Privacy policy

The company KROKOTEKS HOTELI d.o.o., headquartered in Sveti Ivan Zelina, Zagrebačka ulica 60, OIB: 63594689104, (hereinafter referred to as “we”), as the service provider of the website www.clean24.hr, is committed to protecting your privacy and personal data.

In this document, you will find information related to the privacy of personal data collected through the use of the website www.clean24.hr or personal data from individuals who contact us in any other way.

For complete transparency and maximum security when using our website, please read this document carefully to better understand what data we collect from you and how we use that data. If you do not agree with these terms, please leave and do not access or use the website www.clean24.hr.

If you agree with the policies, by providing electronic confirmation, you acknowledge that you have read, understood, and agreed to this Privacy Policy and give us consent to collect, process, and share data in accordance with this document and legal regulations. All matters not specifically regulated by this document are governed by the Terms of Business of the website www.clean24.hr.

For easier understanding, it is necessary to highlight the following terms:

1. „Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals concerning the processing of personal data and on the free movement of such data – General Data Protection Regulation (EU GDPR)

2. „Personal data“ – means any data relating to an individual whose identity is determined or can be determined („data subject”); an individual whose identity can be determined is a person who can be identified directly or indirectly, particularly using identifiers such as name, identification number, location data, online identifier, or by using one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual;

3. „Processing” – means any operation or set of operations performed on personal data or sets of personal data, whether by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or making available in any other way, alignment or combination, restriction, erasure, or destruction;

4. „Pseudonymization” – means processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that personal data cannot be attributed to an identified or identifiable individual;

5. „Storage system” – means any structured set of personal data accessible according to specific criteria, whether centralized, decentralized, or distributed based on function or geography;

6. „Controller” – means a natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or specific criteria for its appointment may be prescribed by Union law or the law of a Member State;

7. „Processor” – means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

8. „Consent” – of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them;

9. „Personal data breach” – means a security breach that leads to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that has been transmitted, stored, or otherwise processed.

In the following points, we would like to inform you about the processing of personal data when visiting and using our website. Personal data includes all information that identifies you, such as name, surname, address, email address, phone number, and user behavior.

If you have any questions regarding the protection of personal data, please contact us via email at info@clean24.hr.

1. Data Controller 

Data Controller: KROKOTEKS HOTELI d.o.o., Zagrebačka ulica 60, Sveti Ivan Zelina, Republic of Croatia, OIB: 63594689104, email: info@clean24.hr.

Data Protection Officer: Users may send any inquiries, requests, uncertainties, applications, or complaints to the Data Protection Officer at any time via email: info@clean24.hr.

2. Purpose and Legal Basis for Collecting Personal Data 

We process your personal data in different situations for various purposes. When visiting our online store, where we also use cookies, we utilize your data to track the number of visits and improve our services. The company KROKOTEKS HOTELI d.o.o. collects and uses personal data to enable you to use its services and activities via the website www.clean24.hr. This is done to improve the functionality of the website www.clean24.hr, create a database of its users, conduct marketing activities, contact you or send you marketing notifications, enhance our advertising and promotional efforts, and analyze the use of the website www.clean24.hr. Additionally, we may use personal data for statistical purposes, problem resolution, administrative tasks, and establishing communication with you.

By providing your personal data and accepting these General Terms of Personal Data Protection, you agree that KROKOTEKS HOTELI d.o.o. and the parties listed below may inform you about promotional activities, products, and services they offer.

In addition to your personal data, the company KROKOTEKS HOTELI d.o.o. may collect other information that does not identify you and is not considered personal data (such as details about how you use the website, information about your computer, Internet provider, preferences, hobbies, interests, and activities). This data allows us to select information for users in a more accurate and personalized way, as well as to improve the website and better tailor its content to the audience visiting it. Based on this data, we can determine which content is most popular among which audience.

We may collect the following types of data:

• Contact details – name, surname, date of birth, gender, title, address, contact number, email address, phone number 
• Website usage – how you use our website, including information collected via cookies and other tracking technologies
• Video recordings – in the case of presentations at fairs, conferences, and other similar events, we may document the event through photography or video recordings
• Service information – information about the use of our services, including user identity, account or contract number, and information about complaints and requests
• User history information – satisfaction level, received offers, traffic data including usage volume and date, complaint history, service and maintenance history

The use of personal data in accordance with data protection regulations must be justified based on one of the legal “grounds.”

The legal bases for use are legitimate interest, consent of the data subject, performance of contractual obligations, and compliance with legal obligations.

Legitimate interest:
This processing is based on the legitimate interest of the company KROKOTEKS HOTELI d.o.o. in promoting and providing information about its products and services, as well as maintaining the highest standards of sales and services in its offer.
The fundamental rights and freedoms of existing and potential users have been weighed against the interest of KROKOTEKS HOTELI d.o.o. to process personal data for the stated purpose.

Consent:
The company KROKOTEKS HOTELI d.o.o. uses direct marketing based on your personal data to inform you about news and promotions in our offer, special benefits, presentations of new products, as well as our appearances at fairs, conferences, and other events exclusively with your consent.
Consent for direct marketing can be withdrawn at any time. Any person can also object to data processing for the above-mentioned purpose at any time.

Performance of contractual obligations:
Processing is based on fulfilling contractual obligations.

Compliance with legal obligations:
Processing is based on the obligation of KROKOTEKS HOTELI d.o.o. to fulfill its legal obligations as a Data Controller, for example, under accounting and bookkeeping regulations.

3. How we collect personal data 

KROKOTEKS HOTELI d.o.o. collects your personal data, among others, in the following cases:

• if you contact us directly to request information or an offer for our products or services
• when you engage in certain activities on the website www.clean24.hr, such as creating a user account, subscribing to a newsletter, completing surveys, leaving comments, participating in competitions or sweepstakes, sending feedback, requesting information about our services, applying for a job advertisement, we may ask you to provide certain additional personal data
• if you use our services
• if you respond to our direct marketing campaigns, for example, by filling out a data entry form on our website
• if our partners or principals provide us with your data in a legally permitted manner

Note: If you are under 16 years old, please do not provide any data without parental or guardian consent.

4. What personal data do we collect? 

If you only browse our website, we collect the following personal data as part of our logs:

– IP addresses (see Cookies below)

If you use our services and products, we collect the following personal data:

• Full Name
• OIB (Personal Identification Number)
• Address
• Email Address
• Phone Numbers
• Payment Information
• Information about your computer or mobile device (e.g., your IP address and browser type, device type)
• Information about how you use our Services (e.g., which pages you viewed, the time you viewed them, and what you clicked on).

Although we do not actively collect them, we may store any personal data you disclose during live chat conversations, in support requests (tickets), or email messages.

5. Cookies and IP Addresses 

5.1. When do we collect cookies? 

When you visit the site solely for informational purposes, i.e., if you do not wish to register or otherwise provide information about yourself, we only collect personal data that your browser transmits to our server. If you want to visit our website, please note that we collect the following data, which are technically necessary for us to display our website and ensure its stability:

IP address
Date and time of access
Operating system
Time zone difference compared to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
JavaScript activation
Java enabled/disabled
Cookies enabled/disabled
Amount of data transferred
URL data of the previously visited page
Browser type
Operating system and its interface
Language and version of the browser software

The legal basis for processing pseudonymized data described in section 2.1 is Article 6(1)(f) of the General Data Protection Regulation (GDPR), which is a legitimate interest (improving the website and user experience, and data protection).

5.2. In addition to the mentioned data, cookies are stored on your computer when you visit our website. Cookies are small text files stored on your hard drive via the browser you use, which allow certain information to be transmitted back to the entity that sets the cookies. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet experience more user-friendly and efficient.

5.3. Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

Temporary cookies (see b).

Persistent cookies (see c).

b) Temporary cookies are automatically deleted when you close your browser. They mainly refer to session cookies. They store so-called session identifiers, which can be assigned to a specific session based on your browser request. This allows your computer to be recognized when you revisit our website. Session cookies are deleted when you log out or close your browser.

c) Persistent cookies are automatically deleted after a specific period, which depends on the cookie. You can delete cookies yourself at any time in your browser's security settings.

d) You can configure your browser settings according to your preferences and refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all website functions if you do this.

e) We use cookies to identify you during subsequent visits, in case you have registered on our site. If you have not, you must log in during each visit to our site.

f) Flash cookies used are not collected by your browser but by your Flash plug-in. We also use HTML5 storage objects that are stored on your mobile device. These objects store necessary data independently of your browser and do not have an automatic expiration date. If you do not want Flash cookies to be processed, you must install an appropriate add-on, such as "Better Privacy" for Mozilla Firefox or Adobe's Flash cookie remover for Google Chrome. You can prevent the use of HTML5 storage objects by using the private browsing mode in your browser. We also recommend regularly manually deleting your cookies and browsing history.

(4) Of course, you can also browse our website without using cookies. Internet browsers are set to accept cookies. In general, you can disable the use of cookies at any time in your browser settings. Please use the help function in your browser to learn how to change these settings. Please note that some features of our website may not function partially or fully if you disable the use of cookies.

(5) The legal basis for processing data as described above is Article 6(1)(f) of the GDPR. Our interests in data processing primarily arise from the desire to enable website usage in a way that ensures its operational stability and security. We store personal data only as long as necessary to achieve the desired functions, unless otherwise stated.

(6) If we use contracted service providers for individual functions of our offerings or if we use your data for advertising, we will inform you in detail. We will also specify specific criteria for the storage period.

6. Plugins 

Google Analytics
Like many other websites, we use Google Analytics to collect anonymous data about users of our websites to determine how often they visit our websites, which pages they visit, at what time, how long they stay, and from which country they come. These data are collected using cookies and IP addresses, and the obtained statistics are used for the following purposes: to improve website usability, to monitor the success of marketing campaigns, and to analyze behavior patterns.

Google Maps
This website uses the Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes, and uses data about the use of map functions by visitors. More information on Google's data processing can be found in Google's Privacy Policy. You can also change your privacy settings in the Data Protection Center.

Google Web Fonts
Google Fonts are used to improve the visual presentation of various data on this website. Web fonts are loaded into the browser cache upon page opening to be used for display.

Mailchimp
We use MailChimp as the platform for automating newsletter subscriptions. By clicking the 'Subscribe' button, you agree that your email address will be stored in the MailChimp database to be processed in accordance with their privacy policy and terms of use.

Mailchimp's privacy policy can be found at https://mailchimp.com/legal/privacy/

You can withdraw your consent at any time by clicking the 'unsubscribe' link in the footer of the email message.

Hubspot
We use the service of HubSpot, Inc., HubSpot Ireland Limited, known as Hubspot (www.hubspot.com), to send emails to users regarding registration status and newsletters. HubSpot is a cloud-based email service that ensures reliable email delivery to customers. HubSpot, Inc., HubSpot Ireland Limited collects data about users who visit their website www.hubspot.com and users who use the services offered on their website, including the development, analysis, transmission, and management of emails. HubSpot, Inc., HubSpot Ireland Limited also collects data from end users (customers). Depending on the method used to notify the end user about status updates, HubSpot, Inc., HubSpot Ireland Limited collects data such as email address, phone number, and IP address. The data collected by HubSpot, Inc., HubSpot Ireland Limited may be transferred to third countries (United States, Ireland, and other countries where HubSpot service providers are located). You can read more about how your data is processed, stored, and your rights on the Hubspot website: https://legal.hubspot.com/privacy-policy

Google Tag Manager
This website uses Google Tag Manager. This service enables the management of website tags via an interface. Google Tag Manager only implements tags, meaning no cookies are used and no personal data is collected. Google Tag Manager triggers other tags that may collect data if necessary. However, Google Tag Manager does not access this data. If domain or cookie-level deactivation has been executed, it remains valid for all tracking tags implemented via Google Tag Manager.

Google Remarketing
We use Google Remarketing to reconnect with you within 12 months. This application allows our ads to appear while you continue using the internet after visiting our website. This is done using cookies, which track and evaluate your browsing behavior across various websites. In this way, Google can identify your previous visits to our website. According to Google's own statements, the data collected for remarketing is not linked to your personal data stored by Google. According to Google, pseudonymization is particularly used for remarketing.

You can prevent participation in tracking in several ways: 

a) By configuring your browser software to block third-party cookies, preventing ads from third-party providers;

b) By disabling conversion tracking cookies in your browser settings for the domain https://support.google.com/ads/answer/7395996, noting that this setting will be erased if you delete cookies;

c) By opting out of interest-based ads for participating providers in the 'About Ads' campaign via http://www.aboutads.info/choices, noting that this setting will be erased if you delete cookies;

d) By permanently disabling tracking in Firefox, Internet Explorer, or Google Chrome via the link http://www.google.com/settings/ads/plugin,

e) By adjusting cookie settings accordingly (click here). Note that in this case, you may not be able to use all the features of this offer fully.

More information on the purpose and scope of Google's data collection and processing can be found at https://policies.google.com/privacy?hl=en and https://services.google.com/sitestats/en.html.  Additionally, more details can be found on the Network Advertising Initiative (NAI) website http://www.networkadvertising.org.  Google is part of the EU-US Privacy Shield: https://www.privacyshield.gov/eu-us-framework.

Facebook Pixel
This website also uses the Facebook Inc. (“Facebook”) remarketing function “Custom Audiences” to reconnect with you within 180 days. This enables users of our website to see interest-based ads (“Facebook Ads”) when visiting Facebook or other websites. Your browser automatically establishes a direct connection with the Facebook server.

We have no control over the extent and further use of the data collected by Facebook via this tool. We inform you according to our knowledge: By integrating Facebook Custom Audiences, Facebook receives information that you have visited a page corresponding to our website or clicked on one of our ads.

If you are registered on Facebook, Facebook can associate your visit with your account. Even if you are not registered or logged in, Facebook may collect and store your IP address and other identifying data. The “Facebook Custom Audiences” function can be disabled in cookie settings or, for logged-in users, at https://www.facebook.com/settings/?tab=ads#_.

For more information on Facebook’s data processing, visit https://www.facebook.com/about/privacy.

Social Plugins
Our website includes social media plugins (“plugins”) from social networks.

To enhance the protection of your data when visiting our website, plugins are not activated by default but are only integrated into the page via an HTML link (known as the “Shariff solution”). This integration ensures that no connection to the servers of the respective social network provider is established when you open a page containing such plugins. By clicking one of the buttons, a new window opens in your browser, redirecting to the respective provider’s page, where you can (if necessary, after logging in) press the Share button.

For the purpose and scope of data collection, further processing, and use of data by providers, as well as your rights and privacy settings, please refer to the data protection information provided by the following providers:

• Instagram (1601 p. California Ave, Palo Alto, CA 94304, USA)
• Facebook Inc. (1601 p. California Ave, Palo Alto, CA 94304, USA)
• Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA)
• Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA)

7. Newsletter 

(1) After giving your consent, you can subscribe to our newsletters, which inform you about our current interesting offers and services. The advertised goods and services are listed in the consent statement. 

 (2) We use the 'double opt-in' procedure when subscribing to our newsletter. This means that after you register, we will send an email to the address you provided, in which we will ask you to confirm that you want to receive our newsletter. If you do not confirm the registration within [24 hours], your data will be blocked and automatically deleted after one month. Additionally, we will store your IP address and the time of registration and confirmation. The purpose of this procedure is to allow you to prove your registration and to clarify any circumstances in case of misuse of your personal data.

(3) The only mandatory data you need to provide when subscribing to the newsletter is your email address. Providing other data is voluntary and is used to address you personally. After your confirmation, we will store your email address for the purpose of sending updates. The legal basis is Article 6 (1) (a) of the GDPR.

(4) You can withdraw your consent for receiving the newsletter at any time, thereby canceling the subscription. You can confirm the withdrawal by clicking the link found in every newsletter email, by sending an email to info@clean24.hr, or by sending a message to one of the listed contacts.

(5) We note that by sending our newsletters, we evaluate user behavior. For this analysis, the emails contain so-called web beacons or tracking pixels, which are image files of one pixel stored on our website. During the evaluation, we link the mentioned data and web beacons with your email address and a unique identifier.

You can object to this tracking at any time by clicking on a specially provided link received via email or by informing us via email. Data is stored for as long as you are subscribed to the newsletter. After cancellation, we store the data anonymously for statistical purposes.

If you contact us (e.g., via form or email), we will store details about you to process the request and for any follow-up questions. We will delete the mentioned data once they are no longer needed or limit processing if there are statutory obligations for their retention. We only store and use other personal data if we receive your consent or if it is legally permissible to do so without special consent.

9. Processing of personal data via video surveillance

• Purpose: Protection of persons and property
• Legal basis: Legitimate interest of the data controller
• Recipients: Video recordings may be provided upon request to the competent authorities (police, court) if necessary for conducting proceedings under specific regulations
• Retention: Video surveillance recordings are stored for up to six months or longer if they are taken as evidence in judicial, administrative, arbitration, or other proceedings

10. Retention period of personal data? 

We store and process personal data only as long as necessary for the execution of a specific legitimate purpose, unless a longer retention period is prescribed by applicable regulations.

In the case of consent for marketing, data is stored until the consent is withdrawn.

For rejected offers where no marketing consent was given, data related to the offer is stored for one year, and if you request deletion, it will be deleted immediately.

Personal data collected for the purpose of fulfilling contractual obligations of the data controller are generally stored in accordance with applicable accounting regulations or until you request their deletion, in which case only transaction data is permanently stored.

Personal data that is no longer needed is either irreversibly anonymized or securely destroyed.

 11. How do we ensure the security of your data? 

We pay the utmost attention to data security and take all appropriate measures in accordance with the applicable personal data protection regulations in the Republic of Croatia.

We use various security measures, including encryption and authentication, to protect and maintain the security, integrity, and availability of your data.

Among other measures, we use:

• Strictly limited personal access to your data based on the "need to know" principle
• Secure transmission of collected data,
• Firewall implementation on IT systems to prevent unauthorized access
• Continuous monitoring of IT system access to detect and prevent misuse of personal data.

All your data is stored on our secure servers and the secure servers of our partners and is accessed and used in accordance with our security policies and standards (or equivalent standards of our subcontractors or business partners).

We may forward your personal data to providers of IT and communication solutions and services who act as data processors. We have entered into agreements with these processors that detail the handling of personal data, ensuring they cannot process your personal data without our instruction or pass it on to third parties.

The protection of your data privacy is permanent, and the company KROKOTEKS HOTELI d.o.o. takes all necessary measures to safeguard it in accordance with applicable regulations and best practices. We process personal data securely, including protection against unauthorized or unlawful processing and against loss.

Users can access their personal data on the website www.clean24.hr using a password and email address. It is recommended that users do not disclose their password to anyone. Additionally, users’ personally identifiable information is stored on a server accessible only to selected individuals and service providers. You are responsible for ensuring the security of your user password and should change it periodically.

No data transmission over the Internet or any wireless network can be 100% secure, and the company KROKOTEKS HOTELI d.o.o. cannot guarantee the protection of any information transmitted to or from the website www.clean24.hr and is not responsible for the actions of any third party that gains access to such data.

12. Where do we store and process your personal data? 

The personal data we collect from you is stored on our servers. However, we may share this data with third parties with whom we have business collaborations to fulfill service agreements with you, and these parties may be located outside the European Economic Area. By submitting your personal data, you consent to its processing outside the European Economic Area. We will take all necessary steps to ensure that your personal data, regardless of where it is processed, remains secure and treated in accordance with this Privacy Policy and GDPR.

13. Your data privacy rights 

We are pleased to inform you about your rights regarding the General Data Protection Regulation (GDPR). As of May 25, 2018, you have certain rights regarding your personal data, which we briefly describe below:

Right of access
You have the right to request confirmation of whether data concerning you is being processed and to obtain information about such data in accordance with Article 14 of the GDPR. You can exercise this right by contacting us (see below: How to contact us). 

Please note that before processing any data access request, we must verify your identity, and we may contact you further to ensure we understand what data you are requesting. Once we confirm your identity, we will provide the requested information within 30 days. We will provide this information free of charge, but we may charge an administrative fee if the request is manifestly unfounded or excessive, especially if it is repetitive. 

Right to rectification
Under Article 16 of the GDPR, you have the right to request the completion or correction of inaccurate data concerning you.

Right to erasure (Right to be forgotten)
Under Article 17 of the GDPR, you have the right to request the deletion of relevant data unless legal obligations prevent its erasure.

Right to restriction of processing
You have the right to request the restriction of data processing in accordance with Article 18.

Right to data portability
You have the right to request to receive the data you provided to us in accordance with Article 20 of the GDPR and further request its transfer to other processors.

Right to object
You have the right to object to future processing in accordance with Article 21 of the GDPR at any time. You can exercise this right by contacting us (see below: How to contact us).

Right to withdraw consent
You have the right to withdraw your consent at any time in accordance with Article 7, Paragraph 3 of the GDPR, which applies to future processing.

Right to notify supervisory authorities
Under Article 77 of the GDPR, you have the right to file a complaint with the relevant supervisory authorities.

14. Confidentiality of third-party data 

On our website, we may provide links to the websites of our business partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that KROKOTEKS HOTELI d.o.o. has no responsibility for these policies. Please review these policies before entering or submitting your personal data via such websites.

This Privacy Policy applies only to the use and processing of data collected by KROKOTEKS HOTELI d.o.o. from data subjects. Other websites accessible via www.clean24.hr have their own privacy statements and data collection policies, including how they use and disclose such data.

If you navigate to any such website, we recommend that you review that website’s privacy statement. KROKOTEKS HOTELI d.o.o. is not responsible for the practices and terms of third parties.

We reserve the right to amend this Privacy Policy at any time for any reason. Any changes to this Privacy Policy will be posted on our website. Amendments and modifications to the general data protection terms take effect immediately upon publication on www.clean24.hr.

We may occasionally remind you about the Privacy Policy via email, while the current version will always be available on our website.

16. Changes to our Privacy Policy 

We regularly review and update our Privacy Policy as necessary, and we reserve the right to change our privacy policies. Therefore, we encourage you to periodically read the Privacy Policy and apply the version in effect at the time.

17. How Can You Contact Us? 

Your questions, comments, and requests regarding the Privacy Policy are welcome, and you can contact us via email at info@clean24.hr

You can contact us at the provided address if you wish to exercise any of your rights listed below.

At any time, you have the right to:

• request that we provide you with additional information about how we use your data
• ask us to send you a copy of the personal data you have provided
• request that we correct any inaccuracies in the data we hold
• ask us to delete any data for which we no longer have a legal basis to use
• in cases where processing is based on consent and related to any direct marketing, withdraw your consent with future effect so that we cease such processing
• object to any processing [including profiling] based on legitimate interest due to your specific situation unless the reasons for carrying out such processing outweigh your right to data protection
• request that we restrict the way we use your data, e.g., while an objection is being processed
• the right to data portability