GrayLine

DECLARATION ON PRIVACY AND PROTECTION OF PERSONAL DATA

LEGAL NOTICE

By using the www.graylinesplit.com web site or by contracting travel and/or other services provided by GrayLine d.o.o. travel agency for you or someone else, you agree to the General Terms and Conditions contained on the link here www.adriatic4you.com/opci-uvjeti and state that you are familiar with the relevant provisions relating to the use of personal data for the purpose of contracting and realization of travel.

If you do not agree to these terms, please do not send any personal information to us or sign up for a tour for yourself or anyone else before clearing any potential doubts you may have and feel free to ask for additional information. We will be happy to provide you response via email at graylinecro@gmail.com or by telephone at +385 91 240 0800.

PERSONAL DATA PROTECTION

Gray Line d.o.o. Travel Agency, Put Salduna I 5, 21220 Trogir as the manager of processing personal data is aware of the importance of the above mentioned and therefore attaches great importance to the protection of personal information of its clients in accordance with best business practice and applicable Croatian and European regulations, including the Regulation GDPR, The General Data Protection Regulation (EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016).

Below we provide all the necessary information on how to process and protect your personal information and the rights that our clients have regarding the processing of personal information.

APPROVAL or CONSENT (PRIVOLA)

Although Gray Line d.o.o. has legally legitimate interest in processing your data and forwarding it to third parties when it is necessary for the purpose of executing contracts and providing services within the agreed tour package, we pay particular attention to the fact that the customer who expressly disclosed your personal information to Gray Line expressed his interest in processing this data.

Please note that if you subscribe other people to a tour you must have permission to use their personal data for that purpose, or the permission of other travelers with whom you are traveling and whose personal information you submit. Certainly, it is important that all travelers with whom you travel know the content of this document before sending us their personal information.

If you do not agree with any of the claims below, do not provide us with any personal information, and we invite you to contact us by email graylinecro@gmail.com, by phone at +385 91 140 0800, and ask for additional information we will be happy to provide you.

TYPES OF PERSONAL DATA WHICH WE COLLECT

We only collect data that is necessary for the purpose of data collection and in accordance with applicable legal regulations.

The data we collect are: name and surname, date of birth (to be able to bid and carry out the services covered by your Travel Contract and Package Travel Package), phone number and email address (so that you can contact us before, during or after traveling with different information or questions), OIB and address (for the purpose of negotiating optional travel insurance), and additionally and if necessary we may request gender information if it is not understandable from the name, citizenship (for the purpose of providing relevant information on the necessary travel documents or travel insurance) and the number of credit cards along with other information required to charge your card if you choose this payment method. Also, if you submit a request via the form on the web page, the system will automatically record your IP address as well.

In certain non-standard situations, the need for processing specially protected categories of personal information that reveals religious or philosophical beliefs, union membership, and data related to client health may be created in order to initiate a travel insurance activation procedure.

The above data will be requested for the purpose of performing contractual or business obligations or execution of other services requested by the client, or performing the activities preceding the conclusion of the contract or the fulfillment of obligations ie services. It will be considered that a client who provided data in a special category of personal data to Gray Line expressed his or her interest in processing such data.

APPLICATION AREA

The information contained in this document applies to all personal information of the clients that Gray Line d.o.o. collects and processes, as well as all personal data processed by Gray Line d.o.o. partners (hotels, local agents, travel agents, bus operators, tour guides and escorts, airline companies, shipping companies and other legal or physical entities engaged by Gray Line for the provision of scheduled tourist package arrangements, travel programs or additional services to client request).

A customer is considered a person who is from Gray Line d.o.o. requested a service, a service offer, an answer to an inquiry or an informative calculation of the price, as well as any person for which the other person (the Travel Contractor) contracted a tour or a service.

Personal data is any data relating to an individual whose identity has been identified or can be identified (Article 4 of the General Data Protection Act).

Data processing means any procedure or set of procedures that are carried out on personal data or on personal data sets (Article 4 of the General Data Protection Regulation).

RELEVANT PRINCIPLES OF PERSONAL DATA PROCESSING

Processing in accordance with the purpose of data collection: We collect data only in accordance with the purpose for which this data was collected.

Limiting the amount of data: We collect and process only those data that are necessary to achieve the purpose of processing.

Legitimate, Fair and Transparent Processing: Data is processed in accordance with applicable laws pertaining to personal data processing and in accordance with the best business practices of data protection.

Data accuracy: We give extreme attention to data accuracy. The Client has at any time the right to inspect data and correct his / her data.

Restrict Data Processing and Data Storage: Data is processed and kept only for as long as is necessary to fulfill the purpose for which the data was collected or as required by the applicable regulations, with the special note that certain data such as name and surname, as well as contact information and other informations you have given us arbitrarily to keep up to a maximum of 5 years to comply with legal regulations.

Personal Data Security: Gray Line d.o.o. the tourist agency is committed to respecting the privacy of all its clients, and all customer data is strictly kept on password-protected servers and/or computers, access is restricted to Gray Line employees who have signed a privacy statement for customers, who also agrees that all client data will be used solely for the purpose of performing the necessary actions for execution of the services that the client has contracted at his own request. All informations that the user sends are automatically recorded and used in accordance with this statement, ie the Personal Data Protection Act and the Electronic Communications Act.

THE RIGHT OF CLIENTS

In accordance with the General Data Protection Regulation, the client has the following rights:

Right to access data

The Client is entitled to receive confirmation that we process his/her personal data and, if processed, he/she is entitled to receive the following information: information about the purpose of processing, the category of personal data we are processing, the recipients or categories of recipients of the data we are processing, the predicted period in which the data will be stored or criteria for determining that period, the right to request correction, deletion and limitation of data processing, the right to lodge a complaint with the supervisory authority, automated decision-making system information, such as profile design, and safeguards if the data is transferred to a third country .

Right to correction and deletion

The Client has the right to request and obtain correction of incorrect data. The Client has the right to request and obtain deletion of data unless the data is necessary for the purpose for which they are collected or should be kept in accordance with the applicable legal regulations. Gray Line d.o.o. has an obligation to confirm the client ie inform the client about the change or deletion of the data made at the client's request.

The right to limit processing

The Client has the right to access the data processing limit, under the terms defined in the General Data Protection Regulation. Gray Line d.o.o. has an obligation to notify the client about the processing limit made at the client's request.

Right to data portability

The Client has the right to receive the information he has submitted to us in a structured, standard and machine-readable format and to transfer them to another manager without limitation.

Right to Objection

The Client has at all times the right to object to the processing of personal data. The Client has at all times the right to a direct marketing complaint, in which case the data will not be used for that purpose.

Automated decision making including profile creation

Customer has the right not to relate decisions based on automated processing, including profile creation.

For the realization of any of your rights please feel free to contact us at graylinecro@gmail.com

PERSONAL DATA COLLECTION PROCEDURE

We collect information about your customers in the following ways:

Collecting personal data in the office, by telephone or via email

When booking, making offers, providing other services at client's request or implementing preparatory actions related to the required services or a package tour we ask the client for the personal information necessary for the execution of the subject.

The Client may leave his or her personal data in person or on behalf of another client by another person (Travel Contractor), but solely with the client's consent or client's approval for a travel contract.

Data collection via the Internet

On our web site, when requesting or requesting a reservation we collect the information needed to make a reservation or offer. The customer submits us the information via the form on the web pages.

Client Privilege

Client Privilege means any voluntary, specifically, informed and unambiguous expression of the wishes of a respondent who expressly or explicitly acknowledges the consent of the processing of personal data relating to him (Article 4 of the General Data Protection Regulation). Without the privacy of a client or a legitimate interest, we will never use the client's personal information for any purpose that is required by the applicable regulations.

PURPOSE OF PERSONAL DATA COLLECTION

We collect personal information for the following purposes:

For the performance of the contract or preparation for the execution of the contract: in order to be able to make a service to the client or to be able to bid for the service to the customer, and for later information of the users about the services or relevant information regarding the past or future contracted trip.

For internal purposes: We keep the client's data up to five years at the request of regulatory authorities to be able to prove business in accordance with legal regulations, protect the legitimate interests of the client or our legitimate interests, in accordance with applicable legal regulations. Gray Line undertakes to keep only the information necessary for the specified information. For example, this may include keeping customer data in order to best respond to potential customer complaints, use client data to prevent, detect and process abuse of customer or Gray Line, providing employees, customers, products, and services to Gray Line, creating services and offers that meet customer needs and desires, market research and analysis, sales channel optimization, etc. The legal basis for data processing for this purpose is the legitimate interest of Gray Line, unless such interests are of interest or fundamental rights and freedoms that require customer data protection and/or legal basis for protecting the key interests of a client or other natural person. Exceptions are also all cases when the legal basis is set.

For the purpose of fulfilling the legal obligations: Based on the written request, Gray Line is obliged to provide or allow access to certain personal data of the clients to the competent state bodies. The legal basis for processing data for these purposes is the fulfillment of Gray Line legal obligations.

DATA SOURCE OF THIRD PARTY

We pass client data to third parties only in the following cases:

For the purpose of executing a contract or preparing for execution of a contract with a client. We pass the data to a third party when it is necessary to provide the customer with a contracted service or required information. This includes, for example, sending client data to a hotel, an insurance company, a tourist agency in a destination contractor (local agent), a carrier, a travel companion, and/or a tour guide when it is necessary to perform a service or make a service offer.

When the user has given the privilege. We pass the data to the third party if it is necessary for the purpose for which the user has given the privilege.

When we engage subcontractors to perform certain jobs. If we engage the subcontractors as executives for the execution of certain jobs, in that case we will pass the personal data to the subcontractor. We use subcontractors solely from EU territory and these subcontractors work exclusively on Gray Line orders and on a contract signed with Gray Line, which provides data protection measures as if data were processed by Gray Line.

PERSONAL DATA PROTECTION

In order to protect personal information of our clients we use the best business practices in the field of tourism and information-communication technologies. We continually adjust our internal processes to achieve the optimal level of personal data protection. We use different organizational measures and technical means to protect the user's data from unauthorized access, change, loss, theft or other misuse of data.

WEBSITE

Our website uses cookie files to enhance your user experience and optimize it according to your needs. Data in the cookie files and other data that is automatically accessed on the site and not personal information (eg bounce rate, browser type, visitor information, duration of visit etc.) Gray Line has the right to use only to evaluate the site's visibility, and to improve the functionality or content of your web site. Cookie is a text file that a server records on your hard drive, which can not be used to harm your computer and to run unwanted programs. By accessing www.graylinesplit.com you agree to use the cookie file for the specified purposes. By accessing www.graylinesplit.com your IP address may be logged for the purpose of analytics and later analysis of the availability of our web pages. Our web pages may contain web links or guidelines on other websites that are not part of our site and we do not take any responsibility for the content of other sites.

CONTACT

The client can exercise his rights under the General Data Protection Order by submitting an application to the email address graylinecro@gmail.com . In accordance with the legal provisions, you have the right to information about your personal information stored in our databases and to correct, supplement or delete your personal information. Correction, amendment and deletion of personal data it can be done on a written request sent to the email address graylinecro@gmail.com .

If the customer suspects a violation of his or her personal information, he may file a complaint to the email address graylinecro@gmail.com , in which case Gray Line will react promptly to resolve any eventual irregularities or provide additional information. The client may also submit a claim to the Personal Data Protection Agency.

Trogir, June 2018