Terms of Use for the Website

The use of the Creative Tourism Industry website is subject to the following terms and conditions, so if you are browsing and using the website, you agree to the following rules and obligations, which, together with the privacy policy, define our relationship with you in relation to this website.

The terms “Creative Tourism Industry” or “CTI,” “we,” or “our” refer to the owner of the website, which is: CREATIVE TOURISM INDUSTRY d.o.o., headquartered in Vodnjan, Giuseppe Garibaldi Street 17, OIB: 21171279416. The term “you” refers to the visitor or user of our website.

The use of this website is subject to the following rules:

The content on this website is for your general information only. The content may change without prior notice. Contents, materials, and information on the website may contain errors and inaccuracies, and we do not assume any responsibility for such errors and inaccuracies. Your use of any information or material from this website is entirely at your own risk. It is your responsibility to ensure that any service or information available through this website meets your specific requirements and needs. This website contains materials that are owned by us or licensed to us. This material includes, but is not limited to, design, layout, appearance, and graphics. Reproduction of any material is prohibited except as permitted by copyright notice, which is an integral part of these terms. Unauthorized use of this website may be the basis for a claim for damages and/or a criminal offense. From time to time, this website may contain links to other websites. These links are provided for your better information. This does not mean that we own or manage those websites. We are not responsible for the content of linked websites. You are not allowed to create links to this website from another website or document without the prior written consent of CREATIVE TOURISM INDUSTRY d.o.o. Your use of this website and any dispute arising from such use is subject to the laws of the Republic of Croatia. Copyright Notice:

This website and its content are copyrighted works owned by CREATIVE TOURISM INDUSTRY d.o.o. – © CREATIVE TOURISM INDUSTRY d.o.o. All rights reserved.

Any reproduction or distribution of part or all of the content of this website in any form is prohibited. Without our written consent, the distribution or commercial use of the content, design, or photographs displayed on the website is not allowed. It is not allowed to store or distribute the content from this website on another website or other electronic storage system. For media inquiries or other information, please contact: info@creative-tourism.hr

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR), which has been in full application since 25 May 2018 in the Republic of Croatia and all European Union member states, as well as the Law on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter: the Law), and in accordance with the legal framework for the protection of personal data in the Republic of Croatia and the European Union, and best European practice, CREATIVE TOURISM INDUSTRY d.o.o., Ulica Giuseppe Garibaldi 17, 52215 Vodnjan, Croatia (hereinafter: “Company”) adopts the following

REGULATION ON THE PROTECTION OF PERSONAL DATA

PREAMBLE

Article 1.

1.1 The Company is the controller of personal data of employees and third parties (hereinafter referred to as “data subject” or “data subjects”), whose personal data it processes in accordance with the principles and provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “GDPR”), the Law on the Implementation of the General Data Protection Regulation, and secondary legislation, and the said regulations are directly applicable to all matters not regulated by this Regulation.

1.2 The Company, as the controller of personal data, is obliged to implement appropriate technical and organizational measures in accordance with Article 24 of the GDPR to ensure and be able to demonstrate that the processing is carried out in accordance with the GDPR. In order to ensure the implementation of all measures, the Company adopts this Regulation on the protection of personal data (hereinafter: “Regulation”), which shall apply from 25 May 2018.

1.3 By entering into a contractual relationship with the Company, by being employed by the Company or by using the services of the Company, and indirectly, collected from other lawful sources, the data subject entrusts his personal data to the Company for processing. This Regulation describes which data the Company collects, how it processes them, for what purposes they are used, as well as the rights of data subjects related to the processed data, and other significant matters concerning the protection and processing of personal data.

1.4 At the time of collecting personal data, the Company shall provide the data subject with all information in accordance with the GDPR, in particular, the provisions of Articles 13 and 14.

1.5 The Company may transfer personal data to a third country or international organization in accordance with the provisions of the GDPR.

1.6 Data subjects may send all requests related to the exercise of rights in the field of personal data protection in writing to the address of the Company’s headquarters or by e-mail to info©creative-tourism.hr or info@weistria.hr.

PRINCIPLES OF PERSONAL DATA PROCESSING

Article 2.

2.1 The Company, as the controller of personal data processing, must process personal data fairly and lawfully. Personal data must be accurate, complete, and up-to-date and must not be collected to a greater extent than necessary to achieve the defined purpose. Personal data must be stored in a form that allows the identification of the data subject for no longer than necessary for the purpose for which the data are collected or further processed.

2.2 Personal data relating to minors may be collected and further processed in accordance with the GDPR and with special protective measures provided by special laws.

ORGANIZATIONAL AND TECHNICAL MEASURES FOR THE PROTECTION OF PERSONAL DATA

Article 3.

3.1 The Company implements appropriate technical and organizational measures to ensure the effective application of data protection principles, such as reducing the amount of data and including protective measures in processing in order to meet the requirements of the GDPR and protect the rights of data subjects.

3.2 The Company, by technical and organizational measures, ensures that only personal data necessary for each specific purpose of processing are processed in an integrated manner. This obligation applies to the quantity of collected personal data, the scope of their processing, the storage period, and their availability. More specifically, such measures ensure that personal data are not automatically accessible to an unlimited number of individuals without the intervention of the individual.

3.3 Administrative personnel of the Company processing personal data are obliged to take technical, human resources, and organizational measures for the protection of personal data

 

TYPES OF PERSONAL DATA PROCESSED BY THE COMPANY

Article 6.

6.1 The Company processes the following personal data:

Basic identification data: first name and last name, email address; Identification data: first name and last name, personal identification number (OIB), insured person’s health insurance number, maiden name, parent’s name, date of birth, place of birth, country of birth, citizenship, gender, residential address, temporary address, contact details (email address, phone number), residence and work permits, information about ownership of movable and/or immovable property; Employee competence data: diploma, certificate, license, professional knowledge confirmation; Employee financial data: type of contract, agreed salary, agreed compensation, IBAN, tenure and pension insurance data; Employee working hours records: start date, end time, field work hours, time present at work; Health-related data of subjects (e.g., occupational illness, workplace injury, professional incapacity for work, disability, health condition); Other personal data provided by the subject or third party during employment initiation or contract negotiation and execution, such as information from personal identification documents or other personal documents, data about children and family members, corporate function data, bank account, signing or representation authority, etc.

6.2 Personal data are collected indirectly or directly from the subjects, orally or in writing.

PURPOSE OF PROCESSING

Article 7.

7.1 The Company collects and processes personal data for specific purposes, including but not limited to:

Enabling and ensuring regular business operations; Providing services and fulfilling contracts; Registering subjects for pension and health insurance benefits; Exercising rights and obligations arising from employment or other contractual relationships for the data controller and subjects; Cooperating with external collaborators; Exercising subject’s rights; Statistical purposes; Marketing purposes; Communicating with clients, potential clients, and other subjects.

7.2 When introducing a new purpose for processing personal data or modifying an existing purpose, the Company is obligated, in accordance with Article 35 of the Regulation, to assess the need for conducting data protection impact assessments and consider implications for the processing system and its security. The new or modified purpose must be included in this Regulation and approved by the responsible person of the Company.

7.3 If the company intends to further process personal data for a purpose different from the one for which the personal data was collected, before such additional processing, the subject shall be provided with information about the new purpose and all other relevant information as stipulated in Article 13, paragraph 2 of the Regulation.

DATA RETENTION PERIOD

Article 8.

8.1 The Company generally deletes personal data upon termination of the contractual relationship or when the subject requests data deletion, and no later than upon expiration of all legal, contractual, and statutory obligations related to the retention of personal data. However, if a procedure for forced collection of unpaid claims is initiated or if an objection to a product or service is lodged within a certain timeframe, personal data may be retained until the final completion of the objection process in accordance with applicable regulations.

8.2 The personal data of the subjects will be stored in a manner that ensures they are not automatically accessible to an unlimited number of individuals without individual intervention. They will be locked in a cabinet and, if stored electronically on a worker’s computer, will be encrypted with the worker’s password.

SUBJECT’S RIGHTS

Article 9.

The subject has the right to request access to personal data, as well as correction, erasure, or restriction of processing related to them. The subject also has the right to object to such processing and to data portability in accordance with the provisions of the Regulation. If data processing is based on consent, the subject can withdraw consent at any time, which does not affect the legality of processing prior to withdrawal. The Company will inform recipients of the subject’s data about any correction, erasure, or restriction of processing, unless this is impossible or requires disproportionate effort. If requested, the Company will also provide information about such recipients.

Article 10.

The subject has the right to obtain confirmation from the Company whether personal data concerning them is being processed, as well as access to their personal data and the following information:

Purpose of processing; Categories of personal data involved; Recipients or categories of recipients to whom personal data have been or will be disclosed, especially recipients in third countries or international organizations; Where possible, the envisaged period for which personal data will be stored, or if not possible, the criteria used to determine that period; Existence of the right to request rectification or erasure of personal data or restriction of processing concerning the subject or to object to such processing; Right to lodge a complaint with a supervisory authority; If personal data were not collected from the subject, available information about their source; Existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the subject.

Regarding the appropriate safeguards for transfers of personal data to a third country or an international organization, the Company will provide relevant information if personal data is transferred to such entities.

Article 11.

The subject has the right, upon a written request (including electronic form), to obtain from the Company the correction of inaccurate personal data concerning them without undue delay. In light of the processing purposes, the subject has the right to complete incomplete personal data, including by providing a supplementary statement.

Article 12.

12.1 The subject has the right, upon a written request (including electronic form), to obtain the erasure of personal data concerning them without undue delay, and the Company has the obligation to erase personal data without undue delay if one of the following conditions applies:

Personal data are no longer necessary for the purposes for which they were collected or otherwise processed; The subject withdraws consent on which the processing is based, and there is no other legal ground for processing; The subject objects to the processing and there are no overriding legitimate grounds for the processing, or the subject objects to the processing for direct marketing purposes; Personal data have been unlawfully processed; Personal data must be erased to comply with a legal obligation under Union or Member State law to which the Company is subject. 12.2 If the Company has made personal data public and is obliged to erase them, it will, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform data controllers that are processing the personal data that the subject has requested the erasure of any links to, or copy or replication of, those personal data.

12.3 The right to erasure shall not apply to the extent that processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority, for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing, or for the establishment, exercise, or defense of legal claims.

Article 13.

13.1 The subject has the right, based on their specific situation, to object at any time to the processing of personal data concerning them, which is based on the performance of a task carried out in the public interest or in the exercise of official authority, or on legitimate interests pursued by the Company or a third party.

 

PROTECTION OF PERSONAL DATA

Article 2

2.1 The Company recognizes the importance of your privacy. Therefore, we aim to be fully transparent about how we collect, use, and share your personal data. We collect and process your data solely in accordance with the applicable laws and regulations.

2.2 The Personal Data Protection Policy determines the use of information we receive from you when you visit our websites or provide them through other means (e.g., during conversations, signing cooperation agreements, or phone and electronic communications).

2.3 Users and/or customers can always contact the Company with requests for changes or updates to their related data.

DATA PROTECTION OFFICER

Article 3

3.1 The data controller is the Company. The Data Protection Officer is Ivan Robar, LL.B.

PERSONAL DATA

Article 4

4.1 Personal data is any information related to an identified physical person or an individual who can be directly or indirectly identified (e.g., name, address, phone number, email address, etc.). The processing of personal data is always in accordance with the General Data Protection Regulation (GDPR) and the applicable data protection rules on the portal.

4.2 This Personal Data Protection Policy pertains to the data we collect, how we use and disclose them, along with the control options you have over that data.

4.3 We collect personal data to provide, maintain, protect, and enhance our services and understand how users utilize the Company’s websites.

4.4 The Company collects, processes, and stores personal data of users/customers for the purpose of contracting and executing agreements, providing customer support, addressing customer complaints, and other actions related to the execution of contractual obligations. Such data is collected based on given consent.

4.5 At any time, you can request access to your data, corrections or deletion of inaccurate data, as well as restriction or objection to processing for legal reasons and the right to data portability. To exercise these rights, update your personal data, or obtain information about the processing of your personal data, please contact us via email.

4.6 Complaints regarding the processing of your personal data by the Company can also be directed to the competent data protection authority in Croatia (AZOP).

4.7 The information we collect from you includes:

Correspondence: We collect additional personal data you provide when contacting us via email, letters, social media, phone, website, or any other means. We may record each call or contact and create a note about it for the purpose of improving our services and resolving potential disputes arising during service provision. We might ask for your information when responding to surveys, communicating with our customer support team, and asking about our services.

Third Parties: We may request personal data about you from third parties, when you have given consent to third parties to share such information with us.

4.8 We also automatically collect the following information:

Log Information: We collect information commonly provided by web browsers, mobile devices, and servers. This includes browser type, IP address, unique device identifiers, referring website, access date and time, language preference, operating system, and information about the mobile network.

Usage Information: We collect data about how you use our services. For example, we gather information about actions users take on the website. In other words, we learn what users did and when on the website. Additionally, we collect information about what happens when you use our services, along with device information (e.g., mobile screen size, network name, and mobile device manufacturer). We use this information to improve our services.

Location Information: Based on your IP address, we can determine the approximate location of your device. We collect this information to calculate the number of people using our services from specific geographic regions.

Information from Cookies and Other Technologies: We track how you use our website through cookies and similar technologies. Cookies store your website settings, such as preferred language or address, and when you revisit the same website, the internet browser sends back cookies associated with that site.

USE OF PERSONAL DATA

Article 5

We use your data in the following ways:

To verify your identity and the credibility of the information you provided, we may verify it with third-party sources. We use cookies and similar technologies to track activity on our website to provide important features and functions, monitor its usage, and provide a personalized experience. We use data analysis tools like Google Analytics to collect information about how you interact with the site, the website you came from to our site, how much time you spend on each page, the operating system and web browser you use, and network and IP information. We use this data to enhance our services. We use your personal data to enable and enhance customer support (e.g., when you have questions about our products and services). We use the personal data we possess about you to respond to any inquiries or complaints you have submitted and to assist you with any disputes that may arise during the provision of our products and services in the most effective manner.

COOKIE POLICY

Article 6

6.1 To ensure website functionality and improve user experience, we use cookies. Before placing cookies on your computer, we are obliged to request your consent.

6.2 A cookie is a small data file that is stored on your computer or mobile device when you visit a specific website. It is used to provide a better user experience to each individual user during web browsing.

6.3 The role of cookies is to store your settings, website settings, your preferred language, or address. When you revisit our website after a period of time, the browser you are using sends information tailored to your needs.

6.4 Cookies store a wide range of information, depending on their defined role, including personal data. However, you can decide which information cookies will store. In the internet browser settings you use, you can decide whether to approve or not approve requests for storing cookies.

ANALYSIS OF WEBSITE VISITS

Article 7

7.1 The Company uses a website traffic measurement service – Google Analytics. The data collected in this manner does not identify website visitors, and the collected data is used solely for the purpose of website analysis.

7.2 Google Analytics uses cookies. When you visit the Portal’s pages, cookies are used to generate data that Google collects and processes. If you do not want your data to be processed, you can prevent it by downloading the browser add-on available at the following link: https://support.google.com/analytics/answer/6004245?hl=en

7.3 Google’s tool places persistent cookies in the browser to identify you as a unique user the next time you visit our website. No one else can use these cookies except the service provider (e.g., Google for Google Analytics). The collected information from cookies can be transferred to these service partners and stored on servers in a country that is not your country of residence. Although the collected data does not include personal information such as name, address, billing details, etc., the data collected is used and shared by these service providers according to their privacy policies.

RIGHTS OF DATA SUBJECTS

Article 8

Right to Information

The data subject has the right to clear, transparent, and easily understandable information about how their personal data is used.

Right to Confirmation

The data subject has the right to request confirmation whether their personal data is being processed. If the data subject wishes to exercise this right, they can contact us at any time via email: info©creative-tourism.hr and info@weistria.hr or by phone at +385 91 604 7826.