GRABAHOME d.o.o. cares about your privacy and safety of your personal data as controller in terms of General Data Protection Regulation and determines:
- what data will be collected;
- how data will be collected and used;
- with whom data will be shared and why;
- how your data is protected;
- what are your rights in the protection of collected data;
What data we collect ?
Since we are committed to protecting your personal data, the collection of data is limited to only the information we need to provide our service. In that sense we collect:
- information about your name and surname;
- information about your nationality;
- information about your gender;
- information about your age;
- information about your e-mail address;
- information about your phone number;
- information about digital nomad lifestyle preferences;
- data on financial transactions;
- user data on the use of the site;
Regarding the article 9. of the General Data Protection Regulation it is important to note that we do not collect or process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
How do we collect data ?
Through Google Form „Digital Nomad Valley Zadar“, we collect data related to the data subject’s name and surname, nationality, gender and date of birth, e-mail address, phone number, occupation and digital nomad lifestyle preferences. This is the data that the data subject provides by submitting the Google Form „Digital Nomad Valley Zadar”, and it is considered that by submitting the Google Form „Digital Nomad Valley Zadar“ the data subject gives consent to the processing of personal data.
Other data are collected while browsing the site. By accessing the site the user accepts to have given consent which is the legal basis for data processing. The consent may be revoked at any time.
How do we use your data ?
In accordance to the Chapter II. of the General Data Protection Regulation, it is important to us to provide lawful, fair and transparent processing of the personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
In order for the processing of personal data to be lawful, we use the personal data for:
- the purpose for which they were given,
- the purpose for which the consent was given,
In order to provide transparent processing of the personal data, we take appropriate measures to facilitate the exercise of data subjects’ rights relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
We use the personal data (those given to us through Google Forms and those we collect during browsing of the site):
to enable the use of the site, to provide and improve the advertising and reservation service, to adapt the content, to provide information
to enable communication with other users, writing reviews, providing customer support
- to improve the experience of using the website, to conduct surveys, to create analysis, send customized messages and special offers, and to meet legal obligations.
The personal data of the respondents are stored and processed for as long as it is necessary to provide our service, until the expiration of the purpose of their collection or revoking the consent.
With whom we share your personal data ?
We share the personal data only with Falkensteiner Borik and other external partners solely for the purpose of providing our service. Third parties will come into contact with this personal data exclusively within the scope of providing our service and possibly for the purposes of functioning of the website, keeping statistics, records, financial operations of the website and for the purposes of legal regulation of our activities.
If the law obliges us to obtain the consent of the data subject or for some other reason we deem it necessary, we will request it before sharing the personal data.
What are your rights in the protection of personal data ?
Right of access
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure – “right to be forgotten”
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing, if the data subject objects to the processing, if the personal data have been unlawfully processed, if the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject, if the personal data have been collected in relation to the offer of information society services directly to the child.
Where the controller has made the personal data public and is to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of those personal data.
Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted in accordance with the foregoing, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.
Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or on a contract and where the processing is carried out by automated means. In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
The data subject may exercise his or her right to object by automated means using technical specifications.
Where personal data are processed for statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object to the processing of personal data concerning him or her, unless the processing is necessary for the performing of a task carried out for reasons of public interest.
The data subject has the right to file an objection to the Personal Data Protection Agency.
Right to oppose profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. However, the above does not apply if the decision:
- is necessary for entering into, or performance of, a contract between the data subject and a data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
- is based on the data subject’s explicit consent.
In those cases the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
For more questions regarding the processing of personal data, please contact us at the e-mail address email@example.com.
Personal data protection measures
GRABAHOME d.o.o. implements appropriate technical and organizational protection measures aimed at ensuring the security and confidentiality of personal data processing and the prevention of unauthorised access or unauthorised disposal of personal data and technical equipment used by the controller. Those protection measures ensure that personal data are not automatically available to an unlimited number of persons who are not authorised to process them. The data is stored in electronic form and security measures refer to IT security measures, such as access to data exclusively using a username and appropriate password. Also, the protection of data stored in electronic form implies the application of appropriate protection programs that prevent unauthorised access to data. GRABAHOME d.o.o. as the controller guarantees the implementation of appropriate technical and organizational measures in such a way that the processing complies with the requirements of the General Data Protection Regulation and that it ensures the protection of the rights of the data subjects.
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Personal Data Protection Agency, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
Personal data may be processed within the period required for a particular processing purpose, which should be communicated to the data subjects in the privacy information provided to them.
After the retention period, personal data must be deleted and/or anonymised.
In accordance with the provisions of the General Regulation, GRABAHOME d.o.o. as the controller of the processing keeps records of processing activities in written and electronic form.
Data protection officer: firstname.lastname@example.org