What is personal data and how do we collect it?
Personal data is information that can be used for your identification. This information is, for example, your name, address, postal code, date of birth and gender, IP address, phone number or your e-mail address, payment information…
Information that is not directly related to your actual identity (such as favourite websites or number of website users) does not fall into this category.
We collect personal data on enquiries and booking of tourism services through the call centre, website, application, e-mail, when you pay for services, We also collect personal data every time you visit our website.
The following categories of personal data are collected in particular:
– first name and last name, home address, e-mail address, phone number, age and gender, information whether the booking is made as a family, individual, couple or friends, travel documents data (identification number, nationality, expiration date and country of issue) if required, information on the means of payment and any other payment information, if necessary;
– history of travels and information on possible additional services, such as insurances, parking lots etc.;
– information on the use of our website or application;
– messages that you exchange with us, or send us via SMS, e-mails, phone calls and social media.
Why do we need your personal data and how long do we keep it?
Your data can be used for the following purposes:
– provision of contractual travel services: the data we receive from you is used to provide tourism services related to your trip;
– communication purposes related to travel changes or provision of help on the road; these messages are not intended for marketing and cannot be turned off;
verifying or authorising payments with credit and other payment cards: we use payment information for accounting, clearance and audit purposes, and for the detection and prevention of fraudulent acts;
– administrative or legal purposes: data is used for statistical and market analysis, system testing, customer surveys, quality control, maintenance and development, or resolving disputes or claims;
– security, health, administrative measures, crime prevention or detection: your data can be provided to the state or executive bodies in order to comply with legal requirements;
– communication with customers: we use data to strengthen customer relations and to improve our services or user experience;
– marketing: we will regularly inform you of our special offers via e-mail and periodically via regular mail or phone. In each message, you will have the option to reject to refuse such messages in the future. Refusal is extremely easy either by clicking on the link in each email, return message or phone call, and is entirely free of charge for you.
Your personal data is processed solely on the legal basis for processing. The legal basis depends on the purpose in accordance with which we obtained the data. We obtained your data either as a customer or as a subscription to Newsletter, or upon acceptance of voucher or participation in a prize game.
In most cases, your personal data is processed to fill out your travel contract.
Personal data can also be processed for:
– fulfilment of the legal obligation;
– your personal consent for notifications about our offers;
– protection of your vital interests or interests of another person in an emergency;
– in accordance with legitimate interests of the agency (notification of the agency’s offers statistical and market analysis, system testing, customer surveys, quality control, maintenance and development, or resolving disputes or claims).
We will not keep your data longer than necessary to fulfil the purpose for which it is processed. To determine the appropriate retention period, we take into account the extent, nature and sensitivity of personal data, purposes for which the data is processed, and whether these purposes can be achieved by other means.
When determining the retention period, legally prescribed time limits must also be considered, such as the Value Added Tax Act, general limitation period, and time limit for handling complaints.
When we will no longer need your personal data, we will safely delete or destroy it.
To whom do we provide your personal data?
Your personal data may be provided to the following third parties for the purposes described in this policy:
– tourism service providers, such as hoteliers, travel organisers, ski lift for issuing ski passes, providers for the rental of equipment or vehicles, carriers, guides etc.;
– insurance companies – providers of travel insurance for travel cancellation, accident insurance or health insurance with assistance for which you have decided upon or after the booking (e.g. Allianz, Triglav, Grawe…);
– credit and debit card companies that facilitate payments and anti-fraud checking that may need information about payment method and tourism service booking to process payment or ensure the security of your payment transaction;
– consulate, immigration and customs authorities for the arrangement of entry permits, law enforcement and tax authorities on the basis of their written request, judicial authorities and legal associates in exercising our statutory rights in connection with the contract with you;
– confidential service providers that we use to manage our business, such as external IT experts, cloud service providers, e-mail and SMS marketing providers, and personalised printed matter service providers for targeted marketing campaigns, requiring service providers to provide the same level of personal data protection as the agency;
– social media: you may be able to access third-party web services through our website or application, or before visiting our website or application. Once you are registered with your social service account, we will obtain personal data that you intend to share with us through these social media services in accordance with your privacy settings in order to improve and customise your website or application use. Social media plug-ins can also be used on our website or application. As a result, your information will be shared with your social media provider and may be featured on the social network profiles that you want to share with other people on your network. To learn more about these procedures, see the Privacy Policy of these third-party social media providers.
The agency offers tourism services around the world, which makes it necessary, from time to time, to send personal data to third parties under the first indent also outside the European Economic Area (EEA) to implement the travel contract. Since the protection of personal data is not as high as in the EEA, we require all service providers to process the data safely and in accordance with the data protection laws of the Republic of Slovenia and the EU.
In order to ensure the legality of data transmission outside the EEA, we use standard means of data protection outside the EEA.
We expressly declare that we do not sell any data, especially personal data, to third parties.
How do we protect your data?
When storing and disclosing your personal data, we follow strict security procedures and protect it against accidental loss, destruction or damage. All websites of Zico turizam d.o.o., and in particular the data you provide to us, is protected by the SSL (Secure Socket Layer). SSL is a standard industrial method for the encryption of personal data and credit card information so that it can be safely transmitted over the internet.
Payment information is transmitted via SSL through dedicated network infrastructure (MPLS).
Regarding data protection relating to your credit card, we would like to expressly warn you that upon online payments, this information should be entered exclusively in dedicated booking form fields. Safe handling of your data can only be provided if you also comply with the intended input method.
We may disclose your data to third parties solely in accordance with the purposes set out in this policy. All third parties are required to have appropriate technical and operational security measures to protect your personal data pursuant to the Personal Data Protection Act and GDPR Regulation.
Your rights deriving from the protection of personal data
Under certain circumstances, you have the right to:
– request information about whether we have your personal data and, if so, what data and why it is stored or used;
– request access to your personal data, which allows you to receive a copy of the personal data we have and check if we process it legally;
– request corrections of personal data that we have, which allows you to correct incomplete or inaccurate data;
– request the deletion of your personal data when there is no reason for further processing, or when you exercise your right to object to further processing;
– object to further processing of personal data where we rely on a legitimate interest (even in the case of a legitimate interest of a third party) when there are reasons relating to your particular situation; irrespective of the provision of the preceding sentence, you have the right to object at any time if we process your personal data for the purposes of direct marketing;
– request limiting the processing of your personal data, which allows you to stop the procession of your personal data, for example, if you want us to determine its accuracy or check the reasons for its further processing;
– request the transfer of your personal data in a structured electronic form to another controller;
– revoke the consent or agreement you have given for the collection, processing and transfer of your personal data for a specific purpose; after receiving a notice that you have withdrawn your consent, we will stop processing your personal data for the purposes you initially accepted, unless we have another legitimate legal basis for doing so legally.
To claim any of the rights mentioned above, please send an application by e-mail to info@zicotours.com or by regular mail to Zico turizam d.o.o., Mrazovićeva 7, 10000 Zagreb, Croatia
You do not have to pay a fee for accessing your personal data or exercising any other right. However, a reasonable fee may be charged if your request for access is manifestly unfounded or excessive. Alternatively, in such circumstances, we refuse to fulfil the request.
In case of exercising the rights under this title, we may need to ask you for certain information that will help us to confirm your identity, which is only a security measure that ensures non-disclosure of personal data to unauthorised persons.
Cookies and website tracking
When visiting our website, your computer stores information in the browser software in the form of cookies. Cookies store information about your website use, which is then used by OBS d.o.o. The use of cookies makes it easier for you to use features, as we recognise your computer on further visits, which simplifies the possible re-entry of data.
Cookies we use (small files containing configuration information) help us to determine the frequency of use and the number of users on our website and allow you to utilise our service fully. Furthermore, on the basis of these cookies, OBS d.o.o. can send you personalised information via e-mail to notify you about booking, specific products or sales campaigns, and to recommend products or services that you may find interesting.
Most browsers are configured to accept cookies automatically. Nevertheless, you can turn off cookies or set your browser to notify you about sending cookies at any time. Also, there is a possibility that you can delete your stored cookies from your hard drive at any time.
The use of cookies is necessary to make a booking. You can use our services to a limited extent without cookies.
Edit cookies and browser settings
If you want to delete cookies or restrict them, you can set limits in your web browser.
.
We use tracking software to track traffic patterns and website use, which helps us to develop the design and layout of the website. This software does not allow the recording of personal data about passengers.
With every access to the content of our online offer, general information is automatically saved (e.g., the number of visitors and the duration of the visit on individual pages etc.). This data is not personal and is, therefore, processed in an anonymous form. We use this type of data exclusively for statistical purposes and optimisation of our online offer.
Using Google Analytics
This website is using Google Analytics, which is Google Inc.’s online analytics service. (»Google«). Google Analytics uses so-called »cookies«, text files that are stored on your computer and allow you to analyse your website use. Information about your use of this website (including your IP address) that a cookie acquires will be transferred to Google’s US server where information is then stored.
Google will use this information to analyse your website use, to generate reports about the activities of a website for website operators and to provide other services related to the website and internet use. If necessary, Google will provide such information to third parties, to the extent legally required, or if third parties process such data on Google’s behalf. Google will not merge your IP address with other Google information in any way. You can disable the installation of cookies by setting up your browser’s software properly. However, we must remind you that in this case, you may not be able to utilise all the features of this website fully. By using this website, you declare that you agree that Google processes collected personal data in the manner described and for the purpose stated above.
Our website uses the anonymisation feature provided by Google Analytics. In this context, IP addresses are stored and processed only in an abbreviated form, so that they cannot be linked to the identity of a particular person.
Google Analytics data also allows targeted displaying of advertising messages across the entire World Wide Web where Google owns or leases its ad positions.
Links to other websites
Our online offer may contain links to other websites. This Privacy Statement does not apply to other providers. Since we have no influence on whether their operators respect the provisions on data protection, we also assume no responsibility for the correctness, promptness and completeness of the information they provide on their websites.
We advise you to read their Data Protection Policy as their policy can be different from ours.
Data controller
Zico turizam d.o.o. is responsible for storing and processing personal data, and at the same time, as a licensed travel agency and travel organiser, the service provider.
If you have any questions or if you want to tell us your wishes or comments regarding data protection, please send an email to info@zicotours.com.
Due to changes in the legislation in the field of personal data protection, we have to adapt the provisions that apply to it from time to time. We will keep you informed about any news. We encourage you to look at this policy occasionally.
Website manager
Zico turizam d.o.o.
Mrazovićeva 7
10000 Zagreb
Croatia