Special offers
.
.

Privacy Policy

.

Go back

Privacy Policy

Kepita d.o.o., with registered seat in Zagreb, Ulica Grge TuÅ¡kana 41, OΙΒ: 94966953195 (hereinafter: „Kepita””) adopts this PRIVACY POLICY.

Kepita takes your privacy seriously and is committed to protect it during the processing of your personal data as well as during and after your visit to this website: www.dalmatie-group.com (“”Site””).

The Privacy Policy provides insight into our practices regarding the collection of data through the Site, how we use that data, and applies exclusively to data collected through the Site and does not apply to data collected through any other source, including but not limited to Facebook, X, YouTube and other third party and social media websites. If you do not agree with any of the terms of this Privacy Policy, do not use the Site(s) or provide us with any personal data.

Data controller:

Kepita d.o.o. Address: Ulica Grge Tuškana 41, Zagreb W: https://dalmatie-group.com E: info@kepita.hr

Data Protection Officer

Kepita has designated a Data Protection Officer, who can be contacted at the following e-mail address: gdpr@kepita.hr

Website

During the use of our website, IT systems and software procedures for managing this website download some personal data whose transfer is implicit in the use of Internet communication protocols, or information that is not related to certain individuals, but by its nature could, through processing and linking to third party data, enable user identification. The specified data category includes the IP address or domain names of the computer used by the users connecting to the website, the URI (Uniform Resource Identifier), addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, numeric code indicating the response status of the server (for example, successful, error, etc.) and other parameters related to the operating system and users.

This data is used only and exclusively for anonymous statistical purposes on the website and to check the correct functioning. It is deleted immediately after processing.

Cookies

Some websites store small text files, known as cookies, on your computer for a better user experience on the website. Such sites are obliged to ask for your consent before storing cookies, as well as to enable the possibility of easily withdrawing consent to the use of cookies. The use of certain functionalities of a website may become disabled after the withdrawal of consent to the use of cookies.

A cookie is a file stored on your computer by a specific website you visit. The cookie informs the website that the “old” user has reconnected by remembering his settings. Cookies further record your preferences and settings.

Cookies can store a wide range of information, but that information can only be stored if the user allows it websites cannot access information that the user has not given them and cannot access other files on the user’s computer. Cookies do not contain any personal data or information that could identify you. On the other hand, the user can change their settings on the Internet and thus choose whether to approve or reject requests to save cookies, whether to automatically delete saved cookies when closing the Internet browser, etc. By disabling cookies you decide whether to allow them to be stored on your computer. Cookie settings can be controlled and configured in your internet browser. For information on cookie settings, select the internet browser you are using.

Persistent or saved cookies are stored on a disk (your computer) and remain there even after you close your Internet browser. They store information such as your login name and password, so you don’t have to log in every time you visit a particular place.

Temporary cookies are temporarily stored on a disk and are deleted after closing the Internet browser. With them, websites store temporary data such as items in the shopping cart.

“First party cookies” come from websites that the user views and can be permanent or temporary. The websites use these cookies to store information that they will use again the next time the user visits that site.

Third-party cookies come from other, partner sites you view. Third parties may thus collect data on users of various websites and use them for marketing and analytical purposes.

Our site uses temporary cookies.

For your information, there are currently several websites for disabling the storage of cookies for various services, and you can find out more at the following links:

Types of personal data processed

The main object of Kepita’s business is providing an accommodation services in its hotels. Kepita may request personal data when you book accommodation, make comments or ask questions, request information, participate in a promotion, contest, or use other features or functions of the Site. Therefore, Kepita collects and processes your personal data for various purposes with the ultimate goal of providing quality accommodation services and accompanying services all according to the highest industry standards of tourist companies.

Your personal data that you need to provide in order to provide you with accommodation services is kept by Kepita as a data controller in its database for the purpose of fulfilling the accommodation contract and fulfilling legal obligations related to the hospitality industry. Failure to provide Kepita with the minimum information necessary for booking accommodation and during the check-in period to all competent registers, Kepita will not be able to provide you with the accommodation reservation service or accommodation service in accordance with the contractual and legal requirements.

Certain data are necessary in order to take action at the request of the data subject before concluding the accommodation contract. For example, before booking accommodation, at the request of potential guests, accommodation offers are sent, for which Kepita needs personal data, at least name, surname and e-mail address in order to be able to send an offer.

Kepita collects and processes the following personal data and other information, the purpose of fulfilling the reservation obligation:

  • Name and surname of the reservation holder
  • Accommodation unit number
  • Arrival and departure dates
  • Number of persons for whom accommodation is booked and arrangement by room
  • Which persons are minors
  • Possibly other specifics depending on the request of the person booking the accommodation
  • E-mail if the person has one
  • Language
  • Telephone
  • Loyalty program membership, if it affects the price of accommodation or the accumulation of points
  • Payment method
  • and other types of information that we are obliged or authorized to collect about you or that we need to perform contractual obligations.

In the event of cancellation of the reservation, Kepita retains your data for the purpose of proving the reservation or cancellation of the reservation.

Upon arrival at the facility, guests check in at the facility, and their data is entered into the guest database, from which the data is automatically sent to the eVisitor system (a unique online information system for check-in and check-out of guests) in order to fulfill legal obligations. The data collected for this purpose are (the data may change due to changes in regulations):

  • Name and surname
  • Place, country, and date of birth
  • Citizenship
  • Number and type of identification document
  • Residence (residence) and address
  • Date and time of arrival or departure from the facility
  • Sex
  • Basis for exemption from payment of the tourist tax or for reduction of the payment of the tourist tax

The above data are processed by tourist boards and public authorities of the Republic of Croatia for the following lawful purposes:

  • monitoring the fulfilment of the obligation to check in and check out tourists by those obliged to check in and check out (accommodation service. providers);
  • records, calculation and collection of tourist taxes;
  • keeping a book or a list of guests by the accommodation service provider and monitoring the fulfilment of the said obligation by the management inspection bodies;
  • reporting of foreign nationals to the ministry responsible for internal affairs and monitoring the fulfilment of the said obligation by inspection bodies;
  • keeping a list of tourists by tourist boards and statistical processing and reporting;
  • supervising the operations of accommodation service providers in the part related to the legality of performing activities, i.e. providing registered services, and compliance with tax and other regulations on public benefits.

Given that it is prescribed that the data for the registration of guests is entered on the basis of the data from an identity card, i.e. travel or other identity document, the guests are obliged to provide Kepita with such a document and any additional information that is necessary for entering the data, and is not contained in such a document. Also, in order to exercise some rights and benefits, the guests may be required to attach (copies) appropriate documents, certificates and documents proving and exercising such rights and benefits.

Also, Kepita is obliged to keep all invoices, as well as invoice bases issued to guests with the guest’s personal data in accordance with legal regulations.

Other data related to the circumstances of your stay, such as: mode of travel, who you are traveling with, marital status, number of children, pets, other interests, will also be collected and processed during your stay when they have a direct connection with the provision of accommodation services.

Before, during and after your stay, Kepita, as a data controller, has the right to send you so-called service e-mails reservation confirmations, reminders about your stay and other notifications closely related to the specific stay you have booked based on a legitimate interest.

Also, during and after the stay, Kepita, as the data controller, has the right to send you satisfaction questionnaires by e-mail based on a legitimate interest, which will be processed internally or through associates. The primary purpose of the satisfaction questionnaire is to collect data on the service for the legitimate interest of improving the service by Kepita. Kepita can depersonalize and process the data from the questionnaire for statistical purposes.

In addition, Kepita collects and processes other data the user voluntarily discloses during e-mail communication through the contact form and /or subsequent e-mail communication resulting therefrom.

Kepita has the right based on a legitimate interest to collect certain data and use it for direct marketing purposes, while for the process of Newsletters the legal basis is consent, all as described in the Newsletters section.

Service e-mails and e-mails with satisfaction questionnaires are not considered newsletters for the purpose of sending offers and news to Kepita.

Kepita will not collect personal data during your visits to our Site unless you voluntarily provide it to us, except for certain items of personal data collected through information systems and programs used to operate the Website, the transmission of which is inherent in the use of Internet communication protocols (eg IP addresses) and will not require more information than is necessary to participate in the activities on our Site.

We hereby advise you to read all privacy policies of all third parties, as well as the terms of use.

Purposes and basis of processing and possible consequences of not providing personal data

When you provide your personal data on the Site, we will restrict the process of personal data for the purpose for which it was collected in accordance with the terms of this Privacy Policy.

Kepita processes personal data in accordance with the General Data Protection Regulation and other applicable data protection laws. Depending on the specific processing activities, the legal basis for processing your personal data may vary. The primary legal grounds Kepita relies on include:

  • Performance of a contract (Article 6(1)(b) of the General Data Protection Regulation): Your personal data is processed when it is necessary for the performance of a contract to which you are a party. This includes, but is not limited to, processing your data to handle your reservations, provide accommodation services, and respond to inquiries made before entering into a contract.
  • Legal obligation (Article 6(1)(c) of the General Data Protection Regulation): In certain cases, we are required to process your personal data to comply with legal obligations, such as retaining invoices and financial records in accordance with applicable accounting and tax regulations.
  • Legitimate interests (Article 6(1)(f) of the General Data Protection Regulation): We may process your data when it is necessary for our legitimate interests, provided these are not overridden by your rights and interests. Examples of such legitimate interests include:
    • Sending service-related communications (e.g., booking confirmations, reminders).
    • Sending satisfaction surveys to improve our services.
    • Processing data for internal analytics and service improvement.
    • Using your data for limited direct marketing purposes (e.g., sending you offers and updates about similar services), provided you have not opted out.
  • Consent (Article 6(1)(a) of the General Data Protection Regulation): Where we rely on your consent, we will explicitly seek your permission before processing your data for certain purposes, such as:
    • Sending you newsletters and promotional offers for unrelated services.
    • Processing sensitive personal data (where applicable). You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Vital interests (Article 6(1)(d) of the General Data Protection Regulation): In rare situations, we may process your data if it is necessary to protect your vital interests or those of another person, such as in emergency situations.

All data requested by Kepita is processed exclusively for the following purposes:

  • providing the services you have requested from Kepita
  • using your feedback to improve our services;
  • internal statistical data processing.

The process of your personal data may include taking action on your request prior to entering into a contract (e.g., answering all your questions and requests); enforcing a contract to which you are a party; investigating suspected fraud, harassment, physical threats or other violations of any laws, rules or regulations, rules of the Site or rights of third parties; or investigating any suspicious behaviour that we consider indecent; complying with the legal obligation to which Kepita is subject; or for the purposes or in connection with legal proceedings, the establishment, defence or exercise of legal rights. Kepita may also use your personal data to send notifications via electronic means (SMS, e-mail, social network), whether automated (operatorless calls) or not (mail and operator calls), in accordance with the relevant legal grounds.

Failure to provide the requested personal data may result in Kepita being unable to provide certain services, respond to inquiries, or comply with legal requirements, which may affect the services you receive.

Recipients of personal data

Your personal data may be disclosed, in close connection with the above purposes, only:

  • To those entities that also need it to perform the service and maintenance, send mail and e-mail, remove duplicate information from the list of users and analyze data, and who usually process personal data on behalf of Kepita as processors;
  • persons authorized by Kepita for processing personal data, who are subject to an appropriate legal obligation of confidentiality (Kepita employees);
  • law enforcement services and public authorities when required by applicable law or in connection with procedures involving mergers, sales, restructurings, acquisitions, divisions, bankruptcies or liquidations.

Except for the above, Kepita does not transfer, sell or assign your personal data to third parties.

Transfer of personal data outside the EEA

Some of the recipients of your personal data may be located in countries outside the European Economic Area (EEA), which includes EU member states and Iceland, Liechtenstein, and Norway. Transfers to third countries will be carried out with the application of appropriate safeguards defined by the General Data Protection Regulation.

Period of retention of personal data

Kepita will retain your personal data only for the time necessary to achieve the purpose. Kepita will retain your personal data exclusively and only for the time necessary or permitted in accordance with the applicable legal regulations governing the field of personal data protection and the General Data Protection Regulation and the Act implementing the General Data Protection Regulation (Official Gazette No. 42/18), in force dated 25 May 2018) (hereinafter: the “”Act””).

Your rights

Kepita informs you that, to the extent permitted by applicable law, you have at all times

  • the right to data access and data insight data;
  • the right to rectify inaccurate personal data or to complete incomplete personal data;
  • the right to erasure of personal data, in the cases specified in Article 17 of the General Data Protection Regulation;
  • the right to restriction of processing, in the cases specified in Article 18 of the General Data Protection Regulation;
  • the right to data portability, in the cases specified in Article 20 of the General Data Protection Regulation;
  • the right to object, in the cases specified in Article 21 of the General Data Protection Regulation.

In addition to the aforementioned rights, you also have the right to lodge a complaint with a supervisory authority.

If you wish to exercise any of the above rights, please feel free to contact the Data Protection Officer via e-mail: gdpr@kepita.hr or at the address: Ulica Grge Tuškana 41, 10 000 Zagreb.

Response deadline

Kepita will provide you with information on the action taken on your request to exercise your rights without undue delay and in any case within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Kepita shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. If Kepita does not take action on your request, it shall inform you without undue delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Security measures

Kepita d.o.o. has taken appropriate physical, technical and organizational measures to protect personal data from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction, in accordance with Article 32 of the General Data Protection Regulation.

Please note that no security measure can be 100% effective.

Only authorized employees and agencies have access to the data.

Links to other websites

The website may contain links to other websites that are not owned or controlled by Kepita.

Please inform yourself about the privacy practices of such websites as Kepita is not responsible for their privacy practices.

Privacy policy update

From time to time, Kepita may update this Privacy Policy and we ask you to check its provisions periodically.

If you do not agree with any of the terms of this Privacy Policy, do not use the Site(s) or provide us with any personal data.

Contact

If you have any questions or concerns regarding data protection at Kepita, please feel free to contact us via e-mail: gdpr@kepita.hr

This privacy policy was published on May 28, 2025.