BOOK ONLINE

Blue Zadar

Privacy Policy

This page explains what personal data we process, why we process it and what rights you have when using bluezadar.com.

Data controller

Monika Drążkowska - Blue Zadar, ul. Branka Vodnika 5, 23000 Zadar, Croatia.

hello@bluezadar.com+48 512 640 339

1. General provisions

This Privacy Policy sets out the rules for processing personal data and the use of cookies in connection with the use of the website bluezadar.com.

The Website also uses Google Analytics to prepare statistics and analyses regarding how the Website is used.

The controller of personal data of the Website users is Monika Drążkowska - Blue Zadar, with the correspondence address: ul. Branka Vodnika 5, 23000 Zadar, Croatia.

The Controller can be contacted regarding personal data at the e-mail address: hello@bluezadar.com and by phone at +385 98 951 4000.

By using the Website, the user accepts the terms of this Privacy Policy.

2. Legal basis for data processing

Personal data of users are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and applicable provisions of Polish law, in particular the Personal Data Protection Act and the Act on Rendering Electronic Services.

The Controller processes personal data only to the extent necessary to achieve the purposes indicated in this Privacy Policy and in accordance with the principles laid down in the GDPR, including lawfulness, fairness, transparency, data minimisation and accountability.

3. Scope of processed data

Data voluntarily provided by the user

  • first name and surname,
  • e-mail address,
  • phone number,
  • content of the message or enquiry,
  • information about the planned trip, such as dates, number of people and preferences, if the user chooses to provide them.

Data provided in connection with the conclusion and performance of contracts

The Controller may process data necessary to handle reservations, payments and settlements related to tours and travel services.

Data collected automatically while using the Website

  • IP address,
  • type and version of web browser,
  • operating system,
  • approximate location,
  • date and time of visits,
  • statistical data related to traffic on the Website collected by analytics tools such as Google Analytics.

4. Purposes and legal grounds for processing

Responding to enquiries and establishing contact

Purpose: handling enquiries sent via e-mail, phone or contact forms on the Website.

Legal basis: Article 6(1)(f) GDPR - legitimate interest of the Controller consisting in communicating with persons interested in the offer.

Preparing offers and performing contracts

Purpose: preparing individual offers, making bookings, organising and providing travel services and related arrangements.

Legal basis: Article 6(1)(b) GDPR - necessity for the performance of a contract or taking steps at the request of the data subject prior to entering into a contract.

Compliance with legal obligations

Purpose: fulfilling legal obligations, in particular tax and accounting obligations.

Legal basis: Article 6(1)(c) GDPR - legal obligation to which the Controller is subject.

Establishment, exercise or defence of claims

Purpose: securing and pursuing possible claims related to the Controller's business, including provided travel services.

Legal basis: Article 6(1)(f) GDPR - legitimate interest of the Controller.

Analytics and statistics

Purpose: analysing user activity on the Website and statistics of visits in order to improve the Website and adapt it to users' needs.

Legal basis: Article 6(1)(f) GDPR - legitimate interest of the Controller consisting in analysing how the Website is used and developing it.

Direct marketing of own services

Purpose: sending information about the current offer, new tours, promotions or content related to Blue Zadar, for example a newsletter, if implemented.

  • Article 6(1)(a) GDPR - consent of the user,
  • Article 6(1)(f) GDPR - legitimate interest of the Controller consisting in marketing own services to existing customers.

5. Recipients of personal data

The Controller does not sell users' personal data to third parties.

  • OVHcloud (OVH Groupe SA) - hosting and server infrastructure provider where the Website is hosted,
  • IT service providers and technical support necessary to maintain the Website, including the WordPress environment,
  • Bókun ehf. - Bókun, a Tripadvisor company - the booking platform used to handle online reservations,
  • Google Ireland Limited - provider of Google Analytics used to analyse traffic on the Website,
  • accounting, legal or advisory service providers supporting the Controller's business,
  • local partners and contractors in Croatia, such as boat operators, transport companies and local tour providers, to the extent necessary to perform booked services,
  • public authorities, if the obligation to disclose data results from applicable law.

6. Transfers of data outside the European Economic Area

As a rule, personal data are processed within the European Economic Area, including on servers of the hosting provider OVHcloud.

Due to the use of the Bókun booking system and Google Analytics, users' data may in some cases be transferred to third countries, in particular to the United States.

Where data are transferred outside the EEA, the Controller ensures that appropriate safeguards required by the GDPR are in place, including standard contractual clauses approved by the European Commission or other appropriate legal instruments.

Detailed information about the safeguards used for data transfers may be provided to the user upon request.

7. Data retention periods

Data processed for the purpose of responding to enquiries are stored for the period necessary to conduct the correspondence, and afterwards for the limitation period of any claims arising from such correspondence.

Data processed in connection with the conclusion and performance of a contract are stored for the duration of the contract and for the period required by law, in particular tax and accounting regulations.

Data processed on the basis of consent are stored until the consent is withdrawn, unless a longer retention period is required by law.

Data used for analytics and statistical purposes may be stored in an anonymised form, without possibility of identifying an individual, for a longer period.

8. Rights of data subjects

To exercise these rights, the user may contact the Controller at hello@bluezadar.com.

  • right of access,
  • right to rectification,
  • right to erasure,
  • right to restriction of processing,
  • right to data portability,
  • right to object,
  • right to withdraw consent at any time,
  • right to lodge a complaint with the President of the Personal Data Protection Office in Poland.

9. Voluntary provision of data

Providing personal data is generally voluntary, but may be necessary to use certain services offered by the Controller, for example to receive an offer, make a booking or obtain a reply to an enquiry.

Failure to provide required data may prevent the Controller from providing some services or from responding to the user's request.

10. Cookies and Google Analytics

The Website uses cookies, which are small text files stored on the user's device, in order to ensure proper functioning of the Website, adapt it to user preferences and compile anonymous statistics of visits.

Detailed rules regarding cookies and consent management are also described in a separate Cookie Policy available on the Website.

Users can manage cookies through their web browser settings, including blocking cookies or deleting previously stored files. Restricting the use of cookies may affect some functionalities of the Website.

Categories of cookies used on the Website

  • necessary (technical) cookies,
  • functional cookies,
  • analytical (statistical) cookies.

10.1. Google Analytics

The Controller uses Google Analytics, provided by Google Ireland Limited, to compile statistics and analyses regarding the use of the Website.

Google Analytics automatically collects anonymous information about the use of the Website, such as truncated IP address, device type, browser, approximate location and other statistical data. This information is processed in aggregated reports and is not used to identify specific individuals.

The user can block Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by configuring cookies settings in their browser accordingly.

11. Server logs

Using the Website involves sending queries to the server on which the Website is hosted.

Each query is recorded in server logs and includes, among other things, the user's IP address, server date and time, information about the browser and operating system.

Data stored in server logs are used solely for technical, administrative and security purposes as well as for preparing aggregated statistics, and are not associated with specific users, unless this is necessary for the establishment, exercise or defence of claims.

12. Changes to the Privacy Policy

The Controller reserves the right to amend this Privacy Policy, in particular in case of development of the Website, implementation of new functionalities or changes in applicable law.

Users may be informed of significant changes by means of an appropriate notice on the Website.

The current version of the Privacy Policy is always available at bluezadar.com under the Privacy Policy section.