GDPR Personal Data Protection Statement

GDPR Personal Data Protection Statement

This Personal Data Protection Statement is based on the General Data Protection Regulation and it refers to the company Meridijan Yacht Servis d.o.o.

Meridijan Yacht Servis will process your personal data in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and national laws based on the Regulation, with the application of appropriate technical and security measures for the protection of personal data against unauthorized access, misuse, detection, loss or destruction.

I. General information
This Statement describes what data will be collected, how and for which purposes MYS uses it and your rights associated with personal data information that we are collecting.
If MYS uses the services of external providers to process your personal data, this is processing (of personal data) by order, in which case we are also in charge of protecting your personal data.

II. Personal data
MYS uses the following personal data:
– general data: forename and surname, date of birth, country of birth, nationality, personal identification number, passport number, Tax number
– address and contact information: city, e-mail address, mobile phone number
– other data: type of identity document, number of identity document, date of boarding, port of boarding, name of yacht or motor boat, number of skipper license, number of VHF license, credit card number, booking number, GPS coordinates of navigation

III. Legal basis and purposes of personal data processing
All your personal data are processed based on:
a) Legal obligations – MYS is processing your personal data in accordance with the regulations in force, as well as for the purposes of notification and registration which we are obliged to perform in accordance with the regulations in force.
b) Fulfilment of agreement – MYS is processing your personal data for the purpose of fulfilling the agreement and contractual obligations we have concluded.
c) Consent you gave us to process your personal data for purposes of sending promotional offers, reviews for the boat you chartered and any other information regarding our company that you’d like to receive by email.
d) Legitimate Interest of the Controller – All your data is processed for the purpose of meeting the obligations of the legislative body (e.g. Ordinance on the conditions for conducting the activity of chartering of vessels with or without crew and the provision of guest accommodation services on vessels) or for fulfilling contractual obligations and concluding agreements, e.g. Agreement on the provision of vessel chartering.

MYS collects personal data from our clients in our office in person, on boat shows, on our website if you are using contact form, via e-mails and by phone.

IV. Retention period
In principle, we will delete your personal data upon termination of the contractual relationship and no later than the expiration of any legal requirements related to the retention of personal data.

V. Consent management
You can revoke your consent at any time.
You can also at any time object to our processing of your personal data.
You can change your consent in a written form at the following address:
Meridijan Yacht Servis d.o.o., Marijane Radev 45, 23000 Zadar or by e-mail at info@meridijan.com.
If you revoke the given consent we will no longer use your data for the said purposes.
If you’d like to give your consent again, you are able to do so.
In the case of processing of your personal data that does not require your consent and that is necessary for the conclusion of an agreement with us or the fulfilment of the concluded agreement or due to obligations we have under the law.

VI. Rights of data subjects
a) Right of access to data and information on processing personal data, i.e.does the controller process personal data of data subjects or not and if the data is processed, what is the purpose of this processing, categories of personal data in question etc.

b) Right to rectification: If we process your personal data that are incomplete or inaccurate, you may ask us to correct or complete them at any time.

c) Right to erasure: You may ask us to delete your personal data if we have processed them illegally or if that processing represents disproportionate interference with your protected interests. Please note that for some reasons immediate deletion is not possible. For example, due to the archiving obligations laid down by law.

d) Right to data portability: You may ask us to provide you the data you have entrusted to us in a structured form, in a standard machine-readable format:
• If we process these data on the basis of consent you have given us and which you may revoke or for the fulfilment of our agreement and
• if the processing is done using automated processes.

e) Right to object: If we distribute your information for the purpose of performing a public interest task or a task of public bodies, or when upon the processing of your information we invoke our legitimate interests, you may file an objection against such data processing if there is an interest in protecting your data.

f) Right to object to competent authority: If you believe that upon processing your data we have violated Croatian or European data protection regulations, please contact us to resolve any issues. You are entitled to file a complaint with the Croatian Data Protection Agency or in the event of a change of the applicable regulations, with another body that will assume its jurisdiction, and starting from 25 May 2018 with the supervisory body within the EU.

h) Exercise of rights: If you wish to exercise any of the aforementioned rights, contact us using our email info@meridijan.hr

i) Identity confirmation: In case of doubt we can request additional information to verify your identity. This serves to protect your rights and private spheres.

j) Misuse of rights: If you execute any of these rights too often and with obvious intent of misuse, we may charge you an administrative fee or decline to process your request.

k) Right of limitation of processing: You may request a limitation on processing your data:

  • if you dispute the accuracy of your data during a period that allows us to verify these data.
  • if the processing of your data was unlawful, but you refuse the deletion and instead ask for a limitation of use of this data.
  • if we no longer need the data for the foreseen purposes, but you still need them for the realization of legal requirements or if an objection has been filed for processing these data.
  • VII. Transfer of data to third parties
    We’ll keep your personal data and will not disclose them or make them available to third parties except in the following cases:

    • if you explicitly and in writing agree to disclose certain confidential data for a particular purpose or to a particular person
    • if the Ministry of the Interior or the competent State Attorney requires the data for the purposes of carrying out the tasks within their competence.
    • if a court, attorneys or a notary public require the data for their proceedings, where the submission of such data is required in writing.
    • if the Tax Administration, the Croatian Pension Insurance Institute, and Croatian Health Insurance Fund require the data on the basis of the legal obligations that the controller has towards them.
    • if we are obliged to submit data to the Ministry of Maritime Affairs, Transport and Infrastructure.

    VIII. Transfer of data to third countries
    Transfer of data to third countries (countries outside the EU) is performed only:

    • if there is a statutory obligation
    • if the transfer is necessary for the fulfilment of contractual obligations
    • if you have given your explicit consent

    XI. Use of digital services
    We collect only those personal data that visitors of our website meridijan.hr voluntarily make available to us when submitting contact information via contact form. These personal data are used confidentially and only for a specific purpose. The transfer of these personal data to third parties is not carried out, unless there is a statutory obligation or an order of the official body when such personal data may be forwarded to the competent authority. Access to the website is protocoled and technical data such as website traffic, the operating system used, display resolution, time of visit, and the size of the transferred data are recorded on that occasion.

    In order to improve our offer our website contains cookies that are stored on computers of the website visitors. The cookie storage can be prevented but this can limit the offerings of the website. Cookies provide the ability to store typical preferences of website visitors, optimize technical processes and continually improve the offering.

    We have taken all necessary measures to protect your data against loss, alteration or access by third parties. In case you have any questions, please feel free to contact us.

    Any changes to this policy will be noted on our web site and you’ll be notified by email.

    X. Security statement
    We have taken all reasonable steps to have in place appropriate security measures to protect your information.

    XI. Changes to this policy
    Any changes to this Policy will be either posted on our website, brochure and/or made available upon request.