Privacy Statement
We undertake to protect customers’ personal data by collecting only necessary, primary data about customers/users that are necessary for the fulfillment of our obligations; informing customers about how the collected data is used; and regularly allowing customers to choose about the use of their data, including the ability to decide whether or not they want their name removed from lists used for marketing campaigns.All user data is strictly kept and is available only to employees who need this data to perform their work. All our employees and business partners are responsible for respecting privacy protection principles.
Legal notice
By using the staywithmartha.com website or arranging travel and other services provided by Marta&Marija j.d.o.o. travel agency for you or someone else, you declare that you are familiar with the relevant provisions related to using personal data for contracting and realization of travel. If you disagree with the stated conditions, please do not send us your data or arrange a trip for yourself or someone else before clarifying any doubts. Feel free to ask for additional information, which we will gladly give you by email (info@staywithmartha.com) or by phone (00385 91 21 555 44).
Protection of personal data
Marta&Marija j.d.o.o., Porečka ulica 2b, 10000 Zagreb, as the manager of the processing of your data, is aware of the importance of the above and therefore pays excellent attention to the protection of the personal data of its clients, by the best business practices and valid Croatian and European regulations, including the GDPR Regulation, i.e. General data protection regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016)We provide all the necessary information about the method of processing and protection of personal data and the rights that clients have in relation to this processing.
Consent
Although Marta&Marija have a legally legitimate interest in processing your data and forwarding it to third parties when this is necessary to perform the contract and provide services within the framework of the contracted tourist package, we primarily draw attention to the fact that the client who provided Marta&Marija with his data will be deemed to have expressly expressed his consent to the processing of this data. Please note that if you arrange a trip for other people, you must have their permission to use their data for this purpose, that is, the consent of the other passengers for whom you are arranging the trip and whose personal data you provide to us. You must inform all passengers for whom you are arranging a journey about the contents of this document before you send us their data. If you do not agree with any of the statements below, do not provide us with any personal data, and we invite you to contact us first via email at info@staywithmartha.com, by phone at 00385 91 21 555 44, and request additional information that we will be happy to provide.
Types of personal information we collect
We collect only data necessary to fulfill the purpose of data collection and by applicable legal regulations.
The data we collect are first and last name, date of birth (so that we can send you an offer and perform the services included in your travel contract and tourist package), phone number and email address (so that, if necessary, we can contact you before, during or after traveling with different information or questions), OIB and address (to contract optional travel insurance), and additionally, if necessary, we can ask for information about gender if it is not clear to us from the name, citizenship (to provide relevant information about the required travel documents or travel insurance), and credit card number along with other information necessary for card billing if you choose that payment method. Also, if you send an inquiry via the form on the Internet, the system will automatically record your IP address.
In certain non-standard situations, there may be a need to process specially protected categories of personal data that reveal religious or philosophical beliefs, trade union membership and data related to the client’s health to initiate the procedure for activating the travel insurance policy. The data mentioned above will be requested exclusively to perform contractual or business obligations or other services requested by the client, i.e. performing actions that precede the conclusion of a contract or the performance of duties, i.e. services. It will be considered that the client who provided information from the particular category of personal data to Marta&Marija has expressly expressed his consent to processing such data.
Field of application
What is stated in this document applies to all personal data of clients that Marta&Marija collects and processes, as well as to all personal data processed by partners of Marta&Marija (hotels, local agents, travel agencies, bus carriers, tour guides and companions, airlines, shipping companies and other legal or physical entities engaged by Marta&Marija for the execution of services provided for in the tourist package arrangement, travel program or additional services at the client’s request).
A client is considered a person who has requested a service, a service offer, a response to an inquiry or an informative price calculation from Marta&Marija, and any person for whom another person (Travel Contractor) has contracted a trip or some service.
Personal data relates to an individual whose identity has been determined or can be determined (Article 4 of the General Data Protection Regulation).
Data processing means any procedure or set of procedures performed on personal data or sets of personal data (Article 4 of the General Data Protection Regulation).
Relevant principles of personal data processing
Processing by the purpose of data collection: We process the collected data only for the purpose for which it was collected.
Limitation of the amount of data: We collect and process only the data necessary to achieve the purpose of the processing.
Lawful, fair, and transparent processing: We process data in accordance with applicable laws relating to the processing of personal data and with the best business practices for data protection. Data accuracy: We pay great attention to data accuracy. The client has the right to view and correct the data at any time.
Limitation of data processing and storage time: We process and store data only for as long as is necessary to fulfill the purpose for which the data was collected or as required by applicable regulations, with a special note that certain data such as name and surname, as well as contact data, and other data that you voluntarily gave us to keep for a maximum period of 5 years to comply with legal regulations.
Security of personal data: Marta&Marija travel agency undertakes to respect the privacy of all its clients, and all client data is strictly stored on password-protected servers and/or computers; only Marta&Marija employees who have signed a statement on the protection of clients’ data have access to them, which also obligates them to use all client data exclusively to perform the necessary actions for the execution of the services contracted by the client at his request. All information sent by the user or automatically recorded is used by this statement, i.e. the Personal Data Protection Act and the Electronic Communications Act.
Client rights
By the General Data Protection Regulation, the client has the following rights:
Right to access data
The client has the right to receive confirmation as to whether we process his data. If we do, he has the right to receive the following information: information on the purpose of processing, on the category of personal data that we process, on the recipients or categories of recipients of the data that we process, on the expected period in which the data will be stored or the criteria for determining that period, on the right to request correction, erasure and restriction of data processing, on the right to file a complaint with a supervisory authority, information on the system for automated decision-making, such as profiling, and on protective measures if the data is transferred to a third country.
Right to rectification and erasure
The client has the right to request and obtain the correction of incorrect data and the deletion of data unless the data is necessary for the purpose for which it was collected or it is necessary to keep it according to valid legal regulations. Marta&Marija has the obligation to confirm to the client, i.e., inform the client about the change or deletion of data made at the client’s request.
The right to restriction of processing
The client has the right to request the limitation of data processing under the conditions defined in the General Data Protection Regulation. Marta&Marija is obliged to inform the client about the restriction of processing made at the client’s request.
The right to data portability
The client has the right to receive the data he provided us in a structured, common and machine-readable format and to transfer them to another Data Controller without restrictions.
The right to object
The client has the right to object to the processing of personal data at any time and to object to direct marketing at any time, in which case we will not use the data for this purpose.
Automated decision making including profiling
The client has the right not to be subject to decisions based on automated processing, including profiling.
To realize your rights, feel free to contact us at info@staywithmartha.com.
METHOD OF COLLECTION OF PERSONAL DATA
We collect data about our customers in the following ways:
Data is collected in person at the branch office, by phone, or by email. When making a reservation, making an offer, providing other services at the client’s request, or carrying out preparatory actions related to the requested services or a tourist package, we ask the client for personal data necessary for the execution of the subject.
The client can leave his data personally, or another person can do it on behalf of another client (Travel Contractor), but only with the client’s consent or approval can a trip be arranged for him.
Data collection via the Internet
On our Internet pages, when sending an inquiry or request for a reservation, we collect the data necessary to make the reservation or offer. The client submits data to us via a form on the Internet.
Consent of the client
The client’s consent means any voluntary, specific, informed and unambiguous expression of the wishes of the subject by which he gives his consent to the processing of personal data relating to him by a statement or an explicit affirmative action (Article 4 of the General Data Protection Regulation). Without the client’s consent or legitimate interest, we will never use the client’s data for any purpose for which consent is necessary, according to current regulations.
PURPOSE OF COLLECTION OF PERSONAL DATA
We collect personal data for the following purposes:
For the execution of the contract or preparation for the execution of the agreement: so that we can perform the service to the client or so that we can make an offer for the service to the client, and to later inform the user about services or relevant information related to the past or future contracted trip.
For internal purposes: We keep the client’s data for a maximum period of five years so that at the request of the regulatory authorities, we can prove business by the law, protect the legitimate interests of the client or our legitimate interests, and apply legal regulations. Marta&Marija undertakes to keep only the data necessary for those mentioned above. This may, for example, include keeping client data so that we can best respond to possible client complaints, using client data to prevent, detect and process abuses to the detriment of clients or Marta&Marija, ensuring the safety of employees, clients, products and services of Marta&Marija, creating services and offers that correspond to the needs and wishes of clients, market research and analysis, optimization of sales channels, etc. The legal basis for processing data for these purposes is the legitimate interest of Marta&Marija, except when this interest is stronger than the interest or fundamental rights and freedoms that require the protection of the client’s data and/or the legal basis for the protection of the critical interests of the client or other natural person. An exception is also in all cases where the legal basis is consent.
To fulfill legal obligations: Based on a written request based on valid regulations, Marta&Marija must submit to the competent state authorities or provide access to specific clients’ data. The legal basis for data processing for these purposes is the fulfillment of Marta&Marija’s legal obligations.
TRANSFER OF DATA TO THIRD PARTIES
We pass on customer data to third parties only in the following cases:
This is for contract execution or preparation for contract execution with the client. We forward the data to a third party when it is necessary to provide the client with the contracted service or requested information. This includes, for example, sending the client’s data to the hotel, insurance company, travel agency in the destination in charge of arranging accommodation (local agent), carrier, travel companion and/or tour guide when this is necessary to perform the service or make an offer for the service.
When the user has given consent, we forward the data to a third party if it is necessary for the purpose for which the user has given consent.
When we hire subcontractors to perform specific jobs, we forward personal data to the subcontractor. If we engage subcontractors as processors for the performance of specific jobs, we forward personal data to the subcontractor. In doing so, we use subcontractors exclusively from the EU. These subcontractors work solely on the order of Marta&Marija and according to the contract concluded with Marta&Marija, which ensures data protection measures as if CogitoLab processed the data.
PROTECTION OF PERSONAL DATA
To protect our clients’ personal data, we use the best business practices in tourism and information and communication technologies. We continuously adapt our internal processes to achieve an optimal level of personal data protection. In doing so, we use various organizational measures and technical means to protect user data from unauthorized access, change, loss, theft, or other misuse.
WEBSITE
Our websites use cookie files to improve your user experience and optimize it according to your needs. Data in cookie files and other data automatically recorded when accessing the site are not personal data (e.g. bounce rate, browser type, visitation data, visit duration, etc.) Marta&Marija has the right to use it exclusively to evaluate site visits and improve its website’s functionality or content. A cookie is a text file that the server saves on your hard drive, which cannot be used to harm your computer and run unwanted programs. By accessing the staywithmartha.com page, you agree to use cookie files for the stated purposes. By accessing the staywithmartha.com website, your IP address may be recorded for analytics and later analysis of visits to our websites. Our Internet pages may contain web links, that is, directions to other Internet pages that are not part of our site, and we do not assume any responsibility for the contents of other people’s pages.
CONTACT
The client can exercise his rights under the General Data Protection Regulation by submitting a request to info@staywithmartha.com.
In accordance with legal provisions, you have the right to information about your personal data stored in our databases and to correction, addition, or deletion of personal data. Correction, addition, and deletion of personal data are carried out upon written request sent to the email address info@staywithmartha.com.
If the client suspects a violation of his personal data, he can send a report to info@staywithmartha.com. In this case, Marta&Marija will react according to the urgent procedure to eliminate any possible irregularities or provide additional information. The client can also submit a report to the Personal Data Protection Agency.