Privacy Policy

1. General Information

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

2. Guest Registration, Check-in & Third-Party Service Providers

To ensure a smooth stay and to comply with legal obligations in Croatia, we collect and process personal data from our guests. Below we explain how this specific data is handled.

Statutory Reporting Obligation (eVisitor)

According to the regulations of the Republic of Croatia (Tourist Tax Act and Act on Membership Fees in Tourist Boards), we are legally obliged to register all guests via the national “eVisitor” system upon arrival. For this purpose, we collect the following data from you and transmit it to the Croatian Tourist Board (Hrvatska turistička zajednica):

• First and last name
• Place and date of birth
• Nationality
• Type and number of identification document (Passport or ID card)
• Place of residence (Country, City, Address)
• Gender
• Period of stay

This data processing is based on a legal obligation (Art. 6 Para. 1 lit. c GDPR).

Online Check-in via JotForm

To facilitate the secure collection of your data before arrival, we use the form service JotForm (JotForm Inc., 111 Pine St. Suite 1815, San Francisco, CA 94111, USA).

• Data Security: We have configured our JotForm account to ensure that all data is stored exclusively on servers within the European Union (Germany).
• Processing: Your data is transmitted via an encrypted SSL connection.
• We have concluded a Data Processing Agreement (DPA) with JotForm to ensure compliance with European data protection standards.

On-site Guest Support (Service Providers)

To organize your check-in, hand over keys, and ensure personal support on-site, we work with local service providers (e.g., property managers/caretakers).

• Data Access: These service providers receive access to your personal data (including the check-in form) solely for the purpose of registering you with eVisitor and managing your stay.
• Security: Data is transmitted to our local partners via secure, password-protected documents or encrypted connections. We have signed confidentiality and data processing agreements with our local partners to strictly prohibit unauthorized use or disclosure of your data.

3. Data Collection on our Website (Cookies & Tracking)

Google Analytics

We use Google Analytics to measure the performance of our website. The following cookies may be set:

Expiry: after 24 hours Name: _gat_gtag_UA_ Value: 1 Purpose: Used to throttle the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie is named _dc_gtm_.

Expiry: after 1 minute Name: AMP_TOKEN Value: not specified Purpose: This cookie contains a token that can be used to retrieve a User ID from the AMP Client ID service. Other possible values indicate an opt-out, a request, or an error.

Expiry: after 30 seconds to one year Name: __utma Value: (Example ID) Purpose: This cookie allows tracking of your behavior on the website and measures performance. The cookie is updated every time information is sent to Google Analytics.

Expiry: after 2 years Name: __utmt Value: 1 Purpose: This cookie is used like _gat_gtag_UA_ to throttle the request rate.

Expiry: after 10 minutes Name: __utmb Value: (Example Timestamp) Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.

Expiry: after 30 minutes Name: __utmc Value: (Example ID) Purpose: This cookie is used to determine new sessions for returning visitors. It is a session cookie and is only stored until you close your browser.

Expiry: After closing the browser Name: __utmz Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/ Purpose: This cookie is used to identify the source of traffic to our website. This means the cookie stores where you came from to reach our website. This could have been another page or an advertisement.

Expiry: after 6 months Name: __utmv Value: not specified Purpose: This cookie is used to store custom user data. It is updated whenever information is sent to Google Analytics.

Expiry: after 2 years Note: This list cannot claim to be exhaustive, as Google repeatedly changes the choice of its cookies.

How long and where is the data stored? Google has servers distributed all over the world. Most servers are located in America. Your data is distributed across various physical data carriers. Standardized storage duration for your user data in Google Analytics is set to 26 months. Then your user data is deleted.

How can I delete my data or prevent data storage? You can prevent Google Analytics from using your data by using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=en.

Google Analytics Google Signals

We have activated Google Signals in Google Analytics. This updates existing Google Analytics features to obtain aggregated and anonymized data from you, provided you have allowed personalized ads in your Google account. The special thing about this is that it involves Cross-Device Tracking. This means your data can be analyzed across devices. By activating Google Signals, data is collected and linked to the Google account. Thanks to the activation of Google Signals, we can launch cross-device remarketing campaigns. This data expires by default after 26 months. Please note that this data collection only takes place if you have allowed personalized advertising in your Google account. It is always aggregated and anonymous data.

Facebook Pixel

We use the Facebook Pixel from Facebook on our website. The Facebook Pixel is a snippet of JavaScript code that loads a collection of functions allowing Facebook to track your user actions if you came to our website via Facebook Ads. This allows Facebook to match your user data (customer data such as IP address, User ID) with the data of your Facebook account. The collected data is anonymous and not viewable for us and can only be used in the context of ad placements.

Example Cookies from Facebook Pixel: Name: _fbp | Expiry: after 3 months | Purpose: Facebook uses this cookie to display advertising products. Name: fr | Expiry: after 3 months | Purpose: This cookie is used so that Facebook Pixel functions properly.

If you are logged into Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/ads/preferences/.

Facebook Automatic Advanced Matching

As part of the Facebook Pixel function, we have also activated Automatic Advanced Matching. This function of the pixel allows us to send hashed emails, names, gender, city, state, zip code, and date of birth or phone number as additional information to Facebook, provided you have made this data available to us. This allows us to tailor advertising campaigns on Facebook even more precisely.

Google Tag Manager

For our website, we use the Google Tag Manager from Google Inc. This is an organizational tool with which we can integrate and manage website tags centrally. The Tag Manager itself is a domain that does not set cookies and does not store data. It acts as a mere “manager” of the implemented tags. The data is captured by the individual tags of the different web analysis tools (e.g. Google Analytics). In the account settings of the Tag Manager, we have allowed Google to receive anonymized data from us regarding the use of the tool.

Cloudflare

We use Cloudflare from the company Cloudflare, Inc. (USA) on this website to make our website faster and more secure (CDN & Security). Cloudflare generally only forwards data controlled by website operators. For security reasons, Cloudflare uses a cookie: Name: __cfduid | Expiry: after one year | Purpose: Used to identify individual users behind a shared IP address and apply security settings. It does not store personal data.

Google reCAPTCHA

We use Google reCAPTCHA to determine whether you are really a human being and not a robot or spam software. The collected data includes: Referrer URL, IP address, OS info, Cookies, Mouse/Keyboard behavior, Date/Language settings, JavaScript objects, Screen resolution. Cookies used by reCAPTCHA: IDE, 1P_JAR, ANID, CONSENT, NID, DV. By inserting reCAPTCHA, data from you is transferred to the Google server.

Google Custom Search

We have integrated the Google Custom Search plug-in on our website. Data is only transferred to Google if you actively use the Google search built into our website. This means that only when you enter a search term into the search bar and then confirm this term, your IP address is sent to Google alongside the search term.

Cookiebot

We use functions of the provider Cookiebot (Cybot A/S, Denmark) to provide you with a GDPR-compliant cookie notice. If you allow cookies, the following data is transferred to Cybot: IP address (anonymized), Date and time of consent, Website URL, Technical browser data. Cookies from Cookiebot: Name: CookieConsent | Expiry: after one year | Purpose: Stores your consent status. Name: CookieConsentBulkTicket | Expiry: after one year | Purpose: Stores a collective consent ID.

All user data is deleted by Cookiebot after 12 months from registration or immediately after termination of the service.

4. Your Rights

Under European Union data protection law, you have the right to access, update, delete, or restrict your data. You can prevent the storage of cookies by setting your browser software accordingly. You can also object to the processing of your data at any time. To exercise these rights, please contact the website operator listed in the Legal Notice (Impressum).