This Privacy Statement determines the guidelines for the protection of personal data in the company Tetex Ltd., Teranea hotel, address Lucije Rudan 24, 21 450 Hvar, Croatia and refers to the data protection rules prescribed by the GDPR and other national regulations on the protection of personal data.

The company processes your personal data only to the extent necessary and for the period necessary to achieve a specific purpose on a legal basis.

The company collects data for 2 purposes. Processing purposes are:

▪ Provision of hotel accommodation and related services in the Company's facilities

- Category of personal dana: name, surname, residential address, email address, duration and purpose of stay, date of birth, travel document number, OIB, citizenship, payment information

▪ Processing of personal data for marketing purposes, including sending commercial and marketing offers and notifications

- Category of personal dana: name, surname, residential address, email address

The collection and processing of data is based on the consent of the guest, which is given for one or more specific purposes.

The collection and processing of data is necessary for the execution of a contract in which the respondent is a party or in order to take actions at the request of the respondent before concluding the contract.

The collection and processing of certain data by the Company results from the legal obligation that binds the Company to the aforementioned actions and cooperation with public authorities (for example - collection of data on workers for the pension and health insurance institute, tax administration, customs authorities, independent administrative bodies, Croatian tourist board).

In order for respondents to be clear that their data is being collected and processed and for what purposes it is being done, the Company appropriately informs respondents, among other things, about the purpose of the processing, which includes information about what data is collected, processed and used, for what purposes and how long they are kept and to which recipients the data is disclosed. Notices to the respondents are given through different channels, depending on what is most appropriate according to the circumstances of the case, and may include: notices via the Company's website, written notices at the Company's premises, written notices on forms used by the Company, written notices as part of contracts concluded by the Company with the respondent, notification by e-mail, oral notification by Company employees, and other ways if necessary. The company particularly informs the respondents about their rights and the way in which they can be exercised. The contact information of the personal data protection officer is publicly available.

The company processes personal data through video surveillance only for purposes that are necessary and justified for the protection of persons and property. Video surveillance must not include rest rooms, personal hygiene and changing rooms. Only authorized persons have the right to access personal data collected through video surveillance.

Personal data in physical form or in electronic form stored on portable media via CD, USB or hard disks is kept by the Company in a safe place, such as archived files or safes, to which access is allowed only to authorized persons. If the data is in electronic form, it is stored by computer programs that can be accessed only through a secure log-in, password and a system that requires strict identification of the authorized person (especially in the case of special categories of personal data).

The company, if deemed necessary, will preserve the security of personal data from potential destruction in the event of a computer system crash or similar reason, in such a way that a specific back-up system is put together and put into operation that would prevent the aforementioned (e.g. a backup server or hard disk).

If the Company discovers a violation of the protection of personal data, and which violation is likely to cause a risk to the rights and freedoms of the data subject, the Company must immediately and without delay submit a report to the Agency for the Protection of Personal Data.

All questions of respondents regarding this Statement and data protection can be submitted to the personal data protection officer, who will respond to the applicant's inquiry as soon as possible, and no later than within one month.

The laws and other regulations applicable in the Republic of Croatia shall apply to all possible disputes resulting from a breach of personal data committed by the Company, and the court competent to resolve the dispute is the court with actual jurisdiction according to the Company's headquarters.