Privacy policy

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Personal data protection policy of clients

INTRODUCTORY PROVISIONS
Semper Supra j.d.o.o./Mosaic Travel pays special attention to the protection of personal data of its clients, in accordance with the best business practices and valid Croatian and European regulations, including the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016)

The aim of this policy is to provide all interested parties with all the necessary information about the method of processing and protection of personal data and the rights that clients have in relation to the processing of personal data.
AREA OF APPLICATION
The policy applies to all personal data of clients collected and processed by Semper Supra j.d.o.o./Mosaic Travel.

A client is considered a person who requested a service or a service offer from Semper Supra j.d.o.o./Mosaic Travel.

Personal data is any data relating to an individual whose identity has been determined or can be determined (Article 4 of the General Data Protection Regulation).

Data processing means any procedure or set of procedures performed on personal data or on sets of personal data (Article 4 of the General Data Protection Regulation).

PRINCIPLES OF PERSONAL DATA PROCESSING

Legal, fair and transparent processing

We process data in accordance with the applicable laws relating to the processing of personal data and in accordance with the best business practice of data protection.

Processing in accordance with the purpose of data collection
We process the collected data only in accordance with the purpose for which the data was collected.
Data limit
We collect and process only those data that are necessary to achieve the purpose of processing.
Data accuracy
We pay special attention to the accuracy of the collected data. The user has the right to view the data and correct their data at any time.
Limitation of data processing and storage time
We process and store data only as long as is necessary to fulfill the purpose for which the data was collected or as required by applicable regulations.
Security of personal data
We pay the utmost attention to the security of personal data. The internal security procedure system helps us in this.
CUSTOMER RIGHTS
In accordance with the General Data Protection Regulation, the client has the following rights:
Right to access data
The client has the right to receive confirmation of whether we process his personal data, and if we do, he has the right to receive the following information: information about the purpose of processing, about the category of personal data that we process, about the recipients or categories of recipients of the data that we process, about the expected period in which the data will be stored or the criteria for determining that period, on the right to request correction, erasure and restriction of data processing, on the right to file a claim with a supervisory authority, , information on the system for automated decision-making, such as the creation of a profile, on protective measures if the data is transferred to a third country.
Right to rectification and erasure
The client has the right to obtain the correction of incorrect data.

The client has the right to obtain the deletion of data, unless the data is necessary for the purpose for which it was collected or it is necessary to keep it according to valid legal regulations.

Semper Supra j.d.o.o./Mosaic Travel is obliged to inform the client about the change or deletion of data made at the client’s request.
The right to restriction of processing
The client has the right to request the restriction of data processing, under the conditions defined in the General Data Protection Regulation.

Semper Supra j.d.o.o./Mosaic Travel is obliged to inform the client about the restriction of processing made at the client’s request.
The right to data portability
The client has the right to receive the data he has provided to us in a structured, common and machine-readable format, and to transfer them to another data controller without restrictions.
The right to object
The client has the right to object to the processing of personal data at any time.
The client has the right to object to direct marketing at any time, in which case we will no longer use the data for this purpose.
Automated decision making including profiling
The client has the right not to be subject to decisions based on automated processing, including profiling.
METHOD OF COLLECTION OF PERSONAL DATA
We collect data about our customers in the following ways:
Data collection in branch offices
When making a reservation or offer, we ask the user for personal data necessary for the reservation or offer.

The user can leave his data in person, or another person can do it on behalf of the user, or the user can give us the data by phone or email.
Web-based data collection
On our website, when making a reservation or inquiry for an offer, we collect the data necessary to make the reservation or offer.

The client submits data to us via a form on the website.
Consent of the client
The consent of the client means any voluntary, specific, informed and unambiguous expression of the wishes of the subject by which he gives his consent to the processing of personal data relating to him by a statement or a clear affirmative action (Article 4 of the General Regulation on Data Protection).

Without the client’s consent, we will never use the client’s personal data for any purposes for which consent is necessary according to current regulations.
TYPES OF PERSONAL DATA WE COLLECT
We collect only those data that are necessary to fulfill the purpose of data collection and in accordance with applicable legal regulations.

The data we collect are: first and last name, date of birth of children in order to obtain a discount, telephone number and e-mail address for contact, location, gender, citizenship, passport number or other appropriate personal document where necessary to fulfill legal obligations (e.g. . when crossing the border), credit card number or other means of payment.

Due to the nature of travel services, there may be a need to process specially protected categories of personal data that reveal, for example, religious or philosophical beliefs, trade union membership and data related to the client’s health, exclusively for the purpose of executing the contract between Semper Supra j.d.o.o./Mosaic Travel and the client, i.e. performing actions that precede the conclusion of the contract. It will be considered that the client who provided Semper Supra j.d.o.o./Mosaic Travel with information from a special category of personal data has thereby expressly expressed his consent to the processing of such data.
PURPOSE OF COLLECTION OF PERSONAL DATA

We collect personal data for the following purposes:

For the purpose of contract execution or preparation for contract execution
We collect personal data in order to be able to provide a service to the client or to make an offer for a service to the client.

In order to inform users about services and products

If the client has given consent, we can use the client’s data to inform the client about our services and products that may be of interest to the client.
For internal purposes
We store client data in order to protect the client’s legitimate interests or our legitimate interests, and in accordance with applicable legal regulations. This may, for example, include keeping client data so that we can best respond to possible client complaints, using client data to prevent, detect and process abuses to the detriment of clients or Semper Supra j.d.o.o./Mosaic Travel, ensuring the safety of employees, clients, products and services Semper Supra j.d.o.o./Mosaic Travel, creation of services and offers that correspond to the needs and wishes of clients, ensuring superior user experience, personalized customer support, market research and analysis, optimization of sales channels, etc. Telephone conversations between users and employees of Semper Supra j.d.o.o./Mosaic Travel can be recorded will continue to be used for the purposes of improving the quality of the work of Semper Supra j.d.o.o./Mosaic Travel employees, solving possible client complaints as well as for security purposes, of which the client will be informed before the start of the interview. The legal basis for data processing for these purposes is the legitimate interest of Semper Supra j.d.o.o./Mosaic Travel, except when that interest is stronger than the interest or the fundamental rights and freedoms that require the protection of the client’s data and/or the legal basis for the protection of the key interests of the client or another natural person. The exception is cases where the legal basis is consent.

For the purpose of fulfilling legal obligations

On the basis of a written request based on current regulations, Semper Supra j.d.o.o./Mosaic Travel is obliged to provide or provide access to certain personal data of clients to competent state authorities (e.g. courts, police, tourist inspection, etc.).


The legal basis for data processing for these purposes is the fulfillment of the legal obligations of Semper Supra j.d.o.o./Mosaic Travel

TRANSFER OF DATA TO THIRD PARTIES
We pass on customer data to third parties in the following cases:

For the purpose of contract execution or preparation for contract execution with the client

We forward the data to a third party when it is necessary to provide the client with the contracted service or requested information. This includes, for example, sending the customer’s data to a hotel or carrier, when this is necessary to perform a service or make an offer for a service.

When the user has given consent

We forward the data to a third party if it is necessary for the purpose for which the user has given express consent.
When we hire subcontractors to perform certain tasks
If we engage subcontractors as processors for the performance of certain jobs, in that case we forward personal data to the subcontractor. In doing so, we use subcontractors exclusively from the EU and these subcontractors work exclusively on behalf of Semper Supra j.d.o.o./Mosaic Travel and according to the contract concluded with Semper Supra j.d.o.o./Mosaic Travel, which ensures data protection measures as if the data were processed by Semper Supra j.d.o.o./Mosaic Travel.
PROTECTION OF PERSONAL DATA
In order to protect the personal data of our clients, we use the best business practices in the field of tourism and information and communication technologies. We continuously adjust our internal processes in order to achieve an optimal level of personal data protection. In doing so, we use various organizational measures and technical means to protect user data from unauthorized access, change, loss, theft or other misuse of data.
CONTACT
The client can exercise his rights from the General Data Protection Regulation by submitting a request to the email address office@mosaic-travel.eu

If the client suspects a violation of his personal data, he can send a report to office@mosaic-travel.eu

The client can also submit a report to the Personal Data Protection Agency.
Amendments, amendments and transitional provisions of the Policy
The policy enters into force and starts to be applied on the day of publication and is available on the website and at the points of sale of Semper Supra j.d.o.o./Mosaic Travel. Clients will be informed about possible amendments to the Policy in a timely manner, including through publication on the website. The client has the right to portability of personal data, deletion of data and restriction of personal data processing at the latest from the beginning of the application of the General Regulation on the Protection of Personal Data, i.e. from June 15, 2024.

In Zagreb, June 15, 2024.