Privacy Policy

1. Data Controller

The data controller is:
UGOSTITELJSKI OBRT KAMP LUPIS VL.MARIJA LUPIS, LOVIŠTE
Lovište 68, 20269 Lovište, Croatia
info@peljesac-lupis.com
+385.958302990

(hereinafter: controller)

2. Personal Data We Collect

In the course of our business, we collect the following personal data:

  • full name

  • address (permanent or temporary)

  • email address

  • phone number

  • reservation details (dates, number of persons, special requests)

  • any additional data voluntarily provided by the user

3. Purposes and Legal Bases of Processing

We process personal data exclusively for the following purposes:

a) Reservation and Service Execution

  • processing inquiries

  • reservation confirmation

  • communication with guests

  • provision of accommodation services

Legal basis: performance of a contract

b) Legal Obligations

  • keeping guest records

  • issuing invoices
    submitting guest data to the eVisitor system in accordance with Croatian law

  • compliance with obligations towards public authorities

Legal basis: legal obligation

c) Legitimate Interest

  • basic communication with guests

  • fraud prevention

  • ensuring system security

Legal basis: legitimate interest (Article 6(1)(f) GDPR)

⚠️ The controller does NOT use personal data for:

  • direct marketing (newsletter)

  • profiling

4. Data Retention

We retain personal data as follows:

  • reservation data: up to 12 months after the service is completed

  • accounting data: 10 years (legal obligation)

  • communication data: up to 12 months after communication ends

After the retention period expires, the data is deleted or anonymized.

5. Recipients of Personal Data

Personal data may be shared with the following categories:

  • IT service providers (hosting, email)

  • accounting services

  • public authorities (if required by law)

The controller does not sell or rent personal data to third parties.

6. Data Transfers Outside the EU

Personal data is generally not transferred outside the European Economic Area (EEA).
However, the controller may use IT service providers (e.g. hosting, email) that process data outside the EEA. In such cases, appropriate safeguards such as Standard Contractual Clauses (SCC) are applied.

7. Data Subject Rights

The user has the following rights:

  • right of access

  • right to rectification

  • right to erasure (“right to be forgotten”)

  • right to restriction of processing

  • right to object

  • right to data portability

Requests can be sent to: info@peljesac-lupis.com

8. Right to Lodge a Complaint

The data subject has the right to lodge a complaint with a supervisory authority:
:contentReference[oaicite:1]{index=1}
or with the authority in their country of residence.

9. Data Security

The controller implements appropriate technical and organizational measures to protect personal data, including:

  • restricted access to data

  • protection of information systems

  • regular software updates

10. Cookies

The website uses cookies for:

  • basic website functionality

  • traffic analysis (if analytics is used)

Users can manage cookies through their browser settings.

Non-essential cookies (e.g. analytics) are only set after user consent.

11. Children’s Data Protection

The service is not intended for persons under the age of 15.

If the controller becomes aware that personal data of a child has been collected without appropriate parental consent, such data will be deleted immediately.

12. Changes to This Privacy Policy

The controller reserves the right to modify this privacy policy.
The current version is always available on the website.