PRIVACY RULES

INTRODUCTORY PROVISIONS

ISTRA D.M.C. d.o.o., Umag, Jadranska 66, PIN: 91825575551, (hereinafter: ISTRA D.M.C) respects your privacy and the safety of your personal data. The collection, use and processing of your personal data is carried out in accordance with these Privacy Rules and with the applicable legal provisions, including Regulation (EU) 2016/679 as of 27 April 2016 (hereinafter: General Regulation) and the Croatian Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/2018).

In accordance with the principle of transparency, these Rules are intended to provide respondents with accurate, complete information about which of their personal data is collected, used, provided or otherwise processed by ISTRA D.M.C. as well as to which extent this data is processed or will be processed. Likewise, the aim of these Rules is to introduce individuals who use this internet portal to the risks, rules, protective measures and rights related to the processing of their personal data and the manner in which to exercise their rights as regards its processing.

These Rules are valid and applicable regarding the collection, processing and protection of your personal data, as well as the use of cookies and other similar analytical tools when visiting, registering and using internet portal www.croatiaopen.hr and all of its sub-domains, web pages and mobile phone applications that belong to the aforementioned domain names owned by ISTRA D.M.C. (hereinafter: www.croatiaopen.hr Internet Portal), software applications we provide you for use on personal computers or mobile devices (hereinafter: Applications), when sending e-mail containing a link to these Privacy Rules (hereinafter, collectively: Online Services).

The general rules and conditions of use of the www.croatiaopen.hr Internet Portal are defined by separate rules and general conditions of use, and these rules and conditions shall be applied in everything not covered by the current Rules, under the condition that they are not in opposition to the provisions of these Privacy Rules.


PERSONAL DATA
Personal data is any data that can be used to confirm your identity.
ISTRA D.M.C. can collect some of the following personal data:
- First name, last name, e-mail address, IP address, personal identification number, phone number, date of birth;
- Details about your payments, number and type of credit card, amount and number of authorization.


LEGAL BASIS FOR THE COLLECTION OF PERSONAL DATA

ISTRA D.M.C. collects and processes your personal data only if one of the assumptions listed below is fulfilled:

• Processing is necessary to execute an agreement to which the respondent is a party, or to take measures at the request of the respondent prior to concluding an agreement

Example: online booking and purchase of tickets

When buying tickets for a tennis tournament Plava Laguna Croatian Open Umag, which is done on the internet portal https://shop.croatiaopen.hr/ in order to provide the requested service.

• Processing is required for the legitimate interests of the data processor or a third party

Example: to personalize your experience

ISTRA D.M.C. may use your personal data to improve its understanding of your interests in order to offer you other services or products that might interest you. This allows us to adjust our communication to make it relevant and more interesting to you.


PERSONAL DATA THAT IS COLLECTED

ISTRA D.M.C. collects data during access to the www.croatiaopen.hr Internet Portal:

(i) When accessing the www.croatiaopen.hr Internet Portal, the following are collected:

Information on the use of the web page;
Information on clicks on our advertisements, including those published on other web sites;
Information on how you access digital services, e.g. operating system, web browser, IP address.

(ii) When booking and buying tickets, the following are collected:

First name, last name, residence address, e-mail address, phone number, personal identification number, date of birth, credit card data (type and number);
Information on purchased tickets.

(iii) When applying for press accreditation at the tournament, the following are collected:

Name, surname, e-mail address, phone number, personal identification number or passport number, and represented media contact information (media name, address, e-mail address, contact phone).

(iv) When applying to a competition for tournament staff, the following are collected:

Name, surname, residence address, e-mail address, phone number, personal identification number, date of birth, information on completion of schooling, number of student ID or student service, foreign language knowledge, computer skills, clothing size and footwear size, and if the address of residence is outside Umag, the address where the person will be staying while working in Umag.

In situations in which you give ISTRA D.M.C. the personal data of other persons, the following must be taken into account:

• ISTRA D.M.C. uses the data of other persons you provide to us
• When you provide data on other persons, you must be sure that they have consented to this and that you have the authority to do so in their name. Whenever possible, you must make sure that they are familiar with the processing of personal data from these Privacy rules.

HOW YOUR PERSONAL DATA IS USED

ISTRA D.M.C. processes the data collected to fulfil the purpose for which the data was provided, and/or to fulfil relevant regulations or legitimate interests arising from or tied to the use of the www.croatiaopen.hr Internet Portal and the offering of desired services.

In accordance with this, ISTRA D.M.C. may use your personal data:
• To offer services you have required, e.g. booking and purchasing of tickets;
• To offer information you seek in relation to the services we offer;
• To simplify the use of the www.croatiaopen.hr Internet Portal by eliminating the need to frequently enter the same data;
• To aid in making content as relevant as possible to your interests, or to adjust the internet portal to your personal tendencies and interests – if you do not wish to receive personalised content, you are always able to complain by changing your online settings, or by contacting us via telephone or e-mail to update our data;
• To send notifications about important news concerning the internet portal;
• To prevent fraud or other forbidden or illegal activities;
• To protect the safety and integrity of the www.croatiaopen.hr Internet Portal or the ISTRA D.M.C. company;
• For marketing and promotional purposes:
- In order to understand you as a client as best as possible and to adjust our services and marketing communication, ISTRA D.M.C. may combine personal data collected during the sales of services with data collected via our web sites, applications or other sources;
- To send you notifications about new services, updates to services, events and special offers we believe you may be interested in;
- To send you notifications about other companies and products we believe you may be interested in, but only if you have agreed to this type of communication beforehand;
- Marketing research to improve our services, in which case you are always free to refuse to cooperate;


WHO CAN SEE YOUR DATA

ISTRA D.M.C. does not sell, rent or lend your data to third parties.

ISTRA D.M.C. may share your data with trusted partners who perform particular functions for us, such as e.g. IT system maintenance, marketing campaigns, data analysts, partners in the organization of the tournament.

In any case, when ISTRA D.M.C. must share collected personal data, we demand that it is protected and not used for marketing purposes.


HOW TO PROTECT YOUR RIGHTS

You have the right to ask for a copy of all the personal data of yours we have collected. You may write to us if you wish for a copy of the data we have collected from you, in which case you should list all details in order to help us identify and locate your personal data. Delivery of this data is free, but ISTRA D.M.C. retains the right to charge a reasonable fee for special requests, such as extra copies, special formatting, etc.

We want all your data to be correct and updated. If you notice that some of your data is inaccurate, please inform us.

Also, we would like to remind you of your right to ask for your personal data to be corrected or deleted, as well as your right to oppose the processing of your personal data. ISTRA D.M.C. will correct or erase your personal data, unless we are required to retain it out of legitimate legal or business interests.

If you have a complaint about the processing, use or storage of your personal data, feel free to contact us. If you are not satisfied with our response, you may contact the Croatian Personal Data Protection Agency.

All requests or complaints related to personal data collected by ISTRA D.M.C. are to be submitted in writing to the personal data protection agent. The request must contain the e-mail address you provided at the time of registration, as well as the e-mail address to which you wish to receive a response (if it is different from the e-mail address from which you sent the request). ISTRA D.M.C. will e-mail your data within a reasonable time frame to the e-mail address provided in the request.

The e-mail address of ISTRA D.M.C.’s personal data protection agent is: dpo@plavalaguna.com

We must point out that, prior to responding to your request, we may ask you for more information to confirm your identity. Also, we may ask you for more information to confirm whether you have approval to file a request if you are doing so on behalf of someone else.

SAFETY OF YOUR PERSONAL INFORMATION

We are completely dedicated to protecting data from unauthorised access, distribution or erasure, regardless of where it is stored or processed or of the format in which it is stored. ISTRA D.M.C. uses the services of trusted IT partners, who are required to apply high IT protection standards.

ISTRA D.M.C. applies recognised data security standards:
• We carry out technical and organisational protection measures based on risk,
• We minimise data exposure,
• We check collected information, storage and processing methods,
• Whenever possible, we pseudonymise and anonymise data,
• We test organisational and technical protection measures,
• We limit access to personal data to our employees, contract workers and representatives, for whom the use of personal data is limited and controlled on the basis of user tasks, and who are required to respect strict contractual confidentiality obligations.

ISTRA D.M.C. takes all measures to identify problems, as well as measures to minimise potential damages.
Please do not forget that you are also our partner in data security. We invite you to take all necessary steps to make your personal data safe (including your password), and to always log out of our internet portal after use.
If the personal data we process is transferred outside the European Union and the European Economic Community as a necessity for the technical completion of services sought by users, then ISTRA D.M.C. will take reasonable measures to ensure that the persons outside the EU with whom the data is shared take appropriate measures to protect this data and to offer protection in accordance with these Privacy Rules.

PERIOD FOR WHICH PERSONAL DATA IS STORED

The period for which ISTRA D.M.C. stores your personal data is limited to a strict minimum, and in accordance with this, ISTRA D.M.C. defines the periods for which it stores or periodically checks particular personal data in order for it not to be kept longer than is necessary to fulfill the purposes for which it was collected.

After this period is over, ISTRA D.M.C. will erase the personal data. However, if this data is necesary to create statistical indicators, analyses, archiving or some other legitimate interest of ISTRA D.M.C., all measures will be taken to ensure that this personal data is anonymised.


USE OF COOKIES

ISTRA D.M.C. uses tools to analyse the use of the www.croatiaopen.hr Internet Portal, through which we may collect particular data about you, thus gaining insight into the needs of our visitors and/or users, the goal of which is to improve the quality of our services.

Cookies are used for this purpose, as are some other tools.

The user and/or visitor may refuse or erase cookies through the relevant settings on their computer and the web browser they are using. However, this may prevent some functions of the www.croatiaopen.hr Internet Portal from being fully usable.

The aforementioned tools collect and store some technical data, including user and/or visitor IP addresses.

For more information on cookies and the other tools we use, click here.

 

LINKS TO OTHER WEB SITES

This web site may contain links to other web sites managed by ISTRA D.M.C. or other organisations that have their own special privacy rules, so we inform you that you must familiarise yourself with their terms of use and privacy rules prior to providing them with any personal data, as ISTRA D.M.C. cannot assume any liability for these web sites or the organisations that manage them.


CHANGES TO THE PRIVACY RULES

These Privacy Rules replace all prior versions.

The Privacy Rules were last updated in: May 2018

ISTRA D.M.C retains the right to change, modify and/or amend these Privacy Rules at any time. All changes to the Rules will be published on the www.croatiaopen.hr Internet Portal; in the case of significant changes, you will be informed in a clear and understandable manner.