Personal data protection statement
This Personal Data Protection Statement by Croatia Yachting shall apply from 25 May 2018, and it is based on the General Data Protection Regulation.
Croatia Yachting shall process your personal data in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and national laws based on the said Regulation, with the application of appropriate technical and security measures for the protection of personal data against unauthorized access, misuse, detection, loss or destruction.
This Statement describes what data we collect, how we process them, and for which purposes we use them, as well as your rights associated with your data.
In charge of data processing:
Croatia Yachting d.o.o., Dražanac 2/a, 21000 Split, Croatia, HR08633766175
Contact e-mail: firstname.lastname@example.org
If we use the services of external providers to process your personal data, this is processing (of personal data) by order, in which case we are also in charge of protecting your personal data.
Types of personal data we process
We use the following personal data:
Master data: Forename and surname, date of birth, country of birth, nationality, personal identification number, Tax number
Address and contact information data: city, e-mail address, mobile phone number.
Other data: type of identity document, number of identity document, date of boarding, port of boarding, name of yacht or boat, number of skipper license, number of VHF license, credit card number, booking number, GPS coordinates of navigation, video surveillance records from our facilities, your IP address during visiting to our websites, any additional information you provide (e.g. any health issue or similar).
Legal basis and purposes of personal data processing
All types of your personal data are processed based on:
a) Legal obligations – We process your personal data in accordance with the regulations in force, as well as for the purposes of notification and registration which we are obliged to perform in accordance with the regulations in force (e.g. the Regulation on Conditions for Providing Services of Chartering with or without Crew and Accommodating Guests on the Vessel, concluding an agreement on the provision of chartering of vessels).
b) Fulfilment of agreement – We process your personal data for the purpose of fulfilling the agreement and contractual obligations we have concluded.
c) Consent you have given us to process your personal data for purposes of sending promotional offers and other business related information, for the purpose of assessing satisfaction after the charter period, and for the purpose of contacting you.
d) Legitimate Interest of the Controller - All your data is processed for the purpose of meeting the obligations of the legislative body (e.g. Regulation on Conditions for Providing Services of Chartering with or without Crew and Accommodating Guests on the Vessel) or for fulfilling contractual obligations and concluding agreements, e.g. Yacht Charter Agreement.
We collect personal data from our customers in person, at fairs, via websites, e-mails and by phone or we receive them from other chartering agencies.
We shall delete your personal data upon termination of the contractual relationship and no later than the expiration of any legal requirements related to the retention of personal data.
You can revoke your consent at any time. You can also, at any time, object to our processing of your personal data.
You can change your consent via a written request at the following address: CROATIA YACHTING d.o.o., Dražanac 2/a, 21 000 Split or by e-mail at email@example.com. If you revoke the given consent, we will no longer use your data for the said purposes. If you wish to give your consent again, you are able to do so.
In the case of processing of your personal data that does not require your consent and that is necessary for the conclusion of an agreement with us or the fulfilment of the concluded agreement, or due to obligations we have under the law, if you do not provide us with these data, we will not be able to fulfil our contractual obligations towards you, nor will we be able to conclude an agreement with you.
Rights of data subjects
a) Right of access to data and information on processing personal data, i.e.does the controller process personal data of data subjects or not and if the data is processed, what is the purpose of this processing, categories of personal data in question etc.
b) Right to rectification: If we process your personal data that are incomplete or inaccurate, you may ask us to correct or complete them at any time.
c) Right to erasure: You may ask us to delete your personal data if we have processed them illegally or if that processing represents disproportionate interference with your protected interests. Please note that for some reasons immediate deletion is not possible. For example, due to the archiving obligations laid down by law.
d) Right to data portability: You may ask us to provide you the data you have entrusted to us in a structured form, in a standard machine-readable format: • If we process these data on the basis of consent you have given us and which you may revoke or for the fulfilment of our agreement and • if the processing is done using automated processes.
e) Right to object: If we distribute your information for the purpose of performing a public interest task or a task of public bodies, or when upon the processing of your information we invoke our legitimate interests, you may file an objection against such data processing if there is an interest in protecting your data.
f) Right to object to competent authority: If you believe that upon processing your data we have violated Croatian or European data protection regulations, please contact us to resolve any issues. You are certainly entitled to file a complaint with the Croatian Data Protection Agency, or in the event of a change of the applicable regulations, with another body that will assume its jurisdiction, and starting from 25 May 2018 with the supervisory body within the EU.
h) Exercise of rights: If you wish to exercise any of the aforementioned rights, contact us using our contact information referred to in Article 1 of this Statement.
i) Identity confirmation: In case of doubt we can request additional information to verify your identity. This serves to protect your rights and private spheres.
j) Misuse of rights: If you execute any of these rights too often and with obvious intent of misuse, we may charge you an administrative fee or decline to process your request.
k) Right of limitation of processing: You may request a limitation on processing your data:
- If you dispute the accuracy of your data during a period that allows us to verify these data.
- If the processing of your data was unlawful, but you refuse the deletion and instead ask for a limitation of use of this data.
- If we no longer need the data for the foreseen purposes, but you still need them for the realization of legal requirements or if an objection has been filed for processing these data.
Transfer of data to third parties
We shall keep your personal data and shall not disclose them or make them available to third parties except in the following cases:
- If you explicitly and in writing agree to disclose certain confidential data for a particular purpose or to a particular person.
– If the Ministry of the Interior or the competent State Attorney requires the data for the purposes of carrying out the tasks within their competence.
– If a court, attorneys or a notary public require the data for their proceedings, where the submission of such data is required in writing.
– If the Tax Administration, the Croatian Pension Insurance Institute, and Croatian Health Insurance Fund require the data on the basis of the legal obligations that the controller has towards them.
– If we are obliged to submit data to the Ministry of Maritime Affairs, Transport and Infrastructure.
Transfer of data to third countries
Transfer of data to third countries (countries outside the EU) is performed only:
- if there is a statutory obligation
- if the transfer is necessary for the fulfilment of contractual obligations
- if you have given your explicit consent
Use of digital services (website, applications)
We collect only those personal data that visitors of our official website voluntarily make available to us when submitting contact information, applying for jobs, using call back services, and filing complaint forms. These personal data are used confidentially and only for a specific purpose. The transfer of these personal data to third parties is not carried out, unless there is a statutory obligation or an order of the official body when such personal data may be forwarded to the competent authority. Access to the website is protocoled and technical data such as website traffic, the operating system used, display resolution, time of visit, and the size of the transferred data are recorded on that occasion.
To improve our offer, the websites contain "cookies" that are stored on computers of the website visitors. The "cookie" storage can be prevented, but this can limit the offerings of the website. "Cookies" provide the ability to store typical preferences of website visitors, optimize technical processes, and continually improve the offering.
We have taken all technical and organizational measures to protect your data against loss, alteration, or access by third parties. In case you have any questions, please feel free to contact us and we will respond as soon as possible to your requests and queries and help you in exercising your rights.
Any changes to our policy on the protection of personal data shall be disclosed in our Personal Data Protection Statement and on our website, and you will be adequately informed about them.
We have taken all reasonable steps to have in place appropriate security measures to protect your information.
Changes to this policy
Any changes to this Policy will be either posted on our website, brochure and/or made available upon request.
Credit card Payments
WSPay as a credit card authorization and credit card processing system personal data as a processing system and processes personal data in accordance with the General Data Protection Regulation of the European Parliament and Council No. 2016/679 and the strict rules of the PCI DSS L1 Regulations on Protection of Registrations and data transfer.
All payments made by Visa, Meastro and MasterCard through the payment getaway WSpay will be effected in Croatian currency. The amount your credit card account will be charged for is obtained through the conversion of the price in Euro into Croatian kuna according to the current exchange rate. When charging your credit card, the same amount is converted into your local currency according to the exchange rate of credit card associations. As a result of this conversion there is a possibility of a slight difference from the original price stated in our web site.
WSPay uses 256-bit encryption SSL certificate and TLS 1.2 cryptographic protocol as the highest standard of data protection and data security. Personal data used for authorization and collection purposes, or for performance of the contract or contract obligations, are considered confidential. For the execution of the contract (authorization and billing), the following customer's personal information is required:
- Name and Last name
- Zip code
- Type of card
- Card number
- Card expiration dates
- CVV card
WSPay does not process or use personal data except for the purpose of executing authorization and billing agreements.
WSPay warrants compliance with all the terms and conditions laid down in the applicable personal data protection regulations for personal data processing executives, and in particular the taking of all necessary technical, organizational and security measures, in particular with the PCI DSS L1 Certified.
For credit card payments you can use the following: