Lopar 545, Croatia

Make reservation

1. Introduction


Apartmani Marija processes your personal data in accordance with the EU General Data Protection Regulation (GDPR). This policy details what data we collect, why, and your rights under EU law.

2. Data Controller and EU Representative

Data Controller: Apartmani Marija, Lopar 545, Croatia

If we do not have an establishment in the EU, we appoint an EU Representative as required by Article 27 GDPR.

3. Data We Collect

  • Identity & Contact Data: name, email, phone, postal address

  • Payment & Booking Data: billing information, reservation details

  • Communications: correspondence related to stays or inquiries

  • Technical Data: IP address, device/browser info, usage logs

  • Special Categories/Sensitive Data: We DO NOT collect sensitive data (e.g. health or racial origin)

4. Legal Basis for Processing (Article 6 GDPR)

  • Contractual necessity: to confirm and manage bookings

  • Legal obligation: for taxes and regulatory compliance

  • Legitimate interests: fraud prevention, service improvements

  • Consent: for marketing, cookies—not linked to mandatory booking services. Will use explicit opt-in, with easy opt-out.

5. Consent & Cookie Usage

  • Obtained separately with clear “yes/no” options (opt-in)

  • Consent records stored per GDPR

  • Cookie banner with granular controls matching ePrivacy requirements

6. Data Sharing

We share your data only when required for:

  • Payment processors

  • Compliance with legal demands

7. Data Retention

We retain personal information no longer than necessary, based on:

  • Bookings: up to 5 years for tax/legal obligations

  • Marketing consents: until withdrawn

  • Cookies/logs: per cookie banner policy

8. Data Subject Rights (Articles 12–23 GDPR)

You have the right to:

  • Access, correct, delete, or port your data

  • Withdraw consent at any time

  • Object or restrict processing

  • Lodge a complaint to your local Data Protection Authority

Requests will be handled within one month (or two if complexity justifies).

9. Security Measures

We have implemented technical and organizational measures to protect your data—such as SSL encryption, secure servers, and access controls.

10. Data Breach Notification

In case of a data breach posing risk to your rights, we will notify you and relevant Supervisory Authorities within 72 hours, per GDPR rules .

11. Contact Information

  • Data Controller:
    Apartmani Marija, Lopar 545, Croatia

  • For GDPR rights requests or questions, contact: app.paparic@gmail.com