Privacy Policy

Last updated: 2 July 2026

This Privacy Policy explains what personal data we collect when you visit this website, contact us, or book accommodation with us, why we process it, and what rights you have under the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

Obrt za usluge "ZVONČICA", vl. Zvonimira Krvavica
Obala palih omladinaca 12, 22000 Šibenik, Croatia
OIB: [OIB — to be confirmed]
Email: [email protected]
Phone: +385 91 563 1353

2. What Data We Collect

2.1 Booking data

When you book one of our apartments through the booking engine on this website, we collect the data needed to process and fulfil your reservation: your name and surname, email address, phone number, country of residence, dates of stay, number of guests, any special requests you submit, and payment-related information (such as confirmation of a bank transfer or card payment processed by our booking system provider).

2.2 Guest registration data

Croatian law requires us to register all guests with the national eVisitor system. For this purpose, at check-in we collect the data from your identity card or passport (name, date of birth, citizenship, document number).

2.3 Inquiries

If you contact us by email or phone, we process the contact details and other information you choose to share with us in order to answer your inquiry.

2.4 Website visits

This website does not use analytics or advertising trackers and does not set cookies of its own. The booking engine embedded in the site (see section 4) may set cookies that are strictly necessary for the booking process.

3. Why We Process Your Data (Legal Basis)

  • Performance of a contract (Art. 6(1)(b) GDPR) — processing your booking, communicating with you about your stay, and providing the accommodation service.
  • Legal obligations (Art. 6(1)(c) GDPR) — guest registration in the eVisitor system, tourist tax records, invoicing, and accounting records required by Croatian law.
  • Legitimate interest (Art. 6(1)(f) GDPR) — answering your inquiries and protecting our legal claims.

We do not use your data for automated decision-making or profiling, and we do not send marketing communications.

4. Who We Share Your Data With

We share your data only where necessary to provide our service or where the law requires it:

  • Rentlio (Rentlio d.o.o., Croatia) — the provider of our property management and booking system, which processes booking data on our behalf as a data processor. See the Rentlio privacy policy.
  • eVisitor — the official guest registration system of the Republic of Croatia, to which we report guest data as required by law.
  • Payment providers and banks — to the extent needed to process your payment.
  • Google Maps — this website links to Google Maps for directions to our property. If you follow the link, Google processes your data in accordance with the Google privacy policy.

We do not sell your personal data and we do not transfer it outside the European Economic Area, except where a service you choose to use (such as Google Maps) does so under the safeguards described in its own privacy policy.

5. How Long We Keep Your Data

  • Booking and invoicing records — for the period required by Croatian accounting and tax regulations (currently 11 years).
  • Guest registration records — for the period required by the regulations governing the eVisitor system.
  • Inquiries that do not lead to a booking — no longer than one year after our last communication.

6. Your Rights

Under the GDPR you have the right to request access to your personal data, its correction or erasure, restriction of processing, data portability, and to object to processing based on legitimate interest. To exercise any of these rights, contact us at [email protected]. We will respond without undue delay and at the latest within one month.

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb, azop.hr, or with the supervisory authority in your EU member state.

7. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Access to guest data is limited to the persons who need it to provide the accommodation service.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The current version, with the date of the last update, is always published on this page.