CORAL GROUP d.o.o. and Institute for Tourism respects your privacy and pays special care to the
protection of your personal data. Therefore, this document serves to clarify which personal data are
processed, why we process such data and how we deal with personal data we process.
Your data are collected and processed solely for the purpose of providing our services in a lawful, fair
and transparent manner. We only process data necessary to provide a particular service, taking into
account their adequate protection.
Such personal data are primarily about individuals (natural persons) with whom we have a business
relationship or a legitimate interest to contact them (clients, suppliers, business partners, employees
etc.) When the need for processing your personal data expires, we erase all personal data or use
adequate technical solutions for ensuring anonymity of data for the sole purpose of their use for
statistical purposes. Personal data are always processed in accordance with our fundamental values
well as to personal data in printed (paper) form, regardless of whether an electronic record is printed.
Principles relating to processing of personal data
When processing personal data, we do so by following the principles and rules as stipulated in
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the
protection of natural persons with regard to the processing of personal data and on the free movement
of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
When processing personal data, we take into account the legal obligation of professional secrecy as
regulated by the EU, i.e. Croatian law.
Our employees protect personal data as a trade secret, even after termination of employment. We
only process personal data as follows:
• lawfully, fairly and in a transparent manner;
• for specified, explicit and legitimate purposes;
• using only accurate, up-to-date, appropriate and relevant data limited to the purpose for which
they are being processed;
• keeping them for no longer than is necessary for the purposes for which the personal data are processed and
• protecting them against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Personal data of children below the age of 16 years are processed only based on the parental or carer
consent in the extent and scope consented to. We handle such data with particular care.