Data protection declaration
When it comes to your personal details, we want you to feel safe on Adrialin d.o.o.’s website (www.kroatien-adrialin.de).
We would like to inform you of how your data is used by us and how you can exercise your rights.
1. Name and contact details of persons responsible and representative
Person responsible for personal data pursuant to Article 4 para. 7 GDPR
Telephone number: 0203 499 6238
Managing Director: Josip Šojat
2. General information for visitors to this website
As part of the booking process, certain cookies from your browser are stored onto your computer's hard drive. These are small text files which you can delete at any time.
When you first visit our website, you can choose which categories of cookies you would like to allow.
A distinction is made between the following categories:
- Essential cookies: These cookies and other technologies are necessary to provide basic website services such as booking operations, security or fraud prevention.
- Analytical cookies: These cookies are used to analyze traffic on our websites. This allows us to understand how users interact with the functionalities and thus improve our services and make them more interesting. Data collected through analytical cookies are pseudonymized.
- Marketing-Cookies: Marketing cookies enable us and our trusted marketing partners to display and optimize ads for our platform that are relevant to an individual user's tailored interests, measure the effectiveness of campaigns and ads and your interactions with them, and link data we share with vendors across devices. The advertising is based on user behavior, such as the destinations or accommodations called up, as well as other offers. Enabling marketing cookies is optional.
We use the following essential cookies:
-lng: This is a cookie which is stored in the customer's language. Duration: 1 year
-booking: This is a cookie which is generated once you confirm and submit your details in the basic or detailed search or when calculating the price of a holiday property. This remembers your choices during this and subsequent visits. Duration: 30 days
-bookmarks: This is a cookie which is used when the customer adds a property to their wish list. The contents are the item numbers of the selected properties. Duration 30 days
-cookie_consent: This cookie stores whether you have already made a selection as to which cookies may be stored in your browser. This means that the cookie banner is not displayed again with each new page view. Duration: 1 year
-cookie_consent_analytics: This cookie stores whether or not you have given us consent to use analytical cookies. Duration: 1 year
-cookie_consent_marketing: This cookie stores whether or not you have consented to the use of marketing cookies. Duration: 1 year
-XSRF-TOKEN: This cookie is designed to protect against third-party modifications to data. This cookie has no fixed term and is reset each time this site is visited.
-adrialin_session: This cookie is designed to identify the current browser session. running time: 60 minutes
-paypalCancel: This cookie stores information required to cancel transactions when paying for the booking with PayPal. The cookie expires with the browser session.
-townInfo: This cookie stores information to display the resort information on the accommodation description page. The cookie expires with the browser session.
-LastViewed: This cookie stores the accommodation ID of the last visited accommodation in order to return to the previous page via the "back to object" button. This cookie also expires with the browser session.
These cookies are used to provide basic services and improve the user experience on our website. This data is processed in accordance with Article 6, para. 1, sentence 1, letter f) GDPR. Adrialin pursues the legitimate interests of optimising the user-friendliness of its website in order to increase its travel sales. Since data is only used from persons who have expressed their interest in our offers and services, this in no way affects the fundamental rights of individuals concerned.
In the category of marketing cookies, the following cookies are used by us:
-seen_on: This cookie is used if you are directed to another website via an advert on our property or travel description. A code is stored for the corresponding website from which you were directed to us. Upon confirming a booking, a cookie on the booking page will determine whether the code for the so-called conversion tracking should be effected. This allows us to determine which adverts lead to bookings. Duration: 30 days
-pid: This is a cookie which is only stored if you visit a partner site linked to Adrialin. Only the partner's identification number will be stored. Duration: 30 days
-reference: This cookie is stored when you are redirected to our website after clicking on one of our offers on Trivago. The arrangement of offers on Trivago for the actual booking should be possible on our website. A combination of letters and numbers will be stored but no additional personal data. Duration: 30 days
-utmTerm: This cookie is used if you are transferred to our website via a HomeToGo web page. The click ID that transferred you to us is saved. This does not reference any personal data but is used by HomeToGo for internal statistics (e.g. booking market, which property was selected, which filters were used, etc.). Duration: 30 days
-first: This is a cookie which is generated upon the first visit to our website. It contains the URL of the site from which you came provided you clicked on a link from a third-party website directing you to our siten. Duration: 90 days
-oldOrder: This is a cookie which is stored if you click on the email link for alternative offers after refusing a booking. This allows us to recognise if you are creating a new booking with us as an existing customer. Duration: 30 days
These cookies serve to monitor the success of marketing campaigns. Without this data it is impossible for us to evaluate marketing campaigns and manage them accordingly. This data is processed in accordance with Article 6, para. 1, sentence 1, letter f) GDPR. Adrialin pursues the legitimate interests of evaluating the success of its advertising campaigns and manages them accordingly. Since data is only used from persons who have expressed their interest in our offers and services, this in no way affects the fundamental rights of individuals concerned.
These cookies serve to improve the user-friendliness of our website. This data is processed in accordance with Article 6, para. 1, sentence 1, letter f) GDPR. Adrialin pursues the legitimate interests of optimising the user-friendliness of its website in order to increase its travel sales. Since data is only used from persons who have expressed their interest in our offers and services, this in no way affects the fundamental rights of individuals concerned.
The following analytical cookie is used by us:
_ga*: This cookie is set to collect statistical data on the use of our website via Google Analytics. Data will be deleted after 26 months. For more information about the data processed by Google Analytics, please refer to point 2.3. of this privacy statement.
2.2. Local Storage
To make our website as easy as possible to use, so-called local storage technology is used (also called 'local data' and 'local memory). Data is stored locally in your browser's cache - provided the cache is not cleared - which remain active after the browser window or program have been closed and can be transferred. The following information is saved here:
- appFileDate: The date is stored parallel to . This is primarily intended for following up any developments so that we can locate any potential problems as quickly as possible.
- navBarFontSize: This is the font size of the main menu. Different languages have different word lengths. The font size is adjusted accordingly so that the main menu always fits on one line.
- search: Your search parameters (e.g. travel dates, number of travellers, property type) are saved here.
The use of local storage serves to improve usability. This data is processed in accordance with Article 6, para. 1, sentence 1, letter f) GDPR. Adrialin d.o.o. pursues the legitimate interests of optimising the user-friendliness of its website in order to increase its travel sales. Since data is only used from persons who have expressed their interest in our offers and services, this in no way affects the fundamental rights of individuals concerned.
If you do not wish for local storage features to be used, you can amend this by changing the settings on your browser platform depending on the operating system of app used.
2.3. Google Analytics
In order to improve our offers we collect statistical data regarding its use. For this purpose, we use the Google Analytics service, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called &cookies&, text files that are stored on your computer to analyse your use of the website.
The following data can be processed:
- Browser type/version/language, device type/brand/model and resolution
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address in shortened form),
- Time of the server request,
- pages viewed (date, time, URL, title, length of stay),
- downloaded files,
- clicked links to other websites,
- If applicable, achievement of specific goals (conversions)
- Approximate location (country and, if applicable, city, starting from IP address)
The information generated by the cookie about your use of this website may be transmitted to a Google server in the USA and stored there.
The following privacy settings have been made:
- Anonymisation of the IP address;
- Deactivated advertising function;
- Retention period of 14 months;
Data will be deleted after 26 months.
2.4. Google Remarketing
2.5. Google Ads
This website uses Google Ads, an online advertising programme from Google. Conversion tracking is also used in connection with this. With the help of the programme, Google Ads sets an Ads Server cookie on your PC if you come to our website via a Google advertisement. The cookie will cease to be valid after 90 days. The cookie cannot be traced back to you. If you use our website while the cookie is still active, we, along with Google, are able to recognise that you clicked on a related advert in order to be redirected to our website. Each Google Ads customer has a different cookie. In this way, cookies are not traceable via the Ads clients' websites. With the help of the data obtained through conversion cookies, conversion statistics can be created for Ads customers. This allows us as the customer to find out the total number of users who have responded to our adverts and were redirected to the website. We do not receive any personal data about you. If you do not wish to enable this tracking process you can deactivate the Google conversion tracking cookie on your browser. Please use your browser's help feature in this instance. You find further information on the data protection regulations of Google on http://www.google.de/policies/privacy/ .
2.6. Google reCAPTCHA
We use the Google Maps API map service to display interactive maps for the display of holiday accommodation search query results directly on the website and enable the convenient use of the map functions. In order to use the functions of Google Maps, your IP address as well as information on the use of the maps by your browser will be transmitted to a Google server in the USA and stored there.
In addition, the Google Maps map also integrates so-called Google Fonts.
These are fonts from Google.
To display the Google Fonts on the Google Maps map, a connection is also established from your browser to the Google server and your IP address is transmitted by your browser to Google for independent data processing.
Moreover the additional
The legal basis is the performance of contractual or pre-contractual obligations as the initiation of a business relationship for the procurement of holiday accommodation after display of the search results on the basis of filter criteria entered in accordance with Art. 6 para. 1 letter b) DSGVO and for data transmission to the USA Art. 49 para. 1 letter b) DSGVO.
Access to and storage of information in the terminal device is based on the implementation laws of the ePrivacy Directive of the EU member states.
2.8. Purpose of processing and legal bases for Google services
We use the Google Remarketing and Google Ads services to monitor and control the success of our marketing campaigns. This is not possible without the provision of data.
We use Google Analytics for the purpose of acquiring information about the use of our site in order to optimise the user-friendliness of our website.
We use Google Maps to display the location of our property in the property description and to thus better advertise our products.
We use Google reCAPTCHA in order to protect our forms from misuse or hackers and thereby ensure the security of your personal data.
As an online travel company, we have a legitimate interest in monitoring and controlling the success of our marketing campaigns, acquiring information about the use of our website and ensuring that this is not misused, and advertising our products as well as possible to increase sales. This is not possible without the provision of data. Article 6, paragraph 1, sentence 1, letter f) GDPR forms the legal basis for the processing of data.
2.9. SSL encryption
Thanks to high-performance SSL encryption technology (Secure Sockets Layer) as well as PCT security standards (Private Communication Technology) supported by all major browsers, all of your transactions are protected. SSL encrypts your personal data before it is sent via the internet. This makes online business transactions as secure as telephone transactions. If your browser does not support secure transactions or you do not wish to carry out transactions online, you can place your order by calling +44 (0)203 499 6238 from Monday to Friday (excluding bank holidays) from 9 am to 6 pm. One of our employees will take your details in person.
2.10. Links to other sites
3. Facebook Fanpage
Personal data is collected about you when you visit our Facebook fan page. If you are logged in, this is your profile information on Facebook. In all cases this is your IP address and browser information. These data are processed by Facebook Ireland and us as the joint parties responsible. You can find the respective agreement on: https://www.facebook.com/legal/terms/page_controller_addendum
4. Processing customer and prospective customer data
4.1. Purpose and legal bases of data processing, consequences of non-provision of data and duration of storage
4.1.1. Contact form on our website and emails
Your communication data and messages sent via the contact form on our website or by email are used by us for the purpose of processing your request regarding a particular travel offer or your booking, the creation of offers upon request and for follow-up questions and stored for a period of 6 years. Collection, storage and transfer consequently takes place for the purpose of pre-contractual measures at the request of the individual concerned and for the fulfilment of the contract of the individual concerned pursuant Article 6, paragraph 1, sentence 1, letter b) GDPR. By withholding this data from us it is impossible for us to answer any queries you may have.
4.1.2. Data you submit upon making a booking
Upon booking you will be required to supply us with your surname, first name as well as the surname and first name of any co-travellers, your address, communication information, dates of birth, and the age of any children if applicable as well as your payment details.
The IP address will also be logged and saved.
If the booking is made via a travel agency rather than by you directly, this data will be passed on to us by the travel agency.
These details are required for concluding the agreement.
These are used for the following purposes:
Fulfilment of the travel agreement concluded with us
Booking, re-booking and cancellation of travel services with service providers
Invoices, electronic payment transactions and credit card payments, reminders, debt collection, invoicing with service providers
Booking confirmation, recording guest requirements, complaints, damage claims (travel cancellation insurance), creation of travel documents
Guest surveys and marketing campaigns
Evaluation of travel services and our services, information about travel offers
Data collected for the fulfilment of the travel agreement, invoicing and provision of services will be processed on the legal basis of fulfilment of a contract or pre-contractual measures pursuant to Article 6, paragraph 1, sentence 1, letter b GDPR. If this data is not provided we will be unable to book the desired travel services with the service provider for you, to respond to your enquiries, send you travel documents or fulfil the travel agreement concluded with you.
Article 6, paragraph 1, sentence 1, letter f) forms the legal basis for the purpose of guest surveys and marketing campaigns. Adrialin has a legitimate interest in allowing customers to review the travel services booked and the company's services for the purposes of quality assurance and to advertise its travel offers for the purpose of increasing sales. Since review requests and travel offers are only sent to existing customers who have already expressed an interest in our offers and services, it cannot be assumed that the statutory rights of the individual concerned have been affected. Without the provision of this data, it is not possible to review our service and/or deliver the booked travel services and provide you with travel offers. However, you can dissent the sending by sending an e-mail to email@example.com without having the risk of other costs in addition to the transmission costs according to the basic rates. Upon receipt of your objection we will refrain from sending any more content.
Contract details are stored for a period of 6 years. The statutory storage period for invoices and financial transactions is 10 years.
4.2. Recipient of the data
Your data is stored in our back-end systems on hosted servers and a cloud server. Our employees, as well as employees in our service company, have access to these data since they are responsible for customer service and require access to your booking and details for this purpose. Our tax advisor will also require access to this information since they are responsible for our accounting and need access to our system in order to book incoming payments. The transfer of your data in this instance is part of a legal basis for the fulfilment of the contract and fulfilment of a legal obligation that we are subject to as the responsible party (Article 6, paragraph 1, sentence 1, letters b and c GDPR).
Depending on which offer you book with us, your personal details will be passed on to the service provider (lessor, hotels, airlines, consolidators, incoming agencies, bed databases, rental car providers) either directly or via booking systems and technical providers. In this case, the transfer of your data will also depend on fulfilment of the travel contract with you (Article 6, paragraph 1, sentence 1, letter b GDPR).
Invoicing and payment data is passed on to technical providers, financial institutes and payment service providers as well as tax authorities if required. If making payment using credit card or instant transfer, enter your payment details in the BS PAYONE GmbH integrated booking form who process this data for us. Your payment information will not be stored in our system in this instance. The legal basis for transferring your data to technical providers, financial institutes and payment service providers forms the fulfilment of the travel agreement with you (Article 6, paragraph 1, letter b GDPR). The transfer of data to accounts and, where required, tax authorities depends on the fulfilment of a legal obligation on our part pursuant to Article 6, paragraph 1, sentence 1 letter c GDPR.
Should you fail to meet your payment obligation, your data will be passed on to a collection service after a corresponding reminder. In the event of a legal dispute data may be passed on to a lawyer or court. Your data will be passed on for operational purposes based on Article 6, paragraph 1, sentence 1, letter f GDPR.
For customer survey purposes, data may be passed on to Trustpilot A/S, Pilestrædet 58, 5, 1112 Copenhagen, Denmark and to TÜV Saarland Holding GmbH, Am TÜV 1, 66280 Sulzbach/Saar, Germany. The transfer of data takes place within the framework of the legitimate interests of Adrialin d.o.o. based on Article 6, paragraph 1, sentence 1, letter f) GDPR.
Where service providers and booking systems are used to transfer your data, these are carefully selected by us, receive a written mandate and are bound to comply with our instructions. These are regularly monitored by us. The service providers will not transmit this data to any third parties but will delete them after the fulfillment of the contracted services and the expiration of the legal deadlines for the duration of starage, if you have not given your consent to a storage exceeding the mentioned duration of storage.
5. Processing of data by business partners and their employees
5.1. Purpose and legal bases of data processing, consequences of non-provision of data and duration of storage
5.1.1. Travel agencies and free agents
As a travel agency or free agent you have the option of registering for an agency login on our website. Data which you send us in connection with this is used by us in order to contact you in good time regarding confirmed bookings and for invoicing and payment purposes. Your data will be processed on a legal basis for fulfilment of a contract or pre-contractual agreement pursuant to Article 6, paragraph 1, sentence 1, letter b) GDPR. Without the provision of data it is not possible as a travel agency to submit a booking to us and receive commission for the travel services arranged. Contract details will be deleted 6 years after the contract has finished. A statutory storage period of 10 years shall apply to commission invoices and financial transactions.
5.1.2. Service providers: lessors, hotels, partner agencies, bed database, rental car provider, airlines, consolidators
Data that you provide us with as a service provider will be used by us for the purposes of making convenient contact with regard to individual aspects of the contractual relationship, a confirmed booking, the creation of travel documents for our customers and for invoicing and booking payments. Your data will be processed on a legal basis for fulfilment of a contract or pre-contractual agreement pursuant to Article 6, paragraph 1, sentence 1, letter b) GDPR. If data is not provided we are unable to book travel services for our customers and pay you the agreed fees for any bookings. Contract details will be deleted 6 years after the contract has finished. A statutory storage period of 10 years exists for service invoices and financial transactions.
Under the DAC7 Directive, we are obliged to collect information from you about your personal details (home address, date and place of birth), your tax and payment details and your properties, and to transmit the transactions made to the tax authorities. The processing of this data is therefore based on the legal basis of a legal obligation in accordance with Article 6, paragraph 1, sentence 1, letter c) GDPR. Without the provision of the data, we will not be able to comply with our legal obligation under DAC7. A statutory retention period of 10 years applies to this data.
5.1.3. Other business partners
As a business partner, you will often provide us with the contact details of your employees. These are stored and used to quickly respond to individual contractual provisions or for general queries. Processing depends on the legal basis of the fulfilment of the contract or pre-contractual measures pursuant to Article 6, paragraph 1, sentence 1, letter b) GDPR. Without the provision of these data it is not possible for us to easily contact you. Your data will be deleted upon changing a contact person or at the latest 6 years after the contract has ended. Invoices and financial transactions will be legally stored for a period of 10 years.
5.2. Recipient of the data
As a travel agency, free agent or service provider, your details will be stored in our back-end systems on hosted servers and a Cloud server. Our own employees, as well as employees at our service company, have access to this data since they are responsible for supporting agencies and service providers and require access to your data as a result. Transfer to these places depends on the fulfilment of a contract with you pursuant to Article 6, paragraph 1, sentence 1, letter b) GDPR. Our accountant also requires access to this information since they oversee the entering of commission and service provider invoices into the books and pay the corresponding amounts to you. Data is passed on for the purpose of fulfilling our legal obligations (Article 6, paragraph 1, sentence 1, letter c) GDPR).
As a service provider, you will generally provide us with the coordinates of your property. We use this to show the location on our website and on Google Maps and advertise your property accordingly. These are also passed on to our customers together with your name, address, contact details where required and travel information with the travel documents so that they can easily find the booked property. Transfer of your data will take place as part of the fulfilment of your contract and on the basis of Article 6, paragraph 1, sentence 1, letter b) GDPR.
As another business partner, the contact details of your contacts will be stored by one of our employees in their email management programme. This ensures that only this aspect of your personal data can be processed. Transfer to any other providers will only take place with your consent.
Invoicing and payment details will be passed on to technical providers, financial institutes and payment service providers for the purpose of fulfilment of the contract pursuant to Article 6, paragraph 1, sentence 1, letter b) GDPR. This data will also be passed on to our tax advisor for accounting purposes and to the tax authorities if required. The basis for transferring your data forms the fulfilment of a legal obligation on our part pursuant to Article 6, paragraph 1, sentence 1, letter c) GDPR.
In the event of a legal dispute data may be passed on to a lawyer or court. Your data will be passed on for the purposes of operational interests based on Article 6, paragraph 1, sentence 1, letter f) GDPR.
Where technical service providers are required for transmitting your data, these are carefully selected by us, have received a written mandate and are bound to follow our instructions. These are regularly monitored by us. Service providers will not pass on this data to third parties, but instead will delete them upon completion of the contract and upon expiry of the statutory storage period provided you have not consented to an extended storage period.
5.3. Data transfer to third countries
Where a third country transfer is envisaged and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the relevant third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it and that enforceability of your data subject rights cannot be guaranteed.
6. Your data protection rights
You are entitled at any time to request information about the personal data we have stored about you (Article 15 GDPR). This also concerns the recipients or categories of recipients to whom this data is passed on and the purpose of storage. You furthermore have the right under the conditions of Article 16 GDPR to correct and/or delete pursuant to Article 17 GDPR and/or limit processing of your data pursuant to Article 18 GDPR. Furthermore, you can request data transmission at any time under the provisions of Article 20 GDPR provided we still have these data stored.
In the event of processing of personal data for fulfilling a task in the general public interest (Article 6, paragraph 1, sentence 1, letter e) GDPR) or for fulfilling legitimate interests (Article 6, paragraph 1, sentence 1 letter f) GDPR) you can revoke your consent to the processing of your personal data at any time with immediate effect. In the event of an objection we shall refrain from processing your data further for the abovementioned purposes unless
- there are compelling and legitimate reasons for processing this data which outweigh your interests, rights and liberties, or
- This is required for asserting, exercising or defending legal claims.
Under the conditions of Article 21, paragraph 1 GDPR, the processing of data can be revoked for reasons arising from an individual's particular situation.
You also have the option to lodge a complaint with the Croatian Personal Data Protection Agency (https://azop.hr) with regards to data protection issues.
Please send all requests for information, disclosure, revocation or dissent by e-mail to firstname.lastname@example.org or by mail to the address mentioned in point 1 of this data protection declaration.