Privacy Policy

Privacy and Policy


Statement on Protection and Collection of Personal
Data and their Use


ULTRA MARINE Ltd provides personal data protection by collecting only
basic customer information necessary to meet business obligations.
Collected customer personal data are safely stored and used only for the
purposes for which they were collected. Access to the collected personal
data is restricted to the authorised employees only.
All ULTRA MARINE Ltd. employees and business partners are responsible for
respecting the principles of privacy protection.


Statement of WSPay usage


ULTRA MARINE Ltd uses WSPay for online payments. WSPay is a secure
online payment system, real-time payments, credit and debit cards, and
other payment methods. The WSPay customer and the merchant ensure
secure enrollment and transfer of the tab data entered, as well as the PCI
DSS certificate that WSPay has.
WSPay uses 256-bit encryption SSL certificate and TLS 1.2 cryptographic
protocol as the highest degree of data protection and data security.


Statement on the Protection of Personal Data Transfer


Protection of personal data in accordance with the General Regulation on
data protection of the European Parliament and Council No. 2016/679-
Regulation and implementation of the General Data Protection Regulation.
WSPay as a credit card authorization and credit card performer processes
personal data as a processing agent and processes personal data in
accordance with the General Regulation on the Protection of Data of the
European Parliament and Council No. 2016/679 and the strict rules of the
PCI DSS L1 Regulations on Protection of Registrations and data transfer.
WSPay uses 256-bit encryption SSL certificate and TLS 1.2 cryptographic
protocol as the highest degree of data protection and data security.
Personal data used for authorization and collection purposes, or for
performance of the contract or contract obligations, are considered
confidential.
WSPay does not process personal data except for the purpose of executing
authorization and billing.
WSPay warrants compliance with all the terms and conditions laid down in
the applicable personal data protection regulations for personal data
processing executives, and in particular the taking of all necessary
technical, organizational and security measures, in particular with the PCI
DSS L1 Certified.


Scope of This Policy


This Privacy Policy describes how the ULTRA MARINE Ltd. and its Affiliates
and Subsidiaries (“we” or “us”) collects, uses, consults or otherwise
processes an individual’s Personal Data.

This Privacy Policy applies globally, but depending on where you live some
specific provisions of this Privacy Policy may not apply to you.

For the purposes of EU Privacy Law, depending on the type of Personal Data
processing described in this Privacy Policy, ULTRA MARINE Ltd may be
operating as a sole Controller.

In some of the situations described in this Privacy Policy, the hotel where
you made a booking and/or stay will also process your data as a (joint or
sole) Controller. The hotel will be solely responsible for the processing
activities for which it is the sole Controller.

ULTRA MARINE Ltd. is a company incorporated under Serbian laws, having
its registered seat and its offices at Stevana Sremca 3, Belgrade, Serbia,
telephone number: +381 11 3348-158.

We are committed to protecting the privacy of our users and customers.

This Privacy Policy is intended to inform you how we gather, define, and use
Personal Data that you provide us with when using our websites or when
relying on our hospitality services. Please take a moment to read this
Privacy Policy carefully. Please note that if you plan to submit someone
else’s Personal Data to us, for instance when making a booking on their
behalf, you may only provide us with that person’s details with their
consent and after they have been given access to information about how
we will use their details, including the purposes set out in this Privacy Policy.

This policy includes a description of your data protection rights,
including a right to object to some of the processing activities we carry
out. Please note that your rights as a data subject may vary depending
upon where you live.

EU Privacy Law requires us to be specific about our reasons and legal
grounds for using your personal data. Accordingly, for the purposes of EU
Privacy Law only the information below describes the types of data we
process, were we get your data from, the grounds we rely on to carry out
the processing, and who we may share your data with. Except for the
“processed data categories” sections set out in the information bellow,
nothing is intended to bind us in respect of our non-EU users.


Protection of confidential transaction data


When entering payment card data, confidential information is transmitted
over the public network in a protected (encrypted) form using SSL
protocols and PKI systems, as currently the most modern cryptographic
technology.
The security of data at the time of purchase is guaranteed by the payment
card processor, so the complete billing process is performed in a secure
environment. Durring the process of payment and after it, the card data is
not available to our system.
- https://www.mastercard.rs/sr-r...cards.html
- https://rs.visa.com/pay-with-v...everywhere.html


Country-specific provisions


Please note that there may be local variations to this Privacy Policy in order
to comply with local legislation.


Definitions


Affiliates and Subsidiaries: Any hotel, firm, partnership or other entity
which directly or indirectly controls, is controlled by, or is under common
control with ULTRA MARINE Ltd.


Controller:
The natural or legal person, public authority, agency or other
body which, alone or jointly with others, determines the purposes and
means of the processing of Personal Data.


EU Privacy Law:
Regulation 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to
the processing of Personal Data and on the free movement of such data
(the “GDPR”), as well as any legislation and/or regulation implementing or
created pursuant to the GDPR and the e-Privacy legislation, or which
amends, replaces, reenacts or consolidates any of them, and all other
national applicable laws relating to the processing of Personal Data and
privacy.


Processor:
A natural or legal person, public authority, agency or other body
which processes Personal Data on behalf of the controller.
Recipient: A natural or legal person, public authority, agency or another
body, to which the Personal Data are disclosed, whether a Third Party or
not.


Third Party:
A natural or legal person, public authority, agency or body
other than the data subject, controller, Processor and persons who, under
the direct authority of the controller or processor, are authorized to process
Personal Data.


Supervisory Authority:
An independent public authority which is
established by a Member State pursuant to Article 51 of the GDPR.
Personal Data: Any information relating to an identified or identifiable
natural person (“Data Subject”). An identifiable natural person is one who
can be identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an
online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that
natural person.


Processing:
Any operation or set of operations which is performed on
Personal Data or on sets of Personal Data, whether or not by automated
means, such as collection, recording, organization, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction.


Privacy Shield:
The EU-U.S. and Swiss-U.S. Privacy Shield legal framework,
designed by the U.S. Department of Commerce and the European
Commission and Swiss Administration to provide companies on both sides
of the Atlantic with a mechanism to comply with data protection
requirements when transferring Personal Data from the European Union
and Switzerland to the United States in support of transatlantic commerce.
Standard Contractual Clauses: Sets of standard contractual clauses for
transfers as adopted by the European Commission for the international
transfer of Personal Data.


Personal Data Breach:
A breach of security leading to the accidental or
unlawful destruction, loss, alteration, unauthorized disclosure of, or access
to, Personal Data transmitted, stored or otherwise processed.


Services Booking Process


1. Hotel booking process


In the context of the hotel booking process, we process your Personal Data
for the purpose of
1. enabling you to reserve a room in the hotel of your choice;
2. verifying the availability of the hotel and to administer the booking;
3. sending you a booking confirmation;
4. sending you non-commercial pre-arrival emails. You may
unsubscribe from pre-arrival emails at any time by clicking on the
unsubscribe link in the emails sent to you.


Processed data categories


Address, date of arrival and departure, email address, first name/last
name, first name/last name of the adult co-guest(s), payment card type,
number and expiration date, telephone number, title


Source of data


Depending on the booking mechanism used:
• Directly from you through the online booking form
• From your travel agent
• From our call center


Ground for processing


Processing is necessary to take steps to enter into and perform a contract.


Recipients of data


• hotel of your choice
• IT service providers involved in the (online) booking process
• IT service providers
• Email communications service provider


Hotel Guests


1. Hotel check-in and check-out


When staying at the hotel of your choice, we will collect and process your
Personal Data for the purposes of


• registering your arrival and departure at the hotel;
• obtaining a credit card guarantee or hotel deposit to ensure
payment of your stay;
• managing payment of your stay;
• establishing, printing or sending an invoice for your stay;
• paying a commission to your travel agent (if applicable).
In the event you have booked a room in one of our hotels but do not show
up – without cancelling – on the date of arrival communicated, we will
process your Personal Data for the purposes of
• cancelling your stay and any other reservation you may have made;
• managing, processing and settling any outstanding payment that
may be due.


Processed data categories


Address, bookings (hotel, restaurant, event, theatre, etc.), date of arrival
and departure, email address, first name / last name, first name/last name
of the adult co-guest(s), payment card type, number and expiration date,
telephone number, title


Source of data


Depending on the booking mechanism used:
• Directly from you through the online booking form
• From your travel agent
• From our call center


Ground for processing


Processing is necessary to perform the contract you have with us.
Recipients of data
• hotel of your choice
• IT service providers
• Your travel agent, if applicable


Website Forms


Should you have a particular query or feedback, including the exercise of
one of your rights under the GDPR, you may contact us through the contact
forms available on our website. In such context, we may process your
Personal Data for the purposes of handling and providing an answer to
your query or request or to follow up on your feedback. We also provide
other forms on our websites which may assist you in requesting a
particular service from us, such as the best online rate guarantee form.
The information below describes the types of data we process for these
purposes, where we get your data from, the ground we rely on to carry out
the processing, and who we may share your data with.


Processed data categories


Address, email address, first name/last name, stay details, telephone
number, and any other data you may decide to share with us in open
comment boxes.


Source of data


Directly from you through the form


Ground for processing


Ad hoc consent obtained through the contact form
Recipients of data
• Other entities involved
• IT service providers


Analytics


We may use any data you provide to us for analytical purposes to optimize
your experience, enhance our marketing, business and operational
efficiency, create segments of our customers based on their Personal Data
and tailor our offers and promotions to your preferences and consumption
habits. In the context of such analytics, we analyze and may combine
different data we hold about our guests, including:
• communications guests have with us;
• click-through rates for our marketing communications;
• our guests’ behavior on our websites;
• bookings.


Processed data categories


Hotel stay details, address, bookings (hotel, restaurant, event, theatre, etc.),
date of arrival and departure, title, first name/last name, first name/last
name of the adult co-guest(s), email address,
Telephone number, Payment card type, number and expiration date,
Source of data
• Directly from you through the online booking form
• From your travel agent
• From our call center
• From our email analytics provider
• Directly from you when making your additional service/facility
request with the hotel front desk or the concierge


Ground for processing


It is in ULTRA MARINE ltd legitimate interest as a business to understand its
guests’ preferences and consumption habits. In this context, ULTRA MARINE
ltd business interests prevail over yours.


Recipients of data


• Other entities involved
• IT service providers
• Analytics service provider


Social Media and Online Reviews


We may process your Personal Data obtained through social media
platforms (including Facebook, Instagram, LinkedIn and Twitter) or online
reviews (including on TripAdvisor) concerning our services for the purposes
of:
• addressing your questions or complaints;
• monitoring our online reputation;
• improving our services and identifying opportunities on which we
can focus.
Some of our social media pages allow users to submit their own content.
Please remember that any content submitted to one of our social media
pages can be viewed by the public and you should be cautious about
providing certain personal information (e.g., financial information or
address details) via these platforms. We are not responsible for any
actions taken by other individuals if you post personal information on one
of our social media platforms (e.g., Facebook or Instagram). Please also
refer to the respective privacy and cookie policies of the social media
platforms you are using.


Source of data


Directly from you through publicly accessible social media pages, online
booking channels or other (review) websites
From our online reputation monitoring service provider


Ground for processing


It is in ULTRA MARINE Ltd legitimate interest as a business partner to
understand its guests’ preferences and consumption habits. In this context,
ULTRA MARINE Ltd business interests prevail over yours.


Recipients of data


• Online reputation monitoring service provider
Protect user privacy
On behalf of Ultra Marine Ltd., we undertake to protect the privacy of all of
our customers. We collect only the necessary, basic data on customers /
users and data necessary for business and informing users in accordance
with good business customs and in order to provide quality service. We
give customers a choice including the ability to decide whether or not to
delete them from the mailing lists used for marketing campaigns. All user /
customer data is strictly kept and only available to employees who need
this information to do the job. All employees of Ultra Marine Ltd. are
responsible for respecting the principles of privacy.
Your Rights – Under EU Privacy Law
If you are in the EU, EU Privacy Law grants specific rights, summarized
below, which you can in principle exercise free of charge, subject to
statutory exceptions. These rights may be limited, for example if fulfilling
your request would reveal Personal Data about another person, or if you
ask us to delete information which we are required by law to keep or have
compelling legitimate interests in keeping. To exercise any of your rights,
you can file a request via email snssmilitaryneuro@snss.org.rs
Should you have unresolved concerns, you have the right to lodge a
complaint with a Supervisory Authority where you live or where you believe
a breach may have occurred. We encourage you to come to us in the first
instance but, to the extent that this right applies to you, you are entitled to
complain directly to the relevant Supervisory Authority.


1. Right to withdraw consent

Wherever we rely on your consent, you will be able to withdraw that
consent at any time you choose and at your own initiative by logging
in to your account on our website (if you have one) or by contacting
us at office@ultramarine.rs. The withdrawal of your consent will not
affect the lawfulness of the collection and processing of your data
based on your consent up until the moment where you withdraw
your consent. Please note that we may have other legal grounds for
processing your data for other purposes, such as those set out in this
Privacy Policy.
2. Right to access and rectify your data

You have the right to access, review, and rectify your Personal Data.
You may be entitled to ask us for a copy of your information, to
review or correct it if you wish to rectify any information like your
name, email address, passwords and/or any other preferences, you
can easily do so by logging in to your account on our website (if you
have one) or by contacting us at snssmilitaryneuro@snss.org.rs. You
may also request a copy of the Personal Data processed as
described in this Privacy Policy.
3. Right to erasure

In accordance with EU Privacy Law, you have the right to erasure of
your Personal Data processed by us as described in this Privacy
Policy in case it is no longer needed for the purposes for which the
Personal Data was initially collected or processed or in the event you
have withdrawn your consent or objected to processing as described
in this Privacy Policy and no other legal ground for processing
applies. Should you wish to have your Personal Data erased, please
file a request via email at snssmilitaryneuro@snss.org.rs.
4. Right to restriction of processing

Under certain circumstances described in EU Privacy Law, you may
ask us to restrict the processing of your Personal Data. This is for
example the case when you contest the accuracy of your Personal
Data. In such event, we will restrict the processing until we can verify
the accuracy of your data.
5. Right to object to processing

Under certain circumstances described in EU Privacy Law, you may
object to the processing of your Personal Data, including where your
Personal Data is processed for direct marketing purposes.
6. Right to data portability

Where you have provided your data directly to us and where the
processing is carried out by automated means and based on your
consent or the performance of a contract between you and us, you
have the right to receive the Personal Data processed about you in a
structured, commonly used and machine-readable format, and to
transmit this data to another service provider.


Your Rights – Non-EU Users


Depending on where you are located you will have different rights in
respect of your Personal Data and we will comply with the relevant
requirements of applicable laws and this Privacy Policy. California Privacy
Rights
If you reside in California, you have the right to ask us one time each year if
we have shared Personal Data with third parties for their direct marketing
purposes. To make a request, please send us an email
at snssmilitaryneuro@snss.org.rs or write to us at the address listed below.
Indicate in your letter that you are a California resident.


Russian Citizens


In accordance with Russian Federal Law “On Personal Data” No. 152-FZ we
collect, record, systematize, accumulate, store, update (renew and
modify), and extract Personal Data about Russian citizens using databases
located in the territory of the Russian Federation. If you indicate that you
are a Russian citizen of the Russian Federation, we will process your
Personal Data in compliance with this requirement and your profile will be
maintained on databases in the Russian Federation. If you do not indicate
that you are a citizen of the Russian Federation, we are not able to process
and maintain your Personal Data under these requirements and will not be
liable for that. You are solely responsible for indicating the country of your
citizenship. Information containing Personal Data of Russian citizens may
be transmitted from the Russian Federation to countries that ensure an
adequate level of protection for Personal Data, including member states of
the European Union and other countries which Russian law recognizes as
ensuring adequate to protection, and also to other countries that may not
ensure adequate level of protection for Personal Data. By submitting
information to us on our sites and apps, submitting forms to us, or
registering on our sites, programs and apps, or making reservations, you
grant us consent to process your Personal Data.


Security Measures


Appropriate technical and organizational measures are implemented in
order to ensure an appropriate level of security of your Personal Data,
including but not limited to encryption techniques, physical and IT system
access controls, obligations of confidentiality, etc.
In the event Personal Data is compromised as a result of a Personal Data
Breach we will make the necessary notifications, as required under
applicable laws.
What Rules Apply to Children?
We do not knowingly collect or solicit Personal Data from anyone under the
age of 18 or knowingly allow such persons to book a room in one of our
hotels.
In the event we learn that we have collected Personal Data from a child
under the age of 18 without verification of parental consent, steps will be
taken promptly to remove that information. If you believe that we have or
may have information from or about a child under 18 years of age, please
contact us at snssmilitaryneuro@snss.org.rs.
How Is Your Personal Data Shared with Third Parties?
We only share or disclose information as described herein, including with
Third Parties.
Your Personal Data will also be shared with government authorities and/or
law enforcement officials if required for the purposes above, if mandated
by law or if required for the legal protection of the Controller(s) legitimate
interests in compliance with applicable laws. In addition, we may share
your Personal Data and other information with a successor to all or part of
our business, where this is in our legitimate interests in facilitating a
business sale and in this context our business interests prevail over yours.
For example, if parts of our business or assets are sold, we may disclose
user information as part of that transaction, subject to applicable law.
International Data Transfers
If you are in the European Economic Area (EEA), the data that we collect
from you as described in this Privacy Policy may be transferred to and
stored at a destination outside the EEA, including for the purposes of
processing that data by selected Processors, in order to facilitate the ULTRA
MARINE ltd business. Countries outside the EEA may not have laws which
provide the same level of protection to your Personal Data as laws within
the EEA. Where this is the case we will put in place appropriate safeguards
to ensure that such transfers comply with EU Privacy Law, either by putting
in place Standard Contractual Clauses approved by the European
Commission as ensuring an adequate protection or by ensuring that the
transfer is done to an organization that complies with Privacy Shield in
case the transfer is made to the United States of America.
In this respect, please note that ULTRA MARINE ltd, adheres to the E.U.-U.S.
and Swiss-U.S.
Privacy Shield Framework. In compliance with the E.U.-U.S. and Swiss-U.S.
Privacy Shield Principles, ULTRA MARINE ltd commits to resolve complaints
about your privacy and our collection or use of your Personal Data.
ULTRA MARINE ltd has further committed to refer unresolved privacy
complaints under the E.U.-U.S. and Swiss-U.S. Privacy Shields to the
American Arbitration Association, http://go.adr.org/privacyshiel....
Finally, in certain limited circumstances and as a last resort, it may be
possible for individuals to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department

REGISTRATION/LOGIN
Organizer
Joint venture with:

We respect your privacy!

We and our partners store or access information on devices, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for the purposes described below. You may click to consent to our and our partners processing for such purposes. Alternatively, you may click to refuse to consent, or access more detailed information and change your preferences before consenting. Your preferences will apply to this website only. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. You can change your preferences at any time by returning to this site or visit our privacy policy.