Penta travel agency Ltd (“we”, “us”, “our”, etc.) is the owner of the website www.penta-zagreb.hr (“Website”). We have created this privacy statement to demonstrate our commitment to privacy and to keep individuals informed about personal data collection and processing practices for this Website.
Collection of Data
Personal data is any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We do not collect personal data about individuals except when such individuals specifically provide such information on a voluntary basis. We gather your information when you fill out a contact form or a newsletter signup.
Examples of the information collected about your usage include: the top viewed and visited pages and links on our web site, number of form completions, time spent on pages, top keywords used offsite to lead customers to our website, your internet protocol (IP) address, information collected via cookies, device event information such as system activity, hardware settings, browser type, etc.
Processing of Data
Any of the information we collect from you may be used for one or more of the following purposes:
- To personalize your experience (the information will help us better respond to your individual needs);
- To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from our customers);
- To establish a primary channel of communication with you;
- To send periodic e-mails (for receiving occasional news (if accepted), updates, related product or service information, etc.)
Security of your information
To help protect the privacy of data and personally identifiable information you transmit through use of this Website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
Data subject rights
If you wish to confirm that we are processing your personal data, or to gain access to the personal data we may have about you, please contact us at firstname.lastname@example.org.
You may also request information about: the purpose of the processing; the categories of personal data concerned; who else except us might have received the data from us; what the source of the information was (if you didn’t provide it directly to us); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by us if it is inaccurate. You may request that we erase that data or cease processing it, subject to certain exceptions. You may also request that we cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal data. When technically feasible, we will—at your request—provide your personal data to you or transmit it directly to another controller.
Reasonable access to your personal data will be provided free of charge upon request made to us at email@example.com. If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.
Personal Data Breach Notification
In the event that your data is compromised, we will notify you and competent Supervisory Authority (ies) within 72 hours by e-mail with information about the extent of the breach, affected data, any impact on the service and our action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
We will not notify you if:
- we have implemented appropriate technical and organizational protection measures (such as encryption), and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it;
- we have taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize;
- it would involve disproportionate effort (In such a case, we will inform you in an equally effective manner by public communication or similar measure).
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the Service.