COVID-19 info: We think about your safety
Quick inquiry

Medora Hotels & Resorts d.d.                                                                                                     Updated on 04/01/2024.
Mrkušića dvori 2
21327 Podgora, Croatia
Tel: +385 (0)21 601 700



We, at Medora Hotels & Resorts d.d., respect your privacy and protect your personal data in accordance with applicable laws and regulations for the protection of personal data. Our mission is to exceed the expectations of our guests with the quality of our products and services, and we always strive to provide our guests, as well as employees, with a pleasant experience during their stay or work with us, responsibly using the information provided to us.

With this document, we would like to explain to you how we collect and what we use personal data for when you use our websites, during your stay in our facilities, or during your employment with us, with whom and why we share them, and your rights regarding your personal data that we use, and how we protect them.

The described Personal Data Protection Policy applies to all business and hospitality facilities of Medora Hotels & Resorts d.d., websites, and and profiles on social networks.


The main purpose of collecting personal data of our guests is to provide and improve our services and fulfill our legal obligations. Personal data is collected for the following purposes:
- Improving the functionality of our websites and
- Reservation of accommodation or communication with clients in order to respond to their interests about our services (through our websites, by email or by phone)
- Execution of the contractual relationship with the guest during his stay
- Purchase of additional services
- Payment for services
- Internal statistical processing of data and preferred services of our guests, and informing our guests about our services, based on our legitimate interest with the aim of improving the quality and sale of our services
- Publication and collection of job applications via e-mail and on the website
- Fulfillment of our legal obligations according to the current Act on Hospitality Activities and accompanying regulations, the Act on the provision of services in tourism, the Act on Accounting, the Act on Labor, the Act on Occupational Safety and the Act on the Protection of Financial Institutions.
- Protection of persons and property with a video surveillance system based on our legitimate interest.
- Organization of business processes in business and hospitality facilities of Medora.



If you have asked us for accommodation, we need your personal data to address the appropriate offer to you and forward it to you. In most cases, this is your first and last name and your e-mail address and/or telephone number, but there is a possibility that we will ask you for additional information in order to adapt our offer to your needs and expectations, such as the number of children traveling with you or the language in which you want us to send you the offer. Only authorized employees of our sales department have access to the data. When you decide to accept our offer and book accommodation, we may need additional information for your identification upon arrival and payment security in accordance with our general terms and conditions. After the reservation has been made and on the day of your arrival, access to your data will be provided to authorized persons at our reception. When you book accommodation through our websites, we collect your basic information such as name, email address, telephone number and payment information. This data is used exclusively to process your reservation and provide accommodation services during your stay. Payment data, i.e. your card data, is encrypted and stored exclusively in systems that comply with PS DSS standards that regulate secure payment. If you contacted us by phone or via chat, the conversation with you remains recorded in our call center based on our legitimate interest in the safe processing of your inquiry, the control of our sales employees and the improvement of their work. Data from the call center is processed by authorized employees of our sales department. Medora has ongoing contracts with other, frequently used online sales channels, through which it advertises its available accommodation capacities and current offers, for example:
-, operated by, Herengracht 597, Amsterdam, The Netherlands
-, operated by Expedia Lodging Partner Services Sar, Geneva 1207, Switzerland.
If you booked your stay in Medora through some of the partner sales channels and not directly with us (in communication by phone or email with our sales staff, directly at the reception desks of some of our facilities or on our website), Medora cannot influence the types of personal data that these online agencies are looking for you for the purposes of registering you as their user, nor the details of the processing of your data by them. From these websites, Medora processes and receives only the data necessary to make the correct accommodation reservation in our systems as stated above. When you, as a guest, come to one of our facilities, the laws governing the hospitality industry oblige us to collect legally defined personal data from each guest. In the event that the guest does not provide the minimum information required for guest registration in all relevant registers, we will not be able to provide accommodation services in accordance with the contract and the law. The personal data collected for this purpose by our authorized employees at the reception are:
  • name and surname
  • residential address
  • date of birth
  • number, type of identification document and place of issue
  • citizenship
  • the name of the facility where you are staying
  • accommodation unit number
  • date of arrival and departure of the guest
  • gender
Medora stores the above data in its guest database and, in accordance with the legal obligation, sends it to the E-visitor system (electronic system for guest registration) to the competent authorities of the Republic of Croatia, and the above data must be kept in the system for 10 years.
For the purposes of collecting the contract with the guest in accordance with the general terms of business, if payment is not made in cash, data on the account number from which the advance payment was received or data on the debited card are processed. In order to protect our guests as much as possible, your credit card number, which you have entered into the reservation system on our website as a payment guarantee or which we will debit for payment purposes, is recorded in our system in its entirety only until the end of your stay with us and is visible a minimum and strictly defined number of responsible employees. The system we use complies with the highest standard for payment security, the PS DSS standard. After the service has been charged, your card number is masked for further processing in such a way that certain numbers are replaced by an X, and this is also printed on your invoice or payment confirmation. If payment is made by card, your card number is processed exclusively on verified and secure POS devices certified by leading card companies.
In accordance with legal regulations, Medora is obliged to keep all invoices issued to guests with the guest's personal data for 11 years.
Other data related to the circumstances of your stay, such as: method of travel, who you are traveling with, marital status, number of children, pets, food allergies and other interests, will also be collected if they are directly related to the provision of our services. For example if you are traveling by car and want to park it during your stay in one of our designated parking lots or enter the camp with it unhindered, we will also need your vehicle's registration plate. Also, if you ask us to organize transportation for you from/to the airport or to another desired destination, or buy an excursion or other arrangement from our offer, your interests and requests will be recorded in our systems, and your data will be forwarded to one of our external associates with the aim of providing the requested services.

The data we collected during your inquiry, reservation or stay via our website, e-mail, call center or directly at our receptions are stored in our database for a minimum of 5 years, based on our legitimate interest with the aim of improving our services, better and faster response to inquiries in case of return of our guests, and to improve the organization and quality of work of our employees and services in our facilities. Only data that is necessary in accordance with our legal obligations (minimum amount of data prescribed by law) is stored for a longer period. This does not apply to sensitive card payment data that is processed in the system in the manner described above. You can object to the data we process based on our legitimate interest at any time at

If, for the purposes of sending an offer or booking an accommodation, we communicated with you by e-mail, or you gave us your address during a telephone conversation, online correspondence with our staff, registration at our reception desks, participation in prize games or filling out a customer satisfaction survey e-mail as your personal data, Medora's marketing team may occasionally contact you via it. It is our desire that you come back to us again and be our guest again, and with this goal in mind, and to enable you to receive notifications about our special promotions and discounts related to our services, we reserve our legitimate interest to occasionally contact you at your e-mail address. The information you will receive will refer exclusively to the services offered by Medora, which we believe you, as our client, are still interested in. Medora may also introduce a new channel for sending notifications, such as social networks or online advertising, based on our legitimate interest or if we receive your consent. If we made a mistake and you do not want to receive our notifications, you can file a complaint at at any time, and we will stop sending them without delay. Personal data are processed in the system we use to send notifications for 5 years, and contain your first and last name, and your e-mail address.

For the safety of our guests and employees, but also in accordance with our legal obligations under the Act on Occupational Safety and the Act on the Protection of Financial Institutions, Medora's business and hospitality facilities are monitored by a video surveillance system and an access control system. Video surveillance system recordings are kept for 14 days.



While you are not yet our employee, your personal data received at the e-mail address, through published job advertisements or online job application at will be used exclusively for the purposes of recruiting Medora hotels and resorts. d.d. By sending your application and CV, you give us your consent to process the personal data received for employment purposes for the needs of currently open positions as well as for our future employment needs. You can withdraw your consent at any time by contacting us at, after which we will delete or make your data unavailable for this processing.
When you become our employee, we process your data for the sake of our legal obligations as your employer in accordance with the Labor Act and other valid legal regulations. Data processed include:
- Your name and surname
- Your date of birth
- Your address and your contact information
- Your current account number
- Number and type of your personal document
- Data from your job application and your CV
- Additional data necessary for the purposes of employment and exercising your rights (eg, sick leave, tax benefits) as an employee.
Data processed in accordance with the Labor Act are stored permanently, regardless of the duration of your employment relationship with us. For the needs of daily business organization, we process your data in internal software tools that are used for communication, organization of daily schedules, implementation of business processes, records of working hours, etc. The data processed in these systems, in addition to primarily your first and last name, may also include your official e-mail address, name of your workplace, business correspondence, information about your stay during an official trip and other information in accordance with business needs and according to applicable legal regulations. The working time record system can also use your biometric data in accordance with internal decisions and your consent. Depending on the software tool and the purpose of the processing, the storage time of your personal data varies. Medora's business and hospitality facilities are equipped with a video surveillance system for the safety of our employees, guests and property, and in accordance with the Law on Occupational Safety and the Law on the Protection of Financial Institutions. Recordings of the video surveillance system can also process your personal data, and they are kept for 14 days.


Our Personal Data Protection Policy is regularly updated on our website and is available to all visitors to our website. By using our websites, filling out an online job application or publishing your own content on our pages, you confirm that you agree with our Personal Data Protection Policy and that you agree that we process your personal data in accordance with the purpose of processing and the published Personal Data Protection Policy. Medora hotels and resorts d.d. manages and edits profiles on social networks, such as Facebook or Instagram. Visitors to our profiles on social networks can publish content, photos or comments related to our facilities, services or stay with us. Medora hotels and resorts do not encourage or prevent such posts, but they are based solely on the interest and approval of visitors to our profiles. Medora hotels and resorts d.d. will not be liable for any direct or indirect, accidental, material or immaterial damage or expense incurred as a result of the use of Medora's websites and profiles on social networks or the publication of content by visitors to our pages or profiles. Sometimes we will ask you for your permission to publish these contents on our websites or social network profiles for publicly published content. The contents that we can publish refer exclusively to publicly available images and comments published on Facebook, Instagram or other social networks for which you have given us your consent. With your consent to such publications, you accept the rights and use of your content, which will be presented to you when asking for your consent.
In order for our websites to work optimally and for us to be able to make further improvements to the pages in order to improve your user experience, we use cookies on our websites. Cookie settings can be controlled and adjusted in your web browser, and the use of cookies can be disabled according to your choice. If you disable cookies, you can still browse our site, but some of its features will not be available to you.
A cookie is information saved on your computer by the website you visit. Cookies usually store your preferences for a website, such as your preferred language or address. Later, when you open the same website again, the Internet browser sends back the cookies belonging to that page. This allows the site to display information tailored to your needs.
There are several types of cookies: first-party cookies, session cookies, persistent cookies, and third-party cookies that we use to monitor the success of our digital campaigns and advertising.
First-party cookies come from the website you are viewing and can be permanent or temporary. With the help of these cookies, websites can store data that will be used again during the next visit to that website (e.g. language selection). Temporary cookies or session cookies are removed from the computer when the Internet browser is closed. Permanent or saved cookies remain on the computer after closing the Internet browser program. With them, websites store information, such as your login name and password, so you don't have to log in every time you visit a particular site. Permanent cookies will remain on the computer until you, as a user, disable/delete them or until your browser deletes them (period defined in browser settings).
Third-party cookies come from other websites (eg from advertising). Using these cookies, websites can, for example, monitor and improve the success of digital marketing campaigns.
Medora hotels and resorts d.d. uses cookies on its websites and We use first-party cookies (temporary and permanent) and third-party cookies.
We use cookies to optimize the pages in terms of system performance, ease of use and offer useful information about our services. With cookies, we automatically collect and store data in log files on your computer. Data collected includes information about your IP address, browser type and language settings, operating system, ISP (Internet Service Provider) name, and date/time stamp.
Individual user data is not disclosed to us, but the data we process is anonymous and statistical data, as well as demographic data about our users as a whole. We use this data to analyze trends and marketing needs, as well as effectively manage websites, because they help us learn more about the behavior of our users on our pages, the success of some of our marketing campaigns and the primary interests of our website visitors.



Your personal data will be stored in a form that can identify you for no longer than is necessary for the purpose for which it is processed. At the end of this time, which for certain processing is regulated by local laws that oblige us to retain data for a longer period, the data will be deleted or made unavailable for further processing.




In the case of certain data processing, the data you provide to us may be transferred or made available to third parties. In no case do we sell, rent or transfer your data to unauthorized third parties. The transfer of data or access to data is carried out for the following reasons:

- When we received your consent for such transfer (e.g. purchase of certain services organized by third parties)
- When companies or service providers that Medora hotels use for certain processing purposes access data in a manner that is regulated by the contractual relationship with Medora hotels and resorts d.d. (e.g. billing for services, technical maintenance of certain software tools, archiving and reporting)
- To fulfill our contractual and legal obligations (e.g. registration of guests in the e-visitor system, registration of employees or payment of salaries)
In the event of the need to transfer data, due to one of the above-mentioned reasons, we try to limit the data that is transferred to the necessary minimum. The third parties to whom we transfer your data have undertaken to protect your data in accordance with applicable laws and regulations on the protection of personal data. In the event that your personal data is transferred to third countries outside the European Economic Area (e.g. in the event that the processor is from the USA or uses data resources in the USA), we use standard contractual clauses to ensure adequate data protection during their transfer. transmission.


At any time, you can request information about your personal data that Medora hotels and resorts d.d. processes, for the purpose of processing, data recipients as well as entities to which we transfer your personal data. In addition, you have the right to update, correct, block or delete your data in accordance with legal provisions.

We will be happy to fulfill your request to delete your personal data in the following cases:
- if your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- if you withdraw the consent on which the processing is based;
- if you file an objection to the processing and there are no stronger legitimate reasons for the processing, or file an objection to the processing in which the data is processed for the purposes of direct marketing.
You can send us a request for access to personal data to the e-mail address or to our address “Medora hoteli i ljetovišta d.d., Mrkušića dvori 2”, 21327 Podgora, Croatia with your mandatory contact information and the note "Request for access to personal data". We cannot provide access to personal data through a telephone conversation. In order to prevent the misuse of your personal data, we will send you a predefined form and ask you to fill it in personally and return it to us, and we may also ask you for additional proof of your identity. Without establishing the correct identity, we will not be able to fulfill the request for access to personal data.


Medora hotels and resorts d.d. advises parents and guardians to teach children about safe and responsible handling of personal data on the Internet, because although at Medora we do not want or intend to collect information about minors without parental or guardian consent, we cannot always know the age of the person who accesses our websites. As a parent or guardian, you always have the right to request access to all personal data about your child that we have received on one of our websites, during your stay or your employment relationship with us. Also, Medora hotels and resorts d.d. they guarantee the protection of children's personal data provided for by special laws governing that issue.


Medora hotels and resorts d.d. recognize the importance of information security, and we continuously evaluate and upgrade our technical, physical and organizational security measures and procedures. We provide the users of the reservation system with the highest level of data protection. For secure data transfer between your PC and our servers, we use SSL technology with strong encryption. All personal data, numbers of personal documents, credit cards or other means of payment that users submit through the reservation system are transmitted exclusively through a secure connection using data encryption. The data processed in our systems are accessed only by authorized employees in accordance with the needs of business processes that require individual processing and, in some cases, by third parties who have undertaken to protect your data in accordance with applicable laws and regulations on the protection of personal data. Our employees are trained on how to handle personal data in accordance with legal provisions.
Choose a room Choose a room
Contact us