DRUŠTVO ZA POSREDOVANJE, PROMET I USLUGE “SUNTIME” D.O.O. – BUDVA, with its registered seat at Drobnici, Budva, Montenegro, TIN: 02632934 (hereinafter referred to as: “Suntime or We”), respects and protects privacy of every person whose private data it collects. Collection and safekeeping of data is conducted in accordance with the Law on personal data protection of Montenegro, as well as with General Data Protection Regulation of EU (hereinafter referred to as: the “Law”).
Suntime values you as our guest and recognizes that privacy is important to you.
Suntime holds all copyrights for usage of photos, texts, and other published material, within the meaning of statutory legal regulations in Montenegro. Photographs, texts, and other material can’t be published, sold, publicly or privately published, or in any other manner used without our consent. Non-compliance with the above stated terms entails responsibility and obligation of remuneration of non-material damage to Suntime per violation of each material.
Scope of application
“Personal Data” are data that identify you as an individual or relate to an identifiable individual.
Suntime collects Personal Data in accordance with Law.
Data handler and legal framework
Suntime, as handler of your data, respects your privacy and undertakes to protect your personal data.
How We Collect Personal Data
We collect Personal Data in a variety of ways:
- Online Services (reservation of accommodation via internet)
We collect Personal Data when you make a reservation, purchase services from our website, communicate with us, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a survey, contest or promotional offer.
- Property Visits and Agreements on accommodation.
We collect Personal Data when you visit our properties, villas, apartments and other amenities, or use on-property services such as: beach with floating pier, bar, Asian fusion restaurant, swimming pools, Spa facilities and fitness.
We collect Personal Data in the event of filling agreements on accommodation.
We collect Personal Data when you make a reservation over the phone, communicate with us by email or via fax.
- Other Sources
We collect Personal Data from other sources, such as public databases, joint marketing partners and other third parties. We can obtain personal data from third parties that we have close collaboration with (e.g. including travel agency, event and congress organization agency, business partners, associates, suppliers, etc.).
- By video surveillance
We collect images and video and audio data via security cameras located in public areas, such as hallways and lobbies, in our properties.
How We Collect Other Data
We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the online services, pages visited, referring URL, language preferences, and other aggregated traffic data.
We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the online services and to recognize your computer to assist your use of the online services. We also gather statistical data about use of the online services to continually improve design and functionality, understand how they are used and assist us with resolving questions.
You can choose whether to accept cookies or not to accept cookies. If you changed your mind regarding settings of cookies on our website page, you can always erase or block cookies by changing settings on your web browser and disable further handling of your personal data, accordingly. These setting depends on your browser.
If you block cookies, it is possible that some options on web page will not be available.
We store cookies in the database and saves them for 5 years at most.
- Your IP Address
We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP address is identified and logged automatically in our server log files when a user accesses the online services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the online services. We also may derive your approximate location from your IP address.
Implementation of data protection principles
- Lawfully – processing will be possible if the Law allows it and within the boundaries set by the Law.
- Fairly – with respect of uniqueness of every relationship, applying all adequate measures for protection of personal data and privacy in general, and without preventing examinee to exercise their rights.
- Transparent – by informing examinees on personal data procession. All the way from the collection of data, when the examinees are informed on every aspect of data procession, till the end of data procession, examinees will have simple and fast access to their own data which includes possibility of inquiry and obtaining of copy in accordance with the provisions of the Law. Certain information can be limited only when it is obligatory by Law or if necessary, for protection of third persons.
- With limitation of safekeeping – by safekeeping of data in the form that provides identification of the examinee only for the period of time necessary for the purpose for which personal data are handled, and longer only if allowed by the Law.
- With reduction of the data amount – by handling data only if they are appropriate, relevant, and limited to what’s necessary. Particular care will be taken not to collect data for which there is no justified need for handling.
- By taking care of accuracy – by taking care of accuracy and up-to-datedness of the data, and by deleting incorrect data within capacity.
- By taking care of completeness and confidentiality – by giving technical and organizational measures necessary safety of personal data, including protection from unauthorized or illegal handle, and from accidental loss, destruction, or damage by applying necessary technical and organizational measures. Relevant measures are applied with regard to the risk during every type of data handling.
Purpose of the collection
We are obliged to collect some of your personal data in order to fulfil accommodation agreement and due to rules regulating hospitality industry, but we can collect some other or same data for other purposes, primarily for contact, i.e.:
- realization of accommodation agreement;
- security of payment;
- fulfilment of legal requests and other statutory legal regulations regulating hospitality industry;
- for the purpose of direct marketing;
- sending of offers;
- for the purpose of improvement and personalization of services for you as a guest;
- for the purpose of property protection and safety of individuals by usage of video surveillance.
Suntime warrants to use collected data only for the purposes above stated. Suntime can use depersonalized data for statistics.
Use of Personal Data and Other Data
We use Personal Data and Other Data to provide you with services, to develop new offerings and to protect our guests. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services.
- Provide the Services you request
We use Personal Data and Other Data to provide Services you request, including:
- To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages;
- To complete your reservation and stay, for example, to process your payment, ensure that your room is available and provide you with related customer service;
- To support our electronic receipt program. When you provide an email address in making a reservation, we use that email address to send you a copy of your bill. If you make a reservation for another person using your email address, that person’s bill will be emailed to you, as well. You can opt out of receiving your bill via email and instead receive a paper copy by contacting the front desk of the hotel.
We will use Personal Data and Other Data to manage our contractual relationship with you, because we have a legitimate interest to do so and/or to comply with a legal obligation.
- Personalize the Services according to your Personal Preferences
We use Personal Data and Other Data to personalize the Services and improve your experiences to:
- Present offers tailored to your Personal Preferences.
We will use Personal Data and Other Data to provide personalized Services according to your Personal Preferences either with your consent or because we have a legitimate interest to do so.
- Communicate with you about services according to your Personal Preferences
We use Personal Data and Other Data to:
- Send you marketing communications and promotional offers, as well as for a market research or quality assurance surveys.
We will use Personal Data and Other Data to communicate with you with your consent, to manage our contractual relationship with you and/or because we have a legitimate interest to do so.
- Business Purposes
We use Personal Data and Other Data for data analysis, audits, security and fraud monitoring and prevention (including with the use of closed circuit television, card keys, and other security systems), developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
We use Personal Data and Other Data in this way to manage our contractual relationship with you, comply with a legal obligation and/or because we have a legitimate interest to do so.
Legal basis for collections
Legal basis for stated collections are:
- Accommodation agreement;
- Consent or explicit consent of the examinee, depending on the purpose of handling and type of personal data.
Consent and Right to Withdraw Your Consent
If you have given us consent in relation to particular processing or activities, you can withdraw your consent at any time by contacting us on firstname.lastname@example.org.
Period of data safekeeping
Suntime is obliged to keep safe the data collected on the basis of the Law for as long as requested by certain law or other statutory legal regulation.
Data collected by Suntime on the basis of contractual relations, will be kept only as long as necessary for the purpose of fulfilment of contract i.e. for the providing of service.
Data on name, surname and e-mail address collected by Suntime on the basis of legitimate interest for the purpose of direct marketing will be kept in its guest database for 10 years.
Other data collected by Suntime on the basis of explicit consent of the guest (mobile telephone number, number of children, marital status, pets, meanings of travelling, accommodation preferences) will be kept in its guest database for 5 years.
Rights of examinee
Regardless of the basis of data collection, you can ask at any time, free of charge, for the:
- access, you have right to know if your personal data are handled or not;
- amendment of data in all personal databases, after which Suntime will amend your data in all its bases depending on your request;
- erasure (“right to be forgotten”) of personal data in all personal databases, after which Suntime will erase you from all its bases, except from the bases which Suntime is obliged to hold and keep in accordance with statutory legal regulations, or in the event of more powerful legitimate reasons for handling or if handling is not necessary for submission, exercise, or defence of legal requests;
- limitation of handling of your data or file complaint on handling of such data;
- transfer of data on you collected by us to you or to third parties (“right to data portability”), in accordance with statutory legal regulations;
- if data are given on the basis of consent, you can withdraw this consent at any time without any negative consequences,
- right to file complaint to competent supervisor authority, the Agency for Personal Data Protection, with registered seat in Podgorica, Montenegro.
DRUŠTVO ZA POSREDOVANJE, PROMET I USLUGE “SUNTIME” D.O.O. – BUDVA, Drobnici, 85310 Budva, Montenegro.
Personal data collected from the persons booking the accommodation
Your personal data, which you have to provide in order to receive accommodation services, Suntime, as data handler, keeps in its database only for the purpose of fulfilment of accommodation agreement, and for fulfilment of its legal obligations, and for collecting of personal data related to hospitality industry, and is allowed to use them for other purposes in accordance with statutory legal regulations. If you fail to provide to Suntime necessary minimum of data required for the guest registration with all competent authorities, Suntime will not be able to provide you with accommodation in accordance with the accommodation agreement and the Law.
Personal data, which Suntime registers upon the reservation and arrival to facilities, are collected on the basis of the Law regulating hospitality industry and for the purpose of service provision to guests. Those are following data (that can be changed in accordance with statutory legal regulations):
- name and surname;
- residence address (Montenegrin citizens);
- date of birth;
- number, type of ID and issuing place;
- number of accommodation unit;
- date of arrival and departure of the guest;
Suntime keeps the data in its guest database and sends them to a system (electronic system for guest registration) to competent authorities of Montenegro, and those data have to be kept in the system for 10 years. Also, Suntime is obliged to keep all invoices issued to guests with personal data of the guest in accordance with law regulations.
Moreover, for the purpose of fulfilling of its contractual obligation, upon reservation and arrival to facilities, Suntime collects following information:
- telephone number.
Other data connected to your staying, such as: means of traveling, marital status, number of children, pets, also can be collected if they have direct connection with providing accommodation.
Based on the legitimate interest, Suntime has rights to collect your personal data (name, surname, e-mail address) to its personal guest database and to use them for the purpose of direct marketing, exclusively for the purpose of notification on offers and news via e-mail. In such event, at any time and free of charge, you can ask for the erasure (“right to be forgotten”) from personal database for that purpose.
During and after your staying, Suntime will send you to your mail address survey in order to evaluate the service provided to you (hereinafter referred to as: the “Survey”). Survey is filled out only with your consent. The primary purpose is collection of data on service for satisfaction survey improvement of service, and Suntime depersonalizes and handles data from the Survey for statistics purposes.
Additionally, person booking the accommodation, that is, a guest can give special permit, consent, to Suntime, to all his data, such as:
- date of birth;
- other personal data collected during staying (such as mobile number, sex, marital status, number of children, pets and activities during staying, means of traveling, accommodation preferences, etc.),
in order to collect and use for further profiling of examinees for the purpose of contacting and notifying on special and personalized offers, news and events organized by Suntime via e-mail, web, internet promotion. In this event, the examinee has right to withdraw given consent at any time, which includes handling for the purpose of profiling to the extent to which it is connected to such direct marketing, regarding initial or further handling, at any time and free of charge, as well as the right to change the data at any time, and right to be forgotten.
Personal data collected via subscription to newsletter
In the event of subscription to newsletter, the examinee will have a possibility to give, with a consent, the following additional data (not including name, and surname, and e-mail address which Suntime collects on the basis of legitimate interest):
- date of birth.
In the event of newsletter subscription update, the examinee will have possibility to give, with a consent, the following additional data:
- street, home number, postal code, city;
- mobile telephone number;
- means of traveling;
- accommodation preferences.
Collected data are collected on the basis of explicit consent for the purpose of notifying about special and personalized offers, news, and events organized by Suntime via e-mail, web, internet promotion. Data are kept in Suntime’s guest database for 10 years.
As the Examinee, you have right to change data and right to be forgotten. You have possibility to unsubscribe from mailing list, if you no longer wish to receive our newsletter.
Personal Data We Share
In order to offer you the expected level of hospitality and to provide you with the best level of service, we may share your personal information among members of Suntime, our service providers, and other third parties as set forth in detail below:
The term “sensitive data” refers to data related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, or sexual orientation, genetic information, criminal background, and any biometric data used for the purpose of unique identification.
We do not generally collect sensitive data unless it is volunteered by you or unless we are required to do so pursuant to applicable laws or regulations. We may use health data provided by you to serve you better and meet your particular needs (for example, the provision of disability access).
Personal Data from Children
We do not knowingly collect personal data from individuals under 18 years of age. As a parent or legal guardian, please do not to allow your children to submit personal information without your permission.
Links to Third-party Websites and Services
In the event of personal data violation, Suntime, as data handler, is obliged to inform competent authority on the violation of personal data, without necessary delay and, if possible, within 72 hours of learning about that violation, unless it’s unlikely that personal data violation will cause risk for rights of individuals.
Notification delivered to competent authority holds all the information in accordance with the Law. In the event of personal data violation that probably will cause high risk for rights of individuals, Suntime, as a data handler, will inform examinee on personal data violation without necessary delay. In cases when it is not legally obligatory, Suntime will not inform examinees.