The Public Institution of the Plitvice Lakes National Park owns and manages the following website: https://np-plitvicka-jezera.hr/,and we hereby inform all of our users about the ways of collecting and processing personal data on this website.
DATA COLLECTION AND PROCESSING
Personal data is any information relating to an identified or an identifiable living individual. A person can be identified directly or indirectly, in particular with the help of identifiers such as name, identification number, location data, network identifier or by using one or more factors specific to the physical, physiological, genetic, mental,economic, cultural or social identity of that individual.
We gather your personal data only if you provide us with that information of your own accord. We collect your data through a newsletter sign-up form or through forms you fill out at hotels, provided we have gained your consent to collect information.
You should also keep in mind that non-personal information and data can be automatically collected through our online servers or by using “cookies”.
Examples of site usage information include: most visited and most viewed pages and links on our website, time spent on the page and most popular keywords that lead users to our website, your IP address, information gathered through cookies, your device’s data such as hardware settings, system activity, browser types, etc.
We use the collected data for one or more of the following purposes:
• to personalize user experience (the collected data helps us respond more effectively to individual needs)
• to improve our website
• to establish a primary communication channel
• to periodically send emails concerning occasionally receiving news (if you wish), updates, information about services, etc.
LINKS TO THIRD PARTIES
We do not offer or provide third-party services or products (except to suggest an offer related to a better experience of the Plitvice Lakes and its surroundings).
PROTECTING YOUR DATA
All data is stored in databases and repositories in the European Union. We will not store stored data in countries outside the European Union.We retain and protect personal data for the duration of the business relationship and in accordance with current regulations.
RIGHTS OF INDIVIDUALS
If you want to know if we own or process your personal data, or if you want to access the personal data we own, please contact the Data Protection Officer via the following email address: firstname.lastname@example.org
You may also request information about the purpose and means of data processing. You have the right to correct the personal data we own if it is incorrect. With certain exceptions, you may also request that we delete or discontinue processing your data or you may request that we discontinue processing personal data for direct marketing purposes.
If you submit a request to send your personal data, it will be free of charge. If we cannot meet your request within a reasonable period of time, we will notify you of the date when we will satisfy your request, and if we cannot meet your request, we will send you an explanation pertaining to why we did not meet your request.
PERSONAL DATA BREACH NOTIFICATION
In the event of a personal data breach, we will notify you and the competent supervisory authority within 72 hours, via email, of the extent of the breach, the data involved, the potential impact on our services, as well as our planned data protection measures and the limitation of harmful effects on individuals.
We will not send you a breach notification if:
- there are technical and organizational protection measures (such as encryption) applied to the personal data affected by the personal data breach, which make the data incomprehensible to any person that is not authorized to access them;
- we have taken subsequent measures to ensure that the rights and freedoms of individuals will no longer be at risk;
- this would require excessive effort (in this case, we will notify you by means of public disclosure or we will take other equally effective measures).
- Personal data breach constitutes a security breach that leads to unintentional or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or processed in relation to the provision of our services.
RIGHT OF COMPLAINT WITH A COMPETENT AUTHORITY
You may lodge a complaint with a supervisory authority at any time regarding the collection and processing of your data. In the Republic of Croatia, a complaint shall be lodged with the Personal Data Protection Agency (AZOP).