Privacy Policy

Privacy Policy

Mulino d.o.o. is committed to protecting your private information. The following text introduces you to our Privacy Policy.

Please, check our Privacy Policy periodically for possible changes.

Introductory terms

Mulino d.o.o., respects your privacy and the safety of your personal data. The collection, use and processing of your personal data is carried out in accordance with these Privacy Rules and with the applicable legal provisions.

Please note, that we reserve the right to change the terms and conditions of the Privacy Policy, under which this Site is offered at any time. At every touch point or guest interaction, also by conducting every aspect of our business, we may collect personal data.

This Privacy policy for Mulino d.o.o. shall apply from May 25th, 2018. By using the services and products you entrust us with your data. This Policy describes what data we collect, the ways we process them and the purposes we use them for, as well as your rights associated with your data.

Responsible for data processing:

Mulino d.o.o., Škrile 75a, Buje, Croatia, PIN: 75599831396

The Data Protection Officer is available at the e-mail:

If we use the services of external service providers for the processing of your personal data, we are talking about the processing (of personal data) per order. In this case, we are responsible for the protection of your personal data. During the processing of your personal data, we may use service providers outside the EU. We will do so only if for that third country exists a decision of the European Commission on the adequacy of that country, or if we contracted with the service provider appropriate warranties or adherence to binding regulations on the protection of personal data.

"Personal data" means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.

By accessing and using our website (this includes: viewing, transmitting, caching or storing this site, or any of its services, functions, materials or content) this means you have read and agreed to each and all the terms and conditions. If you do not agree with the terms and conditions, you may not use this Site for any further purpose.

Your rights

  1. Right to rectification: If we process your personal data that are incomplete or inaccurate, at any time you can request from us correction or amendment of the data
  2. Right to erasure: You can request from us erasure of your personal data if we have processed them unlawfully, or if that processing represents a disproportionate infringement in your protected interests. Please take into consideration that there exist reasons that prevent immediate erasure, such as statutory obligations.
  3. Right to the possibility of data transfer: You may request from us to deliver to you in a structured form (in a common machine-readable format) the data that you have entrusted to us for archiving purposes
  1. Right of access: You can get a confirmation from us on whether your personal data are processed and if such personal data are being processed, you can get access to these data and the following information: information on the purpose of the processing, on the categories of the personal data concerned, on the recipients or categories of recipients to whom personal data are disclosed or will be disclosed, on the estimated period in which personal data will be stored or on the criteria that were used for the determination of that period, on the existence of your rights that are listed in this paragraph of the Policy, on the existence of automated decision making, including drafting profiles and information on the logic of the processing, on the importance and the predicted consequences of processing, on the protective measures if the personal data are transferred to third countries or international organization.
  2. Right to limit processing: From us you can request the restriction of the processing of your data:

a)if you dispute the accuracy of the data during the period that allows us to verify the accuracy of these data

b)if the data processing was unlawful, but you refuse erasure and instead request data restriction

c)if the data are no longer required for the intended purposes, but you still require them to meet legal requirements

d) if you filed a complaint about the distribution of these data

6.Right to object: If we distribute your data in order to execute the tasks of public interest or tasks of public authorities or if we refer to our legitimate interests during their processing, you can submit a complaint against such data processing if there is interest of protecting your data.

7.Right to appeal: If it is your opinion that during the processing of your data we violated Croatian or European regulations on data protection, please contact us in order to clarify any inquiries. You certainly have the right to submit a complaint to the Croatian Personal Dana Protection Agency, or in the event of change of applicable regulations, you may submit a complaint to another body, which will take over its jurisdiction, and from May 25th, 2018 this complaint may be submitted to the supervisory body within the EU as well.

8.Exercise the right: If you would like to exercise any of the above-mentioned rights, please contact us by using our contact information stated in the introductory provisions of this Policy.

9.Authentication of identity: In case of doubt, we may require additional information to verify your identity. We do so in order to protect your rights and private sphere.

10.Abuse of rights: If you use these rights too often and with an evident intent of misuse, we may charge an administrative fee, or refuse to process your request.

The legal basis for the processing of your data

We process personal data based on the following legal grounds:

On the legal basis, processing of personal data is necessary for the execution of the contract, i.e. to finalize and manage your reservation. If the required personal data are not given to us, we cannot finalize the reservation, nor can we provide the services of the customer service.

We rely on our own legitimate business interests in order to provide our services, prevent fraud and improve our services. When using personal data for the purpose of exercising our legitimate interests or the legitimate interests of third parties, we will always prioritize your rights and interests to protect your personal data over our rights and interests or rights and interests of third parties. Sometimes we may contact you through other channels such as email, post, telephone or SMS – the selected modality depends on the contact information you have previously shared with us. Also, we process the messages that you send us. There are several reasons for this:

Answering and processing of any request that you have made. We offer our guests various ways of exchanging data, requests and comments about their offers and existing reservations made through our website and through the booking interface.

When you use our services, you may receive a questionnaire or an invitation to write a review about your experience with us.

Also, we send you other types of materials related to your reservations, such as information on how you can contact us if you need help while you're on the road, and information that we believe you might find useful when planning your stay in order to spend it in the best possible way. We also send you material related to the upcoming travel reservation.

When calling the Customer service team, we use a system of automatic phone number recognition to connect your telephone number.Our Customer service team may require data authentication, which ensures the confidentiality of your reservation data.

In addition, when applicable, we rely on the fulfilment of legal obligations (such as the legitimate requirements of the competent law implementation authorities). When necessary, and on the basis of the applicable law, we will obtain your consent prior to the processing of your personal data for the purposes of direct marketing.

 Information for individual categories of data subjects

  1. Guests and other users of our services

1.1. Why do we collect and process your personal data?

When processing your personal data we also partly apply automated processing processes, for example: in order to constantly improve our products and services, to make our contact with you more individual, and in order to customize as much as possible our offer and products to your users’ habits. Such processes can be called profiling, and, as such, are mentioned in the following text. In addition, we may process and analyze large amounts of data about our users so that they are processed in an aggregated and anonymous form and cannot be linked to a concrete physical person. We process all kinds of your personal data for the following purposes:

Communication by telephone, electronic mail and directly at the location where the service is provided:

During the contractual relation, as well as after the termination of our contractual relation, we contact you via the following communication channels for which you have given us consent: call, SMS, electronic mail (email), social networks, in written form (by post).

Managing of your reservations of rooms in accommodation facilities

Providing services that you have requested from us (for example, providing of accommodation services in hotels, providing services of food and drinks, wellness services, gaming service);

Providing information on conferences and events;

Organization of congresses and seminars;

Check-in and check-out of guests to who you provide accommodation;

Ensure payments of providing services;

Exercise rights towards guests (e.g. billing for provided services)

Improvement of your stay in the accommodation facility;

Management of the fidelity program;

Use your feedbacks to improve our services;

Providing services after the stay: subscription to our newsletter, other marketing communication and marketing activities with the purpose of informing about our services and products;

Our internal statistical data processing;

Customer satisfaction monitoring

Realization of a contract:We process personal data for the purpose of providing and calculating services in tourism and hospitality in accordance with the applicable Hospitality and Catering Industry Act (e.g. the provision of accommodation services in hotels). We process your personal data when you give inquiries in accordance with the applicable regulations (e.g. Law on electronic communications, Law on consumer protection, Law on personal data protection, etc.), as well as for informing that we are obliged to carry out according to the applicable regulations (for example, to send out the notices, to send a reminder for the payment of services, etc.). For the purpose of realization of the contract, we may contact you via the contact information you have given us;

Detection of misuses and recognition of errors:

We also process your personal data internally, in order to detect fraud and misuse. For the purpose of revealing misuses and recognizing errors we can contact you via the contact information you have given us;

Verification of creditworthiness and collection of claims:

Prior to the conclusion of the contract and during an existing contractual relationship with you, Mulino d.o.o. we have a justified interest in learning more about the creditworthiness of our (future) users. If we have stored your personal data during a prior contractual relationship with you (and we still have that personal data in accordance with the applicable regulations and this Policy), we can use them to assess the creditworthiness in case you wish to conclude a new contract with us. In this case, this is called profiling in terms of this Policy. If your creditworthiness is low or we cannot get information about your creditworthiness, we may decline the stipulation of the contract or request additional funds of insurance. If you have a complaint related with the assessment of creditworthiness, you can dispute it in any moment and state your opinion. If you do not fulfill your contractual obligations, and in order to protect ourselves as a creditor, we can forward the relative personal data and use the services of physical and legal persons for the collection of claims (for example, law firms, debt collection agencies and etc.). Before we undertake such a measure, we will inform you on the matter via the contact information you have given us, so that we could give you the opportunity to submit an observation;

Profiling: Mulino d.o.o. processes personal data referred to in article 1.3, points from a. to c. of this Policy within the framework of the justifiable (legitimate) interest in order to gain an overview of our products and services for which you might be interested in, and in order to assign you with an internal user category. Based on this, as our user, we can offer you the appropriate services and products tailored to your users' habits, and which can give you additional benefits, i.e. can anticipate your needs and respond to them in a timely manner. For example: if we notice that you are often staying in the facilities of the Mulino d.o.o., we can offer you a special offer for staying in Mulino d.o.o.; If we notice that you are using the spa services at our facilities more often, we can offer you a special package that includes Spa facilities. In this sense we will process, for example, data about the manner of usage of our products and services, the preferred way and channel of communication, and your demographic information (age, gender, etc.).

We responsibly guarantee that these data will be used only for such purposes. The purpose of data usage is contacting you (so that we can send to you the information by post, fax, e-mail, telephone, etc.) if there would be a need to contact you quickly, or for the statistical processing of data, but only for our internal needs and market research.

Since we do not intentionally collect personal data of persons under the age of 18, we would be grateful if your children did not deliver any personal data without your permission.

As far as the obligations according to local authorities, it is possible that we will also be required to submit your information to local authorities if so provided by law.

1.2. Sources from which we collect your data

Personal data you provide to us

We collect and use the data you provide to us. When you make an accommodation reservation (further: reservation) and when you check in to the accommodation facility, we will ask (at least) your first and last name, email address, home address, phone number/cell phone number, billing information, date of birth, names of guests who are traveling with you and any preferences (such as your preferences in terms of diet and possible reduced mobility) related to your stay

If you need to contact our customer service or you want to contact us in some other way (for example, interact with reserved travel Provider through us), in this way, we will also collect your personal data. Guests can also receive an invitation to write a review so that future customers can easily find what they are looking for. We will collect from you the data that are included in your reviews, including your nickname and avatar, if used.

In addition, you can send us feedback or to ask for help when you are using our services.

Personal data you provide to us on third parties

Maybe in some cases you will not make a reservation for yourself. You might go on a journey with other guests whose data you will specify during the booking process or you might perform a reservation in someone's name.

We are obliged to point out that it is your responsibility to ensure that the person or the people whose personal data you have given us are familiar with that and that she/he understands and accepts the way in which we use this data (as described in the Policy).

Personal data we receive from other sources

Not only we collect the data that you provide to us - we may also receive information about you from other sources. These include business partners such as distribution partners and other independent third parties, and everything we get from them can be combined with the data you provide to us. For example, reservation services are not exclusively given through us and our applications, they are also integrated in the services of the distribution partners that you can find on the Internet. If you are using some of them, you can provide the data necessary for the reservation to our business partner, which he then forwards to us. These distribution partners share with us payment information so that we can manage your reservation and process it, in order to make the whole procedure easy for you.

Distribution partners also share with us data about you – this can happen in case you have questions regarding a reservation, and if difficulties related to the reservation occur.

1.3. Types of data we collect

We use the following personal data:

a) your basic personal data: first name and last name, address, personal identification number (PIN), date of birth, gender, phone number and contact information (e-mail address, phone number).

b) other personal information, provided to us by you or a third party during the stipulation of the contract or throughout the duration of the contractual relationship, such as data from the ID card, bank account, powers of signature or representation; these do not comprehend the data that are especially sensitive in terms of protection of personal data, in particular data on racial or ethnic origin, political or religious beliefs or worldview, genetic data.

c) your data on the consumption and use of our products and services: for example the amount of the consumption for service of accommodation, food and beverages, spa services and treatments, gaming etc.

d) information about your habits of using our products and services in general: for example the desired period of stay, the length of stay, the category of the facility, the preferred brand, the preferred type of service such as wellness, food and beverages.

e) other data you indicate to us, and you want they remain secret

You can, at any time, cancel the protection of this data, by an express statement. You can unsubscribe at any time from our mailing list, and in such way we will no longer use your data for promotion. In this case we may use them only in our own internal purposes, for example for statistical data processing.

1.4. Sharing your data with other people

In certain situations, we will share your personal data with third parties.

Third parties that provide services: We use service providers to process your personal data on our behalf. This process is made for several purposes including sending marketing materials or verifying the accuracy of the e-mail address that you specified during the booking procedure. Third parties that provide services have undertaken to keep the confidentiality of provided information, and are not permitted to use your personal data for purposes other than those which we specified.

Billing service providers and (other) financial institutions: When you or the owner of the credit card used for the reservation request a refund for your reservation, we need to share certain information about the reservation with the billing service providers and the relevant financial institution which will perform the refund. This may also include a copy of your confirmation of the reservation. If it is considered necessary in order to detect or prevent fraud, we may share this information with the relevant financial institutions.

Competent authorities: We disclose personal data to law enforcement authorities if necessary in accordance with the law, or if necessary for the prevention, detection or prosecution of criminal offences and fraud, or if we are otherwise legally required to do so. In addition, we can disclose personal data the competent authorities in order to protect our rights or property or the rights and property of our business partners.

Business partners: We collaborate with numerous business partners. Our business partners distribute or promote our services and products.

After you make a reservation through the website or application of any of our business partners, certain personal data that you provide to them, such as your name and email address, your address, payment information and other relevant information, will be forwarded to us in order to manage and finalize your reservation. If the business partner provides the services of the Customer service, we will share with the partner the data related to your reservation (when and in the extent that it is necessary), so that the partner could provide to you adequate and efficient support. After you make a reservation via the website or application of one of our business partners, he can receive certain parts of your personal data related to a specific reservation, such as your name and e-mail address. This is done for internal purposes (such as analytical purposes) of the partner and, if you request it, for the purpose of maintaining the fidelity or marketing programs.

After you make a reservation through the website of our business partners, we kindly ask you to read their privacy statement if you want to know how can they process your personal data. For the purposes of detecting and preventing fraud and if it is necessary, we may also exchange data about our users with our business partners.

Booking interface: We can allow you to execute reservations via the Booking interface. As part of the reservation process, we will be required to share some of your personal data, relevant for that reservation, to the relevant business partner.

The transfer of personal data described in the Policy may involve the transfer of personal data to other countries, whose data protection laws are not as comprehensive as the laws of the Member States of the European Union. When it is necessary on the basis of European law, we will transfer your personal data only to recipients that provide an adequate level of data protection. In such situations, if necessary, we will stipulate the contracts in order to ensure that your personal information remain protected in accordance with the European standards. You can ask us to deliver you a copy of such contracts by using the mentioned contact information.

1.5. Retention period of personal data

We usually delete your basic personal data when the contractual relationship terminates, and at the latest at the end of all legal obligations related to the safeguarding of personal data.

Please take into consideration that we do not delete your data:

Your basic personal information: first and last name, address, personal identification number (PIN), date of birth, gender, phone number and contact information (e-mail address, phone number)

Other personal information, provided to us by you or by a third party, during reservation of the accommodation facility and such data are: data from the identity card or passport, bank account, the power of signature or representation; this does not comprehend the data sensitive from the aspect of data protection, particularly data on racial or ethnic origin, political or religious beliefs or worldview, genetic data.

Your other personal data are generally deleted upon termination of the relation, and at the latest at the end of all legal obligations of retention, except in the case when a forced collection process of unpaid claims has been initiated or until the finalization of complaint procedures if there has been a timely complaint to a product or service, in accordance with the applicable regulations.

Your data about the use of our products or services are generally deleted upon the termination of the relation, and at the latest at the end of all legal obligations of storage, except in the case when a forced collection process of unpaid claims has been initiated or until the finalization of complaint procedures if there has been a timely complaint to a product or service, in accordance with the applicable regulations.

Once you provide us with the data and give consent to contact you, you are subscribed to our mailing list. The moment of subscription is your consent to be contacted. The protection of the privacy of your data is permanent. At any time you can request to be deleted from our mailing list.


We use your information in the following marketing purposes:

  1. To send you regular news related to our products and services. You may, quickly, easily and at any time, unsubscribe from receiving notifications via email - simply click on the link "Unsubscribe" stated in each newsletter.
  2. When you participate in other promotional activities (such as competitions, loyalty programs or prize games), the relevant information will be used for the administration of these promotional activities.

Links to other web sites

This web site may contain links to other web sites managed by Mulino d.o.o. or other organisations that have their own special privacy rules, so we inform you that you must familiarise yourself with their terms of use and privacy rules prior to providing them with any personal data, as Mulino d.o.o. cannot assume any liability for these web sites or the organisations that manage them.

Measures of personal data protection

We conduct reasonable procedures to prevent unauthorized access and misuse of personal data. For the protection and storage of the personal data that you have entrusted to us, we use appropriate business systems and procedures. We also use security procedures as well as technical and physical restrictions for access to and use of personal data on our servers. Access to personal data is allowed only to authorized personnel for business purposes. The security measures are subject to technical progress and development. We may update or modify the security measures from time to time provided that such updates and modifications do not result in a degradation of the overall security of the system. We define the control of access to the system, as well as which employees have access to personal data of guests and other persons. We will ensure that every employee who has the authority for the processing of personal data is subject to the obligation to confidentiality requirements and continuous training in terms of protection of personal data of clients, partners, guests and other persons in accordance with the regulations.

Protecting the personal information of children

We advise parents and guardians to teach their children the importance of being responsible when dealing with personal information on the Internet. We do not wish to collect, and have no intention of collecting, personal information from those under the age of 18 , we do not want divulged to a third party.We do not enable children, without parental consent, to publicly announce, or in any way distribute, personal information sent to us as contact information.The personal information of children will be deleted from our database should a parent or guardian request us to do so. As a parent or guardian, you retain the right to request to see any and all personal information regarding your child which we received. You may also request the removal of information (should this information still exist in our database) and/or ban any collection or usage of information about your child in the future. If you are a parent who would like to exercise that right please contact us. Aside from the aforementioned, we guarantee the protection of personal information of children in accordance with the legal regulations that pertain to this issue.

Changes of information

At any time, you may contact us to review your personal information as well as alter, correct or information. Up until we receive notification of changes, we will continue to use your original contact information. In the event of experiencing difficulties with your rights, please contact us directly on the e-mail address:

Your Permission

In filling out the forms on this site, you guarantee that the information provided is correct, that you are capable of doing business, and that you fully agree that we collect and use your personal information in accordance with the regulations and terms of our privacy policy.

You agree that the use of our website is at your own responsibility. Mulino cannot in any way guarantee that the use of this website will not be interrupted or without errors.


Any change to our Privacy Policy will become effective upon posting the information on this Site.

Mulino d.o.o. retains the right to change, modify and/or amend these Privacy Rules at any time. All changes to the Rules will be published on the Mulino d.o.o. Internet Portal; in the case of significant changes, you will be informed in a clear and understandable manner.

May 2018