PRIVACY PROTECTION POLICY
Introductory provisions
In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (4.5.2016. L 119/4. Official Journal of the European Union hereinafter referred to as the 'General Data Protection Regulation') which came into force on 25 May 2018 in Republic of Croatia and all member countries of the European Union, as well as in accordance with the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter: General Data Protection Regulation) i.e. in accordance with the entire legal framework for the protection of personal data in the Republic of Croatia and in the European Union and European best practice, ACANTHO d.o.o with headquarters in Biogradska 2, Split, Republic of Croatia, registered in the court register of the Commercial Court in Split under the company registration number (MBS) 060246624, personal identification number (OIB): 17099025134 (hereinafter referred to as ACANTHO) as a manager of processing of personal data of users of their services and customers, has created the Personal Data Protection Policy of its users and customers. Personal Data Protection Policy is a unilateral binding legal act based on fundamental principles in the processing of personal data, which transparently informs users and/or customers for which purposes the data are collected and further processed and about the lawful basis on which their personal data is processed. The privacy protection policy also informs service users and/or customers of their rights in the collection and further processing of personal data, all for the purpose of protecting their personal data and their privacy in a broader sense.
Privacy protection policy is based on the following principles of personal data processing: lawfulness, transparency and fairness, purpose limitation, data minimization, accuracy and completeness of personal data, storage limitation, integrity and confidentiality, responsibility, trustworthiness and fair processing, opportunity (purpose of processing), processing in unnamed (anonymized) form.
The privacy protection policy applies to the processing of the personal data of all respondents/natural persons whose personal data is processed within the scope of the provision of services offered by ACANTHO, primarily customers but also service users (visitors to our website, potential employees who contact us through open offers etc.).
The purpose of a privacy policy is to inform customers and/or users in a clear and transparent manner about the procedures od collecting and processing their personal data as well as their rights related to the processing of their personal data.
ACANTHO takes care and pays special attention to the security and confidentiality of personal data it collects and continues to process, respecting standards regarding data protection and security in accordance with General Data Protection Regulation. In this regard, we take appropriate technical and organizational protection measures adapted to the nature of personal data, all to ensure that personal data is processed in a legal, fair and transparent manner. The amount and scope of personal data that ACANTHO collects depends on the type of service we provide to our customers and/or users as well as on the legal basis on which the data is collected. Therefore, we constantly take care of collecting only the necessary scope of personal data that is required to achieve the legal purpose for which the data is processed.
The following is responsible for the processing of personal data of customers and/or users: ACANTHO d.o.o with headquarters in Biogradska 2, Split, Republic of Croatia, registered in the court register of the Commercial Court in Split under the company registration number (MBS) 060246624, personal identification number (OIB): 17099025134
Data Protection Officer's contact details:
e-mail: karmen@croatiacharterholidays.com
For what purposes are personal data collected and further processed?
We collect and further process personal data of customers and/or users that are related to all our activities within the framework of our registered business, for the following purposes:
Internet sales of products and/or services from our offer;
Providing information about products and our services at the request of the customer and/or user, to visitors of our websites and enabling the best possible user experience;
Market research and analysis and direct promotion of products and services / marketing
Market research and analysis within Kraken Chatbot
Monitoring the habits and behavior of customers and/or users in order to analyze the business and enable the best possible user experience;
Possible employment in ACANTHO;
Resolving possible complaints sent to us regarding the processing of personal data in accordance with current regulations;
Legal basis for processing personal data
ACANTHO collects personal data in order so that we can provide, maintain, protect and improve our services related to the purchase of certain products/services, to understand the ways in which customers and/or users use the services provided and use our websites, and for the purpose of fulfilling the contractual obligations that we have. We collect and further process the above data based on several legal bases prescribed by the General Data Protection Regulation:
Performing contractual obligations and/or taking actions for the purpose of concluding a contract in which the customer and/or user is one of the contracting parties
We collect and further process the personal data of customers and/or users for the purpose of concluding and executing contracts within our business relationships with you, whether it is the sale of products/services, consulting and assistance in the use of products/services and undertaking other actions related to the conclusion and execution of contracts in accordance with relevant regulations.
We also collect customer and/or user personal data in cases of exercising the right of return or unilateral termination of the concluded contract.
In the event that the user and/or customer fails to consent to giving personal data, we will not be able to provide services to the customer and/or user (i.e. take certain actions related to the execution of the concluded contract).
Respect/fulfilment of legal obligations
In order to comply with legal obligations, we collect and further process personal data of customers and/or users in order to act in accordance with other relevant regulations of the Republic of Croatia, primarily for the purpose of providing appropriate information about products/services, resolving customer and/or user complaints, paying for products/services and the like.
Consent of the customer and/or user of the service
Based on the consent/approval of the buyer and/or user, we collect and further process your personal data for the purpose of informing about new products and/or for direct promotion and marketingas well as for communication in Kraken Chatbot. In cases where the processing is based on consent as a legal basis, giving consent as a legal basis for the processing of personal data for the stated purposes must be based on the voluntariness/clear expression of the buyer’s and/or user’s wishes for the processing of their personal data for a specific purpose, with which they were previously acquainted.
Consent management implies the possibility that the buyer and/or user, by active and unambiguous action, authorizes us to collect and process certain personal data for one or more purposes (consent of the respondent), i.e. withdraw the previously given consent for the collection and processing of personal data in the same way, in one or more purposes.
When consent is required for the processing of personal data, we process them for the purpose in question only after consent has been expressly given.
Direct advertising/marketing
ACANTHO processes personal data of customers and/or users about previous purchases based on previously given consent in order to inform you as customers and/or buyers about new products and services (receiving newsletters or other information about our products/services as well as certain benefits, etc.) which we assume you will be interested in.
In order for the customer and/or user to be able to receive notifications that correspond to their wishes and habits, it is necessary for ACANTHO to use certain customer and/or user data for the creation of personalized advertising notifications, until the customer and/or user expressly objects to such data processing, i.e. withdraws their previously given consent for processing. Consent can be withdrawn at any time of the processing of personal data by the customer and/or user providing us with a written notice of withdrawal of consent or directly to the Data Protection Officer.
After withdrawal of consent, we will no longer process your personal data.
In case of withdrawal of consent, the processing of personal data is legal until the moment of its revocation.
Legitimate interest
On the basis of legitimate interest, we process the personal data of customers and/or users for the purposes of keeping internal records on the completed purchase or provision of services, on their habits and behaviors in order to analyze the business and enable the best possible user experience, marker research and analysis, and inform customers about new products and services from our offer.
The processing of personal data is carried out in cases where we already have the customer’s and/or user’s personal data, that is, when the customer and/or user can reasonably expect in advance that their personal data could be processed for the stated purpose.
ACANTHO uses contact data to address customers and/or users whose personal data it already holds and to send promotional information about similar products and services it provides, using all available channels for promotion, except in the case where here are stronger interests or fundamental rights and freedoms of individuals that require protection of personal data.
On the basis of legitimate interests, we also process personal data about potential customers and/or users (for example, when you access the website, for the purpose of providing information about products and services, everything is for the best possible user experience and the functioning of all characteristics/features of the website).
Use of cookies
In order to maintain the website and ensure that its functionality is at expected level, we use a technology known as ‘’cookies’’.
Cookies are small files that we send to your computer, and we can access them later. They can be temporary or persistent. Thanks to cookies, you can browse our pages without difficulty. Cookies show us what interests you and other visitors to our website, which helps us improve it. The legal basis for processing personal data through cookies is the user's consent and our legitimate interest.
Method of data collection
Certain services that we provide to our customers and/or users require the collection of personal data of customers and/or users, where special attention is paid to their volume, that is, to the type of data. The volume of personal data that we process primarily depends on the aforementioned processing purposes and legal bases in this Privacy Policy. Due to the above reasons, the amount or set of data may differ depending on the criteria mentioned. Depending on the purpose and legal basis of processing, we collect personal data in the following ways:
Directly from the customers and/or users themselves in such a way that the customers and/or users knowingly provide data to us themselves, in a certain amount of data that is essential for the provision of appropriate services, primarily for the purpose of selling services from our offer.
From other sources, i.e. from our business partners or from publicly available sources (for example, contact information available by viewing the telephone directory and other publicly available services, Kraken Chatbot);
Automatically by visiting our websites and applications, where it is about data associated with network identifiers (Internet protocol addresses and cookie identifiers).
Recipients/categories of recipients of personal data
ACANTHO permanently takes care of the security and protection of the personal data of its customers and/or users and when providing the same to other data users. Data is forwarded only if there is a contractual or legal basis for it (for example, the delivering of a service to the customer, exercising the customer's right to complain, as well as termination of the contract in accordance with special regulations), or if it is necessary to preserve our predominantly justified interest.
In cases of processing personal data of customers and/or users, the data is delivered to contractual partners who perform the execution of purchased product services (delivery services, charter office, skipper, etc.) and other recipients (suppliers/manufacturers of products, etc.)
If we engage another legal entity as a producer/executor of processing to perform individual processing tasks (for example, when performing card transactions), it is important to emphasize that it acts exclusively at our behest, and personal data is submitted to Credit Institutions as issuers of cards through which payment is made
In cases of processing personal data of customers and/or users based on special regulations, we submit personal data to competent authorities when it is necessary to carry out special procedures.
In the case of the need to transfer personal data to other recipients in a third country, outside the EU, we will enable the transfer under the conditions prescribed by the General Data Protection Regulation, i.e. only in the case when it is established that appropriate data protection measures are being followed (for example, by applying the so-called EU Standard Contractual Clauses for Processors in Third Countries).
Security of personal data
ACANTHO implements the integrated protection of personal data in a professional and responsible manner, that is, it takes care of its security in such a way that it undertakes appropriate technical, organizational and personnel protection measures, suitable to the nature of the personal data it processes. The implementation of the measures aims to ensure an adequate level of security with regard to the risk of processing. ACANTHO also ensures a high level of security and confidentiality in the processing of personal data by the effective application of all personal data protection principles, and at each stage of processing it takes special care of the effective application of the principles of reducing the amount of data, storage period and their availability. Such measures ensure additional protection of data against unauthorized disposal and disclosure of personal data, unauthorized changes, illegal destructions, loss and deletion of personal data.
Time period of storage/keeping of personal data
We process the personal data of customers and/or users until the fulfillment of the purpose of their collection and further processing. Depending on the purpose and legal basis on which the personal data od customers and/or users is collected, in some cases we are obliged to store personal data for the time frame (period) prescribed by the relevant regulations for a particular purpose, or in the period we determine if such time period is not prescribed by the relevant regulations. Depending on the purpose of collecting personal data, it is stored in our storage systems and kept for the following periods of time:
Personal data about existing users and/or customers: for the duration of the contractual relationship and 2 years after the termination of the contractual relationship and 2 years after the termination of the contractual relationship (purchases made/services performed), or longer if the data is necessary for the initiation and management of court proceedings
Personal data collected for the purposes of exercising the right to complaint, repair and/or replacement of purchased services and contract termination: 2 years, or longer if the data is necessary for the initiation and conduct of court proceedings
Personal data od business event required for the preparation of an accounting document in accordance with the Accounting Act: 11 years.
In the case when time limits are not prescribed by special regulations, ACANTHO only determines the time period of personal data storage, which primarily depends on the purpose of collecting them as well as the legal basis on which personal data is processed. In cases where the basis for data collection and processing is exclusively our legitimate interest and/or the consent of the customer and/or user, personal data is stored for the following time periods:
Personal data collected for the purpose of providing information about our products and services: no longer than 3 months
Behavior monitoring of potential customers and/or users: no longer than 3 months;
Personal data collected for the purpose of marketing and monitoring customer habits: until the purpose of processing ceases, that is, until consent is withdrawn or our legitimate interest ceases.
After the legal deadline or the deadline we set, which obligate us to keep certain personal data, or when the purpose of personal data processing ends, they are deleted and will no longer be processed. Data that is processed on the basis of our legitimate interest and/or the consent of customers and/or users can be deleted even before the expiration of the period specified in this Privacy Policy, in the event that such deletion is requested by the customer and/or user, i.e. when, in accordance with the General Regulation on data protection shall establish valid reasons for their deletion.
Rights of users/customers and other categories of respondents
The right to access personal data
Customers and/or users have the right to request access to their personal data that we process. ACANTHO, as the data controller, undertakes, on the basis of the submitted written request of the customer and/or user, whose request can also be submitted in the form of electronic mail to the above-mentioned address of the Data Protection Officer, to provide access to their personal data, to inform them about the purpose of personal data processing for which are processed, about the type/categories of personal data that are processed, about recipients or categories of recipients to whom personal data has been disclosed or will be disclosed to them, about the expected time period of processing or about the criteria used to determine this period. Access to personal data can be limited only in cases regulated by national legislation or Union law, i.e. in cases where such limitation respects the fundamental rights and freedoms of other persons.
The right to correction of incorrect data
Customers and/or users have the right to request correction of their personal data. ACANTHO, as the processing manager, will enable the correction of incorrect personal data or their addition in every individual case when it is determined that the collected personal data about the customer and/or user is incorrect or that the data of the customer and/or user has changed. We will correct or update personal data on the basis of a submitted written request of the customer and/or user, and in the event that it is determined from other sources that personal data has changed.
The right to delete personal data
Customers and/or users have the right to request the deletion of their personal data. ACANTHO will delete the customer's and/or user's personal data in the following cases:
when the customer's and/or user's personal data are no longer necessary for the fulfillment of the purpose of processing, that is, when the purpose of processing ceases
when the buyer and/or user withdraws consent as a legal basis for data processing, and there is no other legal basis for data processing
when the buyer and/or user withdraws consent as a legal basis for data processing within Kraken Chatbot, and there is no other legal basis for data processing
when the customer and/or user objects to data processing (see more under the heading Right to object)
when personal data is illegally processed
when personal data must be deleted in order to fulfill legal obligations under the law of the European Union or the right Member State to which the data controller is subject
when personal data is collected in connection with the offer of information society services in relation to the child's consent.
The right to restriction of data processing
Customers and/or users have the right to request the restriction of the processing of their personal data. Restriction of personal data processing ACANTHO will provide in cases where the customer and/or user disputes the accuracy of the data, when the processing is illegal, and the customer and/or user opposes the deletion of the data and instead requests the restriction of their use, when the controller no longer needs the personal data for processing purposes, but the customer and/or user requests data to fulfill legal requirements, as well as in the case when the customer and/or user objects to the processing of personal data based on our legitimate interest, including the creation of customer and/or user profiles.
The right to data portability
The transfer of personal data to another processor will be carried out by ACANTHO at the request of the customer and/or user, provided that the latter has given their consent for such transfer, and the processing is carried out by automated means, as well as provided that such transfer is technically feasible.
The right to object
Customers and/or users have the right to file an objection to is as the data controller regarding the processing of their personal data. In that case, ACANTHO, as the controller, will stop processing personal data, except when we prove that there are convincing legitimate reasons for processing personal data in relation to the rights of the customer and/or user, i.e. in the case where the data processing serves the purpose of establishing, setting or defending legal claims.
If the customer’s and/or user’s personal data is processed for the purpose of direct marketing based on consent, the customer and/or user has the right to object to the processing for direct marketing purposes at any time and to request the cessation of their processing. In addition to the complaint addressed to the controller, the customer and/or user has the right to submit a request for the protection of rights to the supervisory authority. In the Republic of Croatia, the authorized supervisory authority is the Personal Data Protection Agency.
Who to turn to?
In case of any questions about the protection of personal data, you can contact the data protection officer by e-mail at the e-mail address specified in this Privacy Policy or by writing to the following address:
ACANTHO d.o.o.
n/r Službenika za zaštitu podataka
Biogradska 2
21000 Split
Other websites
This Privacy Policy applies only to the use and utilization of data that ACANTHO collects from users (respondents). Other websites that can be accessed through the ACANTHO website have their own privacy and data collection statements and how they are used and disclosed. ACANTHO is not responsible for the methods and conditions of work of third parties.
ACANTHO collects and processes personal data through user interactions on social networks such as Facebook and Instagram. ACANTHO, i.e. responsible persons appointed by ACANTHO, have access to messages and/or posts on the mentioned social networks, however, personal data collected through them, especially those contained in messages, is not stored or additionally processed by ACANTHO except for the purposes specified in this Privacy Policy.
ACANTHO uses a business profile using the services of Facebook and Instagram and you can view their Privacy Rules, i.e. confidentiality statements, as well as the way they use your personal data on their websites. If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory body of Facebook, Instagram or the Personal Data Protection Agency of the Republic of Croatia.
Amendments to the Privacy Policy
Acantho d.o.o. reserves the right to amend and supplement this Privacy Policy in order to provide up-to-date and accurate information at any time and to inform customers and/or users of changes in accordance with the principle of transparency.
In Split, 01.10.2023.
PRIVACY PROTECTION POLICY
Introductory provisions
In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (4.5.2016. L 119/4. Official Journal of the European Union hereinafter referred to as the 'General Data Protection Regulation') which came into force on 25 May 2018 in Republic of Croatia and all member countries of the European Union, as well as in accordance with the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter: General Data Protection Regulation) i.e. in accordance with the entire legal framework for the protection of personal data in the Republic of Croatia and in the European Union and European best practice, ACANTHO d.o.o with headquarters in Biogradska 2, Split, Republic of Croatia, registered in the court register of the Commercial Court in Split under the company registration number (MBS) 060246624, personal identification number (OIB): 17099025134 (hereinafter referred to as ACANTHO) as a manager of processing of personal data of users of their services and customers, has created the Personal Data Protection Policy of its users and customers. Personal Data Protection Policy is a unilateral binding legal act based on fundamental principles in the processing of personal data, which transparently informs users and/or customers for which purposes the data are collected and further processed and about the lawful basis on which their personal data is processed. The privacy protection policy also informs service users and/or customers of their rights in the collection and further processing of personal data, all for the purpose of protecting their personal data and their privacy in a broader sense.
Privacy protection policy is based on the following principles of personal data processing: lawfulness, transparency and fairness, purpose limitation, data minimization, accuracy and completeness of personal data, storage limitation, integrity and confidentiality, responsibility, trustworthiness and fair processing, opportunity (purpose of processing), processing in unnamed (anonymized) form.
The privacy protection policy applies to the processing of the personal data of all respondents/natural persons whose personal data is processed within the scope of the provision of services offered by ACANTHO, primarily customers but also service users (visitors to our website, potential employees who contact us through open offers etc.).
The purpose of a privacy policy is to inform customers and/or users in a clear and transparent manner about the procedures od collecting and processing their personal data as well as their rights related to the processing of their personal data.
ACANTHO takes care and pays special attention to the security and confidentiality of personal data it collects and continues to process, respecting standards regarding data protection and security in accordance with General Data Protection Regulation. In this regard, we take appropriate technical and organizational protection measures adapted to the nature of personal data, all to ensure that personal data is processed in a legal, fair and transparent manner. The amount and scope of personal data that ACANTHO collects depends on the type of service we provide to our customers and/or users as well as on the legal basis on which the data is collected. Therefore, we constantly take care of collecting only the necessary scope of personal data that is required to achieve the legal purpose for which the data is processed.
The following is responsible for the processing of personal data of customers and/or users: ACANTHO d.o.o with headquarters in Biogradska 2, Split, Republic of Croatia, registered in the court register of the Commercial Court in Split under the company registration number (MBS) 060246624, personal identification number (OIB): 17099025134
Data Protection Officer's contact details:
e-mail: karmen@croatiacharterholidays.com
For what purposes are personal data collected and further processed?
We collect and further process personal data of customers and/or users that are related to all our activities within the framework of our registered business, for the following purposes:
Internet sales of products and/or services from our offer;
Providing information about products and our services at the request of the customer and/or user, to visitors of our websites and enabling the best possible user experience;
Market research and analysis and direct promotion of products and services / marketing
Monitoring the habits and behavior of customers and/or users in order to analyze the business and enable the best possible user experience;
Possible employment in ACANTHO;
Resolving possible complaints sent to us regarding the processing of personal data in accordance with current regulations;
Legal basis for processing personal data
ACANTHO collects personal data in order so that we can provide, maintain, protect and improve our services related to the purchase of certain products/services, to understand the ways in which customers and/or users use the services provided and use our websites, and for the purpose of fulfilling the contractual obligations that we have. We collect and further process the above data based on several legal bases prescribed by the General Data Protection Regulation:
Performing contractual obligations and/or taking actions for the purpose of concluding a contract in which the customer and/or user is one of the contracting parties
We collect and further process the personal data of customers and/or users for the purpose of concluding and executing contracts within our business relationships with you, whether it is the sale of products/services, consulting and assistance in the use of products/services and undertaking other actions related to the conclusion and execution of contracts in accordance with relevant regulations.
We also collect customer and/or user personal data in cases of exercising the right of return or unilateral termination of the concluded contract.
In the event that the user and/or customer fails to consent to giving personal data, we will not be able to provide services to the customer and/or user (i.e. take certain actions related to the execution of the concluded contract).
Respect/fulfilment of legal obligations
In order to comply with legal obligations, we collect and further process personal data of customers and/or users in order to act in accordance with other relevant regulations of the Republic of Croatia, primarily for the purpose of providing appropriate information about products/services, resolving customer and/or user complaints, paying for products/services and the like.
Consent of the customer and/or user of the service
Based on the consent/approval of the buyer and/or user, we collect and further process your personal data for the purpose of informing about new products and/or for direct promotion and marketing. In cases where the processing is based on consent as a legal basis, giving consent as a legal basis for the processing of personal data for the stated purposes must be based on the voluntariness/clear expression of the buyer’s and/or user’s wishes for the processing of their personal data for a specific purpose, with which they were previously acquainted.
Consent management implies the possibility that the buyer and/or user, by active and unambiguous action, authorizes us to collect and process certain personal data for one or more purposes (consent of the respondent), i.e. withdraw the previously given consent for the collection and processing of personal data in the same way, in one or more purposes.
When consent is required for the processing of personal data, we process them for the purpose in question only after consent has been expressly given.
Direct advertising/marketing
ACANTHO processes personal data of customers and/or users about previous purchases based on previously given consent in order to inform you as customers and/or buyers about new products and services (receiving newsletters or other information about our products/services as well as certain benefits, etc.) which we assume you will be interested in.
In order for the customer and/or user to be able to receive notifications that correspond to their wishes and habits, it is necessary for ACANTHO to use certain customer and/or user data for the creation of personalized advertising notifications, until the customer and/or user expressly objects to such data processing, i.e. withdraws their previously given consent for processing. Consent can be withdrawn at any time of the processing of personal data by the customer and/or user providing us with a written notice of withdrawal of consent or directly to the Data Protection Officer.
After withdrawal of consent, we will no longer process your personal data.
In case of withdrawal of consent, the processing of personal data is legal until the moment of its revocation.
Legitimate interest
On the basis of legitimate interest, we process the personal data of customers and/or users for the purposes of keeping internal records on the completed purchase or provision of services, on their habits and behaviors in order to analyze the business and enable the best possible user experience, marker research and analysis, and inform customers about new products and services from our offer.
The processing of personal data is carried out in cases where we already have the customer’s and/or user’s personal data, that is, when the customer and/or user can reasonably expect in advance that their personal data could be processed for the stated purpose.
ACANTHO uses contact data to address customers and/or users whose personal data it already holds and to send promotional information about similar products and services it provides, using all available channels for promotion, except in the case where here are stronger interests or fundamental rights and freedoms of individuals that require protection of personal data.
On the basis of legitimate interests, we also process personal data about potential customers and/or users (for example, when you access the website, for the purpose of providing information about products and services, everything is for the best possible user experience and the functioning of all characteristics/features of the website).
Use of cookies
In order to maintain the website and ensure that its functionality is at expected level, we use a technology known as ‘’cookies’’.
Cookies are small files that we send to your computer, and we can access them later. They can be temporary or persistent. Thanks to cookies, you can browse our pages without difficulty. Cookies show us what interests you and other visitors to our website, which helps us improve it. The legal basis for processing personal data through cookies is the user's consent and our legitimate interest.
Method of data collection
Certain services that we provide to our customers and/or users require the collection of personal data of customers and/or users, where special attention is paid to their volume, that is, to the type of data. The volume of personal data that we process primarily depends on the aforementioned processing purposes and legal bases in this Privacy Policy. Due to the above reasons, the amount or set of data may differ depending on the criteria mentioned. Depending on the purpose and legal basis of processing, we collect personal data in the following ways:
Directly from the customers and/or users themselves in such a way that the customers and/or users knowingly provide data to us themselves, in a certain amount of data that is essential for the provision of appropriate services, primarily for the purpose of selling services from our offer.
From other sources, i.e. from our business partners or from publicly available sources (for example, contact information available by viewing the telephone directory and other publicly available services);
Automatically by visiting our websites and applications, where it is about data associated with network identifiers (Internet protocol addresses and cookie identifiers).
Recipients/categories of recipients of personal data
ACANTHO permanently takes care of the security and protection of the personal data of its customers and/or users and when providing the same to other data users. Data is forwarded only if there is a contractual or legal basis for it (for example, the delivering of a service to the customer, exercising the customer's right to complain, as well as termination of the contract in accordance with special regulations), or if it is necessary to preserve our predominantly justified interest.
In cases of processing personal data of customers and/or users, the data is delivered to contractual partners who perform the execution of purchased product services (delivery services, charter office, skipper, etc.) and other recipients (suppliers/manufacturers of products, etc.)
If we engage another legal entity as a producer/executor of processing to perform individual processing tasks (for example, when performing card transactions), it is important to emphasize that it acts exclusively at our behest, and personal data is submitted to Credit Institutions as issuers of cards through which payment is made
In cases of processing personal data of customers and/or users based on special regulations, we submit personal data to competent authorities when it is necessary to carry out special procedures.
In the case of the need to transfer personal data to other recipients in a third country, outside the EU, we will enable the transfer under the conditions prescribed by the General Data Protection Regulation, i.e. only in the case when it is established that appropriate data protection measures are being followed (for example, by applying the so-called EU Standard Contractual Clauses for Processors in Third Countries).
Security of personal data
ACANTHO implements the integrated protection of personal data in a professional and responsible manner, that is, it takes care of its security in such a way that it undertakes appropriate technical, organizational and personnel protection measures, suitable to the nature of the personal data it processes. The implementation of the measures aims to ensure an adequate level of security with regard to the risk of processing. ACANTHO also ensures a high level of security and confidentiality in the processing of personal data by the effective application of all personal data protection principles, and at each stage of processing it takes special care of the effective application of the principles of reducing the amount of data, storage period and their availability. Such measures ensure additional protection of data against unauthorized disposal and disclosure of personal data, unauthorized changes, illegal destructions, loss and deletion of personal data.
Time period of storage/keeping of personal data
We process the personal data of customers and/or users until the fulfillment of the purpose of their collection and further processing. Depending on the purpose and legal basis on which the personal data od customers and/or users is collected, in some cases we are obliged to store personal data for the time frame (period) prescribed by the relevant regulations for a particular purpose, or in the period we determine if such time period is not prescribed by the relevant regulations. Depending on the purpose of collecting personal data, it is stored in our storage systems and kept for the following periods of time:
Personal data about existing users and/or customers: for the duration of the contractual relationship and 2 years after the termination of the contractual relationship and 2 years after the termination of the contractual relationship (purchases made/services performed), or longer if the data is necessary for the initiation and management of court proceedings
Personal data collected for the purposes of exercising the right to complaint, repair and/or replacement of purchased services and contract termination: 2 years, or longer if the data is necessary for the initiation and conduct of court proceedings
Personal data od business event required for the preparation of an accounting document in accordance with the Accounting Act: 11 years.
In the case when time limits are not prescribed by special regulations, ACANTHO only determines the time period of personal data storage, which primarily depends on the purpose of collecting them as well as the legal basis on which personal data is processed. In cases where the basis for data collection and processing is exclusively our legitimate interest and/or the consent of the customer and/or user, personal data is stored for the following time periods:
Personal data collected for the purpose of providing information about our products and services: no longer than 3 months
Behavior monitoring of potential customers and/or users: no longer than 3 months;
Personal data collected for the purpose of marketing and monitoring customer habits: until the purpose of processing ceases, that is, until consent is withdrawn or our legitimate interest ceases.
After the legal deadline or the deadline we set, which obligate us to keep certain personal data, or when the purpose of personal data processing ends, they are deleted and will no longer be processed. Data that is processed on the basis of our legitimate interest and/or the consent of customers and/or users can be deleted even before the expiration of the period specified in this Privacy Policy, in the event that such deletion is requested by the customer and/or user, i.e. when, in accordance with the General Regulation on data protection shall establish valid reasons for their deletion.
Rights of users/customers and other categories of respondents
The right to access personal data
Customers and/or users have the right to request access to their personal data that we process. ACANTHO, as the data controller, undertakes, on the basis of the submitted written request of the customer and/or user, whose request can also be submitted in the form of electronic mail to the above-mentioned address of the Data Protection Officer, to provide access to their personal data, to inform them about the purpose of personal data processing for which are processed, about the type/categories of personal data that are processed, about recipients or categories of recipients to whom personal data has been disclosed or will be disclosed to them, about the expected time period of processing or about the criteria used to determine this period. Access to personal data can be limited only in cases regulated by national legislation or Union law, i.e. in cases where such limitation respects the fundamental rights and freedoms of other persons.
The right to correction of incorrect data
Customers and/or users have the right to request correction of their personal data. ACANTHO, as the processing manager, will enable the correction of incorrect personal data or their addition in every individual case when it is determined that the collected personal data about the customer and/or user is incorrect or that the data of the customer and/or user has changed. We will correct or update personal data on the basis of a submitted written request of the customer and/or user, and in the event that it is determined from other sources that personal data has changed.
The right to delete personal data
Customers and/or users have the right to request the deletion of their personal data. ACANTHO will delete the customer's and/or user's personal data in the following cases:
when the customer's and/or user's personal data are no longer necessary for the fulfillment of the purpose of processing, that is, when the purpose of processing ceases
when the buyer and/or user withdraws consent as a legal basis for data processing, and there is no other legal basis for data processing
when the customer and/or user objects to data processing (see more under the heading Right to object)
when personal data is illegally processed
when personal data must be deleted in order to fulfill legal obligations under the law of the European Union or the right Member State to which the data controller is subject
when personal data is collected in connection with the offer of information society services in relation to the child's consent.
The right to restriction of data processing
Customers and/or users have the right to request the restriction of the processing of their personal data. Restriction of personal data processing ACANTHO will provide in cases where the customer and/or user disputes the accuracy of the data, when the processing is illegal, and the customer and/or user opposes the deletion of the data and instead requests the restriction of their use, when the controller no longer needs the personal data for processing purposes, but the customer and/or user requests data to fulfill legal requirements, as well as in the case when the customer and/or user objects to the processing of personal data based on our legitimate interest, including the creation of customer and/or user profiles.
The right to data portability
The transfer of personal data to another processor will be carried out by ACANTHO at the request of the customer and/or user, provided that the latter has given their consent for such transfer, and the processing is carried out by automated means, as well as provided that such transfer is technically feasible.
The right to object
Customers and/or users have the right to file an objection to is as the data controller regarding the processing of their personal data. In that case, ACANTHO, as the controller, will stop processing personal data, except when we prove that there are convincing legitimate reasons for processing personal data in relation to the rights of the customer and/or user, i.e. in the case where the data processing serves the purpose of establishing, setting or defending legal claims.
If the customer’s and/or user’s personal data is processed for the purpose of direct marketing based on consent, the customer and/or user has the right to object to the processing for direct marketing purposes at any time and to request the cessation of their processing. In addition to the complaint addressed to the controller, the customer and/or user has the right to submit a request for the protection of rights to the supervisory authority. In the Republic of Croatia, the authorized supervisory authority is the Personal Data Protection Agency.
Who to turn to?
In case of any questions about the protection of personal data, you can contact the data protection officer by e-mail at the e-mail address specified in this Privacy Policy or by writing to the following address:
ACANTHO d.o.o.
n/r Službenika za zaštitu podataka
Biogradska 2
21000 Split
Other websites
This Privacy Policy applies only to the use and utilization of data that ACANTHO collects from users (respondents). Other websites that can be accessed through the ACANTHO website have their own privacy and data collection statements and how they are used and disclosed. ACANTHO is not responsible for the methods and conditions of work of third parties.
ACANTHO collects and processes personal data through user interactions on social networks such as Facebook and Instagram. ACANTHO, i.e. responsible persons appointed by ACANTHO, have access to messages and/or posts on the mentioned social networks, however, personal data collected through them, especially those contained in messages, is not stored or additionally processed by ACANTHO except for the purposes specified in this Privacy Policy.
ACANTHO uses a business profile using the services of Facebook and Instagram and you can view their Privacy Rules, i.e. confidentiality statements, as well as the way they use your personal data on their websites. If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory body of Facebook, Instagram or the Personal Data Protection Agency of the Republic of Croatia.
Amendments to the Privacy Policy
Acantho d.o.o. reserves the right to amend and supplement this Privacy Policy in order to provide up-to-date and accurate information at any time and to inform customers and/or users of changes in accordance with the principle of transparency.
In Split, 01.10.2023.