Maksimilian

Privacy policy

Last update: January 23, 2025

Date: 1.1.2025.

Manager of personal data processing

UNA obrt za ugostiteljstvo i usluge (hereinafter referred to as " Maksimilian") respects your privacy and undertakes to protect it during and after your visit to this website (hereinafter referred to as the "Site"), during your visit to our business premises, and when you use any of our products or services.

In this sense, the Maksimilian accommodation acts as a data controller ("Data Controller"). This privacy policy ("Privacy Policy") provides insight into our practices regarding the collection and processing of personal data.

As a data controller, we process your personal data in accordance with the applicable rules on the protection of personal data, in particular in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter: the General Regulation) and the Law on the Implementation of the General Data Protection Regulation (OG 42/2018).

Types of personal data that will be processed

accommodation facility Maksimilian collects and processes personal data:

first and last name, address, postal code and city, country, e-mail, telephone number or mobile phone number; place, country and date of birth; citizenship; credit card information (card type, card number, name on the card, expiration date and security code), arrival and departure time information (including preferences about the unit, amenities or any other services used), people you are traveling with, special requests related to the provision of our services, information about the services you used, information about your identification document, impressions about our services, information about the events you organize in our space and the names of the participants of such events.

In addition to the above information about you, we can request this information about persons traveling with you, including information about minor children with the prior consent of parents/guardians.

Data on health, religious or philosophical beliefs and other special categories of personal data will be collected only if you personally voluntarily give them to us in order to better serve you or meet your special requests and needs (e.g. avoiding serving food that is not in accordance with the guest's religion , if there is an allergy to some food items, providing access for people with special needs, etc.). We will not actively request this type of data from you on our own initiative.

We collect your personal data (only those personal data that are necessary for the realization of the service you requested) in cases when:

You use the contact form on the Site
You contact us via the info e-mail indicated on the Site
You contact us or connect with us through social networks
We photograph the events and activities we organize
You are a visitor to our business premises
We cooperate with you as our suppliers/business partners
When we issue an invoice for products/services

Maksimilian will not collect personal data if you do not provide it to us voluntarily, except for certain personal data collected through information systems and programs used for the operation of the Site, the transmission of which is inherent in the use of Internet communication protocols (e.g. IP addresses when logging into the contact form ) and will not require more information than is necessary to participate in certain activities.

IP addresses are numbers that are unique to every computer currently connected to the Internet. They are used to identify recipients and senders of data over the Internet. Our server records the IP address of your PC during each transaction within the reservation system for safe transfer and protection against misuse of your data. The user's personal data is not available outside the reservation system.

Use of the website by minors

We warn that all processing of personal data may only be used by persons who have reached the age of 18. It is prohibited to use the data of users below that age limit without the appropriate consent of parents/guardians. If, despite this, such data processing occurs, we will stop it as soon as we become aware of it and we will delete the data of such persons.

Failure to give consent

If you do not wish to provide us with personal data (except personal data related to the use of Internet communication protocols that are usually collected when visiting the website), you can still access our Site, but you will not be able to log in to the contact form.

Our website uses cookies. Cookies are text files that are stored in the computer system via the Internet browser.

The Electronic Communications Act stipulates that we can store cookies on your device if they are absolutely necessary for the operation of this Site. We need your consent for all other types of cookies. This Site uses different types of cookies. Some cookies are set by third parties that appear on our pages.

Necessary cookies

Necessary cookies help make the website useful, enabling basic functions such as navigating the Site and accessing secure areas of the website. The website cannot function properly without these cookies. Necessary cookies can be stored independently of the consent of the Site user in accordance with the law.

Purpose: Necessary for user search. It serves for the normal functioning of the website. Duration: session

Analytics cookies

These cookies collect information about how visitors use the website, for example which pages visitors visit most often. We use them to improve the functioning of our website. However, some of them may be third-party cookies, and the data we collect may be used for purposes unknown to us as the owner of the Site. See the privacy policies of those third-party processors for more information. Cookie name: _ga

Provider: Google Analytics | Google Ireland Ltd. | analytics.google.com | +35314361000

Barrow St, Grand Canal Dock, Dublin, 4, Ireland Purpose: uses Google Analytics to distinguish users Duration: Expires after 2 years by default. It is based on the consent of the subject. Cookie name: _gat Provider: Google Analytics | Google Ireland Ltd. | analytics.google.com | +35314361000 Barrow St, Grand Canal Dock, Dublin, 4, Ireland

Purpose: uses Google Analytics to regulate the request rate

Duration: temporary cookie, expires after 1 minute. It is based on the consent of the subject. Cookie name _gid

Provider: Google Analytics | Google Ireland Ltd. | analytics.google.com | +35314361000 Barrow St, Grand Canal Dock, Dublin, 4, Ireland

Purpose: is used to identify the user

Duration: temporary cookie, expires after 24 hours. It is based on the consent of the subject.

Marketing cookies

Marketing cookies are used to track visitors through websites. The intent is to show ads that are relevant to a particular user and encourage them to participate, which is important for third-party advertisers.

Cookie name: Facebook _fbp

Provider: Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States of America. If the person lives outside the United States of America or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data protection policy published by him is available at https://facebook.com/about/privacy/

Purpose: This cookie helps deliver ads to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook advertising. It is used by Facebook to deliver a series of advertisements on Facebook

Duration: session. It is based on the consent of the subject

Social networks

It collects personal data about its contacts on social networks (Facebook, Instagram, etc.) but does not contact them except in the case of responding to an inquiry or comment.

Data protection and use and use of: Facebook, Instagram

On its websites, the controller can integrate or has integrated components of the company Facebook, Instagram. Facebook and Instagram are social networks operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States of America. If the person lives outside the United States of America or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data protection rules published by Facebook and Instagram are available at https://facebook.com/about/privacy/ and https://help.instagram.com/519522125107875?helpref=page_content and provide information on the collection, processing and the use of personal data on these social networks.

Purposes, legal basis of processing and possible consequences of not providing personal data

When you provide your personal information, we will limit the use of the personal information to the purpose for which it was collected in accordance with the terms of this Privacy Policy. We process personal data based on your consent, legitimate interest, for the performance of a contractual obligation, and on the basis of a legal obligation. The processing of personal data is limited only to the purpose for which it was collected in accordance with the terms of this Privacy Policy. When we process data based on your consent, we process only the personal data that you voluntarily gave us when communicating with us, to answer your questions, when you fill out the application form for booking accommodation. The purpose of the process is to take steps according to your request, e.g. answering questions and comments, communicating about your activities on the site, receiving your requests for accommodation reservations and the like. Based on legitimate interest, we process personal data when you access our website (IP address), when we photograph the events and activities we organize, as well as when we record you with surveillance cameras when you visit our business locations. If we organize an event and other activities during which we will photograph and record guests, we will do so either on the basis of legitimate interest, of which you will be informed in advance and before entering the recording/photographing area, or you will be asked for your consent beforehand. The purpose of this processing includes the process of investigating suspected fraud, harassment, physical threats or other violations of the Site's rules, or any suspicious behaviour that we consider inappropriate. We process the recordings/pictures of the participants at our events for the purpose of promoting the event. To fulfil contractual obligations and on the basis of legal and sub-legal regulations, we are obliged to process your personal data when you purchase and use our services. Based on a legal obligation, we are obliged in the case when the law requires us to process certain data, such as e.g. a special law that prescribes what information we are obliged to collect about guests to whom we provide accommodation services, a law that requires us to keep received and issued invoices. The data of business partners and suppliers is specially processed (e.g. agreements regarding the execution of services), in addition we also process the contact data of business partners who are natural persons and their employees (e.g. first and last name, official telephone / mobile number, e-mail address), as well as customers due to issuing invoices.

Sources from which we collect your data

We may collect your personal data from the following sources:

-directly from you (via contact forms on the web, paper forms, e-mail correspondence, telephone conversations, personally through a conversation with you)

- from other persons (e.g. travel agencies and event organizers who provide us with your data related to your stay with us, online platforms where you booked services, from persons traveling with you, from persons employed or otherwise engaged by your employer with whom we have a contract for the provision of services). In such cases, we rely on the fact that the persons who provide us with your personal data or give instructions for their processing are authorized to do so and that they have given you all the necessary information, i.e. obtained your approval if the same is necessary for providing the data to us

- from publicly available sources (e.g. court register, websites of business entities and other publicly available information)

- through the video surveillance system installed in our premises

- if you provide us with personal data of other persons, it is your responsibility to ensure that the person whose data you have provided us with is familiar with it and informed about the way in which we use their personal data

Data collection sources

We may collect your personal data from the following sources:

- directly from you (via contact forms on the web, paper forms, e-mail correspondence, telephone conversations, personally through a conversation with you)

- from publicly available sources (e.g. court register, websites of business entities and other publicly available information)

- through the video surveillance system installed in our premises

or if you provide us with personal data of other persons, it is your responsibility to ensure that the person whose data you have provided us with is familiar with it and informed about the way in which we use their personal dana

Video surveillance

We use video surveillance in our premises for the following purposes:

about protecting the safety of employees and other persons who are in our business premises for any reason and protecting their property
about reducing the exposure of workers to the risk of robbery, burglary, violence, theft and similar events at work or in connection with work, and protecting our property about protecting the safety of guests and other persons who, for any reason, are on the premises under our control and the protection of their property
property protection of the Maksimilian accommodation facility
preventing unauthorized entry into the premises of the Maksimilian accommodation facility

The processing of personal data obtained through video surveillance is based on a legitimate interest in the protection of persons and property. Recordings are automatically deleted after a maximum of 6 months by dubbing newer content. Access to the video surveillance system is granted only to persons who need it for the performance of their tasks, and recordings are viewed only if we find out that there is a justified reason.

while there is a need and a legal basis for this. We do not deliver video surveillance recordings to third parties, except when there is a request or order for this from a competent state body (e.g. police, state attorney's office, courts, labour inspectorate). Recordings can be used as evidence in court, administrative, arbitration or other equivalent proceedings, in accordance with the valid procedural rules applicable in such proceedings. The video surveillance system is not connected to other systems, nor do we use video surveillance for profiling or automatic decision-making.

Recipients of personal data

We are obliged to submit personal data of guests to the national guest registration system - eVisitor. Exceptionally, based on a written request based on valid regulations, we are obliged to provide or provide access to certain personal data to competent state authorities (eg courts, police, regulatory bodies, etc.). Only when it is necessary to provide our service, personal data is forwarded to reliable partners (processors) for the purpose of enabling user support, maintaining the information system or similar needs with mandatory data protection measures.

Keeping your personal data

We process personal data only for the time necessary to achieve the purpose of processing them. Personal data that we process based on consent are processed only until you withdraw your consent, while you can object to the processing of personal data based on legitimate interest. We keep the personal data that we process based on your inquiries from the contact form for 2 years after receiving them, and we keep the data of business partners and suppliers until the end of business cooperation, and we do not deliver them to third parties, nor do we export them to third countries. In doing so, we do not collect any data of a private nature, but data related to the fulfilment of work tasks.

We store all other personal data that we process based on the execution of the contractual relationship and based on legal obligations in accordance with the positive regulations in which the time of their storage is determined (e.g. the Accounting Act). Exceptionally, we will keep your personal data longer than the stated deadlines when it is necessary to fulfil mutual legal requirements.

At the end of the term, we will destroy stored personal data printed on paper in a safe way, for example by cutting or burning, while we will irreversibly delete data in electronic form.

Your rights and exercise of rights

Right to rectification:

If we process your personal data that is incomplete or incorrect, you can ask us to correct or supplement it at any time.

Right of access:

You have the right to receive a confirmation about whether we process your personal data or not, and where this is the case, you have under the conditions of Art. 15 of the General Regulations to request access to this data.

Right to erasure:

You can ask us to delete your personal data, if we have processed them illegally or if this processing represents a disproportionate encroachment on your protected interests. Please consider that there are reasons that prevent immediate deletion, for example to comply with a legal obligation that requires processing.

Right to restriction of processing:

You can ask us to limit the processing of your data:

if you dispute the accuracy of the data during the period that allows us to verify the accuracy of the data
if the processing of the data was unlawful, but you refuse the erasure and instead request the restriction of the use of the data
if we no longer need the data for the intended purposes, but you still need them to fulfil legal requirements
if you have filed an objection regarding the distribution of this data

Right to data portability:

You can ask us to deliver the data you have entrusted to us for archiving in a structured form, in the usual machine-readable format: if we process this data on the basis of the consent you have given us and which you can revoke or for the performance of a contract
if the processing is carried out using automated processes

Right to object:

If we distribute your data for the purpose of performing tasks of public interest or tasks of public bodies, or when processing them, we refer to our legitimate interests, you can file a complaint against such data processing if there is an interest in protecting our data.

The right to object:

If you are of the opinion that we have violated Croatian or European data protection regulations when processing your data, please contact us in order to clarify any questions. You certainly have the right to file a complaint with the competent supervisory authority, namely the Personal Data Protection Agency (AZOP)

Exercise of rights

If you wish to exercise any of the above rights, please contact us using our contact details in this privacy policy.

When you submit a request in order to exercise your rights, we are obliged to establish your identity first, and for this purpose we will ask for additional information to verify it. This serves to protect your rights and private sphere.

If you would use any of the above rights too often and with the obvious intent of abuse, we may charge an administrative fee or refuse to process your request.

Security practices

The security of your personal data is extremely important to us, so we have put in place appropriate physical, electronic and management procedures to protect the data we collect. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or information stored on the Site or on our servers will be completely secure from unauthorized access by third parties. To the fullest extent permitted by applicable law, we disclaim all responsibility and liability for any damages you may suffer as a result of any loss, unauthorized access, misuse or alteration of any information you submit to the Site.

Changes and updates to our Privacy Policy

Maksimilian accommodation facility reserves the right to change or update these Privacy Policy at any time and without prior notice. Please check from time to time for any changes or updates to our Privacy Policy, which will be posted here and will show the updated effective date on the first page of the Privacy Policy if any changes or updates are made.

Contact information

If you have any questions or comments regarding the Website or the Privacy Policy, you can contact us via our contact page, which is available on the website www.maksimilian.hr via e-mail: info@maksimilian.hr and via phone: +385 31 497 567