Terms & Conditions
Under these General Terms and conditions, the terms have following meaning:
“Provider”: BeeRent d.o.o. is a legal entity founded under Croatian law in Rovinj, Zorzetti 3, VAT ID: 65741753571, which provide the software for distributing of the services in tourist industry
“User”: The User is a physical person or a legal entity that uses the software provided by the Provider for selling services in tourist industry
“Authorised person”: The person that has legal authority to represent another physical person or a legal entity based on a relevant law or agreement between them
The Provider and the User from here on after can be referred to as a “Party” or jointly as “Parties”
“Third Party”: A physical person or a legal entity that is in any way involved between the Parties and have direct or indirect impact on the legal relationship arising from these T&C
“Product”: The software governed by these Terms and Conditions is a software, services, web services and websites that comprise a web-based property management system and an online platform through which User may create listings for accommodations offered for rent by User or its affiliates, and through which prospective renters may gather information about such accommodations and their availability and enter into rental or other business transactions with the User, and to process payments through the system
“Licence”: Licence is a legal instrument governing the use of Product
“Pricelist”: The Provider document with the official prices of all services charged to the User, which is published on the official Provider websites and is occasionally amended by the Provider
“Effective Date”: The date of last modifications of these T&C
Singular “Form” or plural “Forms”: The forms represent all documentation provided by the Provider on its official websites which are deemed necessary for the usage of Product by the User
“T&C”: General Terms and Conditions represent the total of governing conditions under which the User has the right to use the Product and are legally binding to the Parties upon acceptance by the User on official Provider websites
“Confidential Information”: means any information, technical data, or know-how, including, but not limited to, that which relates to research, product plans, products, services, customers, markets, software, developments, inventions, processes, designs, drawings, engineering, hardware configuration information, marketing or finances of the disclosing party, which Confidential Information is designed in writing to be confidential or proprietary, or if given orally, is confirmed promptly in writing as having been disclosed as confidential or proprietary. Confidential Information does not include information, technical data or know-how which: (i) is in the possession of the receiving party at the time of disclosure as shown by the receiving party`s files and records immediately prior to the time of disclosure; (ii) prior to or after the time of disclosure becomes part of the public knowledge or literature other than as a result of any improper inaction or action of the receiving party hereunder; (iii) is approved by the disclosing party, in writing, for release.
“User Data”: means Personal Data that Provider processes on Users behalf for the purpose of Product usage, including Personal Data relating to customers of User, property owners with properties managed by User, and vendors with which User has a formalized business relationship
“Data Controller”: means the physical or legal entity which determines the purposes and means of the processing of Personal Data
“Data Processor”: means a physical or legal entity which processes Personal Data on behalf of the Data Controller
“Reverse engineering”: includes all processes of extracting knowledge or design information from the Product and reproducing it or reproducing anything based on the extracted information.
“Provider App” means the web based control panel used to manage the Product
“Personal Data” means data which relates to a living individual who can be identified (a) from those data, or (b) from those data and other information which are in the possession of, or is likely to come into the possession of, the Data Controller
“Property Data” means full descriptive information for each rental unit that User wishes to include in the Product, including but not limited to the property name, description, location, amenities, calendar, rates, photos and other appropriate information
“Property Information” means Property Data and Booking Data
“Property Sharing” means the ability for one User to market and make reservations of another User Units. Property Sharing requires agreement of both Users, but the availability of suitable properties is not guaranteed by Provider
“Unit” is a rental unit onboarded the Product by User
“PCI”: The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for legal entities that handle credit cards and are mandated by the major card brands including Visa, MasterCard, American Express, Discover, and JCB and is administered by the Payment Card Industry Security Standards Council
“Transaction Fee”: Transaction Fee is a fee charged by the bank or payment gateway legal entity that has legal and commercial authority to do so and is processed toward the User
These T&C constitute a legally valid binding agreement between the Parties from the moment of acceptance by the User on the official Provider websites to the moment where the User stops to use the Product, with exceptions of some provisions defined under relevant articles of these T&C.
Physical person or a legal entity becomes a User by marking the acceptance of the T&C on the official Provider websites. The acceptance of these T&C is to be done by the physical person or an authorised person of the physical person or legal entity. If the acceptance is done by the physical person, the Provider reserves the right to demand an official state issued document that proves that the person who fulfilled the official Provider documentation is the same person that is to be a User of the Product and if the acceptance is done by an authorised person of the physical person or legal entity, the Provider reserves the right to demand an official state issued document that proves that the person who fulfilled the official Provider documentation is authorised to legally represented and bind the User to these T&C.
By accepting these T&C, the User accepts to be charged for all product prices, fees and transactions noted in the Pricelist of the Productwhich can be amended by the Provider without any special permission by the User. If the Pricelist is amended, it becomes effective on the day of the publication on the official Provider websites. The User accepts to be charged by the Provider at any time for any Third Party transaction fees without any further permission by the User.
The User is solely responsible to provide with the truthful information about himself, services he offers, credit / debit card information and other information demanded by the Provider and / or authorised governing body.
Provider is not (i) a real estate broker, agent, insurer, or booking agent; (ii) a party to any rental or other agreement between User (or its customer) and a guest who rents a Unit or engages in any other transaction with User (or its customer); and (iii) does not have any authority to accept or reject a rental application or other offer to contract with User or its customer, such authority rests solely with the User or its customer.
Provider hereby grants to the User a non-exclusive, non-transferable, limited licence to the use of the Product and related user documentation on the terms and conditions set forth herein.
The User is authorised to use the Product following these T&C, the guidelines in oral and in written set by the Provider and the applicable laws.
The User is licensed to use the Product only for his own and the Product is only to be used in accordance with the applicable documentation and for the functions and the purpose for which it is designed for.
Modules that are not set as payable in the official pricelist, are free to use by the User.
The Product is licensed to be used on a subscription basis pursuant to the subscription terms set forth in official Pricelist of the Providerwhich is incorporated herein.
All changes of the pricelist must be published on official Provider webpage and the User must be notified of the changes via email.
The Product is licensed to be used on a basis pursuant to the terms set forth in these T&C and the official Pricelist of the Provider which is incorporated herein.
The User accepts and fully understands that the Provider (in accordance with his own will) may amend the Pricelist without any prior written or oral consent by the User.
2.3. SOFTWARE UPDATES AND MODIFICATIONS
The Provider may in his own discretion update and modify the Product without any prior written or oral consent by the User.
All updates and modifications of the Product shall be published on official Provider websites.
Each update and / or modification will be deemed to be part of the Product and shall be governed by these T&C.
Ownership, defined by the applicable laws, over the Product and all material that including but not limited to common designs, layouts, audio, visual and text content, program (source) code, websites created by the Provider, scripts, database structures, proprietary strategies and processes, and other intellectual property, which the Provider uses in the present business relationship as well as outside this business relationship, banners, logo's, patents, databases, audio and visual material, ideas for developing new technologies, the current technology used by the Provider, as well as the technology that in the future will result from the technology which is owned by the Provider and / or its partners or by the Provider and / or its partners take other proprietary rights, remains the exclusive property of the Provider and / or its business partners.
All copyright or patent ownership over all technology that is and is to be created within or outside of the legal relationship set forth under these T&C belongs solely to the Provider and / or its business partners.
The User commits not to impugn any copyright or any other ownership rights of the Product.
The exception are the photographs, videos and text of the properties and other tourist services uploaded by the User.
2.5. NO REVERSE ENGINEERING
The User is not permitted to (a) modify, adapt, alter, translate, or create derivative works from the Product; (b) sublicense, lease, rent, loan, or otherwise permit a third party to use the Product; (c) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code for the Product; (d) otherwise use the Product except as expressly allowed in these T&C.
2.6. ADDITIONAL RESTRICTIONS
Unless expressly and specifically permitted to do so under these T&C, and then only in the exact manner specified, the User may not (a) permit third parties to use the Product; (b) remove or alter any trademark, service mark, logo, copyright, or other proprietary notices in or on the Product; (c) place on any portion of the Product materials that are illegal, obscene, dangerous or libellous, or that violate, infringe or misappropriate any copyright, trademark, patent, trade secret, or other statutory or common law intellectual property right.
The Provider reserves the right, but does not assume the obligation, to remove from any portion of the Product any content or materials that violate the provisions of these T&C; (a) access the Product if the User is a direct competitor of Provider, except with Providers express written consent; or (b) access the Product for purposes of monitoring its availability, performance, or functionality, or any other benchmarking or competitive purpose.
The User agrees not to use the Product, or any information obtained through the Product, for any unlawful or unauthorized purpose.
The User agrees that Provider has no obligation to retain any content, data or material after the expiration or termination of any legal relationship between Parties and that such content, data or material may be irretrievably deleted after such expiration or termination.
The User agrees not to register domain names that are derivatives of or deceptively similar to the Product or its trademarks or that have the purpose or effect of criticizing, ridiculing, disparaging, or defaming the Provider, and its products, services, policies, directors, officers, shareholders, or employees.
2.7. USER LOGO AND UPLOADED AUDIO AND VIDEO DATA
The User agrees that the Provider can, royalty free, without any additional written or oral consent, place a logo and / or text link on his official websites and emails included in the Product, including on publicly accessible pages on the User website.
The User agrees that the Provider may, royalty free, reference its relationship with the User for marketing purposes.
User agrees that Provider can access all data stored on or transmitted through the Product to conduct research, operate, and improve the Product and provide anonymous reporting for internal use and external clients and business associates.
The User agrees that the Provider can, royalty free, without any additional written or oral consent, send the uploaded audio, video and other data into the Product, to third parties for the purpose of selling services in tourism via the Product.
For the purpose of account verification and subscription payment, the User is obligated to provide a valid bank account and his credit / debit card details to the Provider.
The Provider holds the User fully accountable for all information provided by the User and / or persons he authorises to manage and process the information.
All transaction fees, regardless of the payment way, are on the User expense.
In cases where the Provider must proceed with the payment to the User in accordance with Pricelist, the payments shall be done in accordance with relevant laws and the Pricelist, whilst the Provider reserves the right to hold on the monies for breach of these T&C, the public security reasons or in cases demanded by local or international laws or agreement between the User and sales channels.
User agrees that the Provider can charge his credit / debit card can be charged at any time for the purpose of using the Product according to the official Pricelist or if the User causes any damages to the Provider by using any of the Provider services at any time without any additional consent.
Provider shall collect from the User all applicable taxes for the usage of the Product and processed payments under applicable laws.
In cases where, under applicable laws, is not required from the Provider to collect the applicable tax, the User is solely responsible to collect and pay all applicable taxes.
2.10. CUSTOMER CONTENT
User will use the Product as its primary tourism management software.
User agrees to provide Provider with complete and accurate information regarding rental property units and other tourist services managed through the Product, including information regarding guest charges and payments made via the Product, as well as any other descriptive information related to such services, in a mutually agreeable electronic data transmission format or through manual data entry performed by User through the Product.
By using the Product, the User gives his consent to the Provider to send his personal data, e.g. name and surname, address, electronic mail address, mobile phone, telephone, personal identification number, VAT ID, bank account and other personal information relevant to the sale of his products via Product to the sales channels on which the User requested connection and to his clients.
User represents and warrants that all information shall be true, complete and accurate and that User has the authority to provide the information to Provider.
The Provider has the right to store and / or transfer without any limitation and further notification all information provided by the User, royalty free, through the Product in connection with, the User agree to indemnify and hold Provider and its employees harmless from all claims or causes of action that may arise with respect to named information.
The User is solely responsible to obtain all necessary consents and clearances required to lawfully make use of all intellectual property rights for data uploaded into the Product, along with respect to chosen domain name.
The User agree that all information submitted to, stored or distributed by him in connection with the Product (a) shall not be false, inaccurate, fraudulent or misleading; (b) shall not infringe any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy; (c) shall not violate any law, statute, ordinance or regulation; (d) shall not be defamatory, trade libellous, unlawfully threatening or unlawfully harassing; (e) shall not contain sexually explicit, obscene, or pornographic content; (f) shall not contain speech or images that are offensive, profane, hateful, threatening, harmful, defamatory, libellous, harassing, or discriminatory (whether based on race, ethnicity, creed, religion, gender, sexual orientation, physical disability, or otherwise); (g) shall not contain graphic violence; (h) shall not express statements or positions regarding politically sensitive or controversial issues (e.g., euthanasia, abortion, capital punishment), or contain other political content (e.g., lobbyists, PAC sites, political campaigns); (i) shall not contain any viruses, trojan horses, worms, time bombs, or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any Product, data or personal information; and (j) shall not create liability for Provider or cause it to lose (in whole or in part) customers or the services of service providers or other suppliers.
Provider reserves the right to monitor and limit or deny access to automated processes (bots) that harvest copyrighted online content without explicit permission from Provider, regardless of whether such content is owned by User, Provider, or third parties.
User must create his own terms of service, payment, and cancellation policy in respect of the services he provides in accordance with applicable laws.
User must, on his own, agree upon commercial and other terms with sales channels with which the Product is connected for the purpose of selling his services.
2.11. USE OF PRODUCT
User hereby agree: not to use the Product for “spamming,” as determined by Provider in its reasonable discretion; to keep secure any identification, password and other confidential information relating to all Product usage and shall notify Provider immediately of any known or suspected unauthorized use of the Product or breach of security, including loss, theft or unauthorized disclosure of passwords or other security information; not to use the Product for any unlawful purpose; not to engage in any other conduct that restricts or inhibits any other person from using or enjoying the Product, or which, in the judgment of Provider, exposes Provider, or any of its customers or suppliers to any liability or detriment of any type; be responsible for obtaining and maintaining all telephone, computer hardware and other equipment needed for access to and use of the Product, and shall be responsible for all charges related thereto.
If the User uses the module of the Product which allows him to send emails, the User must comply with applicable laws and contain an opt-out link and full address information.
If the User missuses the email module e.g. spam, the Provider is entitled to prohibit the use of the module and to demand a full refund of all costs and damages occurred.
While using the Product, the User must comply with all local laws.
Certain advertising information may be displayed through the Product at Provider’s sole discretion, which fact shall not entitle User for any advertising fees or revenues unless otherwise explicitly agreed to in writing by Provider.
User business dealings with, or participation in promotions of, advertisers found on or through the Product, including payment and delivery of related goods through the Product, and any other terms, conditions, warranties, or representations associated with such dealings, are solely between User and such advertiser.
Provider shall not be responsible or liable for any loss or damage of any sort incurred as the result of any such dealings or as the result of the presence of such advertisers on the Product.
The Product may include links to other Internet sites or resources and may provide functionality and information that facilitates User ability to engage or contract with third party service providers, including without limitation online sales channels connected with the Product.
If the User ask to be connected to third party systems for the purpose of selling his services, he authorises the Provider to transmit to such provider’s information about him and his properties that is stored in the Product as requested by such third-party providers.
The User agree that Provider is not responsible for the availability of such external sites or resources and is not responsible or liable for any content, advertising, products, services, or other materials made available by such third parties or through such sites or resources, or if such third party’s services have been “certified” as being compatible with the Product.
User further agree that Provider shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, advertising, products or services made available by such third parties or through any such site or third-party resource.
By using the Product, User consent to receive information from Provider in electronic format without any limitations.
2.11.1 SPECIAL PROGRAMS WITH SALES CHANNELS
Some sales channels request of their suppliers (property owners and managers) minimum units to be sent through a channel manager.
For suppliers who do not meet minimum requirements for number of units for this type of connection, some sales channels developed programs within which a channel manager creates a single profile for a bulk management.
Within this program sales channel signed an agreement with the Provider for properties to be shared with the sales channel.
Within this program the Provider is only a software link between the property owners or managers and sales channels and their respective customers.
Provider will notify the User if he is eligible to enter to such program.
During the participation, the User is solely responsible for any and all bookings and all applicable obligations under an agreement between a sales channel and the Provider and all applicable laws.
The User is solely responsible to carry out all bookings made to the guests and sales channels.
The Provider is only responsible to notify the User for all bookings and guest data under the terms of this T&C within software limitations and carry out his obligations for BeeRent Pay service.
If the User wishes to participate in this program, he must comply with all BeeRent Pay service requirements and applicable laws.
2.12. PAYMENT PROCESSING
For all payments that are to be processed via the Product, the Provider shall at all time maintain PCI compliance.
Provider shall in its own discretion chose online payment provider or process the payments within the Product in accordance with highest PCI standard.
All documentation regarding payment processing is to be considered as a Confidential Information and is not to be shared with non-authorised persons.
In all cases of payment processing through the Product, the card holder and User are fully responsible for all damages that may occur to the Provider in case (i) violation of international or local laws; (ii) violation of the PCI compliance regulations; (iii) fail to provide with additional information if asked for by the Provider; (iv) provide false, inaccurate or misleading information; (v) refuse to cooperate in a legal proceeding or audit that is required by the government authority or PCI bodies; (vi) provides the credit or debit card without prior written consent by the card holder.
Provider agree to provide necessary support for the Product to be used with industry standard.
Provider shall provide support at working hours between 8:00 AM and 4:00 PM Zagreb time on working days, excluding bank, national and catholic religion holidays.
The support shall be provided mainly via email or the appropriate software console through the Product.
For the purpose of quality control, the Provider is authorised without any additional written or oral consent record and monitor all telephone and all other electronic conversations between the Provider support team and User.
2.14. SECURITY INFORMATION
User must use best efforts to keep safe all sensitive security information for the purpose of Product usage e.g. email used, account name, password, etc.
User must keep such information strictly confidential and to notify the Provider immediately if he discovers loss or misuse the that information.
User is solely responsible for the use of his access information to third parties and to Provider for all damages occurred.
Data privacy protection officer is Ivan Cvek, contact mail: firstname.lastname@example.org
Collected personal data is necessary to connect with sales channels, online payment, using the text sending module, using the mail sending module, communication with tourists, invoicing, sending information to tax authorities, application into tourist application systems, and similar purpose.
Purpose of collecting and processing of personal information is providing services in tourism by using the Product in accordance with these T&C.
Personal information are used by accepting to these T&C and by using the Product.
User can use aforementioned mail for the purpose of using his rights in regard to processing of his personal information.
Subject rights are: (i) right to access of collected and processed personal information, (ii) processing purpose, (iii) type and category of the collected information, (iv) insight to recipients, their categories and intended storage period.
Access to personal information can be limited only if restricted by applicative legal norms, or if by restriction Provider respects the essence of fundamental rights and freedoms of others.
Data subjects has the right to demand correction or amendment of incorrect or incomplete information by sending a complete claim on the named email with clear instructions to what is not correct or is incomplete, and how it should be corrected, followed by proof.
Data subject has the right to request deletion of personal information if one of following terms is met: (i) processing purpose ends, (ii) withdraws consent and there is no other legal ground for processing, (iii) files a complaint on the processing of his personal rights in accordance with article 21. Clause 1. of GDPR if there are no stronger legal reasons to continue the data processing, (iv) personal information are unlawfully processed, (v) if it is stipulated within relevant legal norms.
Excepted from previous clause, data subject has no right to request personal data deletion if the processing is necessary to (i) exercising the right to freedom of expression and information, (ii) compliance with the legal obligation requiring processing or for the performance of a task of public interest or in the exercise of the official authority of the Data controller, (iii) for the purpose of archiving in public interest, scientific or historic research or for the statistic purpose to the extent it is probable that the right referred to in the preceding paragraph may impede or seriously jeopardize the attainment of the objectives of that processing, (iv) to set, pursue or defend legal claims.
Data subject has the right to data processing restriction if (i) disputes their accuracy, (ii) the processing is unlawful and data subject opposes deletion of the data, (iii) Data controller no longer requires the personal information, but the data subject requests that for the purpose of set, pursue or defend legal claims, (iv) data subject files a complaint for the processing.
Personal information can be forwarded to be used by information and communication providers acting as data processors.
Contracts have been concluded with the mentioned Data processors in which the handling of personal data in accordance with the GDPR is prescribed in detail.
In certain circumstances, there is a legal obligation to transfer personal data, and the processing of which may include international transfer.
The legal obligation arises from national or EU regulations.
he highest level of protection in the technological and organizational aspect is applied in the collection and processing of personal data.
All employees have committed to maintaining personal information by signing a confidentiality statement or employment contract.
Personal data is processed until the purpose of personal data processing is fulfilled.
After the cessation of the purpose for which they were collected, personal data are not used, and remain in the storage system for safekeeping for the duration of the obligation to keep in accordance with legal regulations on the preservation of archives.
All questions regarding the subject matter shall be sent to the e-mail address referred to in paragraph 1 of this article.
The subject matter is updated in accordance with the obligations of relevant legal regulations, and adjustments in technical and organizational terms, related to the security of personal data.
2.15.1. USING COOKIES
The Service Provider uses text files (hereinafter referred to as "cookies") on its website www.beerent.com.
Cookies are text files that are placed on a user's computer by an Internet server through which an Internet service provider (ISP) displays a web page.
Cookies are created when the browser on the user's device loads the visited network destination, which then sends the data to the browser and creates a cookie.
The browser retrieves and sends a cookie to the website server when the user returns to it.
The Service Provider's website uses technical cookies (mandatory cookies, cannot be excluded) that are necessary for the functioning of the Website.
The Product and all information provided by Provider relating to the Product are provided to the User on an “as is” basis, without warranty of any kind, express or implied, including, without limitation, as to the merchantability, fitness for a particular use or purpose, or any other warranty, condition, guaranty, or representation, whether oral or in writing, and the User accept the Product, as generally provided or as customized for his own use, at his own risk.
Product may be subject to limitations, delays, and other problems inherent in the use of the internet and electronic communications.
Provider is not responsible for any delays, delivery failures, or other damage resulting from such problems.
2.17. LIMITATION OF LIABILITY
In no event shall Provider or any of its affiliated or related parties be liable for any indirect, incidental, punitive, exemplary, incidental, special or consequential damages, or for any loss of data, revenue, profits, use or other economic advantage arising out of, or in any way connected with the Provider services, the Product, this agreement or the parties’ activities hereunder, whether based on warranty, contract, tort, negligence, or any other legal or equitable theory, and even if Provider is advised of the possibility of such damages.
In the event liability is assessed against Provider or any of its affiliated or related parties, the aggregate liability of such parties shall not exceed the amounts actually paid by the User in the one (1) month period immediately preceding the event giving rise to such claim.
Any claims arising relating to the use of the Product must be brought within two (2) months of the date that the event giving rise to such action occurred.
Nothing in these T&C is intended to or shall operate to create a partnership or joint venture of any kind between the Parties, or to authorise any Party to act as agent for the other, and no Party shall have authority to act in the name or on behalf of, or otherwise to bind other Party in any way (including but not limited to the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
Parties agree not to use any Confidential Information disclosed to it by the other Party for its own use or for any purpose other than to carry out obligations within these T&C.
Neither Party will disclose any Confidential Information of the other Party to third parties or to employees of the party receiving Confidential Information, other than its employees under appropriate burden of confidentiality and who are required to have the information in order to carry out the obligations within relationship set forth in these T&C.
Each Party agrees that it will take all reasonable measures to protect the secrecy of and avoid disclosure or use of Confidential Information of the other Party in order to prevent it from falling into the public domain or the possession of persons other than those persons authorized under this agreement to have any such information.
Such measures shall include the highest degree of care that the receiving party utilizes to protect its own Confidential Information of a similar nature.
Each Party agrees to notify the other in writing of any misuse or misappropriation of Confidential Information of the disclosing party which may come to the receiving party`s attention.
Neither party will, without the prior written consent of the other party, disclose to any other person the fact that Confidential Information of the other party has been disclosed under this agreement, that discussions or negotiations are taking place between the parties, or any of the terms, conditions, status, or other facts with respect thereto, except as required by law and then only with prior notice as soon as possible to the other party.
2.20. DATA PRIVACY
For the purpose fulfilling obligations set forth herein and the of Article 28(3) of Regulation 2016/679 (the GDPR) Parties agree for Provider to process personal data in behalf of the User.
The clauses shall not exempt Parties from obligations to which they are subjected to pursuant to the General Data Protection Regulation (the GDPR) or other legislation.
The User is responsible for ensuring that the processing of personal data takes place in compliance with the applicable EU data protection provisions.
The User has the right and obligation to make decisions about the purposes and means of the processing of personal data.
The User shall be responsible, among other, for ensuring that the processing of personal data, which the Provider is instructed to perform, has a legal basis.
User is obligated to control access to the software to only authorised employees on a need-to-know basis.
At no time, User is authorised to share any personal data to third parties (natural persons nor legal entities) except expressly permitted by an agreement, competent body under its jurisdiction or applicable law.
Fail to comply with the terms set under this T&C, misusing the software connected to current business cooperation, or by giving wrongfully instructions to the Provider, User is solely responsible for any and all damages and breaches that may occur during the term of these T&C and will compensate Provider for any and all damages, costs or claims arisen.
The Provider shall process personal data only on documented instructions from the User, unless required to do so by EU or Member State law to which the Provider is subject of.
Such instructions shall be specified in accordance with given in a matter described below.
Subsequent instructions can also be given by the User throughout the duration of these T&C, but such instructions shall always be documented and kept in writing, including electronically, in connection with these T&C.
The Provider shall immediately inform the User if instructions given by the User, in the opinion of the Provider, contravene the GDPR or the applicable EU or Member State data protection provisions.
The Provider shall only grant access to the personal data being processed on behalf of the User to persons under the Provider’s authority who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and only on a need-to-know basis.
The list of persons to whom access has been granted shall be kept under periodic review.
Based on this review, such access to personal data can be withdrawn, if access is no longer necessary, and personal data shall consequently not be accessible anymore to those persons.
The Provider shall at the request of the User demonstrate that the concerned persons under the Provider’s authority are subject to the abovementioned confidentiality.
User and Provider shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
The User shall evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks.
Depending on their relevance, the measures may include the following:
(i) Pseudonymisation and encryption of personal data;
(ii) The ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(iii) The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(iv) process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Provider shall, independently from the User, evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks.
To this effect, the User shall provide the Provider with all information necessary to identify and evaluate such risks.
Provider shall assist the User in ensuring compliance with the User’s obligations pursuant to relevant GDPR articles, by inter alia providing the User with information concerning the technical and organisational measures already implemented by the Provider pursuant to GDPR along with all other information necessary for the User to comply with the User’s obligation under GDPR.
If subsequently, in the assessment of the User, mitigation of the identified risks require further measures to be implemented by the Provider, the User shall specify these additional measures to be implemented, cost of which fall on the User.
The Provider shall meet the requirements specified in relevant GDPR articles, in order to engage another processor (a sub-processor).
The Provider shall engage sub-processors solely with the specific prior authorisation of the User.
The Provider shall submit the request for specific authorisation at least 5 days prior to the engagement of the concerned sub-processor.
The list of sub-processors already authorised by the User is set forth hereinafter.
Where the Provider engages a sub-processor for carrying out specific processing activities on behalf of the User, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of these T&C and the GDPR.
The Provider shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the Provider is subject pursuant to the clauses of these T&C and the GDPR.
A copy of such a sub-processor agreement and subsequent amendments shall, at the User’s request, be submitted to the User.
Clauses on business related issues that do not affect the legal data protection content of the sub-processor agreement, shall not require submission to the User.
The Provider shall agree a third-Party beneficiary clause with the sub-processor where, in the event of bankruptcy of the Provider, the User shall be a third-Party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the Provider, e.g. enabling the User to instruct the sub-processor to delete or return the personal data.
If the sub-processor does not fulfil his data protection obligations, the Provider shall remain fully liable to the User as regards the fulfilment of the obligations of the sub-processor.
This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the User and the Provider, including the sub-processor.
Any transfer of personal data to third countries or international organisations by the Provider shall only occur based on documented instructions from the User and shall always take place in compliance with Chapter V GDPR.
In case transfers to third countries or international organisations, which the Provider has not been instructed to perform by the User, is required under EU or Member State law to which the Provider is subject, the Provider shall inform the User of that legal requirement prior to processing unless that law prohibits such information on important grounds of public interest.
Without documented instructions from the User, the Provider therefore cannot:
(i) transfer personal data to a third country or in an international organization
(ii) transfer the processing of personal data to a sub-processor in a third country
(iii) have the personal data processed in by the Provider in a third country
The User’s instructions regarding the transfer of personal data to a third country including, if applicable, the transfer clauses under Chapter V GDPR on which they are based, shall be set out hereinafter.
The Clauses shall not be confused with standard data protection clauses within the meaning of Article 46(2)(c) and (d) GDPR, and the Clauses cannot be relied upon by the Parties as a transfer under Chapter V GDPR.
Provider shall assist the User by appropriate technical and organisational measures, insofar as this is possible, in the fulfilment of the User’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR.
This entails that the Provider shall, insofar as this is possible, assist the User in the User’s compliance with:
(i) the right to be informed when collecting personal data from the data subject
(ii) the right to be informed when personal data have not been obtained from the data subject
(iii) the right of access by the data subject
(iv) the right to rectification
(v) the right to erasure (‘the right to be forgotten’)
(vi) the right to restriction of processing
(vii) notification obligation regarding rectification or erasure of personal data or restriction of processing
(viii) the right to data portability
(ix) the right to object
(x) the right not to be subject to a decision based solely on automated processing, including profiling
In addition to the Provider’s obligation to assist the User, the Provider shall, taking into account the nature of the processing and the information available to the Provider, assist the User in ensuring compliance with:
(i) The User’s obligation to without undue delay and, where feasible, not later than 3 business days after having become aware of it, notify the personal data breach to the competent supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons;
(ii) the User’s obligation to without undue delay communicate the personal data breach to the data subject, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons;
(iii) the User’s obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data;
(iv) the User’s obligation to consult the competent supervisory authority, prior to processing where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by the User to mitigate the risk.
(v) The Parties shall define hereinafter the appropriate technical and organisational measures by which the Provider is required to assist the User as well as the scope and the extent of the assistance required.
In case of any personal data breach, the Provider shall, without undue delay after having become aware of it, notify the User of the personal data breach.
The Provider’s notification to the User shall, if possible, take place 1 workday after the Provider has become aware of the personal data breach.
Provider shall assist the User in notifying the personal data breach to the competent supervisory authority, in obtaining the information listed below which, shall be stated in the User’s notification to the competent supervisory authority:
(i) The nature of the personal data including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
(ii) the likely consequences of the personal data breach;
(iii) the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
The Parties shall define hereinafter all the elements to be provided by the Provider when assisting the User in the notification of a personal data breach to the competent supervisory authority.
On termination of the cooperation, the Provider shall be under obligation to delete all personal data processed unless Union or Member State law requires storage of the personal data or financial obligations of the User toward the Provider.
The Provider shall make available to the User all information necessary to demonstrate compliance with the obligations laid down in GDPR and these T&C and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the competent authority.
For the purpose of clarification, aformentioned clause does not include audit of the software or data base in any way, only the inspection and audit of business offices and the proof that vulnerability tests have been made, proof that employees have signed confidentiality agreements or statements.
Procedures applicable to the User’s audits, including inspections, of the Provider and sub-processors are specified hereinafter.
The Provider shall be required to provide the competent authority, or representatives acting on behalf of such authorities, with access to the Provider’s physical facilities on presentation of appropriate identification.
The Parties may agree other clauses concerning the provision of the personal data processing service specifying e.g., liability, as long as they do not contradict directly or indirectly the Clauses or prejudice the fundamental rights or freedoms of the data subject and the protection afforded by the GDPR.
User shall appoint contact person by onboarding information into the Provider cloud solution.
The Parties shall be under obligation continuously to inform each other of changes to contacts/contact points.
This article is one of fundamental articles of T&C and follows its legal fate.
Both Parties shall be entitled to require the clauses renegotiated if changes to the law or inexpediency of the clauses should give rise to such renegotiation.
For the duration of these T&C, the clauses cannot be terminated unless other clauses governing the provision of personal data processing services have been agreed between the Parties.
The purpose of the personal data processing personal data on behalf of the User is for him or his suppliers to offer tourist services to natural persons.
The personal data processing shall mainly pertain to natural person names and contact information in order for services to be provided in orderly fashion, and to notify competent authorities of such activities.
The processing mainly includes the following types of personal data about data subjects: (i) name, (ii) e-mail address, (iii) telephone number, (iv) national identification number, (v) date of birth, (vi) payment details, (vii) nationality.
Processing includes the following categories of data subject: (i) natural persons tourist service users, (ii) natural persons tourist service providers, that are User suppliers, (iii) employees.
Data processing is performed during the term of these T&C.
By using the software and agreeing with these T&C, the User authorises the engagement of the following sub-processors:
(i) Infobip d.o.o. Vodnjan, Istarska 157, VAT ID: 29756659895 for the purpose of sending text messages to natural persons,
(ii) MicroBlink d.o.o. Zagreb, Strojarska cesta 20, VAT ID: 21173725829 for the purpose of scanning personal identification documents of natural persons and sending information to competent government authorities,
(iii) TETRAEDAR d.o.o. Rovinj, Fažanska 2, PDV Broj: 33829498515, for the purpose of employee personal data processing and bookkeeping services,
(iv) Worldline Bezons, 80 quai Voltaire, River Ouest, for the purpose of online payment processing.
The User authorises the use of the abovementioned sub-processors for the processing described for that Party.
The User may at any time demand to terminate or suspend cooperation with current sub-processors, in which case, services those sub-processors offered, will no longer be obtainable by User or its customers or suppliers.
The Provider shall not be entitled, without the User’s explicit written authorisation, to engage a sub-processor for a ‘different’ processing than the one which has been agreed upon or have another sub-processor perform the described processing, unless the Provider ends business cooperation with the named sub-processors, in which case, it is in his sole decision to choose another sub-processor to process the information needed for executing tourist services uninterrupted.
If User wants to add or switch sub-processors, the parties must agree upon in writing of the new integration, in which case, the current sub-processor services will be terminated until an agreement has been reached and integration completed.
In no case Provider is responsible for services provided if the User or his customers, terminate current sub-processor authorisation by any reason.
Any and all notices by User must be in writing with 30-day notice period.
The Provider’s processing of personal data on behalf of the User shall be carried out by the Provider in digital form, by the online software solution.
The data processing is automated and performed in a manner set by User.
Data is received into the software solution from sales channels, integrated sales webpages and uploaded images by natural persons, using one or more integrated modules with the core system.
Provider uses servers owned and managed by Microsoft inc. with highest security industry standard, hidden behind state-of-the-art firewalls and currently best antivirus protection Kaspersky, along with mandatory penetration tests and PCI DSS SAQ D valuations and audits.
Concerning employees with access to personal data, all have signed confidentiality statements, and are trained with both organisational and software trainings to adhere to highest security standard.
Provider forbids any and all access to the data base, unless otherwise forced by a competent body decision.
In addition to aforementioned, Provider adheres to and follows all industry standard new security measures, competent body decisions, and law.
Access to the personal data is only allowed to User employees with appropriate burden of confidentiality and his customers for the purpose of perform tourist services offered.
Access stated is set within software solution, accessible only by entering security password and email address registered by and verified by User.
It is the obligation of User to validate any and all of its customers and suppliers that offer tourist services via software solution.
It is the obligation of User to safe keep login details.
The Provider shall insofar as this is possible, within the scope and the extent of the assistance specified below, assist the User in accordance with relevant clauses, by implementing (i) security measures in form of firewalls and antivirus protection, (ii) maintain employee confidentiality measures, (iii) choose integration with verified and well proven sub-processors, (iv) perform security testing.
Personal data is stored for the period needed for User customers to perform tourist services they provide to a specific natural person and for the purpose of tax authorities to audit any customer, after which time, data is deleted.
Processing of the personal data is performed digitally, on servers of Provider choosing by sole discretion, unless otherwise agreed upon by the Parties.
If User has customers with place of residence outside of European Union, Parties shall adhere with all provisions stated hereinafter.
Provider shall at User expense obtain a report from an independent third Party concerning subject matter hereof.
The report shall without undue delay be submitted to the User for information.
User may contest the scope and/or methodology of the report and may, in his own expense, in such cases request a new audit/inspection under a revised scope and/or different methodology.
Based on the results of such an audit/inspection, the User may request further measures to be taken to ensure compliance with the GDPR.
Procedures hereof relate to sub-processors as well.
User hereby agree to indemnify and hold Provider and its Affiliates and related parties harmless from and against any damages, losses, liabilities, judgments, costs, or expenses (including reasonable attorneys’ fees and costs) arising out of any claim made by a third party relating to his use of the Product or any breach or violation of these T&C or other applicable conditions in relation with the use of the Product.
The right to use the Product is limited only to User, who may not in any way or case transfer by assignment, sublicense, or any other method the service or the right to access or use the Product to any other person or entity.
Any attempt by User to transfer his rights or obligations under these T&C or any applicable agreements with the Provider without obtaining the prior written consent of Provider shall be invalid.
User agree that Provider may assign its rights and/or delegate its obligations under these T&C or any applicable agreements to any third party, including its Affiliate, in Provider’s sole discretion and without notice.
User hereby represent to Provider that he is at least 18 years old and is authorized to agree to and enter into these T&C, and any other agreement with the Provider.
In case that the User is a legal entity, the authorised person of the User has the only right to enter into a binding legal relationship with the Provider, which fact the authorised person must prove with official documentation.
Furthermore, User also represent that he is entering into these T&C and any other agreement on his own behalf, arbitrarily, and is not relying on any representation, guarantee or statement other than as expressly set forth herein.
Provider makes no representation that the Product or any materials on his official websites are appropriate or available for use in other locations, and accessing them from territories where their contents are illegal is prohibited.
At any time upon request by Provider, User agree to sign a non-electronic version of these T&C and any other agreements or statements reasonably necessary for Provider to provide and account for the Product.
2.24. GOVERNING LAW
The legal relationship regulated with these T&C is governed solely by the laws of Croatia and is binding to the Parties worldwide.
The Parties agree and hereby submit to the exclusive personal jurisdiction of and venue of Commercial Court in Pazin, for claims with respect to these T&C and other agreements and agree that any legal proceedings shall be conducted in Croatian.
These T&C shall not be governed by the United Nations Convention on Contracts for the Sale of Goods.
User agree not to engage in any class action claim against Provider without prior arbitration process.
2.25. FORCE MAJEURE
Neither Party will be deemed in breach of these T&C to the extent that performance of its obligations is delayed or prevented by reasons of force majeure, such as riots, acts of terrorism, fire, flood, earthquake, acts of government and the like, provided that such party gives the other party written notice thereof promptly and uses its best efforts to continue to perform its obligations.
If any provision of these T&C is held by a court of competent jurisdiction to be invalid, void or unenforceable for any reason, the remaining provisions not so declared shall continue in full force and effect, but shall be construed in a manner so as to effectuate the intent of this Agreement as a whole, notwithstanding such stricken provision or provisions.
2.27. TERM & TERMINATION
These T&C along with modifications made by the Provider apply the entire time of Product usage by the User.
The User can terminate the legal agreement between the Parties by stop using the Product at any time, but the provisions regarding Confidential Information, protection of private information about the User, along with other provisions which by their legal nature must stay permanent and payments, if the User made charge through the Product and provisions which concern payable services used by the User, all remain in place.
Terms, fees and tax, payments, ownership, Security information, warranties indemnification, data privacy, confidentiality, disclaimers, as well as any other terms which by their nature should survive, will survive the termination of the agreement regulated by these T&C.
2.29. MODIFICATIONS TO T&C
Provider reserves the right to modify these T&C in his own discretion without prior notice, at any time and from time to time.
Any such modification is effective upon the posting of same by Provider on its official website.
Provider also may notify the User of any modifications by email or other correspondence to User designated contact address.
The most current version of these T&C supersedes all previous versions.
2.30. ENTIRE AGREEMENT
These T&C, along with all applicable online order forms and Pricelist, comprise the entire agreement between the Parties and supersede all prior and current negotiations, discussions, or agreements, whether in written or oral form between the Parties regarding the subject matter herein.
Provider is authorised in his own discretion to make modifications to these T&C, Pricelist and all forms without prior consent of the User.
These T&C are originally made in English language, and all translations must mirror the original language.
In a case that translations depart from the original, the English version prevail.
Effective date of made modifications is the date of posting on the official Provider website.
Last update on 1st January 2020
Silvana Cvek, CEO