Happy Tours d.o.o., Ličko Petrovo Selo 52, 53233 Ličko Petrovo Selo
Notice of Personal Data Processing via the website www.lyraplitvice.com
The General Data Protection Regulation 2016/679 (GDPR) has established the imperative of protecting personal data in the legal systems of European Union member states. Respecting the requirements of the GDPR and other applicable regulations, Happy Tours Ltd. applies recommended security standards and best practices that ensure a high level of protection for personal data and privacy. This privacy policy provides information on the collection and processing of personal data through this website and informs about the processing activities carried out based on established legitimate interests.
DATA CONTROLLER
HAPPY TOURS Ltd.
Ličko Petrovo Selo 52, Ličko Petrovo Selo
VAT ID: 35265721728
Contact: +385918842261
E-mail: aleksandar@lyraplitvice.com
The data controller has appointed a data protection officer. They can be contacted for further information about the processing of personal data, to request access to your data, to lodge a complaint or objection regarding the processing, or to seek any other information related to the processing of your personal data.
DPO contact:
Through this website, the following categories of personal data may be collected:
This website uses the following legal bases for collecting personal data:
1) Performance of a contract/service: Data is processed to enable the performance of the requested service or to take steps prior to providing the requested service, based on your request (for example, responding to your inquiry/request). The processing of data for the purpose of responding to the inquiry/request is necessary for the performance of the requested service. Therefore, the data collected for this purpose is considered necessary data. Please note that if the necessary data is not provided, we will not be able to fulfill your request.
2) Legitimate interests: Data is processed based on our legitimate interests or the legitimate interests of third parties, except when the interests, rights, and freedoms of the data subject outweigh those interests (for example, newsletters).
3) Consent: Data is processed based on prior consent (for example, cookies).
In certain situations, personal data may be processed based on established legitimate interests. When processing is based on this legal basis, individuals have the right to object to such processing. However, processing cannot be restricted or suspended if there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or when the processing is necessary for the establishment, exercise, or defence of legal claims. Such processing is in accordance with Article 6(1)(f) of the GDPR. The processing activities we carry out based on legitimate interests are as follows:
Purpose of processing: Video surveillance is carried out for the purpose of protecting individuals and property.
Retention period of recordings: Up to 3 days, or in the case of an incident, up to 6 months. A longer retention period is possible if the recordings are evidence in a judicial, administrative, arbitration, or other legal proceedings.
Other recipients: Video recordings can only be provided upon request to competent authorities (such as the police or court) when necessary for official proceedings and cannot be disclosed to other individuals.
The collected data is not processed for any other purposes.
Data that may be processed: Email address.
Purpose of processing: Marketing. The newsletter may be used to deliver information about our services, including details about special offers and promotions.
Method of collection: Directly from the data subject. If the email address used for newsletter delivery is obtained through another source, the data subject will be informed during the first contact.
At any time, the data subject can raise an objection to the processing of their email address for marketing purposes and can restrict or entirely prohibit such processing.
The collected personal data may be shared with providers of IT and communication solutions and services who act as our data processors.
These processors provide reasonable guarantees and have implemented appropriate technical and organizational measures to ensure data protection and compliance with the requirements of the GDPR. Agreements/contracts for the processing of personal data have been concluded with these processors based on the European Commission’s Implementing Decision (EU) 2021/915 on standard contractual clauses between controllers and processors as a separate part of the contract. The agreement/contract specifies in detail the handling of personal data, and these processors are not authorized to process personal data without our instructions or disclose them to third parties.
Personal data is not disclosed to third parties for direct marketing purposes.
Personal data collected through this website is processed until the purpose for which the data was collected is fulfilled. After the purpose ceases to exist, the personal data is no longer processed. However, certain personal data (such as an email address) may continue to be processed based on legitimate interests (for marketing purposes, such as sending information about our services) as long as there is a legitimate purpose for the processing or until such processing is restricted or entirely prohibited by raising an objection or unsubscribing from the recipient list.
The pages and profiles we manage on social media platforms (such as Facebook, Instagram, etc.) always clearly indicate the accurate and full name of the data controller.
Personal data of our contacts that we collect through these platforms is only used for the purpose of responding to inquiries or comments, and the data is not processed for any other purposes.
We may use necessary and non-intrusive cookies for the functioning of website features to collect anonymous data that does not contain identifying information about an individual. Note that for the use of necessary cookies, we do not collect your consent. This is in accordance with Directive 2009/136/EC and the Electronic Communications Act, which stipulate that consent is not required for cookies that are technically necessary for communication between the user’s terminal equipment and the website they visit or for providing the service on the Internet site at the user’s request.
What are cookies (COOKIE)?
A cookie, also known as an HTTP cookie, is a small text file that websites store on the user’s device (such as a computer, mobile phone, or tablet) when you visit a particular website. These cookies enable the website to remember the user’s actions and settings over time. When the user visits the same website again, the cookies are sent back to the web server, allowing the website to recognize the user and provide a personalized experience.
What information can cookies store?
Internet cookies can store various types of information related to the user and how the user uses a particular website. This includes identification data, user settings, shopping cart contents on e-commerce websites, login information for user accounts, information about user activities on the website, user interests for content and ad personalization, session duration, and security and authentication data. Cookies are a tool that allows websites to enhance the user experience and provide personalized services.
What is the purpose of cookies?
The purpose of cookies is to optimize and improve the user experience when visiting websites.
Cookies by function:
I. Technical cookies
(always active) – necessary for the functioning of the website and cannot be disabled. These cookies do not store information that could identify you.
II. Functional cookies
(can be disabled) – enable the website to provide enhanced functionality and personalization.
III. Statistical cookies
(can be disabled) – allow recording visits and traffic sources to measure and improve the effectiveness of the website.
IV. Marketing cookies
(can be disabled) – used to track users across websites and display targeted ads.
In the control window, you can manage cookies that are not necessary on this website. By disabling cookies, the user decides whether to allow the storage of cookies on their computer. Additionally, you can accept or decline some or all cookies by adjusting your browser settings. Cookie settings can also be controlled and configured in the Internet browser. The following links provide information on how to change settings for some of the most commonly used Internet browsers:
Some browsers allow browsing in “incognito” mode, limiting the amount of data stored on your computer and automatically deleting persistent cookies placed on your computer or mobile device when you finish your browsing session. There are also many third-party applications that you can add to your browser to block or manage cookies. You can also delete cookies that were previously set in your browser by selecting the option to delete browsing history and including the option to delete cookies. For more detailed information about cookies and adjusting browser settings, you can visit the following links:
We collect and process personal data in a manner that ensures appropriate security and confidentiality in their processing, as well as enables the effective implementation of data protection principles, data minimization, processing scope, storage period, and accessibility. To achieve this, we have implemented appropriate technical and organizational security measures that provide a level of security commensurate with the risks posed by the data processing and the nature of the personal data being protected, considering the characteristics and costs of their implementation. We ensure the highest level of data protection for users of our reservation system. For secure data transmission between users’ computers and our servers, we use an Thawte certificate and SSL technology with 128-bit data encryption. All personal data, including personal identification numbers, credit card numbers, or other payment information provided by users through the reservation system, are transmitted exclusively through a secure connection with 128-bit data encryption. We regularly review data processing activities that may pose risks to individuals’ rights and freedoms, and we have implemented appropriate measures to protect personal data from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure, or access, especially in cases where data transfers occur over networks, as well as from any other unlawful forms of processing.
Right of Access
At any time, you can request confirmation of whether your personal data is being processed and obtain detailed information about the processing, particularly regarding the purpose of the processing, the types/categories of personal data being processed, including access to your own personal data, the recipients or categories of recipients, and the envisaged storage period for the personal data.
Right to Rectification
We ensure the right to rectification, and you can promptly obtain the correction of inaccurate personal data and the completion of incomplete personal data.
Right to Erasure
You have the right to request the deletion of your personal data. If the request is justified and there is no legal obligation for us to retain the data, the data will be deleted without undue delay.
Right to Restriction of Processing
You have the right to request the restriction of processing of your personal data in cases provided for by the General Data Protection Regulation. You can restrict the processing of personal data based on legitimate interests as a lawful basis for processing.
Right to Withdraw Consent
You have the right to withdraw the given consent at any time. It is important to note that the withdrawal of consent does not affect the lawfulness of the processing of personal data conducted up to the moment of its withdrawal.
Right to Object
You have the right to object to the processing of your personal data in all cases provided for by the General Data Protection Regulation. Specifically, you can object to processing based on legitimate interests as a lawful basis for processing and restrict or completely prohibit the processing.
Right to Lodge a Complaint
If you believe that the processing of your personal data has violated your rights under the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority, the Croatian Personal Data Protection Agency, located at Selska ulica 136, Zagreb.
For further information about the processing of personal data or to exercise your rights, you can contact us through our Data Protection Officer or other contact details provided.
Data Protection Officer:
After verifying your identity, we will respond to your inquiry within 30 days in the usual electronic format unless otherwise requested.
This privacy policy is regularly reviewed, updated, and amended to ensure that it always reflects the current state of the collection and processing of personal data through this website. Please check for such changes regularly. In the event of changes that may affect data subjects’ rights or substantially modify the previous processing notice, particularly in the case of changes to the purposes of processing, data disclosure, and transfers to third countries, a notice will be displayed in a pop-up window upon accessing this website.
Last updated: June 2024.