Privacy policy

Last updated: 5 February 2025

1. Introduction

This document aims to clearly and transparently explain what personal data we collect and process when you visit our website, book accommodation, stay at our properties, use our services, or communicate with us for any other reason.

In this Privacy Notice, you will learn:

  • What types of personal data we collect,
  • The purposes for which we use them,
  • The legal bases for such processing,
  • How long we retain the data,
  • With whom we share them, and
  • How you can exercise your rights regarding this processing.

2. About Us – Contact Information

RETOI d.o.o.
Trumbićeva obala 18, 21000 Split
OIB: 76399721037

Data Protection Officer:

dpo@ambasadorsplit.com

3. Types of Personal Data We Collect

The data we collect and process depends on your relationship with us and the reasons for our communication.

Categories of personal data we collect, with examples for each:

Identification Data

  • Name and surname, date of birth, gender, ID document type and number, nationality, country of birth, place of residence, vehicle registration (if using parking facilities).

Contact Data

  • Address, email address, phone number.

Financial Data

  • Payment details and account number, credit card details (card number, CVC, expiry date).

Stay and Service Usage Data

  • Length of stay, room type and number, number of adult guests, number and age of children, date, type, and price of services used (food and beverage consumption, wellness services, transfers, table reservations).

CCTV Footage

Technical Data About Your Device

  • IP address, login details, location data, time zone, browser type and version, operating system, and other technical details related to the device used to access our website.

Usage Data

  • Information about how you interact with our website, products, and services.

Marketing Data

  • Your contact preferences.

Preference Data

  • Your preferred room type, bedding choices, and any special requests.

Special Categories of Personal Data
Special categories of personal data include information about race, ethnicity, religious or philosophical beliefs, sexual orientation, political views, trade union membership, health data, genetic and biometric data.

As a rule, we do not collect these types of data, except in the following exceptional cases:

  • We collect and process health-related data concerning allergies only if you inform us, and exclusively with your explicit consent.
  • As part of our spa and wellness services, we collect health-related information to determine indications and contraindications for treatments, ensuring safe service provision, and only with your consent.
  • If you have publicly shared any of the mentioned data yourself.

4. Purposes of data collection and legal basis

Reservation of accommodation and stay in facilities

Purpose of processing

Data type

Legal basis

Accommodation reservation

Reservation of dates of stay, selection of facility and room type, selection of payment terms.

Sending the booking confirmation

Reservation management

Preparation of documentation in accordance with accounting regulations

Communication before the guest's arrival

 

Identification data

Contact data

Financial data

Preference data

 

Compliance with a legal obligation

Concluding and performing contracts

Check-in / Check-out and related activities

Guest check-in and check-out, room allocation. Guest registration in internal systems, connection to requested offers and services.

Entry of mandatory data into the e-Visitor system.

Entry of data on guest preferences and requests and further communication options.

Use of parking, luggage storage

 

Identification data

Contact data

Financial data

Preference data

Stay and service usage data

Marketing Data

Car License Plate

 

Acting in accordance with a legal obligation.

Creating a contract.

Legitimate interest (guest records, communication and business management)

Consent (subscription to newsletter)

Reservation and use of services during your stay

Use of restaurants, bars, wellness.

Reservation and organization of transfers.

 

Identification data

Contact data

Financial data

Preference data

Stay and service usage data

Special categories of data

 

Contract performance.

Legitimate interest (guest records, communication and business management)

Explicit consent (health data for use of wellness)

Video Surveillance

The use of video surveillance systems for the purpose of protecting people and property

 

Video surveillance system recording

 

Legitimate interest (protection of persons and hotel property)

Marketing, advertising and website use

Direct Email Marketing

Sending emails to guests who have stayed at the hotel, with notifications and offers on related services

Sending emails to people who have signed up for the newsletter with promotional materials and special offers

 

Identification data (name)

Contact data (email address)

Preferences

 

Legitimate interest (guest communication, marketing strategy)

Consent

Analytical website monitoring

Monitoring the behavior of website visitors for the purpose of improving the functionality of the site, identifying interests and optimizing the service.

 

Technical data

Usage data

 

Legitimate interest (business development, marketing strategy, strategic planning)

Consent

Social Networks

Communication via social media profiles.

 

Identification data, Contact data

 

Conclusion and execution of contracts

Legitimate interest (communication with guests, management of guest expectations, marketing strategy)

Advertising

Preparing and publishing advertisements, monitoring the effectiveness of the advertisements.

 

Identification data, Contact data, Usage data, Marketing data, Technical data, Preference data

 

Consent (re-targeting)

Legitimate interest (monitoring the effectiveness of advertisements, business planning, creating marketing campaigns and business strategies)

4.1. Cookies

5. Data Retention Periods

We retain your data only for as long as necessary for the purposes for which the personal data is processed.

  • Basic guest stay data is kept for up to five years after departure, in accordance with legal limitation periods. Data stored in the e-Visitor system must be retained for 10 years.
  • Data related to services used during your stay, for which we have no legal obligation to retain, is deleted and destroyed no later than 60 days after your stay (e.g., luggage storage, parking use, wellness, allergy, and health-related information).
  • Transfer-related data is stored for a maximum of one year.
  • Accounting-related data is retained for 11 years in accordance with legal requirements. This includes invoices that may contain your personal data.
  • CCTV recordings are kept for a maximum of 60 days.
  • Data collected based on consent (e.g., email newsletter subscriptions) is retained until consent is withdrawn.

6. Recipients and Data Processors

We never sell or share your personal data with third parties for advertising purposes.

In certain cases, there may be a legal obligation or business necessity to share your data with third parties or allow access to our systems, such as:

  • When sharing your personal data it is necessary to fulfil a contract in which you are a party.
  • When you have given consent to share your data with third parties (e.g., via cookies).
  • With judicial, tax, audit, and other competent authorities when required by law or regulation (e.g., tax authority requests or legal proceedings).
  • With payment service providers with whom we have data processing agreements.
  • With IT service providers whose systems we use in our operations, with whom we have appropriate data processing agreements (e.g., property management system for reservations, email communication systems, website maintenance companies).
  • With the e-Visitor system, in accordance with hospitality accommodation regulations regarding tourist registration.

7. Transfer of Personal Data to Third Countries

In certain situations, we transfer your personal data to third countries outside the European Economic Area (EEA) when necessary to provide our services:

  • When using email tools, internal communication, and office applications, where certain data may be transferred to the United States.
  • When using a booking system for accommodation reservations, where certain data may be transferred to the United States.
  • When enabling chat communication on our website, where certain data may be transferred to Brazil.
  • For digital advertising purposes, where certain data may be transferred to the United States.

To ensure the lawful transfer of personal data to these countries, we rely on the European Commission’s Standard Contractual Clauses along with additional protective measures. These mechanisms help safeguard your data in accordance with European data protection standards.

8. Data Subject Rights and Their Exercise

Data subjects have the right to:

  • Access their personal data
  • Rectify inaccurate data
  • Data portability
  • Erasure of personal data
  • Restriction of processing
  • Object to data processing

You can exercise these rights by:

  • Sending an email to our Data Protection Officer: dpo@ambasadorsplit.com
  • Sending a request to our physical address: RETOI d.o.o., Trumbićeva obala 18, 21000 Split

We respond to all requests within the legal timeframe of 30 days.


If you wish to file a complaint regarding a specific data processing activity, you can contact the supervisory authority for data protection:

Agency for Personal Data Protection (AZOP)
Address: Selska cesta 136, 10 000 Zagreb
Email: azop@azop.hr