Data necessary for holding multi-day tours
• Types of data: First name, last name, date of birth, flight number and arrival time, cell phone number, emergency contact, height (for bike tours)
• Legal basis: Legitimate interest

Health data necessary for holding multi-day tours
• Types of data: allergy information, medications, other relevant medical information, dietary restrictions
• Legal basis: Explicit consent

Client photos for marketing
• Types of data: Photo
• Legal basis: Consent

Job ad
• Types of data: Name and surname, phone number, City and country, e-mail address, work experience, previous education info
• Legal basis: Necessary for the performance of a contract

Mail communication about the job competition
• Types of data: Name, e-mail address, resume, sports experience, knowledge of English
• Legal basis: Legitimate interest

2.1. Cookies
Our website uses cookies – small text files that are stored on your device when you visit a particular website. We use two types of cookies: those necessary for the operation of the website, and statistics to understand visitors’ behavior better and improve our services.

3. Lawfulness and fairness of data collection and processing
Aktivni odmor collects and processes data in accordance with contractual obligations, legal obligations, our legitimate interest, or with provided consent.

We respect the fundamental principles laid down in the GDPR: we adhere to legal data processing mechanisms, the data is collected for specified, explicit and legitimate purposes and it’s processed in accordance with them. We collect the minimum amount of data, strive to ensure that it is accurate, and we keep it only for as long as necessary for the purposes they’re processed for. We conduct pseudonymization as well as anonymization of personal data wherever possible.

4. Data subjects rights and their exercise
• Right of access to personal data
• Right to rectification of inaccurate personal data
• Right to erasure of personal data
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to not be subject to automated decision-making

You can request the exercise of the aforementioned rights by making an inquiry to our physical address (Klovićeva 16/B), or the e-mail address of our data protection officer: dpo@andadventure.com

You can also contact us for any interpretation of your rights, as well as request a summary of our data protection impact assessment. We respond to all requests within one month of receiving the request.

You can also submit a complaint to the Croatian Data Protection Supervisor: Personal Data Protection Agency (AZOP), Martićeva 14, Zagreb, azop@azop.hr

5. Relationship with third parties
Each relationship with our trusted partners is contractually specified for data protection. Our partners must not process your information outside of our instructions, they must take adequate measures to protect it securely and can only keep it for an agreed period.

These are the only purposes our partners can process your data for:
• Accomodation providing
• Online card payment processor
• Cloud service for internal use
• Accounting Services
• Website maintenance
• Digital marketing

6. Security of data protection
We use organizational, technical, and physical risk-based measures to protect personal data from destruction, loss, alteration, and unauthorized disclosure or access. Within the company, there is an ongoing dimension of privacy culture: the Director and all employees whose job description involves processing personal data are educated about the obligations and rights prescribed by the Regulation. Regular privacy awareness training is conducted.

The data collected through the website is protected by an SSL certificate, a technology that encrypts the connection between our server and your internet browser, ensuring that no one else has access to the data you give us. We work with trusted and professional partners who are committed to using high standards of protection.

Last update: 01.04.2020