Privacy Policy

The data controller responsible for your personal data is:

For any questions regarding this Privacy Policy or our data processing practices, please contact us using the details above.

We collect the following categories of personal data:

2.1 Information You Provide

• Account Information: Name, email address, phone number, password (encrypted)
• Booking Information: Check-in/check-out dates, number of guests, special requests
• Payment Information: Billing address (payment card details are processed by our secure payment provider)
• Communication Data: Messages, inquiries, and correspondence with us

2.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, time spent on site, click patterns
• Cookies: Session and preference cookies (see Section 8)

2.3 Information from Third Parties

• Social Login: If you sign in via Google or Facebook, we receive your name and email from these services

We process your personal data for the following purposes:

• Booking Services: To process and manage your villa reservations, communicate booking confirmations, and provide customer support
• Account Management: To create and manage your user account, authenticate your identity, and maintain your wishlist
• Communication: To respond to your inquiries, send booking-related notifications, and provide customer service
• Marketing (with consent): To send promotional offers, newsletters, and information about our services if you have opted in
• Service Improvement: To analyze usage patterns and improve our website functionality and user experience
• Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our terms and conditions

We process your personal data based on the following legal grounds:

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

We share your personal data with the following categories of recipients:

6.1 Service Providers

• Hostaway: Our property management system provider, used to manage bookings and property availability. Hostaway processes guest data on our behalf under a Data Processing Agreement.
• Payment Processors: Secure payment providers who process your payment transactions.

6.2 Property Owners

When you book a property, we share necessary booking details (name, contact information, booking dates) with the property owner/landlord to fulfill your reservation.

6.3 Legal Requirements

We may disclose your data if required by law, court order, or to protect our legal rights.

We do not sell your personal data to third parties.

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): You can request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing (Art. 18): You can request that we limit how we use your data.
• Right to Data Portability (Art. 20): You can request your data in a structured, machine-readable format.
• Right to Object (Art. 21): You can object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent (Art. 7): Where processing is based on consent, you can withdraw it at any time.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) or your local supervisory authority.

We use cookies and similar technologies on our website. Here are the types of cookies we use:

When you first visit our website, you will be asked to consent to our use of cookies. You can choose to accept all cookies or only essential cookies. You can change your preferences at any time by clearing your browser cookies and revisiting our site.

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure password hashing
• Access controls and authentication
• Regular security assessments
• Secure data storage with our hosting providers

While we strive to protect your personal data, no method of transmission over the Internet is 100% secure. We encourage you to use strong passwords and keep your account credentials confidential.

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We aim to respond to all legitimate requests within 30 days. If your request is particularly complex, we may need additional time and will notify you accordingly.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make significant changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify registered users via email for material changes
• Display a notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.