Privacy Policy

Last updated: September 22, 2025

1. Data Controller

Responsible for the processing of personal data on this website:
Šimo Suvajac
Ulica II 57, 23233 Privlaka–Sabunike, Croatia
Phone: +49 176 434 01684
Email: support@adria-villa.com

This privacy policy complies with the requirements of the EU GDPR and, where applicable, the revised Swiss Data Protection Act (DSG).

2. Types of Processed Data / Categories of Data Subjects

Data subjects are visitors and users of the website as well as inquirers and (potential) guests.

Personal data (first and last name), contact and communication data (email, phone number), request data (travel dates, number of guests, notes/requests)
Payment data (e.g., transaction ID, payment status) – no storage of complete card data
Usage/metadata (IP address, access time, referrer, user agent) in server and security logs
Calendar and reservation data (check-in/check-out, availability, request numbers if applicable)

3. Purposes and Legal Bases

Provision of the website, stability/IT security, abuse/fraud protection (Art. 6(1)(f) GDPR)
Processing inquiries and carrying out pre-contractual measures (Art. 6(1)(b) GDPR)
Fulfillment of contractual obligations from the accommodation contract and payment processing (Art. 6(1)(b) GDPR)
Fulfillment of legal obligations (e.g., tax/commercial retention) (Art. 6(1)(c) GDPR)
Consent, where required (Art. 6(1)(a) GDPR)

4. Hosting, CDN & Server Log Files

We use Cloudflare as a content delivery network/reverse proxy and for HTTPS. This processes IP address, requested content, date/time, referrer, and security information. Log data is usually stored for 14–30 days. Legal basis: Art. 6(1)(f) GDPR.

5. Domain Management

Our domain registration and DNS management is handled via Squarespace. Technical DNS data is processed. Legal basis: Art. 6(1)(f) GDPR.

6. Contact

Contact forms are processed via Formspree (USA). Emails are sent via Zoho Mail (Zoho Corporation), including automatic system emails (e.g., request confirmation). Legal basis: Art. 6(1)(b) and (f) GDPR.

When submitting the form, the entered content is transmitted to Formspree via HTTPS and then forwarded to us. Client-side status displays (e.g., "Sending.../Success") do not use additional third-party providers. No permanent personal data is stored in the local browser storage.

7. Request/Reservation

We process your information (name, email, phone number, arrival/departure dates, number of guests, notes) for quote creation, reservation, and contract fulfillment. Required mandatory fields are marked as such. Legal basis: Art. 6(1)(b) GDPR.

If you access our request page via special links, certain fields (e.g., check-in/check-out or promo codes) may be pre-filled from URL parameters. This information is processed exclusively in your browser (Session Storage) and is not transmitted to us without your action.

8. Payment Processing

Payments are processed via Stripe and/or PayPal. Payment data is transmitted directly to these providers; we do not store complete card data. Legal basis: Art. 6(1)(b) GDPR.

9. Calendar Synchronization

To avoid double requests, availability and reservation data is synchronized with Airbnb and Booking and possibly other booking platforms. Legal basis: Art. 6(1)(b) GDPR.

10. Embedded Content & External Services

Google Maps (IP transmission to Google)
Google Fonts (fonts, IP transmission)
Font Awesome Kit (icons, IP transmission)

11. Cookies & Local Storage

We exclusively use technically necessary cookies or comparable technologies. This includes Local Storage and Session Storage in your browser. These are used to provide request and contact functions (e.g., date selection, number of guests, price subtotals, promo codes) and to conveniently retain your entries within a session.

Session Storage: temporarily stores request data such as check-in/check-out, number of guests, and price subtotals. The data remains in your browser and is automatically discarded when closing the tab or session.
There is no storage of sensitive payment data in Local/Session Storage. Payment data is processed exclusively via PCI-compliant payment providers (Stripe/PayPal) (see "Payment Processing").

We currently do not use tracking or analytics cookies. You can delete cookies and Local/Session Storage content in your browser at any time; certain website functions may be limited as a result.

12. Storage Duration

Inquiries/request data: up to 10 years (legal retention)
Server/security logs: 14–30 days
Consents: up to 3 years

13. Recipients/Categories of Recipients

Cloudflare (CDN/security), Squarespace (domain/DNS), Zoho (email), Formspree (form submission), Stripe/PayPal (payment), Google (Maps/Fonts), Font Awesome (icons), Airbnb/Booking.com (calendar sync), as well as authorities/tax advisors where legally required.

14. Third Country Transfers

When using external services (e.g., Cloudflare, Zoho, Stripe, Google, Formspree), transmission to third countries (especially the USA) may occur. Where no adequacy decision exists, we base transfers on EU standard contractual clauses and/or obtain your consent. Further information is available in the privacy notices of the respective providers.

15. Obligation to Provide Data

Providing your data is necessary for inquiries/requests; otherwise, no contract can be concluded.

16. Data Security

We implement appropriate technical and organizational measures (TOM), e.g., access restrictions, pseudonymization/storage minimization, and TLS/HTTPS encryption.

17. Minors

Our service is not directed at persons under 16 years of age. Data from minors will be deleted upon knowledge, subject to legal retention obligations.

18. Your Rights

Within the framework of legal requirements, you have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of granted consents (Art. 7(3)) with effect for the future. You also have the right to lodge a complaint with a data protection supervisory authority, e.g., the AZOP – Croatian Data Protection Agency or the authority responsible for your place of residence; for Switzerland: FDPIC.

19. Changes

We may update this privacy policy if the legal situation, our processes, or the services used change. The current version is always available on this page.