Data Protection Policy
CONSENT FOR PERSONAL DATA PROCESSING FOR SPECIAL PURPOSES
CONTROLLER: CRVENA LUKA D.D., OIB: 31134205023, CRVENA LUKA 1, 23210 BIOGRAD NA
MORU, TEL: 023383640, EMAIL: firstname.lastname@example.org
By clicking “I agree” at the end of this form, Data Subject freely, willingly and explicitly gives their consent to
collect, keep in data archive and conduct further processing of their personal data given to the Controller, for
purposes and in the extent regulated by applicable regulation.
Data Subject’s collected data will be used for purposes of: sending offers, invitations, information, newslatter in
Data no longer needed for processing can be kept for statistical and historical purposes but will not be processed
in any other way, and is protected from unauthorized access and viewing.
Data Subject gives their consent to the Controller to collect and process their personal data through video
surveillance subject to applicable regulation and for purpose of security of tourist resort.
PERSONAL DATA PROTECTION
Protection of data privacy is permanent. Controller takes all necessary measures to protect the data according to
applicable regulation and good practice.
Controller handles personal data in accordance with the Croatian Data Protection Act and General Data
Protection Act (GDPR), while applying the corresponding physical and technical security measures for
protection of personal data from unauthorized access, misuse, loss or destruction. Procedures and means of
processing personal data, physical and technical security measures are regulated in accordance with GDPR
regulation by internal rules and GDPR Policies of the Controller.
Controller will not give, sell or make personal data accessible to third persons, except the ones listed in this
consent. By exception, Processor may give Data Subject’s personal data to third persons when the transfer is:
- Needed in order to conduct activities taken at Data Subject’s request
- Made compulsory by laws in public interest
- Needed to initiate, conduct or defend against legal requests
- Needed to protect vital interest of the Data Subject
Collected data may be sent to Processors for processing, namely outsorced web provider, for purpose of: real
Collector will keep collected data for a period of 5 years, after which period the data will be automatically
deleted in accordance with Collector’s internal GDPR Policies
SENDING MESSAGES BY E-MAIL
When Data Subject sends e-mail containing personal data by which they can be identified, by e-mail containing
questions or comments or forms delivered by e-mail, Collector will use such data only for purpose of meeting
the Data Subject’s requests.
RIGHT TO VIEW AND ACCESS
Data Subject may at any time request access to all personal data collected by the Collector, and means and
purposes of processing it. Data Subject may request from the Collector to update and change personal data in
case of their change.
RIGHT OF DELETION
Data Subject has the right to obtain from the Collector deletion of personal data pertaining to them, providing
one of the following terms has been met:
- personal data is no longer needed for purpose for which they were collected or processed in other way;
- Data Subject withdraws their consent on which the processing is based, and there is no other legal basis for
- Data Subject files a complaint to processing, and there is no stronger legitimate reason for processing;
- personal data has been illegally processed;
- personal data has to be deleted in order to meet a legal obligation arising from law of EU or a member state
applicable to the Collector.
WITHDRAWAL OF CONSENT
Data Subject may withdraw their consent at any time. Withdrawal does not affect legality of processing based on
consent made before it’s withdrawal. Withdrawal may be filed by mail or e-mail to the above stated Collector’s
LEGALITY OF PROCESSING
Collector will process Data Subject’s data in a legal and safe manner. If the Data Subject considers the Collector
handles their personal data illegally, they have a right to file a complaint to the supervisory body (Agency for
data protection – AZOP)