Politika privatnosti — Apartmani Kuparić

Apartmani Kuparić ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website rab-accommodation.com and use our services, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Croatian Act on the Implementation of the General Data Protection Regulation (NN 42/18).

1. Data Controller

The data controller responsible for your personal data is:

Business name: Apartmani Kuparić
Owner: Mladen Kuparić
Address: Kampor 318b, 51280 Rab, Croatia
Email:mkuparic@yahoo.com

2. What Personal Data We Collect

We collect personal data only when you voluntarily provide it to us. We do not require you to create an account, and we do not process payments on this website. The personal data we may collect includes:

2.1 Contact Form Submissions

When you submit an inquiry through our contact form, we collect the following information:

Full name — to address you personally in our response
Email address — to reply to your inquiry
Phone number (optional) — to contact you by phone if requested
Message content — the details of your inquiry, including any apartment preference you may indicate

2.2 Automatically Collected Data

When you visit our website, certain technical information may be collected automatically through cookies and similar technologies:

IP address (anonymised where possible)
Browser type and version
Operating system
Pages visited and time spent on each page
Referring website
Date and time of access

3. How We Use Your Data

We use your personal data for the following purposes:

Responding to inquiries: to process and reply to your contact form submissions regarding apartment availability, pricing, and booking
Website analytics: to understand how visitors use our website so we can improve its content and functionality
Legal compliance: to comply with applicable legal obligations under Croatian and EU law

3.1 Legal Basis for Processing

Under the GDPR, we process your personal data on the following legal bases:

Consent (Article 6(1)(a)): when you voluntarily submit the contact form, you consent to us processing your data to respond to your inquiry
Legitimate interest (Article 6(1)(f)): for website analytics and improving our services, where our interest does not override your fundamental rights and freedoms
Legal obligation (Article 6(1)(c)): where we are required by law to retain or disclose certain information

4. Cookies and Similar Technologies

Our website uses only essential and functional cookies. We do not use advertising or tracking cookies for marketing purposes.

4.1 Essential Cookies

These cookies are necessary for the website to function properly. They enable basic features such as page navigation, language preferences, and security. You cannot opt out of essential cookies as the website cannot function without them.

4.2 Analytics Cookies

We may use Google Analytics to collect anonymised data about how visitors interact with our website. Google Analytics uses cookies to generate statistical information. The data collected is aggregated and anonymous — it does not identify individual visitors. IP addresses are anonymised before storage. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

4.3 Third-Party Embeds

Our website embeds Google Maps to display the location of our apartments. When you load a page containing a Google Maps embed, Google may set cookies and collect data according to their own privacy policy. We recommend reviewing the Google Privacy Policy for more information.

5. Third-Party Services

We use the following third-party services that may process your data:

Google Maps — for displaying apartment locations. Data may be processed by Google LLC in accordance with their privacy policy.
Google Analytics — for anonymised website usage statistics. Data is processed by Google LLC. IP anonymisation is enabled.
Prismic — our content management system, used to deliver website content. Prismic does not collect visitor personal data.

Where data is transferred to service providers outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or an adequacy decision.

6. Data Retention

We retain your personal data only for as long as necessary:

Contact form submissions: retained for up to 2 years after your last inquiry, or until you request deletion, whichever comes first
Analytics data: retained for 14 months in aggregated, anonymised form (Google Analytics default retention period)
Legal records: where we are required by Croatian or EU law to retain certain data (e.g., for tax or accounting purposes), we will retain it for the legally mandated period

After the retention period expires, your data is securely deleted or anonymised so that it can no longer be associated with you.

7. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

Right of access (Article 15): you may request a copy of the personal data we hold about you
Right to rectification (Article 16): you may request correction of inaccurate or incomplete personal data
Right to erasure (Article 17): you may request that we delete your personal data ("right to be forgotten"), subject to legal retention obligations
Right to restriction (Article 18): you may request that we restrict the processing of your personal data under certain circumstances
Right to data portability (Article 20): you may request to receive your personal data in a structured, commonly used, and machine-readable format
Right to object (Article 21): you may object to processing based on legitimate interest at any time
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal

To exercise any of these rights, please contact us at mkuparic@yahoo.com. We will respond to your request within 30 days, as required by the GDPR.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

SSL/TLS encryption for all data transmitted between your browser and our website
Secure storage of contact form submissions with access limited to authorised personnel only
Regular review of our data processing practices

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

9. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take immediate steps to delete it.

10. Links to External Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any external websites you visit.

11. Supervisory Authority

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority. In Croatia, the competent authority is:

Agencija za zaštitu osobnih podataka (AZOP)
Croatian Personal Data Protection Agency
Selska cesta 136, 10000 Zagreb, Croatia
Website: azop.hr
Email: azop@azop.hr

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email:mkuparic@yahoo.com
Address: Kampor 318b, 51280 Rab, Croatia