Guide2Sarajevo.com (hereinafter only referred to as “Guide2Sarajevo” or ”we”) takes the protection of your personal data as the Data Controller very seriously. We treat your personal data confidentially and in accordance with the provisions of data protection law. This privacy statement informs you about how, to what extent and for what purposes we process the personal data of customers using the Guide2Sarajevo website and App.
SUBJECT OF DATA PROTECTION
Subject of data protection is personal data. Data is personal if it can be assigned to an identified or identifiable natural person. This includes information such as names, addresses, email addresses and telephone numbers.
COLLECTION, PROCESSING AND USE OF PERSONAL DATA ON REQUEST
The use of our website and App is generally possible without providing personal data. You are neither obliged to visit this website nor to provide any personal data. If you do not provide us with personal data, you might not be able to use individual functionalities of this website. Otherwise there will be no consequences for you. The collection of users’ personal data on our site is always on a voluntary basis, except in the cases described in the following. We would like to point out that data transmission over the Internet (e.g. communication by email) can have security gaps. A complete protection of data against access by third parties is not possible. We collect, process and use your personal data, which you have provided us with when booking or registering an account for our member area, to the extent necessary in each case for the following purposes:
Registration and execution of the contract
Data that you provide when setting up an account, such as your name, email address, telephone number, mobile phone number, address and data which will be provided depending on the service you use
We collect, process and use transaction data regarding your activities on the websites (e.g. purchases, content that you generate or that relates to your account)
Billing and other data you provide for the purchase
Data collected in the context of reviews, chats and correspondence on the website or by email, fax and post
Other personal data that we may ask you to provide for special purposes
If you voluntarily provide us with additional personal data during registration, this data will also be used for the implementation of the usage relationship.
- Contact establishment
If you provide us with personal data for the purpose of contacting us, this data will be used by us as this is necessary for the purpose of the respective communication.
Guide2Sarajevo may process and use your personal data for marketing purposes, e.g. to send emails with general information or of an advertising nature (newsletter), on the basis of the declaration of consent you have given us. You can revoke the declarations of consent granted to us in this regard at any time with effect for the future. If you wish to opt-out of receiving these emails from us, please follow the instructions contained in an applicable email you receive from us, which will allow you to opt-out of receiving these types of email communications from us. In addition, you can object to this use - insofar as we use your personal data within the legally permissible framework for e.g. postal marketing measures. In both cases, an email to the following address is sufficient: support@Guide2Sarajevo.com.
- Information you provide to Payment Processors
All payments made are processed by a PCI/DSS-compliant (these are payment card industry security standards) payment processing service engaged by us. All information collected by these third-party providers for purposes of processing your payments is not available to us unless you have otherwise provided this information to us in connection with your use of the Websites or our products and services.
- Aggregate Information
We may share your information with affiliated or unaffiliated third parties on an anonymous, aggregate basis. While this information will not identify you personally, in some instances these third parties may be able to combine this aggregate information with other data they have about you, or that they receive from third parties, in a manner that allows them to identify you personally.
- Registration and execution of the contract
DATA PROCESSING TO ENABLE THE USE OF THE WEBSITE
When you visit our website, we collect the necessary data to enable you to use it (usage data). This includes your IP address and data about the start, end and subject of your use of the website as well as any identification data (e.g. your login data when you log into a secure area). This data is used to provide and design the service according to users’ preference. This data is always deleted as soon as it is no longer required and if there are no storage obligations. For information on the processing of pseudonymous usage profiles, see item VII.
DATA PROCESSING FOR MOBILE APPLICATIONS AND DEVICES
When you download data, use our mobile applications or access one of our websites optimized for mobile devices, we may collect information about you and your mobile device as described above in this statement. This can include location data, for example, if you release it for our mobile application. We use this information to provide you with location-based services such as search results and other personalized content, if approved by you and your device. You can control or deactivate location services from the settings menu on most mobile devices. If you have questions about deactivating location services on your device, we recommend that you contact your mobile service provider or the manufacturer of your device. If we collect other personal data that is transferred as a result of your use of our mobile applications or your access to our website with a mobile device, we will obtain your express consent in advance.
DATA COLLECTED FROM OTHER SOURCES
We may obtain additional information about you from third parties to supplement our account information to the extent permitted by law. This includes demographic and navigation data, credit check data and other information from credit agencies, to the extent permitted by law.
LEGAL BASIS FOR DATA PROCESSING
If you reside within the European Economic Area (EEA), our processing of your personal information will be legitimized as follows:
- Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This article in the GDPR describes when processing can be done lawfully.
- If the processing of your personal data is necessary for the performance of a contract between you and Guide2Sarajevo or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).”). If this data is not processed, Guide2Sarajevo will not be able to execute the contract with you.
- Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), for example complying in the fields of employment law.
- And where the processing is necessary for the purposes of Guide2Sarajevo’s’ legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f), for example to detect fraud.
Our website contains links to social networks (Facebook, Instagram, Twitter, Google+, Pinterest, LinkedIn). These social networks are operated exclusively by third parties. If you follow the links, information may be transmitted to these third parties. We use the so-called 2-click solution. This means, in general, that no personal data will be passed on if you visit our site.
TRANSMISSION TO THIRD PARTIES
Your personal data will only be transmitted to third parties if this is legally permitted or if you have given your prior consent. In particular, we will not sell your data to third parties or market it in any other way. We will only disclose your data to government authorities as part of legal obligations or as a result of an official order or court decision. We have bound our employees and partners to secrecy and to comply with data protection regulations.
HOW WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES
Except as set forth in this Privacy Statement or when specifically agreed to by you, we will not disclose personal information we gather from you to third parties unless we are required to share this information to complete your request or for legitimate business purposes. Guide2Sarajevo shares personal information in the following circumstances: We may share your information with vendors or third parties who deliver or provide goods and services or otherwise act on behalf of or at the direction of Guide2Sarajevo. These third parties may include, for example, our third-party (technology) providers, Suppliers and partners. These third-party service providers will only have access to the information needed to perform these limited functions on our behalf.
DATA TRANSMISSION TO COUNTRIES OUTSIDE THE EU
As far as this is necessary for the initiation or execution of the contract - e.g. to process bookings for activities in countries outside the EU - we will transmit your data outside the EU. The same applies if such a transmission turns out to be necessary for our purposes. In this respect, we ensure that the data recipient guarantees an appropriate level of data protection and that no other interests worthy of protection conflict with the data transmission. Guide2Sarajevo relies on derogations as set forth in Article 49 of the GDPR in the event no “adequacy” decision and no other safeguards under the GDPR are in place (for example binding corporate rules on the transfer outside the EEA). In particular, we collect and transfers to countries outside the EU personal data only: with your explicit consent; to perform a contract with you; in a manner that does not outweigh your rights and freedoms. If this data is not processed and transferred, Guide2Sarajevo will not be able to execute the contract with you or you will not have access to any or all of the benefits and features associated with your transaction. We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Guide2Sarajevo and the practices described in this Privacy Statement. In the event that you have any questions to this end, please contact our Data Protection Officer.
DELETION OF DATA
We retain data for the duration of your business relationship with us and otherwise as required under applicable law. Personal data will be kept for no longer than is necessary for the purposes for which your personal data are processed. We will retain your personal data as long as you have a member account or require our services so that we can provide these services to you. If you are in the European Economic Area, at the moment you withdraw your consent for the processing of your personal data, all your personal data received and stored are erased if no longer needed by us. Unless we are required to retain this personal data by law or to comply with our regulatory obligations. In such a case, we will only keep this personal data for as long as necessary. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact our data privacy resource at dataprotectionofficer@Guide2Sarajevo.com.
Guide2Sarajevo has taken the necessary technical and organizational measures to protect the personal data provided by you against loss, destruction, manipulation and unauthorized access. Our employees and all persons involved in data processing are obliged to comply with the data protection laws and to treat personal data confidentially. Our employees have been trained accordingly. Both internal and external audits ensure compliance with all data protection processes at Guide2Sarajevo.
We use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission, to protect the personal data of our users. You can see this from the fact that an "s" (https://) is added to the address component http://, or a green, closed lock icon is displayed. By clicking on the icon, you will receive information about the SSL certificate used. The display of the icon depends on the browser version used by you. The SSL encryption guarantees that your data is transmitted in an encrypted and complete way.
EUROPEAN UNION DATA SUBJECTS RIGHT
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. If you wish to confirm that Guide2Sarajevo is processing your personal data, or to have access to the personal data Guide2Sarajevo may have about you, or have other questions, please contact us via dataprotectionofficer@Guide2Sarajevo.com.
You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Guide2Sarajevo might have received the data from us; what the source of the information was (if you did not provide it directly to Guide2Sarajevo); where the personal data is stored and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by us if it is inaccurate. You may request that we erase that data or cease processing it, subject to certain exceptions. You may also ask us for your personal data to be supplemented or updated, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. You may withdraw your consent for the processing of personal data or the further processing of personal data by us at any time. You may also request that Guide2Sarajevo ceases using your data for direct marketing purposes. In many countries (including EEA countries), you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Guide2Sarajevo processes your personal data. When technically feasible, we will—at your request—provide your personal data to you or transmit it directly to another controller. You have the right to receive your personal information in a structured and standard format. In addition to the information contained in this Privacy Statement, you may be provided with additional and contextual information concerning particular services or the collection and processing of your personal data upon request.
NO AUTOMATED INDIVIDUAL DECISION
We do not use your personal data for automated individual decisions.
HOW CAN YOU CONTACT US?
Guide2Sarajevo, 4 Hervey Street, Oxenford, QLD 4210, Australia
Phone: +387 61 899 916
Or by email: service@Guide2Sarajevo.com
You can contact our Data protection Officer at: dataprotectionofficer@Guide2Sarajevo.com
CHANGES TO THE PRIVACY STATEMENT
From time to time, we may need to update or modify this Privacy Statement, to reflect changes in our business practices, data collection practices or organization. We reserve the right to amend this Privacy Statement at any time, for any reason, without notice to you, other than the posting of the amended Privacy Statement on our website, or, if you have provided your email address to us, sending you an email notifying you of the amended Privacy Statement. It is strongly recommended to check the Website often, referring to the date of the last modification listed at the top. We will in any case not reduce your rights under this Privacy Statement without your explicit and informed consent. If you do not agree to the changes, you should discontinue your use of the Website, and cease providing personal information to us, prior to the time the modified Privacy Statement takes effect. If you continue using the Website or provide personal information after the modified Privacy Statement takes effect, you will be bound by the modified Privacy Statement.