Mini Studio is operated by Ronis d.o.o., which is referred to as the responsible entity for your data privacy in the text below. Ronis respects your privacy and is committed to protecting your personal data. Data is collected and stored in accordance with the provisions of the General Data Protection Regulation (GDPR). Who is the Data Controller? Ronis (Josipa Kozarca 1/A, Čakovec, Croatia) is the data controller of your personal data and is committed to protecting it. The collection and storage of data are carried out in accordance with the provisions of Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/2018), and other regulations governing this area that are applicable in the Republic of Croatia. Data Protection Officer In accordance with relevant regulations, Ronis has appointed a Data Protection Officer, whom you can contact regarding any questions related to the processing of your personal data or the exercise of your rights to data protection. Contact: osobni.podaci@ronis.hr or by mail at the address Ronis, Josipa Kozarca 1/A, Čakovec, Republic of Croatia. Application of Data Protection Principles Ronis, in applying this Policy, pays special attention to respecting the principles of data processing and processes data: Legally – processing will be possible if it is permitted by law and within the limits allowed by law. Fairly – taking into account the specifics of each relationship, applying all appropriate measures to protect personal data and privacy in general, and not preventing the respondent from exercising their rights. Transparently – informing respondents about the processing of personal data. From the very collection of data when respondents are informed about all aspects of data processing, until the termination of data processing, respondents are provided with simple and quick access to their own data, including the possibility of insight and obtaining a copy in accordance with the provisions of the Regulation. Certain information may be restricted only when required by law or when necessary to protect third parties. Purpose limitation – processing personal data for the purposes for which they were collected and for other purposes only if the conditions set out in the Regulation are met. Data may be processed for compatible purposes only by considering (a) any connection between the purposes of collecting personal data and the intended purposes of further processing; (b) the context in which personal data were collected, particularly with regard to the relationship between the respondent and Ronis; (c) the nature of the personal data, especially whether special categories of personal data are being processed in accordance with Article 9 of the Regulation or personal data relating to criminal convictions and offenses in accordance with Article 10 of the Regulation; (d) the potential consequences of the intended further processing for the respondents; and (e) the existence of appropriate safeguards. Storage limitation – storing data in a form that allows identification of respondents only as long as necessary for the purposes for which personal data are processed, and longer only if permitted by the Regulation. Data minimization – processing data only if they are adequate, relevant, and limited to what is necessary. Special care is taken not to collect data for which there is no justified need for processing. Ensuring accuracy – ensuring the accuracy and up-to-dateness of data and deleting inaccurate data as far as possible. Ensuring integrity and confidentiality – providing appropriate security for personal data through technical and organizational measures, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage by applying appropriate technical or organizational measures. Relevant measures are applied taking into account the risks of each type of data processing. Disclosure of Data to Third Parties Access to guests' personal data, as necessary and to a limited extent, may also be granted to third parties, processors (such as Ronis's associates who provide IT services), who store them in their databases until the processing is completed. A detailed contract is concluded with such entities regarding their authority and obligations in the processing of personal data, in accordance with the requirements of the Regulation. In certain situations, external entities may jointly determine the purposes and methods of processing personal data with Ronis. In these cases, such external partners and Ronis act as joint controllers. In such relationships, joint controllers transparently define their responsibilities for compliance with the Regulation, particularly regarding the exercise of data subject rights and their duties to ensure processing transparency unless the responsibilities are established by law. Data we collect We collect only the data necessary to fulfill the purposes of collection. The data we collect from you includes: Accommodation • Object Stay • Date of stay from (arrival date) • Time of stay from (arrival time) • Date of stay until (expected departure date) • Time of stay until (expected departure time) Identity Document • Type of document • Document number Personal Data • Last name • First name • Gender Residence • Country • City Birth • Country • Date of birth Citizenship • Country Tourist Tax Category • Tourist tax category Arrival organization Arrival organization Type of service Type of service E-Mail (Optional with consent) Purpose of Collection The collected data is used exclusively for: Compliance with legal obligations a. Law on Tourist Tax (»Narodne novine«, No. 152/08., 59/09. – amendments and 30/14.) b. eVisitor – Information system for the registration and deregistration of tourists Marketing purposes (Optional with consent) More effective responses to your inquiries Entry into our prize draw system Promotion of our services (newsletter) Our internal statistical data processing Opportunities to send publications, brochures, and other promotional materials You can unsubscribe from our mailing list at any time by explicit statement, after which Ronis will not use your data for promotional purposes. Ronis guarantees that all companies that are part of the Ronis brand will use the collected data only for the stated purposes. Ronis d.o.o. may use depersonalized data for statistical purposes. Legal Basis for Collection The legal basis for the aforementioned purposes of collection includes: • Legal, • Contractual, • Vital interests of the data subject, • Legitimate interest that outweighs the interests of the data subject, or • Consent or explicit consent of the data subject, depending on the purpose of processing and the type of personal data. Places of Data Collection Ronis collects your data during: • Accommodation reservation (reservations via the web or by phone call to the call center) • During the signing of the accommodation contract - registration at the reception of the property, by filling in the registration form • Signing up for the newsletter on the Ronis website • Participation in prize games by filling out a survey form • At locations under the video surveillance system. Duration of the Privacy Policy The data Ronis collects based on the law must be kept for as long as specified by each law or other positive regulation. The data Ronis collects based on a contractual relationship will be kept only as long as necessary to fulfill the contract or provide the service. Data on the name, surname, and e-mail address collected by Ronis based on legitimate interest for direct marketing purposes will be kept in its guest database for 10 years. Other data collected by Ronis based on the guest's explicit consent (mobile phone number, number of children, marital status, pets, interests, travel method, accommodation preference, and destination preference) will be kept in its guest database for 5 years. Rights of the Data Subject Upon request, Bluesun Hotels & Resort will provide the data subject with the following information: the identity and contact details of the data controller, the contact details of the data protection officer, the purposes of processing for which personal data are used, as well as the legal basis for processing, legitimate interests, recipients or categories of recipients of personal data, intention to transfer personal data to third countries (if any), the retention period of data or the criteria defining that period, rights related to consents, the potential existence of automated decision-making including profiling (meaningful information about the logic involved as well as the consequences and significance of such processing for the data subject), and the existence of the rights listed below. If the data is not collected directly from the data subject, the source of personal data is also provided along with the mentioned information. Ronis processes personal data in accordance with the Regulation, respecting the rights of the data subject as outlined below: 1. Right to Erasure ("Right to be Forgotten") - The data subject has the right to request the erasure of personal data concerning them, and Ronis is obligated to erase personal data without undue delay if one of the following conditions is met: • The personal data is no longer necessary concerning the purposes for which it was collected or otherwise processed. • The data subject withdraws the consent on which the processing is based, and there is no other legal ground for the processing. • The data subject objects to the processing, and there are no overriding legitimate grounds for processing and/or retention of personal data by Ronis. • The personal data has been unlawfully processed. • The personal data must be erased to comply with a legal obligation. 2. Right of Access - The data subject has the right to obtain confirmation as to whether or not personal data concerning them are being processed, and, if so, to access personal data and information about the processing purposes, data categories, potential recipients to whom personal data will be disclosed, etc. 3. Right to Rectification - The data subject has the right, without undue delay, to obtain from Ronis the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement. Additionally, data subjects have the obligation to update personal data in their business relationship with Ronis. 4. Right to Data Portability - The data subject has the right to receive the personal data concerning them, which they have provided to Ronis, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another data controller. It should be noted that the right to data portability applies exclusively to the personal data of the data subject. 5. Right to Object - The data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of their personal data. Ronis shall no longer process personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. The data subject has the right to lodge a complaint with the supervisory authority – the Croatian Personal Data Protection Agency (more information at www.azop.hr). 6. Right to Restriction of Processing - The data subject has the right to obtain from Ronis the restriction of processing if the accuracy of the personal data is contested by the data subject, the processing is unlawful and the data subject opposes the erasure of personal data and requests the restriction of their use instead, or the data subject has objected to processing. The data subject has the right at any time to request the exercise of any of the aforementioned rights. Information on the actions taken regarding the aforementioned rights shall be provided to the data subject upon request, no later than three months from the date of receipt of the request (depending on the quantity and complexity of the request). All requests will be responded to within one month, if necessary, this period will be extended by a maximum of two additional months. If Ronis does not comply with the request of the data subject within one month of receiving the request, it will inform the data subject of the reasons for the non-compliance. Reasons for non-compliance imply the existence of the lawfulness of processing that prevents Ronis from acting. Additionally, the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them unless the decision: - is necessary for entering into, or performance of, a contract between the data subject and Ronis. - is authorized by law. - is based on the data subject's explicit consent. Protection of children's personal data Ronis does not wish and does not intend to collect personal data of individuals under the age of 16, nor will it use or disclose them to third parties in any way. We do not collect personal data for contact outside the internet, except for awarding prizes, and even then, only with parental consent. We do not provide any personal data to third parties without the prior permission of the parents. We do not allow children to publicly publish or otherwise distribute personal data or other materials they send to us without parental permission, nor do we encourage children to disclose more information than necessary for participation in a competition or other activity. In cases where children under 16 years of age are allowed to participate in competitions, we require the child to first seek permission to participate from their parents or legal guardians and to enter their parent's or guardian's email address. If a child under the age of 16 wins a prize, parents or guardians will be notified by email, phone, or in writing. Personal data of the child and parents are deleted from our database if requested by the parents. As a parent or guardian, you always have the right to request access to all personal data about your child that we have received on any of our pages, you can request the deletion of data (if the data is still in our database) and/or prohibit us from future collection and use of data about your child. If you are a parent and wish to exercise this right, please contact us. In addition to the above, Ronis provides protection of children's personal data as provided by specific laws governing this issue. Video Surveillance System Ronis, as the data controller, has a legitimate interest in implementing video surveillance measures for the protection of property and individuals. This includes, in relation to certain job positions, the legal obligation to install surveillance cameras that record employees and all persons within the camera's field of view. Ronis is aware that video recordings contain personal data of all individuals within the camera's field of view, and therefore stores them with special care, using a well-established security, availability, and deletion policy governed by Ronis's internal security rules. Video recordings are regularly overwritten so that they are automatically deleted no later than 30 days after the recording date. Exceptionally, video recordings are kept longer if they serve as evidence in proceedings before competent state authorities. Exempted video recordings will be stored in the central alarm system with extremely limited access. In the event of legal and/or criminal proceedings, Ronis may use these video recordings. Access to personal data on video recordings may also be granted to third parties, data processors, Ronis's contractual partners who are registered and qualified to provide services for the protection of persons and property, and who in no way use the data independently but are responsible for the security of the central surveillance and alarm systems. All other details related to video surveillance are governed by specific regulations governing this area. Handling Personal Data Breaches Ronis, as the data controller, ensures that in the event of a personal data breach, it notifies the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of individuals. The report submitted to the supervisory authority contains all the information in accordance with the Regulation. In the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of individuals, Ronis, as the data controller, notifies the data subject of the breach without undue delay. Data subjects will not be notified in cases where the Regulation provides that such notification is not required. Data Protection Impact Assessment If it is likely that a certain type of processing, particularly through new technologies and taking into account the nature, scope, context, and purposes of the processing, will result in a high risk to the rights and freedoms of data subjects, Ronis, as the data controller, will conduct a data protection impact assessment before the processing of the anticipated processing activities. A single assessment may cover a set of similar processing operations that present similar high risks. Ronis conducts a data protection impact assessment in the following cases: • systematic and extensive evaluation of personal aspects relating to individuals based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the individual or similarly significantly affect the individual; • large-scale processing of special categories of personal data referred to in Article 9(1) or data relating to criminal convictions and offenses referred to in Article 10 of the Regulation; • systematic monitoring of a publicly accessible area on a large scale; • in other situations as determined by the competent supervisory authority. Ronis ensures the adequate involvement of the data protection officer in the impact assessment process. In accordance with the provisions of the Regulation, where necessary, a process of prior consultation with the supervisory authority will be conducted following the impact assessment procedure. Marketing activities (optional with consent) Email communication When you send us an email containing personal data by which you can be identified, whether via an email with a question or comment, or a form you provide to us via email, we use that data to fulfill your requests. Data security For the security of data at this address and to ensure that this service is accessible to all users, this computer system uses software that monitors online visits and recognizes unauthorized attempts to upload or alter data, as well as those that could cause damage in another way. Unauthorized attempts to upload or alter data on this site are strictly prohibited. Online surveys Data collected through online surveys are used solely for the purpose of improving the service within Ronis. You will be asked for consent to use your email address for surveying purposes. Use of Cookies To facilitate the browsing of our website, our global network server uses cookies. These are very small text files that the server places on the user's computer to monitor the selection of individual language variants of our pages, as well as when entering parts of the pages that require a username and password. Cookies cannot be used to run programs or install viruses on your computer. The cookies that our web server places are automatically deleted from your computer at the end of the session, i.e., when you leave our pages. Viewing our site is also possible without the use of cookies if your web browser is set accordingly. How are cookies used? Cookies are used for various purposes. They allow you to be recognized as the same user on all pages within one website, across multiple websites, or while using an application. The types of information we collect through cookies include IP address; device ID; visited pages; browser type; browsing information; operating system; browser type; internet service provider; timestamp; whether you responded to an advertisement; referring URL; used features or activities within the website/application. Our website and applications use cookies for various purposes: Technical Cookies: We strive to provide our visitors with an advanced and simple website and applications that automatically adapt to their needs and preferences. To achieve this, we use technical cookies to display our website and ensure its proper functioning, as well as to create your user account, log in, and manage reservations. Technical cookies are completely necessary for the proper functioning of our website. Functional Cookies: We also use functional cookies to remember your settings and help you efficiently and effectively use our website and applications. We may also use cookies to remember your login information so that you do not have to enter your username and password each time you log in. Your password will always be displayed in an encrypted form. These functional cookies are not essential for the operation of our website or applications but contribute to additional features and better functionality of the website. Analytical Cookies: We use these cookies to determine how our users use the Ronis website. This helps us understand what is successful and what is not, so we can optimize and improve our website and applications, assess the effectiveness of advertising and communication, and ensure that we remain interesting and relevant. The data we collect includes information about the websites you visited, the pages from which you were redirected to our site, the pages from which you left our site, the platform you used, the emails you opened and acted upon, and the date and time of your visit. Commercial Cookies: We use third-party cookies, as well as our own, to display personalized ads on our site and other websites. This process is called "retargeting" and is based on your searches, such as the destinations you searched for, the accommodation you viewed, and the prices displayed to you. What options are available to you? For more information about cookies and how to manage or delete them, visit allaboutcookies.org and your browser's help page. In browser settings such as Internet Explorer, Safari, Firefox, or Chrome, you can choose which cookies to accept and which to reject. The location where you can find these settings depends on the type of browser you use. Use the "Help" option in your browser to find the settings you need. If you choose not to accept certain technical and/or functional cookies, you may not be able to use certain features on our website. We currently do not support "Do Not Track" browser settings. In the event of creating a common standard that defines exactly what "Do Not Track" browser settings refer to, we will consider amending this Cookie Policy. Analytics To control data collection for analytical purposes performed by Google Analytics for some browser types, you can visit the following link: Google Analytics Opt-out Browser Add-on (desktop only). To control data collection by Yandex.Metrica (the tracking tool of the Russian search engine YANDEX), users whose selected language is Russian, Ukrainian, or Turkish can visit the following link: yandex.com. Yandex.Metrica is not used for users of other languages. You also have the option to disable personalized advertising from Yandex. To do this, please visit this page and uncheck the box 'Consider my interests.' If you have any questions about this Cookie Policy, please send an email to osobni.podaci@ronis.hr. This Cookie Policy is subject to change, so please visit this page regularly to stay informed about any updates. Change of Data You can contact us at any time to review your personal data, as well as to update, correct, or delete data. Until that moment, we will use your old data for the stated purposes. Your Consent By filling out the forms on this page, you guarantee that the information you have provided is accurate, that you are legally capable and authorized to handle the provided information, and that you fully consent to Ronis using and collecting your data in accordance with the law and its privacy policy. Transparency Any corrections to the privacy policy will be posted on this page and will be available for public review.
