INTRODUCTORY PROVISIONS

ISTRA D.M.C. d.o.o., Umag, Jadranska 66, Croatia, PIN: 91825575551, (hereinafter: ISTRA D.M.C.) respects your privacy and the safety of your personal data. The collection, use and processing of your personal data is carried out in accordance with these Privacy Rules and with the applicable legal provisions, including Regulation (EU) 2016/679 as of 27 April 2016 (hereinafter: General Regulation) and the Croatian Act on the Implementation of the General Data Protection Regulation (Official Gazette NN 42/2018).

In accordance with the principle of transparency, these Rules are intended to provide respondents with accurate, complete information about which of their personal data is collected, used, provided or otherwise processed by ISTRA D.M.C., as well as to which extent this data is processed or will be processed. Likewise, the aim of these Rules is to introduce individuals who use this internet portal to the risks, rules, protective measures and rights related to the processing of their personal data and the manner in which to exercise their rights as regards its processing.

These rules are valid and applicable regarding the collection, processing and protection of your personal data, as well as the use of cookies and other similar analytical tools when visiting, registering and using internet portal www.coloursofistria.com and all of their sub-domains, web pages and mobile phone applications that belong to the aforementioned domain names owned by ISTRA D.M.C. (hereinafter, collectively or individually: www.coloursofistria.com Internet Portals), software applications we provide you for use on personal computers or mobile devices (hereinafter: Applications), when sending e-mail containing a link to these Privacy Rules (hereinafter, collectively: Online Services).

The general rules and conditions of the www.coloursofistria.com Internet Portal are defined by separate rules and general conditions of use, and these rules and conditions shall be applied in everything not covered by the current Rules, under the condition that they are not in opposition to the provisions of these Privacy Rules.

PERSONAL DATA

Personal data is any data that can be used to confirm your identity. ISTRA D.M.C. can collect some of the following personal data:

- Name, surname, E-mail address, IP address

LEGAL BASIS FOR THE COLLECTION OF PERSONAL DATA

ISTRA D.M.C. collects and processes your personal data only if one of the assumptions listed below is fulfilled:

• We have your consent

Example: receiving our newsletter

If you wish to receive our newsletter, you will click the check box on the www.coloursofistria.com Internet Portal indicating that you wish to receive the newsletter, and you will enter the e-mail address to which you wish to receive the newsletter.

• Processing is required for the legitimate interests of the data processor or a third party

Example: in order to personalise your experience

ISTRA D.M.C. may use your personal data to improve its understanding of your interests in order to offer you other services or products that might interest you. This allows us to adjust our communication to make it relevant and more interesting to you.

PERSONAL DATA THAT IS COLLECTED

ISTRA D.M.C. collects data during access to the www.coloursofistria.com internet portal:

(i) When accessing the www.coloursofistria.com internet portal, the following are collected:

• Information on the use of the web page;
• Information on clicks on our advertisements, including those published on other web sites;
• Information on how you access digital services, e.g. operating system, web browser, IP address;

(ii) When sending inquiries or complaints, the following are collected:

• first name, last name, and e-mail address, or if you are logged in via a social network, then your name, user name and contact data.
• The content of digital communications, as well as which links you clicked on during communication
• The content of your complaints


(iii) When registering for our newsletter, the following is collected:

• E-mail address

In addition to directly from respondents, ISTRA D.M.C. can collect personal data from other sources under the following circumstances:

• If booking is carried out via a social network e.g. Facebook, Google+, you accept that we may use your user data, e.g. first name, last name, e-mail address or other information you have chosen to share;

In situations in which you give ISTRA D.M.C. the personal data of other persons, the following must be taken into account:

• ISTRA D.M.C. uses the data of other persons you provide to us
• When you provide data on other persons, you must be sure that they have consented to this and that you have the authority to do so in their name. Whenever possible, you must make sure that they are familiar with the processing of personal data from these Privacy rules.

HOW YOUR PERSONAL DATA IS USED

ISTRA D.M.C. processes the data collected to fulfil the purpose for which the data was provided, and/or to fulfil relevant regulations or legitimate interests arising from or tied to the use of the www.coloursofistria.com Internet Portal and the offering of desired services.

In accordance with this, ISTRA D.M.C. may use your personal data:

• To offer information you seek;
• To simplify the use of the www.coloursofistria.com internet portal by eliminating the need to frequently enter the same data;
• To aid in making content as relevant as possible to your interests, or to adjust the internet portal to your personal tendencies and interests – if you do not wish to receive personalised content, you are always able to complain by changing your online settings, or by contacting us via telephone or e-mail to update our data;
• To send notifications about important news concerning the internet portal;
• To prevent fraud or other forbidden or illegal activities;
• To protect the safety and integrity of the www.coloursofistria.com internet portal or those of ISTRA D.M.C.;
• For marketing and promotional purposes:
- To send you notifications about new services, updates to services, events and special offers we believe you may be interested in;
- To send you notifications about other companies and products we believe you may be interested in, but only if you have agreed to this type of communication beforehand,
- Marketing research to improve our services, in which case you are always free to refuse to cooperate.

WHO CAN SEE YOUR DATA

ISTRA D.M.C. does not sell, rent or lend your data to third parties.

ISTRA D.M.C. may share your data with trusted partners who perform particular functions for us, such as e.g. IT systems maintenance, marketing campaigns.

In any case, when ISTRA D.M.C. must share collected personal data, we demand that it is protected and not used for marketing purposes.

HOW TO PROTECT YOUR RIGHTS

You have the right to ask for a copy of all the personal data of yours we have collected. You may write to us if you wish for a copy of the other data we have collected from you, in which case you should list all details in order to help us identify and locate your personal data. Delivery of this data is free, but ISTRA D.M.C. retains the right to charge a reasonable fee for special requests, such as extra copies, special formatting, etc.

We want all your data to be correct and updated. If you notice that some of your data is inaccurate, please inform us.

Also, we would like to remind you of your right to ask for your personal data to be corrected or deleted, as well as your right to oppose the processing of your personal data. ISTRA D.M.C. will correct or erase your personal data, unless we are required to retain it out of legitimate legal or business interests.

If you have a complaint about the processing, use or storage of your personal data, feel free to contact us. If you are not satisfied with our response, you may contact the Croatian Personal Data Protection Agency.

All requests or complaints related to personal data collected by ISTRA D.M.C. are to be submitted in writing to the personal data protection agent. The request must contain the e-mail address you provided during check-in, as well as the e-mail address to which you wish to receive a response (if it is different from the e-mail address from which you sent the request). ISTRA D.M.C. will e-mail your data within a reasonable time frame to the e-mail address provided in the request.

The e-mail address of ISTRA D.M.C. personal data protection agent is: dpo@plavalaguna.com

We must point out that, prior to responding to your request, we may ask you for more information to confirm your identity. Also, we may ask you for more information to confirm whether you have approval to file a request if you are doing so in someone else's name.

SAFETY OF YOUR PERSONAL INFORMATION

We are completely dedicated to protecting data from unauthorised access, distribution or erasure, regardless of where it is stored or processed or of the format in which it is stored. ISTRA D.M.C. uses the services of trusted IT partners, who are required to apply high IT protection standards.

ISTRA D.M.C. applies recognised data security standards:

• We carry out technical and organisational protection measures based on risk,
• We minimise data exposure,
• We check collected information, storage and processing methods,
• Whenever possible, we pseudonymise and anonymise data,
• We test organisational and technical protection measures,
• We limit access to personal data to our employees, contract workers and representatives, for whom the use of personal data is limited and controlled on the basis of user tasks, and who are required to respect strict contractual confidentiality obligations.

ISTRA D.M.C. takes all measures to identify problems, as well as measures to minimise potential damages.

If the personal data we process is transferred outside the European Union and the European Economic Community as a necessity for the technical completion of services sought by users, then ISTRA D.M.C. will take reasonable measures to ensure that the persons outside the EU with whom the data is shared take appropriate measures to protect this data and to offer protection in accordance with these Privacy Rules.

PERIOD FOR WHICH PERSONAL DATA IS STORED

The period for which ISTRA D.M.C. stores your personal data is limited to a strict minimum, and in accordance with this, ISTRA D.M.C. defines the periods for which it stores or periodically checks particular personal data in order for it not to be kept longer than is necessary to fulfill the purposes for which it was collected.

After this period is over, ISTRA D.M.C. will erase the personal data. However, if this data is necesary to create statistical indicators, analyses, archiving or some other legitimate interest of ISTRA D.M.C., all measures will be taken to ensure that this personal data is anonymised.

USE OF COOKIES

ISTRA D.M.C. uses tools to analyse the use of the www.coloursofistria.com Internet Portal, through which we may collect particular data about you, thus gaining insight into the needs of our visitors and/or users, the goal of which is to improve the quality of our services.

Cookies are used for this purpose, as are some other tools.

The user and/or visitor may refuse or erase cookies through the relevant settings on their computer and the web browser they are using. However, this may prevent some functions of the www.coloursofistria.com Internet Portal from being fully usable.

The aforementioned tools collect and store some technical data, including user and/or visitor IP addresses.

For more information on cookies and the other tools we use, click here.

LINKS TO OTHER WEB SITES

This web site may contain links to other web sites managed by ISTRA D.M.C. or other organisations that have their own special privacy rules, so we inform you that you must familiarise yourself with their terms of use and privacy rules prior to providing them with any personal data, as ISTRA D.M.C. cannot assume any liability for these web sites or the organisations that manage them.

SOCIAL NETWORKS

This web site may use particular elements of social networks such as Facebook, Google+, Pinterest, etc, each of which have their own privacy rules, so we inform you that you must familiarise yourself with their terms of use and privacy rules prior to providing them with any personal data, as ISTRA D.M.C. cannot assume any liability for these web sites or the organisations that manage them.

CHANGES TO THE PRIVACY RULES

These Privacy Rules replace all prior versions.

The Privacy Rules were last updated in: May 2018.

ISTRA D.M.C. retains the right to change, modify and/or amend these Privacy Rules at any time. All changes to the Rules will be published on the www.coloursofistria.com Internet Portal; in the case of significant changes, you will be informed in a clear and understandable manner.