1. Controller
Kapetanova Kuča Tappe d.o.o.
Vladimira Nazora 7, 52440 Poreč, Croatia
Email: info@villa-solta.com.hr Phone: +49 15756563605
OIB: 51773481002

2. Overview of processing and legal bases
We process personal data when you use our website, contact us, submit a booking request, make a booking or make a payment. Legal bases (as applicable): Art. 6(1)(b) GDPR (performance of a contract / pre-contractual steps) Art. 6(1)(c) GDPR (legal obligation) Art. 6(1)(f) GDPR (legitimate interests: website operation, security, abuse prevention) Art. 6(1)(a) GDPR (consent, e.g., analytics/marketing)

3. Website operation via Smoobu (hosting / website builder)
This website is operated using the Smoobu Website Builder. Technical data is processed to deliver the website and provide booking functionality (e.g., IP address, date/time, accessed pages, browser data). Where required, we have concluded a data processing agreement (DPA) with the service provider.

4. Server log files
When you visit our website, the server automatically processes log data (e.g., IP address, time of access, requested page, referrer URL, browser/OS). Purpose: technical delivery, security, troubleshooting. We retain log data only for as long as necessary.

5. Cookies and consent
We use cookies and similar technologies: Strictly necessary cookies are required for the website and booking features. Optional cookies (analytics/marketing) are used only with your prior consent (opt-in). If we enable optional tools in the future (e.g., Google Analytics), we will use a consent banner with cookie settings and provide detailed information here.

6. Contact
If you contact us (form/email/phone), we process the information you provide (e.g., name, email, content of your message) to handle your request. Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR.

7. Booking request / booking
When you submit a booking request or make a booking, we typically process: name and contact details (email/phone) stay details (arrival/departure dates, number of guests) messages/notes booking/invoice information and payment status Purpose: contract management, communication, guest service, invoicing. Legal basis: Art. 6(1)(b) GDPR.

8. Payments via Stripe
If you pay online, payments are processed via Stripe. Stripe receives the data necessary to process the payment. As a rule, we do not receive full card/bank details but transaction status and reference information. Legal basis: Art. 6(1)(b) GDPR.

9. Legal obligations in Croatia (guest registration)
To comply with local legal obligations in Croatia (guest registration and related requirements), we may need to process identification and stay data (e.g., name, date of birth, ID/passport details, stay period) and transmit it to competent authorities as required by law. Legal basis: Art. 6(1)(c) GDPR.

10. Recipients of personal data
We share personal data only where necessary, for example with: Smoobu (website/booking system) Stripe (payment processing) local service providers (e.g., key handover/cleaning – only the information required) authorities and tax/accounting service providers (legal obligations)

11. International data transfers
Depending on the services used, data may be transferred outside the EU/EEA. Where this happens, transfers are made only in accordance with Art. 44 et seq. GDPR (e.g., Standard Contractual Clauses or other recognised safeguards).

12. Google Analytics (currently not active)
We currently do not use Google Analytics. If we enable Google Analytics (e.g., GA4) in the future, we will: use it only with your consent (opt-in via consent banner), and update this Privacy Policy with specific details (scope, retention, settings/withdrawal, international transfers).

13. Retention periods
We store personal data only as long as necessary for the purposes described above and/or as required by statutory retention obligations.

14. Your rights
You have the right to access, rectification, erasure, restriction, data portability and to object to processing. Where processing is based on consent, you can withdraw consent at any time with effect for the future. You also have the right to lodge a complaint with a supervisory authority.

15. Security
We implement appropriate technical and organisational measures (e.g., TLS encryption) to protect your data.

16. Updates to this policy
We may update this Privacy Policy if our services, website features or legal requirements change.