PRIVACY POLICY FOR CASA NEVIA

Last Updated: April 18, 2026

1. Controller Information

Responsible for Data Processing (Data Controller):
Nevia Vicelic
Bastijanova 3, 20210 Cavtat, Croatia
Email: vicelicnevia@gmail.com
Phone: +385 998887143
VAT/ID Number: HR28336923382

2. What personal data we collect and why

We collect only the data necessary to provide accommodation services, comply with Croatian tourism laws, and ensure a secure stay.

A. Booking & Guest Registration (Legal Basis: Contract & Legal Obligation)

To complete your reservation and register you with the eVisitor system (Croatian Tourist Board), we collect:

  • Full name (all guests)
  • Date of birth
  • Personal identification document number (Passport/ID)
  • Country of residence
  • Address
  • Arrival and departure dates
  • Contact information (Email, Phone)

B. Website Browsing (Legal Basis: Legitimate Interest)

  • Comments: If you leave comments on our site, we collect the data shown in the comments form, your IP address, and browser user agent to help spam detection. An anonymized string (hash) may be provided to Gravatar.
  • Cookies: We use temporary cookies to determine if your browser accepts cookies. Login cookies last 2 days; screen options cookies last 1 year. If you select “Remember Me”, login persists for 2 weeks.
  • Embedded Content: Articles may include embedded content (videos/images) from other websites that behaves as if you visited that other website.

C. Security & Property Protection (Legal Basis: Legal Obligation & Legitimate Interest)

  • Video Surveillance: The entrance of the property may be monitored via CCTV for the safety of guests and property. Recordings are retained for a limited period.
  • Incident Reports: Data regarding accidents or damages.

3. How we use your data (Purposes)

We process your personal data for the following specific purposes:

  • To manage your booking and payment.
  • To register you with the eVisitor system (required by the Ministry of Tourism of the Republic of Croatia) .
  • To comply with tax and accounting laws (invoicing).
  • To communicate with you regarding your stay.
  • To improve our website and guest experience.
  • To handle disputes or security incidents.

4. Legal basis for processing (GDPR Article 6)

We process your data based on the following legal grounds:

  1. Performance of a Contract: To prepare your booking and provide accommodation.
  2. Legal Obligation: To register guests with Croatian authorities (eVisitor) and issue invoices.
  3. Legitimate Interests: To improve our services, ensure security, and prevent fraud.
  4. Consent: For marketing communications (newsletters). You can withdraw consent anytime.

5. Data sharing and recipients

We do not sell your personal data. We may share data with:

  • Public Authorities: Croatian Tourist Board, Ministry of Internal Affairs, Tax authorities (as required by law) .
  • IT Service Providers: Website hosting, booking engine, and email services (who are contractually bound to protect data under GDPR).
  • Payment Processors: PCI-DSS compliant services (we do not store your credit card details directly).

6. Data retention period

We retain your data only as long as necessary:

  • Guest Registration Data (eVisitor): Retained for the period required by Croatian law (usually several years for tax/statistical purposes).
  • Invoices & Contracts: 10 years (compliance with tax law).
  • Website Comments: Retained indefinitely (so we can recognize follow-ups automatically).
  • CCTV Footage: Usually 7-14 days, unless required for an incident.
  • Marketing Data: Until you unsubscribe.

7. Your rights under GDPR

Under the GDPR, you have the following rights. You can exercise them by contacting us at vicelicnevia@gmail.com:

  • Right to Access: Request a copy of the data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your data, unless we are legally required to keep it (e.g., for tax laws).
  • Right to Restrict Processing: Limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, electronic format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: For marketing emails.
  • Right to Lodge a Complaint: File a complaint with the Croatian Personal Data Protection Agency (AZOP) if you believe your rights are violated.

8. Security measures

We implement appropriate technical and organizational measures (SSL encryption, secure servers, access controls) to ensure a level of security appropriate to the risk, protecting against unauthorized access, alteration, disclosure, or destruction of your personal data.

9. Children’s privacy

Our services are not directed to children under 16. We do not knowingly collect data from minors. If we discover we have collected data from a child under 16 without parental consent, we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date.

11. Contact information

For any questions regarding this policy or to exercise your GDPR rights:

Nevena Vicelic
Email: vicelicnevia@gmail.com
Phone: +385 998887143
Address: Bastijanova 3, 20210 Cavtat, Croatia