Personal Data Protection
In accordance with the General Data Protection Regulation (GDPR), we collect and process the personal data of our guests exclusively for the purpose of lawful check-in and check-out via the eVisitor system. The personal data collected include first name, surname, date of birth, nationality, type and number of identification document, date of arrival and departure, and address of residence. This data is used exclusively for the purpose of calculating the tourist tax and registering your stay with tourism and government institutions.
We ensure a high level of protection of your data by implementing appropriate security measures, including the use of complex passwords and data access protection. Your data will not be used for other purposes without your consent, unless required by law.
If you have any questions or requests regarding your personal data, please feel free to contact us or the responsible tourist board.
For more information about the protection of your data, you can read our GDPR notice or contact us directly.
More information:
Guidelines for GDPR compliance in eVisitor
With the entry into force of the General Data Protection Regulation (GDPR) on 25 May 2018, the
protection of personal data has become a continuous process that goes beyond formal compliance with
legal requirements. Everyone using the eVisitor system must ensure that data is processed lawfully,
fairly and transparently.
Here are some basic guidelines for doing so:
Identifying personal data – Find out what types of data are considered personal data.
Explaining the purpose of data collection – When you ask for personal data, you are obliged to
explain why it is needed.
Data control – Collect only the data you need, store it securely and delete it when it is no
longer needed.
Data confidentiality – Personal data is confidential and must not be shared or used for other
purposes.
Consulting with competent authorities – If you have any concerns, consult with competent authorities
or
data protection experts.
The Croatian National Tourist Board makes the following recommendations for working in the eVisitor system: Data is entered exclusively on the basis of the law (the Law on Tourist Tax and the Regulations on Tourist Registration). Data access – Access to the system must be ensured only to authorized persons. Use complex passwords and apply authentication protocols such as NIAS (eCitizens). Data protection – Ensure that access data is not available to third parties, including the physical security of documentation.
Data collection and processing:
Informing the guest – Explain why you are requesting an ID card and make sure that the data
will not be
used for purposes other than those prescribed by law.
Copying and retaining documents – Copying documents is permitted only in exceptional
situations, with
the guest being informed and respecting protection measures.
Consent for additional purposes – For data collected for other purposes (e.g. loyalty
programs), the
guest’s explicit consent must be requested.
Data Security and Access:
Caution when exchanging data – Use password protection when sending personal data via email.
Data Subject Rights – Guests have the right to know why their data is being collected, who
processes it
and to whom it is disclosed.
Data Breach Procedures: If a data breach occurs, you are required to report the incident to the Personal Data Protection Agency within 72 hours. These guidelines will help you keep your personal data secure.