Statement on the collection and processing of personal data on the nautika.evisitor.hr portal

In accordance with Articles 12, 13, and 14 of Regulation (EU) 2016/679 of the European Parliament and Council dated April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Croatian National Tourist Board hereby informs you about how your personal data is processed on the nautika.evisitor.hr portal (hereinafter referred to as “the Portal”).

This Statement on the Collection and Processing of Personal Data (hereinafter referred to as “the Statement”) is intended for all users of this portal. It explains what happens to your personal data, the reasons for it, and the methods of processing.

We genuinely care about your privacy and security, and we strive to ensure that all your personal data is protected using the latest security technology.

DATA CONTROLLER INFORMATION

The data controller responsible for processing your personal data is:

    Croatian National Tourist Board

    Iblerov trg 10/IV, Zagreb, Croatia

    OIB (PIN): 72501368180

 CONTACT DETAILS FOR THE DATA PROTECTION OFFICER

For any inquiries or comments regarding this Statement, or for additional information about the protection and processing of your personal data, please contact the Data Protection Officer of the Croatian National Tourist Board:

-by mail: Iblerov trg 10/IV, att: Data Protection Officer;

-by email: zop@htz.hr.

LEGAL BASIS, PURPOSE OF DATA PROCESSING, AND CATEGORIES OF PERSONAL DATA BEING PROCESSED

The Croatian National Tourist Board collects only a limited amount of your personal data necessary for facilitating the payment of fees through this portal and responding to your request.

The Croatian National Tourist Board collects the following data:

  1. When registering on the portal: username for the web shop nautika.evisitor.hr, email, password. This information is mandatory and necessary for web shop registration and is included in “Your Profile”.
  2. When purchasing a vignette: first name, last name, email address, vessel length, vessel name, vessel identifier, flag on the vessel, departure location, departure port, country, city of residence, residential address, place of birth, country of birth, date of birth, citizenship, type of identification document, document number.
  3. During the authorization and payment of fees via credit cards: first name, last name, email, phone number, address, city/town, postal code, country, card type, card number, card expiration date, CVV code. The aforementioned data for fee payment is collected based on legal grounds, specifically for the collection of tourist fees for boaters under the Tourist Fee Act (OG 52/19, 32/20, 42/20) and the Regulation on the amount, payment methods, and distribution of tourist fees for charter vessels, ships for extended cruises, and individuals staying on vessels (boaters), as well as the payment methods for tourist fees for ships on cruises in international maritime transport and international transport in internal waters (OG 73/2020).
  4. Cookies
    For the purpose of gathering certain data related to User activities or requests, small files known as “cookies” can be used, which are saved on the User’s device and serve a specific function. In line with this, we have published a Cookie Policy, which is available on our Service, with Users being duly informed of it upon their initial access. The Cookie Policy outlines the types of cookies used and their purposes, and it provides Users with the option to either accept or decline cookies. By accepting cookies, Users agree to their use as outlined in the policy. The Cookie Policy is published separately from the General Terms and Conditions but is considered an integral part thereof. For more information about cookies, please visit Cookies – https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies.

Essential Cookies

Essential cookies are crucial for ensuring the basic functionality of the website. These cookies enable the configuration of your preferences, including language settings, privacy options, or how content is loaded on the site. Without these cookies, our website and mobile applications cannot function properly. Since they are necessary for providing basic services, we do not require your prior consent. However, we would like you to know how to manage them.

The data collected through these cookies includes:

  • Language preferences;
  • Login information for the portal;
  • The information necessary for the secure and proper functioning of the site.

Analytical Cookies

Analytical cookies are used solely with your consent and are intended for anonymously tracking website traffic and user interactions. These cookies help us understand how visitors use our website, which pages are the most popular, and how we can improve our content and features to enhance the user experience. The data collected through these cookies is aggregated and does not include personal information.

The data collected through analytical cookies includes:

  • The number of visits and their duration;
  • The most frequently visited pages;
  • User interactions with various elements on the site;
  • Geographic information pertaining to users accessing the site;
  • The characteristics of the device used to access the site (device model, operating system, and device category).

These cookies are strictly for internal use and assist us in continuously improving the content and services we offer to users. If you prefer to disable the collection of this data, you can adjust your cookie settings. However, please note that this data helps us better understand user needs and improve the overall experience.

When accessing the portal, your IP address may be temporarily stored.

IP addresses may be stored and used solely to monitor your activity on the portal (activity log), for the purpose of identifying violations of legal regulations and General Terms and Conditions or detecting illegal or other inappropriate actions. Data related to IP addresses and user activity may be provided to relevant public authorities at any time to determine any legal responsibility you may have as a user. The storing of IP addresses and activity data is temporary.

DATA RETENTION PERIOD

We are required to retain transaction data in accordance with the legal retention periods set by accounting regulations and the laws governing the preservation of accounting documents. Therefore, please be aware that the right to request data deletion is subject to legal limitations.

As for the data processed based on your consent, we will keep it until you either exercise your right to object or withdraw your consent for processing your personal data. Giving consent is entirely voluntary, and both granting and withdrawing it have no impact on your use of the portal. You can withdraw your consent at any time through cookie settings. If you withdraw your consent, we will stop processing any data you provided based on that consent.

As long as we maintain open communication regarding the establishment of a business relationship, we will continue to store and use your personal data necessary for forming the business relationship, as well as throughout the term of our contract. If communication ceases, we will delete all your personal data no later than 6 months after our last interaction.

At any time, you have the right to request the cessation of further processing of your personal data and its deletion.

The Croatian National Tourist Board regularly reviews the retention period for personal data in its possession and deletes it once the purpose for which the data was collected no longer exists unless the data is required as evidence in court, administrative, arbitration, or other proceedings.

PERSONAL DATA RECIPIENTS

Access to personal data is granted to authorized personnel at the Croatian National Tourist Board, i.e. employees who handle this information as part of their roles. Additionally, the company Modus Ininitum d.o.o. has access to this data, as they provide maintenance and upgrades for the relevant web application on behalf of the Croatian National Tourist Board. Information collected during the registration process and any other details regarding you will not be shared with third parties, except as required by applicable laws.

To process your order for a vignette or accommodation, we need to share your information with other parties involved in completing the payment or card transaction, such as card processing service providers. Payments made through our web shop use the Monri WSPay – Web Secure Payment Gateway.

Your personal data may be shared with appropriate authorities and public institutions when required by the applicable law or in good faith (for instance, to comply with statutory provisions or during legal actions involving the Croatian National Tourist Board; to protect and uphold the rights or property of the Croatian National Tourist Board; or in critical situations, to ensure the safety of the Croatian National Tourist Board’s partners or the community).

LINKS TO OTHER WEBSITES

Our website may contain links to external sites that are not owned, managed, or maintained by the Croatian National Tourist Board. When you leave our site, please take a moment to review the terms and privacy policies of any website you visit. We do not control, endorse, or support these websites, nor are we affiliated with their content, products, services, or privacy policies.

RIGHTS RELATED TO PERSONAL DATA PROCESSING

We are committed to treating your personal data as confidential and ensuring that your rights are upheld. With this in mind, you have the right to request access to your personal data from the Croatian National Tourist Board, as well as to correct, delete, or restrict the processing of your data, or to object to any processing activities. Additionally, you have the right to know the recipients or categories of recipients to whom your personal data has been or will be disclosed.

You can exercise these rights by simply informing us of the reason for your request and the specific right you wish to invoke by:

  • emailing us at zop@htz.hr, or
  • sending your request to the Croatian National Tourist Board, Iblerov trg 10/IV, Zagreb, Croatia.

We may decline your request if we cannot verify your identity as the owner of the personal data or if there are other legal restrictions. If we are unable to identify you through the data we have collected, we will ask you for a partial copy of a personal document to verify your identity.

If you have any concerns regarding data processing or your rights, or if you believe that your personal data is being processed unlawfully, please don’t hesitate to reach out to us. If we are unable to resolve your concern, you have the right to file a complaint directly with the relevant supervisory authority, particularly in the EU country where you have your habitual residence or employment.

The contact details for the Croatian national supervisory authority are:

PERSONAL DATA PROTECTION AGENCY

Selska cesta 136

HR – 10 000 Zagreb

Phone number: +385 1 4609 000

email: azop@azop.hr

Web: www.azop.hr

MEASURES FOR DATA SECURITY PROTECTION

The security of your personal data is of utmost importance to us. We have thus implemented appropriate physical, electronic, and managerial procedures, along with technical and organizational measures, to safeguard the data we collect. Given the open nature of the Internet, we cannot guarantee that communications between you and us, or the information stored on our website or servers, will be entirely secure from unauthorized access by third parties.

WSPay, acting as the executor of credit card authorization and charging, handles personal data as the processor, in accordance with the General Data Protection Regulation No. 2016/679 of the European Parliament and of the Council, as well as the strict rules of the PCI DSS L1 standard on data entry and transmission protection. WSPay uses a 256-bit encryption SSL certificate and the TLS 1.2 cryptographic protocol as the highest protection levels when data is entered and transferred. The personal data used for authorization and collection purposes, i.e. in the performance of the obligations referred to in the Agreement or under the Agreement, is considered to be confidential data.

To process the payment of tourist fees (authorization and collection), the personal data of the payer is required. WSPay does not process or use such personal data, except for the purpose of performing the authorization and collection agreement. WSPay guarantees compliance with all the conditions set by the applicable regulations on personal data protection for personal data processors, particularly when it comes to taking all necessary technical, organizational and security measures, which is also attested by the PCI DSS L1 certificate.

CONTACT INFORMATION

If you have any questions or comments regarding this Statement, you can reach us through our online form available on this website, via email at info@htz.hr, or by phone at 01 4699 333.

AMENDMENTS TO THIS STATEMENT

We reserve the right to periodically adjust and amend the content of this Statement, primarily to comply with legal changes or modifications to the purposes and methods of processing.

However, we will not limit or alter your rights arising from this Statement or the applicable laws to your disadvantage. If there are changes to rules that may affect your rights, we will notify you promptly and directly in an appropriate manner.