Opatija 21 d.o.o. takes the protection of your personal data very seriously and takes all necessary technical and organizational precautions to protect it in accordance with the applicable laws, both of the Republic of Croatia and the European Union. In particular, this encompasses the Law on Implementation of the General Data Protection Regulation (Zakon o provedbi opće uredbe o zaštiti podataka, Narodne novine 42/18), Regulation 2016/679 of the European Parliament and the Council from 27th April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the general conditions for the protection of personal data based on the provisions of the General Regulation on Personal Data Protection of EU 2016/679 (General Data Protection Regulation - GDPR). The Privacy and data protection statement provides the information on how the webpage user’s data is collected, used, protected, corrected and/or deleted. The link to this Privacy and Data Protection Statement is available on the homepage and each sub-page of our website.
Download the 
Privacy policy 176.84 KB (in Croatian)
Personal Data
In the terms of personal data protection, the term 'personal data' shall mean any information that can identify a user: their first name, last name, date of birth, email address, mailing address, telephone number, IP address or similar data.
Access to the contents of this website does not require user registration, nor does the user need to log in to access any of the content - the website can be used without the user's identity being detected.
The purpose of this Statement is to inform the users of the website and the users of services provided by Opatija 21 d.o.o. about their rights pertaining to the collection and further processing of personal data, all for the purpose of protecting their privacy and personal data.
The Opatija 21 d.o.o. Privacy Policy is based on the basic principles of personal data processing: the principle of legality, transparency and best practices, the principle of limited processing and the reduction of data volume, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of integrity and confidentiality of data, the principle of accountability, the principle of trust and fair processing , the principle of opportunity (processing purposes), the principle of processing the data rendered anonymous.
Data Protection Officer
According to the legal regulations, Opatija 21 d.o.o. appointed a Data Protection Officer. The Data Protection Officer takes care of the legality of processing personal data and exercising the user’s right to the protection of personal data by:
- taking care of the legality of the processing of personal data in the sense of respecting the provisions of the law and other regulations regarding the processing of personal data,
- warning the controller about the necessity of applying regulations pertaining to the protection of personal data in planning and action cases that may have an impact on privacy and personal data protection issues,
- notifying all employees involved in the process of handling personal data with their legal obligations for the purpose of protecting personal data,
- ensuring the execution of obligations under Articles 14 and 17 of the Act,
- enabling the option of exercising the rights of the users as referred to in Articles 19 and 20 of the Act,
- cooperating with the Personal Data Protection Agency regarding the supervision over the processing of personal data.
The Data Protection Officer is required to maintain the confidentiality of all data and information they come across while performing their duties. This obligation also applies after the termination of their duties as the Data Protection Officer.
Personal Data Protection Officer - contact:
Opatija 21 d.o.o.
Stubište Lipovica 3, 51410 OPATIJA
Email:
Tel. +385 (0)51 680 130
Website cookies
This website uses cookies to manage language selection, navigation and other functions and shares information with third party applications that are used to maintain the functionality, but does not share your personal information with third-party cookie authors nor does it directly use third-party cookies.
It is advisable, if you are not already familiar with this term, to read some basic information about the type of cookies, their purpose and the deletion possibilities i.e. at the European Union website.
Since our site does not require user registration, we collect only the anonymous user information for visitors’ sessions - sessions are anonymous and are only recorded as an anonymous user ID. These information are deleted immediately after you leave our site or close the browser. The cookie name of the session is generated randomly. When the (anonymous) user leaves the site and closes the web browser, or is inactive for 60 minutes, the temporarily stored session cookie is deleted.
For monitoring the number of visitors to our site, we use standard statistical software that allows us to determine the information that our visitors are most interested in, customizing pages for individual web browsers (PC or mobile), the efficiency of our site structure and the visibility of our site:
- Google Analytics records the user’s partial IP address and allows us to analyze the statistical indicators of website access. These cookies do not contain personal information, they do not identify the user with their name or surname, nor are they associated with other user information. If a user does not have a Google account, Google saves all user data through unique identifiers associated with the web browser, app, or device that the user uses. If a user has a Google Account and is logged in, the data is stored in the account and treated as personal information. More information can be found at The Google Product and Service Privacy Guide.
| Name of the cookie | Duration | Purpose |
|---|---|---|
| axbxcx... (randomly generated number) | sesssion | the anonymous "session cookie" is deleted after leaving the page or closing the browser, or after 60 minutes of inactivity |
| _ga | 2 years | differentiation of users for the analysis of statistical indicators of visitors (Google) |
| _gid | 24 hours | differentiation of users for the analysis of statistical indicators of visitors (Google) |
| _gat | 1 minute | limiting the number of requests by users (Google) |
| plg_system_eprivacy | 30 days | 30 days stores information about accepting or rejecting cookies and only serves to keep you from displaying the question over and over again. Once you accept or reject the cookies, at the very bottom of each page you will find a link through which you can change your decision at any time as well as a link to this Personal data protection and privacy statement. |
Cookie settings
By editing cookie settings, you decide whether to allow them to be stored on your computer. Managing and adjusting cookie settings can be pre-set in your browser.
For information about cookie settings, click the name of the Internet browser you are using. Some settings may also depend on a device that you use to accesses the Internet (desktop, tablet, or mobile):
Third party links
In some of the website’s content there are links to third party websites (i.e. the pages of the Town of Opatija, the PaDo.hr mobile/web app, the Electronic Public Procurement Office of the Republic of Croatia, the Official Gazette of the Republic of Croatia, the Employment Office of the Republic of Croatia, The official publication of Primorje-Gorski Kotar County, The European Union, etc.). We do our best to carefully select the websites we refer our visitors to, ensuring that they are of relevance and quality, but we cannot guarantee the protection of personal information on these sites or assume any liability for the content of these pages. These terms of protection of personal data relate exclusively to the following websites: www.opatija21.hr and www.sportskadvorana-opatija.hr. Third-party websites have their own privacy protection terms and it is their responsibility to inform the user about those terms.
We use your information to provide you the highest quality experience when using this website and our services. The collected data is used to store language selections, navigate and collect anonymous statistical data to improve the services provided by the website. Provided that there is no user registration on this website, we do not collect any personal information apart from the anonymous data required for the visitor's session and third-party cookie information.
Opatija 21 d.o.o. agrees that your personal data will not be made in any way available to third parties and the data will be deleted upon the accomplishment of the data collection purpose.
When you send us a message containing personal information that can positively identify you, either via email, with a question or comment, or by filling in the form on our website, it is understood that you provided this information on your own accord. Nevertheless, we use this information solely for the purpose and scope required to respond to your inquiry, to provide you with the requested response or provide the appropriate service.
Personal data of the users of our services (privileged parking permits, prepaid parking coupons, etc.) is stored in a separate, protected data processing system for parking users and other services of Opatija 21 d.o.o., which is not related to this website. Handwritten records of personal data are stored in binders, in locked cabinets, while all personal data in digital form is stored encrypted on our server, protected by the firewall and an antivirus program.
At any time, a user may exercise the right to review, correct, update or delete any of the previously provided information and also to rescind the provided consent for data processing.
Opatija 21 d.o.o. protects your privacy and processes only those personal information that are necessary and obtained in the course of the business, whether or not the data is provided by you, by third parties or publicly available sources, for the:
• fulfilment of contractual obligations - when the processing is necessary for the execution of the contract which you are a party of or to take action on your request before signing the contract
• legitimate interest - when necessary, we process personal information in and out of a specific contractual relationship to satisfy legitimate interest. For example, such a legitimate interest may be: daily parking ticket billing, conducting court proceedings and keeping records of them, protecting persons and property, answering your inquiries and comments
• carrying out of your requests and facilitate the practicing of your rights
• compliance with legal obligations
• processing of personal data for the specific purpose or more special purposes described in your consent, exclusively with your consent for processing of personal data for a particular purpose. Your consent should follow the relevant legal provisions, should be unconditional and given freely. Users also retain the right to revoke their consent at any time.
Your personal data may be forwarded to third parties only in cases where it is prescribed by law or other regulation (Ministry of Internal Affairs or other competent authorities).
Video Surveillance
Opatija 21 d.o.o., exclusively for the purpose of protecting our property, performs video surveillance of the following facilities: Sports Hall "Marino Cvetkovic", including the public garage.
Personal Data Retention Time
Your personal data is stored only for the time period needed to achieve the purposes for which your personal information was collected and processed. All personal data is processed according to law and shall be retained for the legally specified period. All personal data processed on the basis of a contractual relationship with the user shall be kept for a period of time necessary for the execution of the contract and 5 years after the termination of the contract, except when there is a dispute over the contract between you and Opatija 21 d.o.o., when the data is kept for another 5 years after the final court ruling or settlement. In case there is no court dispute, the data is kept 5 years after the day of the resolution of the dispute. All personal data processed with the user's consent or based upon legitimate interest are kept permanently, or until the user revokes the consent, or requests the termination of processing. The data is deleted before the user revokes his/hers consent only if the purpose of processing the data has been achieved or if so determined by law.
The right to withdraw the consent:
If you have given the consent for the processing of your personal data, you have the right to withdraw this consent. Revoking the consent does not affect the legality of processing prior to its withdrawal. There are no negative consequences for the users after revoking their consent, however, upon revoking the consent for the data processing it is possible that a user will no longer be able to exercise a particular right or use a service which requires the user’s consent.
The right of access to personal data:
The user has the right to obtain confirmation whether their personal data is being processed, which data is processed, what is the processing purpose and the data retention period.
The right to revise the user's personal data
The right to their personal data being erased ("right to be forgotten"):
The user has the right to request their personal data be erased, if one of the following conditions arises:
- the data is no longer necessary in relation to the purposes for which they were collected or otherwise processed,
- if the user withdraws the consent for data processing and there is no other legal basis for processing,
- if the user files a complaint and there are no other legitimate reasons for processing;
- personal data is processed unlawfully;
- personal data must be deleted in order to respect the legal obligations under European Union law or the law of the Member State
The right to erasure of personal data cannot be fulfilled in cases where their processing is necessary for:
- exercising the right to freedom of speech and information;
- compliance with legal obligations requiring the processing according to the EU law or the Member State law, to execute the tasks of public interest or to exercise the official authority duties;
- archiving in the public interest, for scientific or historical research purposes or for statistical purposes, to the extent that it is probable that the “right to be forgotten” may disable or seriously jeopardize the attainment of the objectives of such processing;
- initiation, enforcement or defence of legal claims;
The right to limit data processing can be fulfilled in the following cases:
- if you dispute the accuracy of your personal data for the period during which the processing manager is allowed to check the accuracy of personal data;
- if the processing is unlawful and you oppose the erasure of personal data, demanding the restriction of its use instead;
- the processing manager no longer needs personal data for processing purposes, but you demand them to be able to initiate, enforce, or defend a legal claim;
- you have filed in a complaint on processing data under Article 21 Section 1 of the GDPR, expecting a confirmation of whether the legitimate reasons of processing manager can overcome your reasons;
The right to data portability
The right to object
The right to file a complaint with a supervisory authority
The right to an effective judicial remedy against a supervisory authority
For all requests related to the user rights, you can use the following form:
Procedure in the event of unauthorized access to personal data
In the event of a security intrusion that would allow unauthorized access to personal data of users, the owner of the website will, in accordance with the provisions of the General Data Protection Regulation (GDPR) notify all users and the Agency for Protection of Personal Data, responsible for monitoring the execution of this Regulation, on any such event within the legal deadline of 72 hours.
Changes to Personal Data Protection and Privacy Statement Conditions
These personal data and privacy conditions apply only to data collected on this site and are not applicable to personal data collected outside of it, for the purpose of using certain services (eg, privileged parking permits, prepaid parking coupons, parking violation tickets, etc.).
Opatija 21 d.o.o. reserves the right to modify the personal data and privacy conditions without prior notice. The changes will be posted on the same website.