Privacy policy

Privacy Policy

 

ABOUT THIS PRIVACY POLICY

 

Along with a pleasant stay, we guarantee the security of all your data.

 

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016, p. 1; hereinafter: General Data Protection Regulation), which has been in full application since 25 May 2018 in the Republic of Croatia and all EU Member States, and in accordance with the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18; hereinafter: the Act) and the broader legal framework for personal data protection in the Republic of Croatia and the European Union, as well as best European practices, RADNIK d.d., Ulica kralja Tomislava 45, 48260 Križevci, OIB: 21846792292 (hereinafter: Hotel Kalnik), as the data controller for users of its services, has created this Privacy Policy.

Statement on the protection and collection of personal data and their use
Hotel Kalnik is committed to protecting the personal data of customers, collecting only the necessary, basic data about customers/users that are necessary to fulfill our obligations. It informs customers about the use of the collected data, regularly gives customers the opportunity to choose how their data is used, including the opportunity to decide whether or not they want their name to be removed from lists used for marketing campaigns. All user data is strictly kept and is available only to employees who need this data to perform their job. All employees of Hotel Kalnik and business partners are responsible for respecting the principles of privacy protection.

 

This Privacy Policy (hereinafter: the “Policy”) explains how Hotel Kalnik collects, uses, and manages your personal data found on the website https://www.hotelkalnik.hr (hereinafter: the Website) and data accessible to Hotel Kalnik.

 

The Privacy Policy applies to all services provided by Hotel Kalnik. Its purpose is to clearly and transparently inform our guests, visitors, partners, and users of our services (hereinafter: data subjects) about how their personal data is processed and what their rights are.

 

Hotel Kalnik is committed to protecting and respecting your privacy. Please read this Policy carefully to understand why and how we collect your personal data and how it will be used. For the purposes of personal data we collect, Hotel Kalnik is the “data controller”—meaning the entity that determines the purposes and means of processing personal data.

 

Hotel Kalnik, as the service provider of the Website, is committed to protecting the privacy of personal data.

 

If you wish to contact us regarding this Policy or your personal data, please use the following contact details:

 

RADNIK d.d.

Trg sv. Florijana 15

48260 Križevci

E-mail: info@hotelkalnik.hr (hereinafter: the email address)

And now, let’s talk a bit more about your rights, our obligations, and other important aspects regarding the protection of your privacy and personal data! The text below is important and by no means boring or dry.

 

How and when do we collect your personal data?

 

We collect your personal data when it is necessary to fulfill your needs and requests, provide services, meet our legal obligations, or for the purposes of our business operations:

 

Reservations can be made in person, through the website, by email to info@hotelkalnik.hr, or by phone at 048/639 230.

 

We store your personal data in our database to fulfill the accommodation service contract and meet legal obligations related to hospitality. If you fail to provide the required data for the reservation or guest registration with relevant authorities, we will not be able to provide accommodation services in accordance with the contract.

 

To provide accommodation services (our core business), we enter into contracts for hospitality services. When doing so, and when taking steps necessary to enter into such contracts, we collect personal data needed to provide the service, fulfill contractual obligations toward you, and comply with legal requirements under Croatian law and regulations.

We are legally obligated to collect the following data for the purpose of guest registration and deregistration by the accommodation provider, based on the Tourist Tax Act and the Ordinance on the eVisitor System:

name, surname, place, country and date of birth, nationality, type, number and place of issue of identification document, residence (or stay) address, date and time of arrival at the property, expected date of departure, actual date and time of departure, gender, notes, registration number, and the basis for exemption or reduction of the tourist tax.

 

These data are entered into the guest database and are automatically forwarded to the eVisitor system.

 

In addition to the above, we collect your data to fulfill our legal obligations in the following legitimate purposes:

 

a) keeping records, calculating and collecting the tourist tax based on the Tourist Tax Act and the Ordinance on the minimum and maximum amount of the tourist tax;

b) maintaining guest logs by the accommodation provider and monitoring by inspection authorities, based on the Hospitality Act and the State Inspectorate Act;

c) registration of foreign nationals with the Ministry of the Interior and inspection monitoring under the Foreigners Act and the Police Duties and Powers Act;

d) maintaining a list of tourists by tourist boards, and for statistical processing and reporting under the Tourist Tax Act and the Act on Tourist Boards and the Promotion of Croatian Tourism;

e) supervision of accommodation service providers in terms of legal compliance, provision of registered services, and compliance with tax and public contributions regulations under the State Inspectorate Act and the General Tax Act.

 

Guest registration data is entered based on the information in an identification document: ID card or passport, and we are required to request your identification for verification, as well as additional information if not contained in the document. We do not retain photocopies of identification documents.

 

Your personal data is stored in our database for the purpose of fulfilling the hospitality service contract and complying with legal obligations related to hospitality. If you do not provide the necessary data for booking or registration with the authorities, we will not be able to provide you with accommodation services in line with the contract.

Certain data is required in order to take steps at your request before entering into an accommodation contract—for example, before making a reservation, we will send you a quote for accommodation based on your request, which requires information such as your name, surname, email address, and preferences regarding the type of accommodation.

 

When registering for the newsletter or other notices about our services and offers, you will be asked to provide your email address (this is mandatory so we can provide the requested service) and other information included in the newsletter subscription form. The legal basis for processing your data is consent. By submitting your data through our website, you are giving your consent for the processing of your personal data. You may withdraw your consent at any time by clicking the “unsubscribe” link at the bottom of each newsletter or by sending a request to our email address. Withdrawal of consent does not affect the legality of the processing carried out before the consent was withdrawn.

 

When you access our website, we collect your IP address, date and time of access, information about your hardware, software, browser, operating system, language preferences, etc. We may also collect information about your clicks and navigation through the site.

 

The legal basis for processing this data is your consent, given through the cookie pop-up. You may withdraw or modify your consent at any time, except in the case of necessary cookies, which we use based on legitimate interest to ensure proper website functionality. More about cookies can be found in our Cookie Policy.

 

When you contact us via email, phone, or in any other way—whether to make a request, seek help, or exercise your rights—we collect the data you provide, such as your name, surname, email address, phone number, etc., as well as any other necessary information needed to respond to your inquiry.

 

Depending on the nature of the inquiry, the legal basis for processing data may be:

 

If your conversation with our call center is being recorded, you will always be informed at the beginning of the call. We record calls to protect guests and service users from inappropriate communication and to improve employee training and service quality.

When sending us an inquiry, please avoid including special categories of personal data, i.e. sensitive information (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, etc.), unless it is absolutely necessary. If you still choose to send such data, we will consider that you have given explicit consent for their collection. For your own safety, we recommend that you only provide the data that is necessary. Any information that is not required will be deleted.

 

When participating in surveys, prize games, or competitions, we only collect your data if you choose to participate. The scope of data processed depends on the type of contest and will be detailed in the rules of the game. Data may include, for example, your name, surname, delivery address for prizes, etc. Participation is voluntary, and by answering the survey you give consent for the processing of your personal data. You can withhold consent by choosing not to answer.

 

Guests who complete our service quality survey may also be offered a chance to participate in a prize draw, which will be clearly indicated. In that case, the data collected will also be used for administering the prize draw, based on a type of contractual obligation. Some collected data (e.g. name, surname, and email address) may also be used for direct marketing based on our legitimate interest.

 

When contacting us as a business partner or representative of a legal entity regarding our services, we collect information such as your name, surname, email, phone number, job title, occupation, account number, etc. Our partners may be natural persons (e.g. sole traders, freelancers, artists, etc.) or legal entities represented by individuals. This data is processed as necessary for the performance of a contract or pre-contractual steps.

 

When contacting us via social media platforms (Facebook, Instagram, X (formerly Twitter), LinkedIn, or YouTube), we collect the data you make available through your inquiry or message.

 

When requesting a unilateral termination of a signed contract, we collect data such as your name, surname, personal ID number, address, accommodation/reservation details, depending on the selected payment method.

 

When making any inquiry related to our services, we process your contact details and other information you provide.

 

If you submit an open job application, we process data such as your name, surname, age, qualifications, work experience, phone number, and any other data contained in the application.

When you complete a satisfaction survey regarding our services during or after your stay, or after using another service, we may process your data—such as name, surname, and email address—based on our legitimate interest to improve our services.

 

For website analytics, we use Google Analytics. Where technically feasible, the IP address of the data subject may be shortened (anonymized) when accessed from within the EU or the European Economic Area.

 

When your personal vehicle enters or exits the hotel premises, we use an LPR system (License Plate Recognition) which identifies license plates and links them to your name and surname if those details were entered into the system. This system helps monitor entry and exit of vehicles for safety, parking availability, and faster vehicle flow. It is used based on legitimate interest.

 

If we photograph or video record you for promotional purposes, we may process data such as your appearance, movements, voice, hair color, etc., based on your consent. Your photos or videos may be used on our website, in newsletters, on social media profiles, or in advertisements. At any time, without justification and free of charge, you have the right to withdraw your consent and request that we stop further processing and use. This withdrawal does not affect the legality of the processing carried out prior to it.

 

Regarding video surveillance introduced to protect people and property and reduce the risk of theft, assault, burglary, or similar incidents, we process your personal data—such as your image, gait, facial features, etc.—based on legitimate interest. Surveillance recordings are stored for 90 days, and only authorized personnel may access them. Upon a formal request, recordings may be shared with law enforcement or courts, and can serve as evidence. All monitored areas are visibly marked with signs providing further contact details.

The above categories of your personal data are collected based on the following legal grounds:

 

In exceptional cases, we may process your data to protect your vital interests or those of another natural person—for example, in the event of illness or injury, we may need to request personal or health-related data, which are considered special categories of personal data. This would also apply in public health emergencies (e.g., epidemics), where we may be legally required to process certain data based on recommendations by Croatian public authorities.

 

If processing is based on your consent, you have the right to withdraw your consent at any time. To do so, contact the data controller at info@hotelkalnik.hr or write to:

Trg sv. Florijana 15, 48260 Križevci, with the note “For Data Protection.”

Such withdrawal does not affect the lawfulness of the processing carried out before consent was withdrawn.

 

If processing is based on legitimate interest, we have procedures in place to ensure that such processing is appropriate for our business needs and minimally invasive—that is, we perform it only when the data subject’s interests do not override ours. Examples include:

 

In all such cases, you have the right to object to the processing.

 

Please note that we may require certain mandatory information in order to provide the services or activities you request. If you do not provide the necessary data, you will not be able to participate in the activity or receive the service, as it will not be technically feasible.

Processing of Personal Data in Payment Transactions

 

Hotel Kalnik uses the services of Monri Payments d.o.o., Ulica grada Vukovara 269F, 10000 Zagreb, OIB: 82551932122 for credit card payment of accommodation reservation guarantees. Monri Payments acts as an intermediary and conducts transactions on our behalf via our website. During payment, Monri Payments will request certain personal data such as:

name, surname, card type, card number, expiration date, and CVV security code.

 

When you make a reservation, a contractual relationship is established, which serves as the legal basis for the processing of your personal data—necessary for performing the contract in which you, as a user of our services, are a party.

 

This reservation system is secure and uses the TLS (Transport Layer Security) protocol for the transmission of your personal data.

 

The processing of payment data is necessary to carry out all actions prior to the realization of the accommodation and contract conclusion. Depending on the type of payment and the legal entity providing the service (e.g., bank, card company), information such as name, surname, code, amount, account number, or transaction identifiers may be shared—based on your selected payment method.

 

Please note: you may also pay by bank transfer. In this case, the reservation remains pending (not confirmed) until we receive the payment. Bank transfer must be made at least 8 days before arrival.

 

Hotel Kalnik reminds users to take care of their card details and not allow third parties to access them to avoid misuse.

To summarize everything mentioned so far:

 

We mostly collect your personal data directly from you—whether to enter into a contract, fulfill our legal obligations, carry out an action at your request, provide services (either by us or our contracted partners), complete a form, or subscribe to our newsletter.

 

If you would like us to send you information about our services, events, offers, or promotions, please subscribe to our newsletter by giving your consent.

 

We treat your personal data as confidential, and they are properly protected by Hotel Kalnik and/or our trusted partners.

 

What data do we collect from you directly and why?

 

Typical categories of personal data we collect from guests and service users include:

 

We collect your personal data for the following purposes:

 

Separate data processing notices may also be available in our premises and rooms.

What privacy rights do you have?

 

Please note that at any time you have the right to request the following from Hotel Kalnik:

 

Access to your personal data

 

You can ask what personal data we hold about you and request access to it. You have the right to know the purpose of the processing, the categories of data being processed, the recipients or categories of recipients your data is shared with, the retention period, and the source of the data if it was not collected directly from you.

You may contact us to request a copy of your personal data.

 

Request correction of inaccurate data

 

We want your data to be accurate and up-to-date. You can ask us to correct or remove information that you believe is incorrect or outdated.

 

Request deletion of your personal data

 

You can ask us to stop processing or even delete your personal data.

However, if we need your data to fulfill contractual obligations, Hotel Kalnik may no longer be able to provide those services.

Also, if your data is needed to meet legal obligations (e.g., tax), we may not be able to comply with your request.

 

Request restriction of processing under certain conditions

 

If you contest the accuracy of the data, no longer need it for processing, but require it for legal claims, or object to processing based on legitimate interest, you have the right to request that processing be limited.

 

Object to the way we use your data

 

You have the right to object to data processing based on Hotel Kalnik’s legitimate interest.

 

Request data portability to another data controller

 

If processing is based on your consent or carried out by automated means, you can request that we transfer your data to another controller.

To exercise any of the above-mentioned rights, please use the contact information provided at the beginning of this Policy. Informally, we often refer to such requests as “GDPR requests.”

 

If you believe that your rights are not being respected, you have the right to file a complaint with the Croatian Personal Data Protection Agency.

 

Special note:

 

When submitting a request or inquiry related to exercising your rights, we may ask you to provide additional identifying information if we suspect your identity or if your data has not been verified in our system. This is necessary so we can ensure, beyond any doubt, that we are disclosing the data only to the rightful person.

This identity verification is for your own safety, to prevent unauthorized third-party access to your data.

 

The time limit for responding to your request (a so-called “GDPR request”) is one month, and this period may be extended, in which case you will receive an explanation.

Where is your personal data stored?

 

Personal data collected about you is stored in a secure environment. Your data is protected from unauthorized access, disclosure, use, modification, or destruction by any organization or individual.

 

The processed data is stored at our business premises and in secure IT systems. In some cases, we may store data on servers belonging to our trusted service providers located within the EU.

 

Hotel Kalnik ensures that personal data is stored in a secure location (with reasonable administrative, technical, and physical safeguards to prevent unauthorized use, access, disclosure, copying, or modification), accessible only to authorized personnel. All authorized individuals sign confidentiality agreements.

 

The collected data is stored only for as long as necessary to fulfill the purposes outlined in this Policy. Your data will not be kept in a personally identifiable form longer than Hotel Kalnik reasonably deems necessary.

 

In some cases, data retention is required by law or other regulations—more on this in the section “How long does Hotel Kalnik retain your personal data?”

 

If you gave your consent (e.g. for receiving our newsletter or enabling specific cookie categories), your data will be processed until you withdraw your consent.

 

If you raise a justified objection to processing based on legitimate interest, we will no longer process your personal data for that purpose.

 

Additionally, in the event of legal, administrative, or other proceedings, we may retain personal data until the end of such proceedings, including the period for submitting legal remedies.

How long does Hotel Kalnik retain your personal data?

 

Hotel Kalnik will not retain your personal data longer than necessary for the purpose for which it was collected, and at most for a period of 11 years, unless in exceptional cases or where a longer retention period is required by law.

 

Here are the typical retention periods:

 

We may retain certain data related to inquiries, reservations, or cancellations, as well as data needed to demonstrate the nature of our relationship with the data subject or to exercise legal claims. Such data may be kept for 10 years from your last stay at Hotel Kalnik.

 

This includes data necessary for the reservation itself, and possibly other related data such as the date and content of complaints, email correspondence, etc.

 

In some cases, certain data is collected and processed only for the duration of your stay, and solely for the purposes of providing accommodation or another service (e.g. special dietary needs, request for a baby crib).

 

Information about the use and duration of cookies can be found in our Cookie Policy.

 

For more details about data retention periods, please contact us at the address or email mentioned earlier: info@hotelkalnik.hr.

What do we use your data for?

 

We may use your personal data in several ways—primarily to fulfill our contractual, legal, and other obligations toward you. Occasionally, we also use data to improve your user experience on our website, enhance service quality, or for security purposes.

 

The purposes for which we use your data are described in this Policy.

If we plan to process your data for any other purpose, we will inform you in advance.

Newsletter

 

Hotel Kalnik would like to send you information about our offers, activities, and news that may interest you.

You may unsubscribe from receiving such content at any time by exercising your rights described in this Policy.

 

To register for the newsletter, Hotel Kalnik collects and processes your email address and your preferred newsletter language, since without this data we cannot provide the service. All other data is optional.

 

The newsletter includes so-called tracking pixels—tiny graphic elements embedded in HTML emails that allow storage and analysis through log files. This enables us to analyze the success of our marketing campaigns.

 

Through tracking pixels, Hotel Kalnik can see whether and when you opened an email and which links you clicked.

The personal data collected via tracking pixels is stored and analyzed by Hotel Kalnik (as the data controller) to optimize newsletter delivery and tailor future content to your interests.

Video Surveillance

 

We collect and process your personal data through video surveillance systems installed in indoor and outdoor areas where Hotel Kalnik conducts its operations. This is done based on legitimate interest, to ensure the safety of people and property, and to reduce exposure of employees, visitors, and guests to risks such as robbery, burglary, violence, theft, and similar incidents related to work, accommodation, or use of services.

 

Through the video surveillance system, we may process personal data such as your image, movements, hair color, etc.

 

Your personal data will not be used for any other purposes unless required to comply with legal obligations (e.g. providing data to courts or law enforcement) or if such processing is otherwise lawful under binding regulations.

 

Access to personal data collected via video surveillance is limited to specifically authorized personnel appointed by the data controller and/or another legal entity we authorize for maintenance and system control.

Third parties may access your data only if required or permitted by law.

Cookies

 

To maintain our website and ensure expected functionality, we use technology known as “cookies.”

 

Cookies are small files that we send to your computer and later access. They can be temporary or permanent.

Thanks to cookies, you can browse our pages smoothly. They show us what interests you and other visitors, which helps us improve the site.

 

For more information about cookies, see our Cookie Policy.

Does Hotel Kalnik share data with third parties?

 

Protecting your privacy is important to us, so we will never share your personal data with third parties except for the purposes described in this Policy. You will always be informed about such data sharing or transfers.

 

Hotel Kalnik cooperates with other companies. This means that we occasionally share your personal data using secure IT systems. In such cases, data is transferred to servers located in the EU or in countries that provide an adequate level of data protection in accordance with EU law.

 

In certain cases, our partners who provide services on behalf of or for Hotel Kalnik may process your data outside the European Union. However, our contracts with such entities require them to handle your data with special security measures, in accordance with the regulations of EU member states.

 

On July 10, 2023, the European Commission adopted a new adequacy decision, allowing personal data to be freely transferred from the EU to U.S. companies participating in the EU-U.S. Data Privacy Framework.

 

This adequacy decision is based on Article 45 of the GDPR and serves as a mechanism to ensure safe and lawful data transfers to third countries. U.S. companies wishing to participate must go through a self-certification process and be listed among the participants in the Privacy Framework.

 

If our contractual partner is based in the United States, we will review existing agreements and verify the security standards guaranteed by the partner to ensure they align with the most recent recommendations of competent EU authorities.

Purposes for which we share data with our trusted partners

 

We may share your data with our trusted partners for purposes such as:

 

These service providers are contractually obligated to use the entrusted data only according to our instructions and exclusively for the purpose we have strictly defined.

They are also required to adequately protect your data and treat it as confidential information.

 

Once a year, we conduct a review of all our partners to ensure that your personal data remains protected at the required level and in compliance with current regulations.

Other websites

 

Websites accessible through Hotel Kalnik’s website may have their own privacy statements and data collection and usage policies.

Hotel Kalnik is not responsible for the operations or conditions of third-party websites.

 

Hotel Kalnik collects and processes personal data through user interactions on social media platforms such as Facebook, Instagram, X (formerly Twitter), LinkedIn, and YouTube.

 

Authorized personnel from Hotel Kalnik have access to messages and/or posts on these platforms, but any personal data shared—especially in private messages—is not stored or additionally processed, except as stated in this Privacy Policy.

Hotel Kalnik uses business profiles on the following platforms:

Facebook, Instagram, X (formerly Twitter), LinkedIn, and YouTube.

 

You can read about their privacy policies and how they handle your personal data at the following links:

https://www.facebook.com/policy.php

https://help.instagram.com/519522125107875

https://x.com/en/privacy

https://www.linkedin.com/legal/privacy-policy

https://policies.google.com/privacy?hl=hr

Facebook, Instagram, X, LinkedIn, and YouTube components are embedded in the Hotel Kalnik website:

https://www.hotelkalnik.hr

 

If you have any questions about data collection and processing by these platforms, or if you wish to exercise your GDPR rights, contact:

For Facebook:

 

META PLATFORMS IRELAND Ltd.

Merrion Road, Dublin 4, D04 X2K5, Ireland

 

Data Protection Officer contact:

 

If you are dissatisfied with how your personal data is collected and processed, you may contact the Irish Data Protection Commission or the Croatian Personal Data Protection Agency.

 

Facebook is owned by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

If the user resides outside the USA or Canada, the data controller is Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, Ireland.

For Instagram:

 

META PLATFORMS IRELAND Ltd.

Merrion Road, Dublin 4, D04 X2K5, Ireland

 

Data Protection Officer contact:

 

If you are dissatisfied with how your data is collected or processed, you may contact the Irish Data Protection Commission or the Croatian Personal Data Protection Agency.

 

Instagram is owned by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

For users in the EU, the data controller is Meta Platforms Ireland Ltd.

 

Instagram is a social network used for sharing photos and short videos, which users can enhance with filters, organize via hashtags, and tag with geographic locations.

For X (formerly Twitter):

 

X Internet Unlimited Company

1 Cumberland Place, Fenian Street, Dublin 2, Ireland

 

Data Protection Officer contact:

 

If you are dissatisfied with the data handling by X, contact the Irish supervisory authority or the Croatian Personal Data Protection Agency.

 

The EU data controller for X is X Corp. (formerly Twitter, Inc.),

1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

 

X is a publicly accessible platform that allows users to post content for followers or the general public. Posts may include images, videos, GIFs, hashtags, hyperlinks, etc.

For LinkedIn:

 

LinkedIn Ireland Unlimited Company

Wilton Place, Dublin 2, Ireland

 

Data Protection Officer contact:

 

LinkedIn is owned by LinkedIn Corporation,

1000 W Maude Ave, Sunnyvale, CA 94085, USA.

 

LinkedIn is a platform for professional networking and career development, allowing users to create profiles, join groups, attend events, post jobs, share articles, photos, and videos.

For YouTube:

 

Google Ireland Ltd.

Gordon House, Barrow St, Dublin 4, Ireland

 

Data Protection Officer contact:

https://support.google.com/policies/contact/general_privacy_form

 

YouTube is a video-sharing platform that allows free uploading, viewing, rating, and commenting on videos of all kinds.

 

It is owned by YouTube LLC,

901 Cherry Ave., San Bruno, CA 94066, USA,

a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

 

If you are logged into YouTube while visiting our website, YouTube will recognize your visit and may link it to your user account—even if you don’t click on the video itself.

To prevent this, log out of YouTube before visiting our site.

This section of the Privacy Policy applies only to the data controller (Hotel Kalnik) in relation to the social media platforms it actively uses.

If any of these social networks are discontinued, this section will no longer apply.

Entry into force and changes to the Privacy Policy

 

This Privacy Policy enters into force on the day of its publication on the website.

 

Hotel Kalnik reserves the right to modify or supplement the Privacy Policy at any time, and the updated version will be published on the website.

 

Date of last update and publication: June 2025