Small Giants Water

Privacy Policy

This Privacy Policy of the Tourist Board of Šibenik-Knin County (from now on Tourist Board), Fra Nikole Ružića bb, 22000 Šibenik, VAT#: 84890928370 as the Personal Data Processing Manager establishes the conditions and methods of collecting and processing personal data in accordance with the General Regulation (EU) 2016/679 of the European Parliament and the European Council of April 27, 2016 on the protection of individuals in connection with the processing of personal data and on the free movement of such data supersedes Directive 95/46/EC (General Data Protection Regulation), (from now on: Regulation ), and in accordance with the Act of the General Data Protection Regulation (Official Gazette No. 42/18).

1. Purpose and legal basis for processing personal data

Tourist Board as the manager of personal data processing (from now on the Manager) is essential to protect the security and privacy of your personal data in our business, therefore we operate by the Regulation on the Protection of Personal Data (EU) 2016/679 (GDPR) and relevant laws on the protection of personal data. We hope that the policy described below will help you understand what data it may collect, how it is used and stored, and with whom we may share it.1.1. 

As the Manager, we process the necessary personal data for the following purposes:
a) processing of personal data of participants in the network of water refill stations
b) processing of personal data for registration in the Small Giants Register (to be filled in by parents/guardians in the case of persons under the age of 16)
c) issuing invoices for billing products and services
d) processing of complaints,
e) processing inquiries about services,

The company is the processing manager for the personal data it has at its disposal, and in doing so it collects, processes, and stores personal data of:
– external associates and
- users of Tourist Board services
in accordance with the methods and deadlines determined by the legal and sub-legal regulations that regulate the Tourist Board operations and in accordance with the positive legal regulations on data protection.

1.2. Personal data, which are not within the scope of the above, and which were collected as part of business activities, are processed by the Tourist Board exclusively on the basis of the previously given consent of the data subject in the sense of Article 6, paragraph 1, point (a) of the General Data Protection Regulation (GDPR) 2016/679.

We process your personal data on the basis of consent in the sense of Article 6, paragraph 1, point (a) of the General Regulation, namely:
- for the purpose of better functioning of all features of the website https://www.smallgiantswater.com/ and enabling a better user experience.
- for the purpose of monitoring and improving the quality of services: Your satisfaction is extremely important to us, and for this purpose we use questionnaires in which you can rate our services and make comments. In doing so, you decide for yourself whether you will fill out such questionnaires and whether and to what extent you will provide personal data in them;
 – for the purpose of connecting with us via social networks in order to respond to your inquiries;
- sending newsletters.

The need to collect the above-mentioned data may arise from our legal obligation, for the purpose of concluding and performing services from the contract, based on legitimate interest but also based on your consent. When consent is the basis for data collection, we will make this clear. The processing of Personal Data is limited only to the purpose for which it was collected in accordance with the terms of this Privacy Policy.

2. Website Cookies 

Internet pages use the so-called cookies – text files placed on the user's computer by the Internet server, through which the Internet access service provider (ISP) displays the website. Cookies are created when the browser on the user's device loads the visited web destination, which then sends data to the browser and creates a text file (cookie). The browser retrieves and sends a cookie to the website server when the user returns to it. The Law on Electronic Communications stipulates that we can store cookies on your device if they are absolutely necessary for the operation of this site. We need your consent for all other types of cookies. The website uses different types of cookies. Some cookies are set by third parties that appear on our pages.

The official websites use the so-called cookies – text files placed on the user's computer by the Internet server, through which the Internet access service provider (ISP) displays the website.

Cookies are created when the browser on the user's device loads the visited web destination, which then sends data to the browser and creates a text file (cookie). The browser retrieves and sends a cookie to the website server when the user returns to it.

The site in question uses technical cookies that are necessary for the functioning of the website and functional cookies that enable the website to provide improved functionality and personalization.

Although you can use our website without providing any personal information, after you contact us through our contact form or directly through our e-mail addresses, the Company collects information about you. The information you fill in (personal information such as your first and last name, e-mail address) or send by direct e-mail message will be processed and stored so that we can contact you and respond to your request. The Company will not share your personal information with any third party or allow them access. The data will be used exclusively for the purpose of further contacting and responding to your inquiry.

To use certain contents of our website, you must register and provide us with your personal data (name and surname, phone number, email address, password and other data required during registration), which we store until the moment you request the deletion of your registration.

If you are under the age of 16, you must provide the consent of the holder of parental responsibility before providing personal data. Through its own website, the Tourist Board does not knowingly collect personal data of children under the age of 16 without the appropriate consent of the holder of parental responsibility. If you are under the age of 16, please do not send us any personal information, including your name, address, telephone number or email address without the consent of your parent or guardian. In any case where we learn that we have collected or received personal data of a child under the age of 16, without the consent of the holder of parental responsibility, we will delete such data without delay. If you have information that we have received the data of a child under the age of 16, please contact us by e-mail of the data protection officer.

Our websites contain links to other websites and social media sites, and our Privacy Policy does not apply to them. We recommend that you read the privacy protection terms of every website and social network you visit, and especially where you leave data.

Necessary cookies

Necessary cookies help make the website useful, enabling basic functions such as navigating the Site and accessing secure areas of the website. The website cannot function properly without those cookies. Necessary cookies can be stored independently of the consent of the Site user in accordance with the law.

Analytics cookies

These cookies collect information about how visitors use the website, such as which pages visitors visit most often. We use them to improve the functioning of our website. However, some of them may be third-party cookies, and the data we collect may be used for purposes unknown to us as the owner of the Site. See the privacy policies of those third-party processors for more information.

Provisions on the protection of data on the application and use of Facebook and Instagram

On its websites, the controller may integrate or has integrated components of the company Facebook and Instagram

Facebook and Instagram are social networks operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States of America. If the person lives outside the United States of America or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data protection rules published by Facebook and Instagram are available at https://facebook.com/about/privacy/ and https://help.instagram.com/519522125107875?helpref=page_content and provide information on the collection, processing and the use of personal data on those social networks.

Consent management

You can always revoke the consents granted to us. If you revoke your consent, we will no longer process your data for the stated purposes, but this does not affect the legality of the processing before the revocation of consent.

3. What are your rights regarding the processing of personal data

To exercise your rights, you can contact us in writing at the address of the Šibenik-Knin County Tourist Board, Fra Nikole Ružića bb, 22000 Šibenik, or by email at info@dalmatiasibenik.hr using our contact information listed on the official website dalmatiasibenik.hr.

Your rights include:

3.1. The right to access personal data

You have the right to access your personal data that we process about you; you can request detailed information, in particular, about the purpose of their processing, about the type/categories of personal data that are processed, including insight into your personal data, about recipients or categories of recipients, and about the intended period in which personal data will be stored. Access to personal data can be restricted only in cases prescribed by Union law or our national legislation, i.e. when such restriction respects the essence of the fundamental rights and freedoms of others.

3.2. The right to correct personal data

You have the right to request the correction or addition of personal data if your data is not correct, complete and up-to-date. To do this, send your request to us as the controller in writing, including electronic form of communication.
Please note that in the request it is necessary to specify what is not correct, complete or up-to-date and in what sense the above should be corrected and submit the necessary documentation in support of your allegations.

3.3. Right to data deletion 

You have the right to request the deletion of personal data relating to you if one of the following conditions is met:
 – Your personal data is no longer necessary in relation to the purpose for which we collected or processed it;
 – you have withdrawn the consent on which the processing is based in accordance with Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) and if there is no other legal basis for the processing;
 - you have objected to the processing of your personal data in accordance with Article 21, paragraph 1 of the General Data Protection Regulation and if there are no stronger legitimate reasons for the processing;
 – personal data were illegally processed;
 - personal data must be deleted in order to comply with a legal obligation under the law of the Union or the law of the country to which the controller is subject
 - personal data were collected in connection with the offer of information society services from Article 8, paragraph 1.

3.3.1. Exceptions related to the exercise of the aforementioned right are provided for in Article 17, Paragraph 3 of the General Regulation

The aforementioned rights are not applicable to the extent that processing is necessary:
 - in order to exercise the right to freedom of expression and information;
 - to comply with a legal obligation that requires processing under the law of the Union or the law of a Member State to which the controller is subject, or for the performance of a task in the public interest or in the exercise of the official authority of the controller;
 - for the purposes of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1, to the extent that it is likely that the right from paragraph 1 can prevent or seriously threaten the achievement of the goals of that processing; or
 - in order to establish, realize or defend legal claims.

3.4. The right to restrict the processing of personal data

You have the right to obtain restriction of processing if:
 – you dispute their accuracy
 – if the processing is illegal, and you object to their deletion
 - if the data controller no longer needs personal data, but you have requested it in order to establish, exercise or defend legal claims
 - if you objected to the processing of your personal data.

3.5. The right to object

If we refer to our legitimate interests when processing your data, you can file an objection against such processing.

The respondent has the right subsequently, at any time, to withdraw the previously given consent to the processing of his personal data for one or more purposes, noting that the withdrawal of consent does not affect the legality of the processing that was based on consent before it was withdrawn. With a valid withdrawal of consent, the data controller will stop further processing and delete the personal data of the Respondent that was based on consent, assuming that there is no other purpose and legality of the processing that justifies the further retention of such data.

We draw the respondent's special attention to the right to submit an objection to the processing of personal data when the legality of the processing is based on the performance of tasks in the public interest or in the exercise of the official authority of the data controller, i.e. when the processing is based on the legitimate interest of the data controller or a third party, including creation of a profile based on the mentioned legalities of processing. The data controller may no longer process personal data unless the data controller proves that there are compelling legitimate reasons for the processing that go beyond the interests, rights and freedoms of the Data Subject or to establish, exercise or defend legal claims.

The respondent exercises his rights by submitting requests or objections: in writing or personally delivering them to the address (Tourist Board of Šibenik-Knin County, Fra Nikola Ružića bb, 22000 Šibenik, or via email at info@dalmatiasibenik.hr).

4. Recipients of personal data:

We can forward your personal data to processors with whom we have entered into contracts in which the handling of personal data is prescribed in detail, therefore they are not able to process your personal data without our order and forward them to third parties, as follows:
– providers of information and communication solutions and services,
- entities authorized by us to process personal data, which are subject to the appropriate legal obligation of confidentiality (processors);
- to law enforcement services and public authorities when required by applicable law or in good faith (for the purpose of protecting and defending our rights and/or property or to act in urgent circumstances to protect the safety of property and persons, in accordance with the legal obligation we have as a provider service in accordance with the registered activity),
– to our legal advisors in the event of the need to forward data for legal procedures,
- to business partners for their needs only in accordance with appropriate legal grounds.

The personal data of the Respondent with whom it is intended to enter into an Employment Agreement may also be submitted to the educational institution where the Respondent obtained his degree in order to verify the accuracy of the data.

In certain circumstances, we have a legal obligation to forward your personal data, and the processing of personal data may also include the international transfer of the same. The legal obligation may arise from national regulations or from EU regulations. Therefore, your data can be forwarded to other recipients when we are bound by the relevant regulations to the extent necessary to achieve the established purpose.

Your personal data will not be passed on to third parties for direct marketing purposes.

5. Personal data security

The data controller undertakes appropriate technical and organizational measures to ensure the appropriate level of security of the Data Subject's personal data, taking into account the nature, scope, context and purposes of the processing, as well as the risk of different levels of probability and severity for the rights and freedoms of individuals. The Respondent's personal data is processed lawfully, confidentially and only for the purpose for which it was collected, in accordance with the regulations governing the area of personal data protection and information security. All employees of the processing manager undertake to keep personal data by signing a confidentiality statement.

6. Time period of storage of personal data

The Respondent's personal data is processed until the purpose of personal data processing is fulfilled. After the end of the purpose for which they were collected, personal data are no longer used, and they remain in the storage system and are stored in accordance with acts on the protection of archival and registry materials, for up to five years. For the selected Respondent, with whom the Employment Contract is concluded, personal data is stored permanently.

If personal data is evidence in a judicial, administrative, arbitration or other equivalent procedure, it will be stored longer than the storage period prescribed by law or other act, until the final end of the procedure.

7. Information about the data protection officer - contact information

In order to exercise your rights, you can contact us by e-mail to the e-mail address info@dalmatiasibenik.hr or by mail to the address: Tourist Board of Šibenik-Knin County, Fra Nikole Ružića bb, 22000 Šibenik, or by e-mail).

8. The right to submit a complaint to the competent authority

At any time, you can file a complaint directly with the competent supervisory authority, especially in the European Union country where you have your usual residence, place of work or place of personal data breach, i.e. if you believe that the processing of your personal data is unlawful.

The direct contacts of the competent supervisory body in the Republic of Croatia are:

PERSONAL DATA PROTECTION AGENCY 
(AGENCIJA ZA ZAŠTITU OSOBNIH PODATAKA - AZOP)

Selska cesta 136
HR – 10 000 Zagreb
e-mail: azop@azop.hr
Tel. 00385 (0)1 4609-000
Fax. 00385 (0)1 4609-099
Web: https://www.azop.hr 

9. Privacy Policy Changes

We regularly update the privacy policy so that it is accurate and up-to-date, and we reserve the right to change its content if we deem it necessary. You will be informed about all changes and additions in a timely manner through our website in accordance with the principle of transparency.

10. Questions and comments

The controller will respond to all requests of the respondents in accordance with the General Data Protection Regulation 2016/679 (GDPR). If you have any questions or comments about the data protection policy and in order for us to respond to all your inquiries regarding the processing of your personal data, please contact us in writing at the e-mail address: info@dalmatiasibenik.hr.