As Poslovni Dnevnik/Suzana Varosanec writes, the processing of personal data of guests for the purpose of putting the detais of a guest into Croatia’s well known eVisitor system is based on the Tourist Tax Act and the Ordinance on the eVisitor system, and as such represents a legal obligation of private accommodation owners/managers. In the event that a guest refuses to provide information, the service provider has the right to refuse to provide the service. However, this situation can be circumvented by informing guests in advance about the processing of data through, for example, a privacy policy online.
If GDPR in Croatian tourism is being looked at through the eyes of private accommodation providers who own their own websites, care should be taken to ask for consent for cookies (other than the necessary ones) and a short information notice about them should be provided. Such renters should also have a policy or privacy statement available.
All of the above information was provided during training on personal data protection and harmonisation with the GDPR in Croatian tourism, as part of which an online interactive workshop organised by the Personal Data Protection Agency (AZOP) and the Croatian Chamber of Commerce (HGK). The information was presented to 230 participants who were interested in the correct processing of personal data and specifics in the tourism industry.
Furthermore, the copying and scanning of personal documents and their archiving is not allowed unless OCR scanning methods are used which automatically process only the data that are allowed to be taken and absolutely nothing else. Those guests who pay for excursions (such as in active tourism) don’t need to give consent, but must, in accordance with the Law on the Provision of Services in Tourism, be informed both verbally and in writing before the excursion takes place.
The aforementioned training session’s aim is to support enterprises in the Croatian tourism industry in harmonising all of their business processes with the provisions of the sometimes confusing GDPR. This form of training was one of the activities conducted by this Agency, within the implementation of the EU project ARC (Awareness Raising Campaign for SMEs), with the same the goal, which is to support SMEs in aligning their business processes with GDPR rules.
For more on Croatian tourism, make sure to follow our travel section.