Datenschutzerklärung von Medjugorje Hotel & Spa

This Privacy Policy describes how Medjugorje Hotel & Spa collects, uses, consults or otherwise processes the Personal Data you provide while using our website or when you rely on our hospitality services.

We care about the privacy of our Users and our Customers, we are aware of your rights under applicable law and we are committed to protecting your privacy. Collected Personal Data will be used only for the purposes described in this Policy.

Medjugorje Hotel & Spa has its legal address and offices in in Medjugorje, Bosnia and Herzegovina, in the municipality of Čitluk.


Data Controller

Ulica fra Slavka Barbarića 29 Medjugorje (BiH)
Phone: (+387) 036 640 450
Fax: 00387 (0) 36 640 451



Types of Data collected

In order to provide our services in the best possible way, in every occasion of contact or interaction with our Users and / or Guests and in all the other aspects of our work we can collect personal information.



During the room booking process, no matter it is done online on our website, through an OTA booking channel (eg, Booking, Expedia …), through a travel agency or tour operator, by telephone, by e-mail or directly at the hotel, we process your Personal Data in order to:

  • allow you to book a room at the hotel
  • check the availability of the hotel and manage the reservation;
  • send a booking confirmation;
  • send pre-arrival e-mails for non-commercial purposes
  • send a “Welcome home” e-mail for non-commercial purposes


This personal information may include all or part of the following data categories:

Contact information, address, date of arrival and departure, e-mail address, name and surname, name and surname of the partner (s), type of payment, credit card number and expiry date, telephone number, data for billing.


Depending on the booking method used, the data are provided:

  • Directly from you through the online booking form
  • Through the online booking channel used to make the reservation
  • From your travel agency / agent or tour operator
  • From our reception staff by telephone, telematics or direct

The collection and processing of this data is necessary in order to stipulate and execute the contract for the provision of the requested services.


Please note that if you send us someone else’s personal information, for example if you make a reservation on his behalf, you can provide us with the details of that person only with his consent.



When you stay in our hotel we collect and process your personal data to perform necessary and mandatory functions, for ex. during check-in and check-out, or simply to ensure a pleasant stay in our structure and provide specific services.

We collect data for:

  • register your arrival and departure;
  • create or update your customer profile in our management program
  • manage the payment of the stay;
  • create, print and / or send the invoice relating to your stay;
  • manage your preferences, special requests, dietary needs, etc. ;
  • manage reservations for services such as lunches / dinners at our Ai Dogi restaurant, entrance to the Aqua Spa Wellness Center, massages or treatments at Aqua Spa etc .;
  • laundry services;
  • track consumption at the bar / restaurant;
  • use of the Spa and its treatments;
  • return of lost or forgotten items;
  • fulfill the law of Bosnia and Herzegovina which requires registration in a special register of all foreign guests and the communication of their data to the Office for Foreigners (Ured za strance) and the Tourist Board (Turistička zajednica HNŽ)


To perform these functions we need all or part of the following data categories:

Name and surname of all guests, date of birth, postal address, billing address, e-mail, telephone number, date of arrival and departure, ID number / passport number and date and place of issue, type of payment , payment card with number and expiry date, consumption habits, dietary requirements, other preferences, reservations.

Failure to provide these data may make it impossible to obtain the requested service.


In case of “no show” (non-arrival of the Guest without notice or cancellation) we will process your personal data to cancel the stay and any other booking and to manage any outstanding payments that may be due.


All data mentioned in this paragraph are collected:

  • Directly from you during your stay at the hotel
  • Directly from you through the online booking form on our website or through the online booking channel used to make the reservation
  • Directly from you to our Reception staff via e-mail or telephone
  • From your travel agency


We do not collect information about race or ethnicity, political opinions, religion or other creeds, union membership, health, life or sexual orientation, genetic information, criminal record, unless they are voluntarily provided by our Clients or if we are required to do so in compliance with applicable laws or regulations. We can use the data you have provided us about your health to give you a better service and meet particular needs (for example, by providing special access measures to people with disabilities).


To protect our property, our guests and our staff, we can use CCTV cameras and other security measures that can display or record images of guests and visitors in the common areas. These records are made exclusively for security reasons and are not disclosed under any circumstances to third parties except to law enforcement and / or our lawyers for serious reasons or disputes.



Medjugorje Hotel & Spa can also collect information from third parties, e.g.

  • from travel agencies, tour operators, group leaders and group pilgrimages organizers
  • from airlines companies
  • from social media (consistent with your settings on these services)
  • from other legally authorized third-party sources to share data with us


This information can be added to your existing customer card in our hotel management program to improve our service and for all the purposes set out in this Policy.


Simple Booking

On our site we use the Simple Booking booking system; all personal data required to reserve a room is collected via online forms, and information is immediately encrypted and stored.



To facilitate contact between us and our users, a contact form is available on the website; compiling it with your data and indicating your consent to their processing, you consent to their use to respond to your requests for information, estimates or any other nature.


Personal Data collected:

  • name
  • e-mail



If you have explicitly consented to receive our newsletters or marketing communications, from time to time we may send you commercial and promotional emails with information about our services and offers.

Personal Data collected:

  • name
  • surname
  • e-mail


By registering to the mailing / newsletter list  your email address is automatically added to a list of contacts, but it could also be added to this list after you made a reservation at our hotel. We are committed to making the insertion of your personal data as explicit and transparent as possible for promotional / commercial purposes.


If you no longer wish to receive our newsletters or marketing communications, you can send us an email with the subject REVOKE CONSENT MARKETING to the address info@medjugorjehotelspa or by clicking on the unsubscribe link in the e-mails that have been sent.



For statistical and analytical purposes we monitor and analyze the traffic data and the behavior of our users when they browse our website using Google Analytics, a free web analytics service provided by Google Inc. (“Google”). Google uses this information to track the use of the site by visitors and provide these data, in aggregate form and never linked to their identity, through the reports of Analytics and its other services.

Google may use the Personal Data to contextualise and personalize the advertisements of its advertising network.

Personal Data collected:

  • Cookie
  • Usage Data


Place of processing: United States – Privacy Policy –Opt Out.


Google may transfer this information to third parties if this is required by law or if it is a matter of subjects processing this information on its behalf; information on privacy and use of Google Analytics data is here.

If you don’t want be tracked, even anonymously, from this or other sites that use Google Analytics, you can download the add-on to disable the sending of navigation data to Google Analytics: it works with the most popular browsers and is distributed free from Google.


To simplify the analysis of our site we use Google Tag Manager, a free tool made available by Google that allows you to enter the tags, that is, portions of code that allow us to monitor the performance of the site. Google Tag Manager is a tag management system functional to the centralized management of tags or scripts used for marketing purposes.

Personal Data collected:

  • Cookie
  • Usage Data

Place of processing: United States – Privacy Policy.


In our website we use the Facebook pixel to do ReTargeting advertising, that is to show you on Facebook advertising consistent with pages you have already visited. Retargeting uses cookies, but the navigation data collected is not linked to the identity of users and their personal data.

Personal Data collected:

  • Cookie
  • Usage Data

Place of processing: United States –


Mode and place of processing the Data

Medjugorje Hotel & spa adopts the appropriate security measures to protect your Personal Data and to prevent unauthorized access, disclosure, modification or destruction of your Personal Data. No data is communicated or disseminated, unless communication is made to judicial or police bodies if necessary.
Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.

Data is processed by dedicated personnel and others involved in the organization of our hotel, such as:

  • administrative staff
  • commercial / marketing staff
  • legal advisors
  • system administrators


To external subjects such as:

  • third-party technical service providers
  • postal couriers
  • hosting provider
  • IT companies
  • communication agencies


To subjects for whom there is a communication obligation according to the law:

  • Office for Foreigners (Ured za strance)
  • Tourist Board (Turistička zajednica HNŽ)

Or to assert the right of the company to the appropriate bodies.



Your Data is processed at the Medjugorje Hotel & Spa headquarters and in any other place where the parties involved in the treatment are located. For more information, contact us by sending an email to


Retention time

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

When the treatment is based on the consent of the User, we may retain the Personal Data until such consent is revoked. Furthermore, we may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or an order of an authority.

At the end of the retention period the Personal Data will be deleted. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised.


The purposes of processing

The Data concerning the User is collected to:

  • allow us to provide our Services and fulfill the obligations arising from the contract with our Customers, including their particular needs / requests;
  • comply with legal obligations and current accounting and tax obligations;
  • exercise our rights, e.g. the right to defense in court or in the event of a dispute;
  • contact the User for marketing purposes, subject to their specific and distinct consent, so as to send communications and / or informative and promotional material. Consent can always be freely modified, in whole or in part, by sending an email with the subject REVOKE CONSENT MARKETING at info@medjugorjehotelspa
  • monitor and analyze (in an anonymous way and not related to the identity of users) the traffic data and the behavior of those who visit our website.


What are your rights?

According to Article 15 of GDPR you have the right to:

  • request and obtain – without “justified delay” – confirmation that personal data concerning you are being processed and information about the purposes of the processing, the categories of personal data in question, the recipients or the categories of recipients to which the personal data have been or will be communicated, to the period of conservation of the personal data provided;
  • withdraw at any time the consent to the processing of your Personal Data previously expressed;
  • oppose the processing of your data when it occurs on a legal basis other than consent;
  • verify the correctness of your data and request its updating, integration or correction;
  • obtain the limitation of the processing of your Data. In this case we will not process the Data for any other purpose other than its conservation;
  • obtain the cancellation or removal of your Personal Data;
  • receive your Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • bring a claim before their competent data protection authority.


How to exercise your rights?

To exercise your rights, you can send us a request to the contact details of the Data Controller indicated in this document. The requests are filed for free and we try to avoid them as soon as possible, in any case within a month.

Paste your AdWords Remarketing code here
Buchen Sie jetzt