This Privacy Statement for Nostra Tours Ltd., Knin, Gospina 5,
VAT number: 01601057829 (Data Controller), is prepared in accordance with the General Data Protection Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016, applicable as of 25 May 2018.
Nostra Tours Ltd., Knin, Gospina 5, VAT number: 01601057829, will handle your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the Law on the Implementation of the General Data Protection Regulation (NN 42/2018), or other national legislation based on the aforementioned Regulation, and with the application of appropriate technical and security measures to protect personal data from unauthorized access, misuse, disclosure, loss, or destruction.
The data controller responsible for processing is: Nostra Tours Ltd., Knin, Gospina 5, VAT number: 01601057829
Contact email address: firstname.lastname@example.org, email@example.com, Contact phone number: +385919740130
If we use the services of external processors for the processing of your personal data, it is considered as processing (of personal data) on our behalf, and in such a case, we are also responsible for protecting your personal data.
Types of personal data we process
Nostra Tours Ltd. processes your personal data that you provide us with by accessing our official website, registering on our official website, making contact requests, requesting information about offers and other business-related information, or entering into a business relationship with us. The personal data collected through the contact form on our official website, based on your request for information about our services, products, or business, and requests to enter into a business or contractual relationship with us, are your name, email address, and telephone number.
Personal data collected for the purpose of contacting representatives/owners and employees of business partners and/or clients (legal persons) for the efficient execution of business contracts include the fixed telephone number of the authorized person for representation/ownership, the mobile phone number of the authorized person for representation/ownership, the email address of the authorized person for representation/ownership, the fixed telephone number of the employee, the mobile phone number of the employee, and the employee’s email address.
Personal data collected for the purpose of contacting individual clients for the efficient execution of business contracts include the mobile phone number and email address.
Personal data collected when participating in prize competitions for marketing purposes include the names of all participants, email addresses for prize notifications, mobile phone numbers, and the addresses of the winners for prize delivery after announcement.
In the course of a business relationship, you are obliged to provide personal data necessary for the establishment and implementation of the business relationship and the fulfillment of related contractual obligations, or for which there is an obligation to collect. Without this data, we are generally unable to conclude contracts, execute orders, or suspend the execution and terminate existing contracts. You are not obliged to give your consent to the processing of data that is not relevant or legally prescribed for contract execution.
Legal basis and purposes of personal data processing
The data controller processes all types of your personal data for the following purposes:
a) Fulfillment of Legal Obligations – We process your personal data to fulfill our legal obligations, such as compliance with tax and accounting regulations, compliance with applicable laws and regulations, and responding to legal requests or obligations from competent authorities.
b) Contractual Relationship – We process your personal data to establish and fulfill contractual relationships with you. This includes activities such as managing bookings, providing services, processing payments, communicating with you regarding your bookings or inquiries, and addressing any issues or complaints.
c) Communication and Marketing – We may process your personal data to communicate with you and provide you with information about our services, promotions, offers, and other business-related information that may be of interest to you. This includes sending you newsletters, promotional emails, or other marketing materials. We will only send you such communications if you have given us your explicit consent to do so, or if we have a legitimate interest in promoting our business and believe that our communications may be of interest to you.
d) Customer Support – We may process your personal data to provide customer support and assistance. This includes responding to your inquiries, addressing your concerns, and resolving any issues you may have.
e) Security and Fraud Prevention – We may process your personal data for the purpose of ensuring the security of our systems, preventing fraud, and protecting against unauthorized access, misuse, or disclosure of personal data.
f) Improving Our Services – We may process your personal data for the purpose of analyzing and improving our services, website, and customer experience. This includes conducting research, gathering feedback, and performing statistical analysis.
g) Legitimate Interests – In certain cases, we may process your personal data based on our legitimate interests, provided that such processing does not override your rights and freedoms. Our legitimate interests may include activities such as business analytics, internal administrative purposes, or legal claims management.
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, as well as to comply with legal obligations or resolve any disputes. The specific retention periods may vary depending on the type of personal data and the purposes of processing.
Data Sharing and Transfers
We may share your personal data with third parties in the following circumstances:
a) Service Providers and Processors – We may engage third-party service providers and processors to perform certain functions on our behalf or to provide services to us. These may include IT service providers, payment processors, marketing agencies, and customer support providers. We ensure that such service providers and processors are bound by appropriate data protection obligations and use your personal data only as instructed by us.
b) Compliance with Legal Obligations – We may share your personal data with competent authorities, regulatory bodies, or law enforcement agencies to comply with legal obligations, respond to legal requests or obligations, or protect our rights, privacy, safety, or property, as permitted or required by applicable laws.
c) Business Transfers – In the event of a merger, acquisition, or transfer of assets, your personal data may be transferred to the acquiring entity or third party involved in the transaction, subject to applicable data protection laws.
We may also transfer your personal data to recipients located in countries outside the European Economic Area (EEA). In such cases, we will ensure that appropriate safeguards are in place to protect your personal data, such as implementing Standard Contractual Clauses approved by the European Commission or relying on other lawful mechanisms for international data transfers.
As a data subject, you have certain rights regarding your personal data, subject to applicable laws and regulations. These rights may include:
a) Right to Access – You have the right to access the personal data we hold about you and receive information about how we process it.
b) Right to Rectification – You have the right to request the correction of inaccurate or incomplete personal data we hold about you.
c) Right to Erasure – In certain circumstances, you have the right to request the erasure of your personal data, such as when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent and there is no other legal basis for processing.
d) Right to Restriction of Processing – You have the right to request the restriction of processing of your personal data, such as when you contest the accuracy of the data or when the processing is unlawful, but you oppose erasure.
e) Right to Data Portability – You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller where technically feasible.
f) Right to Object – You have the right to object to the processing of your personal data in certain circumstances, such as when the processing is based on legitimate interests or for direct marketing purposes.
g) Right to Withdraw Consent – If we process your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
h) Right to Lodge a Complaint – If you believe that we have infringed your rights or violated applicable data protection laws, you have the right to lodge a complaint with a supervisory authority.
Please note that certain rights may be subject to exceptions or limitations under applicable laws and regulations.
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, alteration, or destruction. We regularly review and update our security practices to ensure the ongoing confidentiality, integrity, and availability of your personal data.
These security measures may include encryption of data in transit and at rest, secure storage and access controls, regular backups, firewalls, intrusion detection systems, and monitoring of access to personal data.
Despite our best efforts, no system can guarantee absolute security. Therefore, while we strive to protect your personal data, we cannot warrant the security of any information you transmit to us, and you do so at your own risk.
Cookies and Similar Technologies
You have the option to manage your cookie preferences through your browser settings. Please note that blocking or disabling certain cookies may affect your experience on our website and limit the functionality we can provide.
Links to Third-Party Websites
Our website may contain links to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy practices or the content of such third-party websites. We encourage you to review the privacy policies of those websites before providing any personal data or using their services.
Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children without the appropriate consent from a parent or guardian. If you believe that we have inadvertently collected personal data from a child, please contact us immediately, and we will take steps to delete the information.