Statement, which means that we will not retain your data longer than the period for which you have given us your consent, or until the consent is withdrawn (for data collected and processed based on your consent), or generally no longer than 6 years from the end of the calendar year in which the data was collected (unless a longer period is prescribed by law, permanent retention, or when we determine that there is a legitimate interest for longer retention, for example, in a situation where a proceeding is expected or underway before the competent authority). For data retention periods collected for specific purposes, please review the notices provided in the introduction of this statement.

YOUR RIGHTS REGARDING PERSONAL DATA

For data collected and processed based on your consent, you have the right to withdraw your consent at any time by submitting an appropriate request to the contact addresses below (this does not affect the lawfulness of processing before consent withdrawal). KAMINSKY d.o.o. respects the rights of data subjects to access, rectify, and restrict the processing of personal data, as well as the right to object to processing and the right to data portability.

These rights include, for example:

  • When the processing of your personal data is based on your consent, you can withdraw the consent at any time; withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal of consent;
  • Request access to your personal data and obtain a copy of such data;
  • Obtain your personal data in a structured, commonly used, and machine-readable format and request us to transmit them directly to another company, in case you have provided us with your personal data and they are processed based on your prior consent or are necessary for the performance of a contractual obligation;
  • Correction of your personal data in case they are inaccurate or incomplete;
  • Objecting for reasons related to your particular situation against our processing of your personal data based on our legitimate business interest, including profiling and sending marketing communications;
  • Erasure of your personal data, including all links to them and all copies and replicas thereof, to the extent permitted; for example, if your data is outdated, unnecessary, or unlawful, or if you withdraw your consent for processing based on that consent and when you succeed with an objection to processing;
  • Obtaining a restriction on processing while we process your request or objection regarding the accuracy of your personal data or the lawfulness of processing your personal data and the legitimacy of our interest in processing that data, or if your personal data is needed for the purposes of conducting a legal proceeding;
  • Furthermore, you have the right to withdraw your consent previously given for the processing of your personal data at any time.

You may exercise these rights free of charge, except where the request is unfounded or excessive, for example, due to its repetitive nature.

We may refuse to act on your request or impose some restrictions on you, to the extent permitted by applicable law. Before providing you with any information or correcting inaccuracies, we may ask you to confirm your identity and/or provide additional details to assist us in responding to your request.

These rights are exercised by data subjects by submitting a written request to KAMINSKY and/or the Data Protection Officer at the contact details below. The right to lodge a complaint is exercised by lodging a complaint with the Croatian Personal Data Protection Agency.

USE OF OUR ONLINE SERVICES AND OTHER TECHNOLOGIES

Our website may use "cookies," web beacons, and other similar technologies on our online services, as well as in other areas of our business, such as online advertising, to collect data and deliver services or products requested by you. As stated above in this statement, we will seek your consent to use such functionalities in each such case.

"Cookies" and other tools

"Cookies" are small text files that are placed on a user's web browser or device to record and/or collect data about the user.

A web beacon is a small object or image embedded in a web page, application, or email and is used to track activities. They are sometimes referred to as "pixels" or "tags."

Please note the following:

  • When using our online services, you may receive a "cookie."
  • We may use "cookies" and other tools temporarily ("session cookies" - lasting only for the duration of your visit to the site) and permanently ("persistent cookies" - lasting for a specified period).
  • Our online services, as well as other areas related to our business, may have web beacons. We use "cookies," web beacons, and other similar tools to collect data for the purposes described in this Statement.

We may use the mentioned technologies for the following purposes:

  • To enable you to access and use our online services, which may not function properly without these technologies;
  • To improve our products and services;
  • To track the effectiveness of our online services (e.g., visits, errors, page response time, popularity of specific content, etc.);
  • To enable us to tailor our services to your preferences and interests;
  • For marketing activities through targeted advertising; and
  • For other purposes described in the section of this Statement titled "How we use collected data."

For example, we may use certain tools to determine if you have opened an email message or clicked on a link contained in an email message; or how you use our website pages and the content of our mobile applications; or if you have viewed our online advertisement.

KAMINSKY and third parties (e.g., networks through which we advertise and whose privacy policies we do not control) may use these technologies to collect data about your online activities over time and across websites and devices of third parties, as well as during the use of our online content, in order to customize our content to your interests.

We advise you to adjust the appropriate settings on your web browser if you do not wish to receive "cookies" or if you want your browser to notify you when you receive a "cookie." Using the "Help" feature on your browser, familiarize yourself with ways to change your settings regarding "cookies."

Some newer web browsers may have a "Do Not Track" option that sends a "Do Not Track" signal to all websites you visit, indicating that you do not want your activities to be tracked. At this time, we do not take action in response to a "Do Not Track" signal because a universal technological standard for this has not yet been developed. However, we are monitoring the development of these technologies, and it is possible that we will adopt such a standard when it is developed.

Targeted Advertising

When using our online services, we may collect information about your activities in order to provide you with advertising content tailored to your interests. As already mentioned in this statement, the provision of advertising content is conditioned by your consent, from which you can always withdraw as described in this statement.

Please note that our advertising messages may also appear on third-party websites from which we or our partners (marketing agencies, or other companies) have purchased advertising space to place advertising content. In this case, the rules of the advertising pages on which the content is published apply to the collection and tracking of data about access to such advertising content. We do not influence the privacy policies of such advertising pages, but we will make reasonable efforts to ensure that our ads are not posted on advertising pages that have not implemented GDPR and other applicable data protection regulations.

Links to Other Websites and Social Media

Our online services may contain links to websites that are not operated by us but by third parties. If you visit these linked websites, we advise you to read their privacy policies, terms of use, and other policies. We are not responsible for the policies and practices of third parties. Any data you provide to these organizations will be treated in accordance with their privacy policies, terms of use, and other policies.

Our online services may also have applications, tools, gadgets, and widgets from other suppliers, such as Facebook's "Like," which may also use automatic information collection about how you use these features. These organizations may use your data in accordance with their policies, over which we have no control.

Information Security

We are committed to taking all appropriate and reasonable measures to protect the security of your personal data. Our technical, administrative, and physical protection procedures are designed to protect your personal data from accidental, unlawful, or unauthorized loss, access, disclosure, use, alteration, or destruction. Although we make every effort to protect our information systems, no website, mobile application, computer system, or data transmission over the internet or other public network is guaranteed to be 100% secure.

Data Transfer Abroad

The transfer of personal data abroad, for the purposes stated in this Statement or, for example, for storing your personal data, will be carried out in accordance with this Privacy Statement and applicable personal data protection regulations.

Your personal data may be transferred or stored in the European Economic Area (EEA). Data may also be transferred and stored outside the European Economic Area. In this case, our suppliers as third parties may process the data. Data outside the European Economic Area may only be transferred under the condition that adequate protection is provided, such as (1) a European Commission decision on adequacy regarding the country to which the data is exported; (2) confirmation of the existence of a "privacy shield" if the data is exported to the US; or (3) appropriate and binding agreements in accordance with personal data protection regulations.

Changes to the Privacy Statement

This Privacy Statement applies from the date indicated at the beginning of the Statement. The Statement may be amended from time to time. If there are any such changes, we will publish the new version at this location with the amended "Last Modified Date" (i.e., the date from which it applies) at the beginning of the Statement. We advise you to regularly check for the latest versions of the Statement here.

IF YOU HAVE QUESTIONS ABOUT THE PRIVACY POLICY

If you wish to contact us regarding a question, request (including withdrawal of consent or request for the use of rights of access, correction, and limitation of personal data processing, as well as the right to object to processing and the right to data portability) or inquiry concerning your personal data, you can do so at:

KAMINSKY d.o.o.
Predanić 7a, 10250 Zagreb
Contact Data Protection Officer: info@hotelmagdalena.hr

VERSION: 1.0. AS OF April 1, 2024.