What data can tenants have on guests?

April 30, 2021 – The GDPR in Croatian tourism must be respected as well as in all forms of society. The protection of personal data is of utmost importance when collecting information from customers, but how is the GDPR used, respected and above all not violated in Croatian tourism?
As Poslovni Dnevnik / Suzana Varosanec writes, the processing of clients’ personal data for the purpose of putting a guest’s details into Croatia’s well-known eVisitor system is based on the Tourist Tax Law and Ordinance on the eVisitor system, and as such represents a legal obligation of the owners / managers of private accommodation. In the event that a customer refuses to provide information, the service provider has the right to refuse to provide the service. However, this situation can be circumvented by informing customers in advance about the processing of data through, for example, an online privacy policy.
If the GDPR in Croatian tourism is examined through the eyes of private accommodation providers who have their own websites, care should be taken to seek consent for cookies (other than necessary ones) and a brief informational notice about them. must be provided. These tenants must also have a privacy policy or statement.
All of the above information was provided during the training on Personal Data Protection and GDPR Harmonization in Croatian Tourism, as part of an interactive online workshop hosted by the Data Protection Agency personnel (AZOP) and the Croatian Chamber of Commerce (HGK). The information was presented to 230 participants interested in the correct handling of personal data and the specifics of the tourism industry.
In addition, copying and scanning of personal documents and their archiving is only allowed if OCR scanning methods are used, which automatically process only the data that can be taken and absolutely nothing else. Customers who pay for excursions (as in active tourism) do not need to give their consent, but must, according to the law on the provision of services in tourism, be informed orally and in writing before the excursion does not take place.
The aim of the aforementioned training session is to help companies in the Croatian tourism industry to harmonize all their business processes with the sometimes confusing GDPR provisions. This form of training was one of the activities carried out by this agency, within the framework of the implementation of the European project ARC (Awareness Campaign for SMEs), with the same objective, which is to help SMEs to align their business processes on GDPR rules.
To learn more about Croatian tourism, be sure to follow our travel section.