According to the Regulation on the protection of individuals with regard to Processing of personal data and the free Movement of Such Data 2016/679, the Service Provider collects and processes personal data of the Beneficiary in a legitimate, fair and transparent way , collecting only data necessary for the fulfillment of the legal work contracted by the Service Provider and User.

For purpose of visibility and understanding of these terms, 'Service Provider' means Quod est futurum d.o.o. as the owner of the National Hotel, while the guest and any other person who, for the purpose of possible stay in the hotel, searches the web site , is marked by term 'User'.

a) Type of personal data collected and processed

'Personal data' means any information relating to a physical, person whose identity has been established or can be identified; a person whose identity can be identified is a person who can be identified directly or indirectly, especially with the help of identifiers such as name, identification number, location information, network identifier or with the help of one or more factors that are physical, physiological, genetic, , the economic, cultural or social identity of that individual.

The service provider collects and processes two levels of personal data. The first level of personal data consists of data that the Service Provider is obliged to submit to the state bodies and units of local self-government. The first level of personal data includes the name and surname, address, date of birth, number and issuing of the document on the basis of which the Service Provider has identified the User's identity. Provieded data then Service provider puts into the eVizitor system and they are available to state authorities under statutory authority. The second level of personal information refers to the first and last name, address, e-mail, phone number, credit / debit card information. The above information is necessary to fulfill the business relationship.

First-level data are kept by state bodies in accordance with statutory deadlines. Second-level data shall be kept until the expiration of the time limits laid down in a special law on the keeping of accounting records, except when a forced charging procedure or court proceeding has been initiated from a business relationship, in which case the data is kept until the valid completion of the said procedures. The second level data period expires permanently with the Service Provider.

Second-Level User Data may be available to the Subscribers of the Service Provider, such as the Accounting of Service Provider and any other potential subcontractors that the Service Provider could access for the purpose of fulfilling the legal transaction (web site maintenance, case of dispute, etc.) Personal Data of Users are protected by the Statement of Confidentiality that the Service Provider has signed with its subcontractor where it is obliged to keep as secret all personal information he has learned in the performance of his duties.

First and second level data may also be available to employees of the Service Provider to the extent that it is necessary for the performance of the employee's work tasks. Each employee of the Service Provider has signed a Statement of Confidentiality, and the violation of the same constitute is serious violation of the obligations of the employment relationship.

The Manager of Processing is a person authorized to represent the company Quod est futurum d.o.o. and the User may refer all inquiries regarding processing of personal data to the processing manager at: Hotel National, Supilova 8, 10000 Zagreb.

b) Use of personal data

The Personal Data Provider is used to fulfill services that are the subject of Service Provider's activity or for technical purposes when administering the Website, communicating with the User, and making statistics. Personal information will not be disclosed to third parties except with the consent of the Beneficiary.

The Service Provider decides independently which information will be given to the Service Provider. In the event of a denial of some of the requested information, there is a possibility that the Service Provider will not be able to accept it and will have to reject the business relationship with the User.

The User has the right at any time from the Provider to request access to his / her personal data and correction of personal data.

Forms of 'Access Information' and 'Request for Correction' are available on the Service Provider page. The User can at any time submit a completed form to the e-mail processing manager and request that information be provided to him / her about the User's data processing and for what purpose, that is, he may request the modification of the information he considers inaccurate or incomplete. The Service provider is obliged to act upon the request of the Beneficiary within one month. The deadline may be extended by two months in the case of Service Provider overwork. The Service Provider will inform the User of the extension of the deadline.

c) Consent

When entering a business relationship in the form of reservation of Service providers services, the User has given an unconditional consent for processing personal data to Service provider.

The User has the right at any time to withdraw the consent of processing personal data. The 'Withdrawal of Consent' form is located on the Service Provider page. The User may at any time submit an filled form to mail and request that the Service provider suspends processing of the User's personal data. The Service provider shall immediately discontinue any further processing of personal data and notify the User. If the Service provider is unable to fulfill its part of the contractual obligation by reason of the withdrawal of the consent, it shall not be liable to the User for any damage caused by not fullfilling obligation, and the User shall be liable to the Service provider for all actually incurred costs.

After the consent is withdrawn, the Service provider will permanently delete all previously collected User information without delays.

d) Complaint

In case of suspicion of misuse or denial of information, the User has the right to file a complaint to the Supervisory authority - the Personal data protection agency.

e) Deleting of personal data

The User has the right to request the deletion of his personal data from the Service provider. The form 'Request for deletion of personal data' is located on the Service Provider page. The User may at any time submit an filled out form to mail and request that the Service provider permanently delete all or certain personal data of the Beneficiary. The Service provider is obliged to act upon the request and notify the user thereof. if, due to the deletion of the data, the Service provider is unable to fulfill its part of the contractual obligation, the Customer will not be liable for any damages incurred due to the non-fulfillment of the contract, while the User shall be liable to the Service Provider for any actual costs incurred. The service provider is obliged to act upon the request of the Beneficiary within one month. The deadline may be extended by two months in the case of a burden on the Service Provider. The Service provider will inform the User of the extension of the deadline.

f) Video surveillance

Entrance to the hotel National and the parking lot next to it are under twenty-four-hour video surveillance for the security of the User. Video surveillance videos are stored for six months and then permanently deleted.

g) Automatic recording of information (non-personal information)

Each access to the internet page of Service provider automatically captures certain data that is general and is not considered personal information (user browser, number of visits, average visit time on pages, visited pages). The data thus obtained is of importance to the Service provider since they are used to measure the attractiveness of the website and improve content and usability. Such information is not specifically considered and disclosed to third parties.

h) Cookies

The Service provider's web site applies to so called cookies - text files that are placed on a user's computer by an internet server that the user uses. Files are created when a viewer on a user's device loads a visited network destination, then sends data to a browser and creates a text file (cookie). The browser retrieves and sends the file to the network destination server (places, pages) when returning the user to it. Cookies are used to serve all of the features of the web site and provide better user experience, and may be temporary (stored only during web site visits) or permanent (on a user's computer, even after a visit). Third party cookies the Service provider is used to obtain statistical information about the visits and how we use our websites. Data collected includes user IP address, browser data, language, operating system, and other standard data that are collected and analyzed solely in anonymous and mass form. The web site of the Service provider does not contain any cookies that allow you to run programs or set up a virus on your computer.

The pages of the Service provider use google analytics statistics, and look for third-party cookies in google analytics. Data about how users use our web site can occasionally be collected using other tools similar to google analytics. If you do not agree to their use, you can easily delete (or prevent) cookies on your computer or mobile device using the browser settings you are using. Since the purpose of cookies is to improve and enable the use of our web pages and their processes, keep in mind that by preventing or deleting cookies, you can disable the functionality of these features or cause their different work and appearance in your browser.

i) Safety

The Service provider makes every effort to ensure the security of personal data. Users personal data are consistently protected against loss, destruction, forgery, manipulation and unauthorized access or unauthorized disclosure.