Privacy Policy

1 Data Controller

The controller responsible for processing your personal data is:

If you have any questions about how we handle your personal data, you are welcome to contact us directly at the address above.

2 What Personal Data We Collect

We collect only the information necessary to respond to your enquiry and manage your reservation. This may include:

• Your first and last name
• Email address
• Phone number (if provided)
• Desired apartment, check-in and check-out dates, number of guests
• Any additional message or special request you include in the form
• Your IP address (logged automatically by our web server for security purposes)

We do not collect payment card numbers or financial data through this website. Payment arrangements are handled separately and communicated directly with you.

3 Why We Collect Your Data

Your personal data is used exclusively for the following purposes:

• Responding to your booking enquiry or contact message
• Confirming and managing your reservation
• Sending you relevant pre-arrival information (directions, check-in instructions)
• Fulfilling our legal obligations as accommodation providers under Croatian law
• Protecting our website and systems from abuse (IP logging)

We do not use your data for marketing without your explicit consent, and we do not send newsletters or promotional emails unless you specifically ask us to.

4 Legal Basis for Processing

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679:

• Contract performance — processing is necessary to fulfil your reservation or respond to a pre-contractual enquiry (Article 6(1)(b) GDPR)
• Legitimate interest — basic security logging and fraud prevention (Article 6(1)(f) GDPR)
• Legal obligation — Croatian law requires accommodation providers to register guest details with local authorities (Article 6(1)(c) GDPR)

5 Data Storage & Security

Your data is stored on our hosting provider's servers located within the European Union. We apply appropriate technical and organisational security measures, including:

• HTTPS encryption for all data transmitted via this website
• Access restricted to authorised personnel only
• Regular software updates and security patches on our hosting environment

No method of transmission over the internet is 100% secure, but we take all reasonable steps to protect your data from unauthorised access, disclosure or loss.

6 Sharing Your Data

We do not sell, rent or trade your personal data. We may share your information only in the following limited circumstances:

• Evisitor (Croatian tourist board system) — as required by law, guest details (name, nationality, passport/ID number, dates of stay) must be registered with the Croatian Ministry of Interior via the eVisitor system
• Email service provider — our web hosting provider processes outgoing emails on our behalf; they act as a data processor under a data processing agreement
• Legal authorities — if required by law, court order or to protect our legal rights

No third parties receive your data for marketing, advertising or any other commercial purpose.

7 How Long We Keep Your Data

We retain your personal data only for as long as necessary:

• Booking enquiries that did not result in a reservation — deleted within 6 months of your last communication
• Confirmed reservations — retained for 7 years as required by Croatian accounting and tax law
• Guest registration data (eVisitor) — retained as required by Croatian law (minimum 1 year)
• Server access logs (IP addresses) — retained for up to 30 days then automatically deleted

After these periods, your data is securely deleted or anonymised.

8 Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — ask us to delete your data, subject to legal retention obligations
• Right to restriction — ask us to restrict processing of your data in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at hello@apartmentskabalin.hr. We will respond within 30 days. If you believe we are processing your data unlawfully, you also have the right to lodge a complaint with the Croatian supervisory authority:

9 Cookies

Our website uses only technically necessary cookies — small text files stored in your browser that are required for the site to function correctly. We do not use:

• Advertising or tracking cookies
• Analytics cookies (Google Analytics or similar)
• Social media tracking pixels

10 Children's Privacy

Our website and services are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without parental consent, please contact us and we will delete it promptly.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after any changes constitutes acceptance of the updated policy.

12 Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to get in touch:

📩 Contact Us