Privacy Policy (GDPR)

This Privacy Policy explains how Villa Mare Blue (“we”, “us”) processes personal data when you visit our website or contact us about a stay. We operate from Croatia and comply with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Controllers: Danijel Barišić, Mihajel Barišić, Markus Buntić
Address: Blagari 15, 52341 Pifari, Croatia
Email: villamareblue.hr@gmail.com
WhatsApp: +385 91 241 5483 / +49 162 926 2760

2. What Data We Collect

• Contact data: name, email address, phone number (if provided).
• Booking inquiry data: dates, number of guests, message content.
• Technical data: IP address, device/browser information, referring page, approximate location derived from IP, and access times (server logs).
• Cookies: small text files stored on your device (see Section 6).

3. Purpose and Legal Basis (GDPR Art. 6)

• Responding to inquiries (Art. 6(1)(b) – steps prior to entering a contract; and/or Art. 6(1)(f) – legitimate interest to communicate).
• Managing reservations if you book (Art. 6(1)(b) – contract).
• Website security and operation via server logs (Art. 6(1)(f) – legitimate interests).
• Compliance with legal obligations (Art. 6(1)(c)) where applicable.

4. Contact Forms and Email

If you contact us via a form or email, we process the information you provide to answer your request and, if applicable, to prepare or manage a booking. Our website may use a form delivery service such as Formspree or EmailJS. In that case, your message is transmitted to that provider to deliver it to us. Please consult the provider’s privacy policy for details.

Data processed: name, email, message, and any details you submit (e.g., dates/guests).
Retention: we keep inquiry correspondence as long as needed to handle your request and for documentation purposes, typically up to 24 months, unless a longer period is required by law or an ongoing contractual relationship.

5. Sharing of Data / Recipients

We do not sell your personal data. We may share data only with:

• Service providers who support the website (hosting, email delivery, form service).
• Booking/communication partners if you request it (e.g., channel managers), only as necessary.
• Authorities if legally required.

6. Cookies

Our site may use essential cookies that are required for basic functionality and security. If we use analytics or marketing cookies in the future, we will request your consent where required.

• Essential cookies: required to operate the website (legal basis: Art. 6(1)(f)).
• Optional cookies (e.g., analytics): only with consent (Art. 6(1)(a)) where required.

You can delete cookies at any time in your browser settings and configure your browser to block cookies. Please note that some functions may not work if cookies are disabled.

7. Embedded Third-Party Services (Google Maps)

Our website may embed Google Maps to display the property location. When the map loads, your browser may connect to Google’s servers and transmit technical data (e.g., IP address). Google may use cookies or similar technologies. This processing is carried out by Google as an independent controller.

Legal basis: Art. 6(1)(f) legitimate interest in providing a map; and/or consent where required by your local law and configuration.
You can avoid this by not loading the map (e.g., blocking third-party content).

8. International Transfers

Some service providers may process data outside the European Economic Area (EEA). Where applicable, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or rely on an adequacy decision.

9. Data Security

We use reasonable technical and organizational measures to protect your data. However, no transmission over the internet is completely secure.

10. Your Rights

Under GDPR you have the right to:

• Access your personal data (Art. 15)
• Rectification (Art. 16)
• Erasure (“right to be forgotten”) (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Object to processing based on legitimate interests (Art. 21)
• Withdraw consent at any time (Art. 7(3)) where processing is based on consent

To exercise your rights, contact us using the details above.

11. Complaints

If you believe your data is being processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority. In Croatia, this is the Personal Data Protection Agency (AZOP).

12. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is published on this page.
Last updated: 2026-01-13

---

Also see: Impressum • Terms & Conditions