PRIVACY POLICY
Thank you for visiting our website. Compliance with data protection regulations is of particular importance to us. The aim of this privacy policy is to inform you as a user of the website about the type, scope and purpose of the processing of personal data and your existing rights, insofar as you are considered a data subject within the meaning of Art. 4 No. 1 of the General Data Protection Regulation.
01. RESPONSIBLE BODY
This website and the range of services are operated by
OPG Plitvice Glamping Resort
Kristina Jovic
391a Slivno
21272 Slivno
Croatia
PHONE +49 163 209 66 66
E-MAIL info@zenzoneretreat.com
02. GENERAL
We have designed the website to collect as little data as possible from you. In doing so, we always ensure that your personal data is only processed in accordance with a legal basis or with your consent. We comply with the provisions of the General Data Protection Regulation (GDPR) in force since 25 May 2018 and the applicable national regulations, such as the Federal Data Protection Act, the Telecommunications Telemedia Data Protection Act or other more specific laws on data protection.
03. PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA
We always process your personal data for a specific purpose.
In summary, we process your personal data for the following purposes:
-
To be able to process your request when you contact us (e.g. e-mail address, first name, surname)
-
For the technical realisation of our website and to be able to provide you with our information on this website (e.g. IP address, cookies, browser information)
-
We collect information about you only in cases where you voluntarily provide us with this information, e.g. when subscribing to the newsletter, filling out the form at the resort, when giving your consent to be informed, booking accommodation (bookings via the website or by e-mail), when filling out the accommodation contract or when checking in at the reception of the resort.
​
The following applies with regard to the legal basis for the processing of your personal data:
​
We process personal data that is required for the establishment, implementation or processing of our range of services (contract processing) on the legal basis of Art. 6 para. 1 lit. b GDPR. Insofar as we obtain your consent for the processing of your personal data, the consent pursuant to Art. 6 para. 1 lit. a GDPR forms the legal basis for data processing. Data processing is also permitted if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms with regard to the processing of personal data do not outweigh this (Art. 6 para. 1 lit. f GDPR). Insofar as we use external service providers as part of commissioned data processing, the processing is carried out on the legal basis of Art. 28 GDPR.
​
​
04. COLLECTION OF PERSONAL DATA WHEN YOU VISIT OUR WEBSITE
When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
-
IP address
-
Date and time of the enquiry
-
Time zone difference to Greenwich Mean Time (GMT)
-
Content of the request (specific page)
-
Access status/HTTP status code
-
Amount of data transferred in each case
-
Website from which the request originates browser Operating system and its interface
-
Language and version of the browser software
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Further information on this can be found under "Cookies" in this privacy policy and in the consent management tool used.
05. INTEGRATION OF SERVICES FROM OTHER PROVIDERS
​
Our website uses content and services from other providers. These are, for example, services for the statistical analysis of the use of and visits to our website. In order for this data to be accessed and displayed in the user's browser, it is necessary to transmit the user's IP address to the third-party providers used.
Even if we endeavour to only use third-party providers who only need the IP address to deliver content or even work with anonymised IP addresses, we have no influence on whether the IP address may be stored. Information on the third-party providers used can be found below in this privacy policy.
​
​
WIX
1. Type and scope of processing
Our website was created with the website construction kit system Wix. Wix is a service of Wix.com, Inc. and offers web development technology, web design and layout tools, domain hosting and other applications for marketing and workflow management.
We use Wix for web hosting and the presentation of our website, among other things. In addition, Wix collects statistical data about visits to our website.
The following data is usually transmitted: website accessed, date and time of access, amount of data transferred, notification of whether an access was successful, browser type and browser version, the user's operating system, the previously visited website (referrer) and the IP address.
This log data is processed exclusively for the above-mentioned purposes and to maintain the security, functionality and optimisation of the Wix website.
2. Purpose and legal basis
The service is used on the basis of our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offering in accordance with Art. 6 para. 1 lit. f. GDPR.
​
3. Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Wix.com, Inc. Further information can be found in the privacy policy for Wix: https://de.wix.com/about/privacy.
​
​
SENTRY
1. Type and scope of processing
We use Sentry from Functional Software, Inc, 132 Hawthorne St San Francisco, CA 94107, United States as a bug tracker to detect code errors at an early stage and thus ensure the technical functionality of our online offering. Anonymous information is collected about the device on which the error occurred and the time at which the error was recognised. In some cases, user sessions may also be recorded to make it easier to rectify the error. Functional Software, Inc. does not analyse this data for advertising purposes.
​
2. Purpose and legal basis
Sentry is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g. in the USA), we have agreed other suitable guarantees with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, prior to such a third country transfer, we will obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
​
3. Storage period
The exact storage period varies from case to case. Data is deleted as soon as we have rectified the error and no longer require access to error details. Further information on the storage period on the part of Functional Software, Inc. can be found in the privacy policy for Sentry: https://sentry.io/privacy/.
​
​
WIX CDN
1. Type and scope of processing
We use Wix CDN to properly provide the content of our website. Wix CDN is a service of Wix.com, Inc, which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our online offering, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Wix.com, Inc, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Wix CDN.
​
2. Purpose and legal basis
The Content Delivery Network is used on the basis of our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.
​
3. Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Wix.com, Inc. Further information can be found in the privacy policy for Wix CDN: https://de.wix.com/about/privacy.
​
​
GOOGLE FONTS
1. Type and scope of processing
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to servers of Google Ireland Limited, whereby your IP address is transmitted.
2. Purpose and legal basis
The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g. in the USA), we have agreed other suitable guarantees with the recipients of the data within the meaning of Art. 44 et seq.GDPR have been agreed.Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, prior to such a third country transfer, we will obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
​
3. Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.
​
​
GOOGLE reCAPTCHA
1. Type and scope of processing
We have integrated Google reCAPTCHA components on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a programme. When you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user's dwell time and mouse movements in order to distinguish automated requests from human ones. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.
​
2. Purpose and legal basis
The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g. in the USA), we have agreed other suitable guarantees with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
​
3. Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.
​
GOOGLE MAPS
​
1. Type and scope of processing
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to servers of Google Ireland Limited, whereby your IP address is transmitted.
​
2. Purpose and legal basis
The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g. in the USA), we have agreed other suitable guarantees with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, prior to such a third country transfer, we will obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
​
3. Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.
​
​
06. COOKIES
Cookies are small text files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent as well as information about the age of the cookie and an alphanumeric identifier.Cookies enable our systems to recognise the user's device and make any default settings immediately available. As soon as a user accesses the platform, a cookie is transferred to the hard drive of the user's computer. Cookies help us to improve our website and offer you a better and more personalised service. They enable us to recognise your computer or (mobile) device when you return to our website and thereby:
-
Store information about your favourite activities on the website and thus tailor our website to your individual interests.
-
To speed up the processing of your enquiries.
We work together with third-party services that support us in making the Internet offer and the website more interesting for you. Cookies from these partner companies (third-party providers) are therefore also stored on your hard drive when you visit the website. These are cookies that are automatically deleted after the specified time. For more information on the individual third-party providers, please refer to the Cookie Consent Tool and the data protection information contained therein.
If you do not wish to use browser cookies, you can set your browser so that the storage of cookies is not accepted.Please note that in this case you may only be able to use our website to a limited extent or not at all.If you only want to accept our own cookies, but not the cookies of our service providers and partners, you can select the setting in your browser "Block third-party cookies". We accept no responsibility for the use of third-party cookies.
​
​
07. CONTACT (CONTACT FORM)
​
You can contact us by e-mail or via our contact form. In this case, we store the personal data you provide in order to process your request and to contact you to process your request. If we request information via our contact form, we have marked the mandatory fields required for contacting us accordingly (asterisk). The voluntary information is used to specify your enquiry and to improve the processing of your request. The requested data is transmitted to us by you on a purely voluntary basis.
Depending on the type of enquiry, the legal basis for this processing is Art. 6 para. 1 lit. b GDPR for enquiries that you make yourself as part of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. f GDPR if your enquiry is of a different nature.The legitimate interest follows from the purposes mentioned under point 4 a.). If personal data is requested that we do not need for the fulfilment of a contract or to protect legitimate interests, it will be transmitted to us on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
​
​
08. SOCIAL MEDIA PRESENCE
​
In order to present our company in the best possible way and to communicate with you as a user, customer or interested party and to inform you about the services we offer, we make use of our presence on social networks. When using social networks, data is processed outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection as exists in the EU cannot be guaranteed in all countries outside the EU.
In this context, it can lead to risks for you as a user if the transmitted data is processed in so-called third countries with an inadequate level of data protection.
This makes it more difficult to enforce known user rights. In addition, your data may not be processed in your interest by the provider in the third country.
In the USA, there is no level of data protection comparable to the requirements of the GDPR. It is possible that government agencies may access personal data without us or you being aware of this. Enforcement of your rights is probably not possible in the USA.
In addition to the respective provider of a social network, we also collect and process personal user data on so-called "fan pages". This notice informs you which data we collect from you on our social media pages, how we use it and how you can object to the use of your data. The respective data processing purposes and data categories can be found in the respective offer listed in more detail below.
The activities in social media operated by us and described in more detail below are carried out on the basis of a balancing of interests in accordance with Art. 6 para. 1 lit. f) GDPR.
​
To achieve this, cookies are used which record user behaviour and enable the user to be profiled.
​
A specific list of the purposes for which user data is processed can be found in the data protection notices of the respective providers. By making the appropriate settings in your user account, you can restrict profiling, at least to a certain extent. For the exact procedure, please read the corresponding data protection information of the respective provider.
​
The relevant platforms are:
Facebook / Instagram / Tripadviser
​
OPG Plitvice Glamping Resort operates profiles on the listed platforms in order to draw attention to products and services and to interact with customers, interested parties and other users of the platform.
​
In this context, the platform operators also use certain data that they have collected from users of the platform (e.g. whether a photo on a profile has been "liked" or commented on) to create aggregated usage statistics and make them available to the respective operators of the profile (so-called "insights" or "analytics"). We as the profile operator also receive such usage statistics. The information we receive as profile operators does not allow us to draw any conclusions about individual users. The profile operator itself has no access to personal data that the platform operator processes for the creation of usage statistics. Only the respective platform operator determines which data is processed for these purposes and how. As the profile operator, OPG Plitvice Glamping Resort has no legal or actual influence on the processing by the platform operators.For processing in connection with the creation of usage statistics, OPG Plitvice Glamping Resort and the respective platform operator are considered joint controllers within the meaning of Art. 26 GDPR.
​
Where possible, there are agreements on joint responsibility with the respective platform operators.
​
In addition, data processing by OPG Plitvice Glamping Resort as the profile operator only takes place to a very limited extent:
-
Processing of usernames and comments that are deleted due to violation of netiquette. These will be retained within the limitation period to provide any necessary evidence in the event of legal disputes.
-
Processing of usernames and individual messages when you contact us via messenger services
For these purposes, we generally only process your name, message content, comment content and the profile information you have made "public".
​
09. RIGHTS OF THE DATA SUBJECTS
You have the right
​
-
to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
-
in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us
-
in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
-
in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
-
in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller (data portability)
-
in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and
-
to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
-
Right to object
-
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
-
If you wish to exercise your right of cancellation or objection, simply send an email to info@zenzoneretreat.com.
10. FORWARDING OF YOUR PERSONAL DATA
​
Your personal data will be passed on as described below.
Data will also be passed on if we are authorised or obliged to pass on data due to legal provisions and/or official or court orders. In particular, this may involve the provision of information for the purposes of criminal prosecution, defence against danger or the enforcement of intellectual property rights.
If your data is passed on to service providers to the extent necessary, they will only have access to your personal data to the extent necessary to fulfil their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR. Insofar as your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR, we ensure that the processing of personal data is carried out in accordance with the General Data Protection Regulation.
We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection comparable to the standards within the EU is established at the recipient before your personal data is transferred. This can be achieved, for example, by means of EU standard contracts or binding corporate rules or special agreements to which the company may be subject.
11. DATA SECURITY
We use technical and organisational measures to secure our website against loss, destruction, access, modification or dissemination of your data by unauthorised persons.
In particular, your personal data is transmitted to us in encrypted form. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) coding system. Our security measures are continuously improved in line with technological developments.
​
​
12. STORAGE PERIOD FOR THE PERSONAL DATA
With regard to the storage period, we delete personal data as soon as its storage is no longer necessary for the fulfilment of the original purpose and there are no longer any statutory retention periods. The statutory retention periods form the criterion for the final duration of the storage of personal data. Once the period has expired, the corresponding data is routinely deleted. If retention periods exist, processing is restricted by blocking the data.
13. REFERENCES AND LINKS
When calling up Internet pages to which reference is made on our website, you may be asked again for information such as your name, address, e-mail address, browser properties, etc. This privacy policy does not regulate the collection, disclosure or handling of personal data by third parties. This data protection declaration does not regulate the collection, disclosure or handling of personal data by third parties.Third-party service providers may have different and separate provisions regarding the collection, processing and use of personal data. It is therefore advisable to inform yourself on the websites of third parties about their practices regarding the handling of personal data before entering personal data.
​
​
14. RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT AUTHORITY
​
You can send a complaint about the collection and processing of data to the supervisory authority at any time. In the Republic of Croatia, complaints are submitted to the Agency for Personal Data Protection (Croatian: Agencija za zaštitu osobnih podataka, AZOP).
​
​
Status: January 2024