Privacy Policy | San Canzian

1. Introduction

With this document, we want to provide you with clear and transparent information about what personal data we collect and process when you visit our website, book accommodation in our facilities, stay and use services in our facilities or you communicate with us for some other reasons.

The privacy notice contains the types of your personal data that we collect, the purposes for which we use them, the legal bases with which we do this, the terms for which we keep them, with whom we share them, and how you can exercise your rights related to the processing.

2. About us – contact

Controller: Sileo Resorts d.o.o.

Ulica kneza Branimira 41/1, Zagreb,

PIN: 42460248495

Data Protection Officer: [email protected]

3. Types of personal data we collect

The data we collect and process depends on your relationship with us and the reasons for our communication. The categories of personal data we collect, with examples for each category:

Identification data
- Name and surname, date of birth, gender, PIN, number of identification document
Contact information
- Address, e-mail address, telephone number
Financial data
- Payment information and account number, type and number of credit/debit card.
Data on stay and use of services
- Period of stay, room number, date and type of service you used (stay, consumption of food and drinks, spa and wellness services, prices)
Footage of the video surveillance system
Technical data about the device
- IP address, login data, location data, time zone, browser type and version, operating system and other data about the device you use to access the website
Usage data
- Information about how and in what way you use our website, products and services. Available data during the availability check of accommodation units.
Marketing data
- Information about your contact preferences.
Telephone communication data
- Number of callers, recording of the conversation, duration of the conversation
Information about your preferences
- Information about what kind of room you want, type of bedding and similar special requests.

Special categories of personal data

Special categories of personal data are data on race, ethnicity, religious or philosophical beliefs, sexual orientation, political views, union membership, data on your health, genetic and biometric data.
As a rule, we do not collect these types of data, except in the following exceptional cases:
- We collect and process your health data related to allergies, if you have warned us about it, and only with your express consent;
- As part of providing spa and wellness services, we collect data related to health, in accordance with your express consent;
- If you have publicly published some of the above data.

4. Purposes of data collection and legal bases

Accommodation reservation and stay in the facilities

Purpose of processing	Data type	Legal basis
Accommodation reservation, communication before guest arrival Reservation of stay dates, selection of facility and room type, choice of payment terms Sending a booking confirmation Booking management Preparation of documentation in accordance with accounting regulations Communication before guest arrival	Identification data Contact data Financial data Information about your preferences Data on telephone communication (if this is the reservation/communication channel)	Compliance with legal obligations Contract conclusion and execution Legitimate interest (business management and service/product management)
Registration (check-in) / Check-out and related actions Check-in and check-out of guests, room assignment; guest registration in internal systems, connection to requested offers and services, registration of data in the e-Visitor system Recording guest preferences and requests and possibilities for further communication Use of parking, luggage storage, issuing hotel key cards	Identification data Contact data Financial data Data on your preferences Data on stay and use of services Marketing data Car registration number	Compliance with legal obligations Contract execution Legitimate interest (guest record-keeping, communication, and business management) Explicit consent (health and allergy data)
Reservation and use of services during the stay Examples of additional services include using restaurants, bars, spa and wellness facilities Booking and organizing excursions and transfers Booking and using fitness programs	Identification data Contact data Financial data Data on your preferences Data on stay and use of services	Contract execution Legitimate interest (guest record-keeping, communication, and business management) Explicit consent (health data)
Guest complaints Keeping records of guest complaints	Identification data Data on stay and use of services Technical data (IP address) Data on the complaint	Legitimate interest (business management, service improvement)
Compensation claims Recording guest compensation claims	Identification data Data on stay and use of services Data on the compensation claim	Legal obligation Legitimate interest (business management, service improvement)
Video surveillance Use of video surveillance systems for the protection of persons and hotel property	Video surveillance footage	Legitimate interest (protection of persons and hotel property)
Enabling the use of the wi-fi network Connecting the guest to the internet via the hotel wi-fi network	Technical data Usage data	Contract execution Legitimate interest (maintaining IT system security)

Marketing, advertising, and website usage

Purpose of processing	Data type	Legal basis
Direct e-mail marketing Sending emails to guests who stayed at the hotel, with information and offers about related services Sending emails to individuals who subscribed to the newsletter with promotional materials and special offers	Identification data (name) Contact data (email address) Interests	Legitimate interest (communication with the guest, marketing strategy) Consent
Surveys and satisfaction questionnaires Sending an email to the guest with a request to fill out a survey or satisfaction questionnaire	Contact data (email address)	Legitimate interest (business management, service improvement)
Website analytics tracking Monitoring visitor behavior on the website to improve site functionality, identify interests, and optimize services	Technical data Usage data	Legitimate interest (business development, marketing strategy, strategic planning) Consent
Social media Communication via social media profiles Advertising Preparing and sending advertisements, tracking the effectiveness of sent ads	Identification data Contact data Usage data Marketing data Technical data Preference data	Consent (re-targeting) Legitimate interest (tracking ad effectiveness, business planning, creating marketing campaigns and business strategy)

Cookies: More information about the cookies we use on the website, with whom we share the data collected in this way, and how long we retain it – can be found in the Cookie Notice.

5. Data retention periods

We retain your data only as long as is necessary for the purposes for which the personal data is processed.

We retain the basic data about the guests' stay for up to five years after the stay, in accordance with the statutory statute of limitations, and the data in the e-Visitor system must be retained for 10 years.
We delete and destroy data related to the services you use during your stay for which we have no legal obligation to keep (e.g., data on luggage storage, parking lot use, lunch packages, etc.) after the end of the guest's stay.
The data we save in guest relations management systems, so that we can provide you with recommendations and personalized offers, we retain for a maximum of 24 months from your last request, reservation or communication.
We retain data related to accounting regulations for 11 years. This includes invoices that may contain your personal information.
We retain data related to surveillance videos for a maximum of 60 days.
We retain data that we collect on the basis of consent (e.g., e-mail newsletter) until consent is withdrawn.

6. Recipients and processors

We never sell or share your personal data with third parties for the purpose of advertising their services. In certain cases, there will be a legal obligation or business need for us to share your data with third parties or for them to have access to the data in our systems:

In cases where it is necessary to share your personal data so that we can fulfill the contract in which you are a party;
In cases where you have agreed to share your personal data with a third party (e.g., in the case of using cookies);
With judicial, tax, audit and other competent authorities, when we have reason to believe that we are obliged to share such data based on the law and other regulations (for example, based on the request of the tax authority or in connection with pending litigation);
With payment service providers with whom we have concluded contracts on the processing of personal data;
With IT service providers whose systems we use in our business operations, and with whom we have concluded appropriate data processing contracts (e.g., reservation system, guest database, CRM system, Mail system;
With the e-Visitor system, in accordance with the regulations on the provision of catering services and the way of keeping a list and registration of tourists.

7. The rights of data subjects and their exercise

Data subjects have the possibility to exercise the right to:

Access to personal data
Correction of incorrect data
Data transmission
Deletion of personal data
Restriction of processing
Objecting to the processing of personal data

You can request the exercise of rights:

by sending an email to our data protection officer: [email protected]
by sending a request to the physical address: Sileo Resorts d.o.o., Ulica kneza Branimira 41/1, 10000 Zagreb.

We respond to all requests within the legal deadline of thirty days.

You can submit an objection to certain processing to the supervisory body for the protection of personal data: The Agency for the Protection of Personal Data (AZOP), at the address: Selska cesta 136, 10 000 Zagreb; email address: [email protected]