The purpose of this Privacy Policy is to present to you all the information concerning the processing of your personal data by Sunny Bay Apartments d.o.o. (hereinafter referred to as "Company" or "Controller").
The information contained in this document applies in particular to clients, individuals providing personal data to the Company, and to a reasonable extent also to potential or future clients (i.e. persons with whom no contractual relationship has been established yet), as well as to former clients. Furthermore, the information contained herein may also apply to the processing of personal data of other entities if the processing of their personal data is related to the relationship between the Company and the client. The information contained herein shall also apply to the extent applicable to clients' representatives.
We process the personal data we obtain from you in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “Regulation” or “GDPR”) and pursuant to Act No. 110/2019 Coll., on personal data processing.
The operator of the website at http://mirisgarden.com/ and controller or your personal data is:
Sunny Bay Apartments d.o.o. Kralja Tomislava 70, 512 60 Crikvenica, Croatia, VAT ID HR69052349009
As the Controller, we determine the purposes and means of processing the personal data as described in this Policy. If you have any questions about the processing of your personal data, you can contact us at the above address or by email at: info@mirisgarden.com
The Company processes your personal data mainly for the following purposes:
Conclusion and performance of a contract
We process your personal data in order to enter into a contract with you and subsequently to comply with the obligations under the contract, including mutual communication and related activities. Provision of the data constitutes a contractual requirement; without the data we are unable to properly perform the contract.
Fulfilment of statutory obligations
Obligations, in particular in terms of accounting and tax legislation, i.e. the transfer of personal data to public authorities in accordance with the relevant legislation. Provision of data is a legal requirement, without this data we are unable to properly fulfil our legal obligations.
Exercise or defence of legal claims
In rare cases, if we are forced to enforce our rights or defend them in legal or administrative proceedings, we will use the necessary personal data. The legal basis for processing is the legitimate interest of our Company.
Security and risk management
Where we are required to do so by law, or to protect our legitimate interests, we process your personal data to the extent necessary to ensure security on our Company's premises, to protect our property, to prevent and detect fraudulent or harmful conduct, etc.
Internal administration of the Company
Our employees or associates also process your personal data in the performance of their duties as part of our Company's set internal processes. This is for example due to the internal administration of our business, the creation of reports on the activities of our Company or individual employees, efforts to optimise internal processes or the need to train employees.
Sending commercial communications (direct marketing)
This typically involves sending emails or telephone contacts with offers of similar projects or services that we have already provided to you. We may send offers until you express your wish that we no longer send you such offers. We will not transfer your data to any third parties for the purpose of sending offers (except to our subcontracted processors who will carry out the processing for us).
Other purposes based on your consent
With your consent, we may also process personal data for other purposes (e.g. marketing). In such cases, the purpose of the collection and further processing of personal data is precisely defined in your consent. In those cases, you always have the possibility to withdraw this consent.
Use of personal data for a purpose other than that for which it was collected
In some cases, our Company may process personal data for a purpose other than the purpose for which the personal data have been collected. This is particularly the case if we collect your data for the purpose of performing a contract or providing a service and:
We guarantee that our processing of personal data does not involve the transmission of personal data to third countries outside the European Union or to international organisations.
We do not carry out automated individual decision-making or profiling when processing personal data.
Our Company processes the personal data of natural persons in connection with the relationship between the Company and its clients to the extent necessary to fulfil the purposes set out above. In particular, the following are processed:
(a) contact and identification data of clients or persons representing a client who is a legal entity (e.g. name, surname, date of birth, birth number, home address, correspondence address, mobile phone, e-mail address, ID number, nationality, etc.)
(b) information relating to the financing of the purchase or the collateral for immovable property
(c) where applicable, other personal data provided by the client in a contract and in the negotiation leading to the formation of a contract or in the provision of services
Our website uses cookies. Further information regarding cookies is available here.
We obtain the personal data we process directly from data subjects.
We only store personal data on the Company's servers or with our trusted partners.
The Company will only process your personal data for as long as is strictly necessary or as required by law, such as the Accounting Act or the Value Added Tax Act.
Furthermore, we may process your personal data for as long as necessary to pursue our legitimate interests, resolve any disputes between us and enforce our agreements.
The retention periods for the personal data we process vary depending on the purpose. As a general rule, we retain and use personal data for the following periods:
Our Company, in accordance with applicable law, secures the personal data it controls using all appropriate technical and organisational measures to ensure the highest possible level of protection, taking into account the nature, scope and purposes of the processing and the likely risks. We have put in place security and control measures in an effort to prevent unauthorised access to or transfer, loss, destruction or other possible misuse of the data.
Our employees are subject to a duty of confidentiality. If we transmit the data to third parties, the recipients are also subject to the statutory or contractual duty of confidentiality.
To whom we disclose your personal data
Our Company will only disclose your personal data to our authorised processors who provide us with various services, such as accounting or tax services. These partners of ours, as processors of personal data, are subject to a strict duty of confidentiality in accordance with the relevant legislation and/or the agreements we have entered into with them. In particular, our processors are persons and companies that provide us with the operation of video surveillance and security systems, product delivery, maintenance services, legal services, debt collection, the provision of technical and IT services and other advisory and consultancy activities. A list of recipients, including processors, is available on request by email.
In addition, we may disclose your information to other recipients, both individuals and legal entities, government authorities and other institutions, if we believe in good faith that access to and use, retention and disclosure of such information is reasonably necessary to comply with applicable law or an enforceable governmental request, to enforce applicable contractual terms and conditions, including investigation of possible violations thereof, to protect against harm to the rights, property or safety of our Company, our clients or the public as required or permitted by law.
Our Company belongs to the "YD Group” holding, with YD Capital a.s. as it parent company. For a list of the YD Group see https://www.ydc.cz/media/files/download/uv12mb9h7btqkvr
As part of the YD Group, we share certain personal data of our business partners, clients or employees, primarily for internal administration and reporting purposes. However, the purpose may also be to facilitate the formation of contracts, the provision of performance or the resolution of certain matters.
Please be assured that your personal data will always be provided by our Company only to the extent necessary to fulfil the purpose of the processing and only on the basis of the corresponding legal ground of the processing.
What rights you have under the processing of your personal data
Right of access to the personal data - the right to obtain information as to whether your data are being processed or to obtain a copy of the data under Article 15 of the Regulation. If you raise unjustified, unreasonable or repeated requests for such access, the controller will charge a reasonable fee for a copy of the personal data provided or reserves the right to refuse such a request (which applies equally to the exercise of the other rights set out below).
Right to rectification of and addition to the data - at any time you have the right to ask the Controller to correct or complete your personal data if the latter are inaccurate or incomplete. The rectification of or addition to the data shall be carried out without undue delay, taking into account technical capacities.
Right to erasure - Your personal data must be erased by the Controller if the conditions of Article 17 of the Regulation are met, i.e. if they are no longer necessary for the purposes of the processing, if you withdraw your consent to the processing and there are no more grounds for processing, if you object to the processing and there are no longer any overriding legitimate grounds for processing, if the processing is unlawful or if the Controller is under a statutory obligation to do so.
Right to restriction of processing - if the conditions under Article 18 of the Regulation are met, e.g. if any disputed issues arise around the processing of your personal data, the Controller shall merely keep them on file and may only use them in any other way until the disputed issues are resolved with your consent or for the establishment, exercise or defence of legal claims.
Right to object - you may object to the processing of your personal data we process on the grounds of legitimate interest; this objection will be evaluated by the Controller and you will subsequently be informed either to the effect that the objection has been upheld or that we have found the objection unjustified and we will continue to process your data. The processing of your data will be restricted while the objection is being resolved. We do not process your data for direct marketing purposes.
Right to data portability - if you want the Controller to transfer your personal data to a third party, you can exercise your right to data portability.
Right to lodge a complaint - if you believe that the processing of your personal data by the Controller is in breach of the GDPR or other data protection laws, you have the right to lodge a complaint with one of the relevant supervisory authorities, in particular the one operating in the Member State of your residence, place of work or place of the alleged infringement. The supervisory authority in the territory of the Czech Republic is the Office for Personal Data Protection with its registered office at Pplk. Sochora 27, Holešovice, 170 00 Prague 7, Czech Republic, tel. +420 234 665 111, web: www.uoou.cz.
Right to withdraw consent - if the processing of personal data is based on the consent of the data subject, the data subject may withdraw their consent at any time. Withdrawal of consent does not affect the processing already carried out.
If you wish to exercise any of the aforementioned rights, please contact us by email or at Kralja Tomislava 70, 512 60 Crikvenica, Croatia. We will respond to your questions or concerns within one month of receiving them.
This Privacy Policy comes into force on 7 September 2023 and its current version is available at https://www.mirisgarden.com/webconfig/uloziste/2023/08/19/81c1dbd9463571ee31b4e618b2cbe867/yd-capital-zasady-o-zpracovani-osobnich-udaju-1-.pdf