Privacy Policy
1. Who we are
This Privacy Policy explains how Ćuvita, obrt za usluge, trading as Trogir.Tours (“we”, “us”, “our”), collects, uses and protects your personal data when you visit www.trogir.tours or book one of our tours, day trips or boat rentals.
We are the data controller responsible for your personal data. Personal identification number (OIB): 77915022768.
Registered address: Put Dragulina 51A, 21220 Trogir, Croatia.
Email: info@trogir.tours
Phone: +385 92 317 6909.
2. The information we collect
We only collect information that we need in order to respond to you and provide our services. This includes:
- Information you give us — your name, email address, telephone number, the tour or boat you are interested in, your preferred date, number of guests, meal preferences and any message or special request you send through our booking or contact forms.
- Booking details — the information necessary to confirm and deliver your booking, including pick-up location and the estimated price of your reservation.
- Information collected automatically — when you browse the website we may receive limited technical data such as your device type, browser, approximate location (derived from your IP address), the pages you view and how you reached the site. This is collected through cookies and similar technologies (see section 5).
We do not knowingly collect any special categories of data (such as health information) beyond what you voluntarily tell us when it is relevant to your booking (for example, dietary requirements or mobility needs).
3. How we use your information
We use your personal data to:
- respond to your enquiries and provide the information you ask for;
- process, confirm and manage your booking, and send you booking confirmations and updates;
- contact you about your reservation, including any changes caused by weather or availability;
- keep records required for accounting, tax and other legal obligations;
- maintain the security of our website and prevent fraud or misuse;
- understand how our website is used so that we can improve it (only with your consent, through analytics).
We do not use your data for automated decision-making or profiling, and we never sell your personal data.
4. Legal bases for processing
Under the EU General Data Protection Regulation (GDPR), we rely on the following legal bases:
- Performance of a contract — to take steps at your request before entering into a contract and to deliver the tour or rental you book.
- Consent — for optional analytics cookies, which load only after you accept them in our cookie banner. You can withdraw consent at any time.
- Legitimate interests — to keep our website secure, to respond to general enquiries and to improve our services, in a way that does not override your rights.
- Legal obligation — to keep records that we are required by law to retain, such as invoices.
5. Cookies and analytics
A cookie is a small text file stored on your device. We use a small number of cookies to make the website work and, with your permission, to measure how it is used.
- Strictly necessary cookies — required for the site to function, including remembering your language and your cookie choice. These do not require consent.
- Analytics cookies (Google Analytics) — we use Google Analytics 4 to understand which pages are popular and how visitors find us. These cookies are only set after you accept them in our cookie banner. IP addresses are anonymised where possible.
When you first visit, a banner lets you accept or decline analytics cookies. You can change your choice at any time using the “Cookie settings” link in the website footer. If you decline, no analytics cookies are placed and no analytics data is sent.
You can also block or delete cookies through your browser settings. Doing so may affect how parts of the site work.
6. Who we share your information with
We share your data only with the trusted service providers that help us run our business, and only as far as necessary:
- EmailJS — used to deliver booking and contact emails to us and confirmation emails to you.
- Google (Firebase & Google Analytics) — used to store booking requests securely and, with your consent, to measure website usage.
- Vercel — our website hosting provider, which processes basic server and request data.
- Authorities or advisors — where we are required to do so by law, or to establish, exercise or defend legal claims.
These providers act on our instructions and are bound by their own data protection obligations. We do not sell or rent your personal data to anyone.
7. International data transfers
Some of our service providers are based outside the European Economic Area (for example, in the United States). Where data is transferred outside the EEA, it is protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision.
8. How long we keep your data
We keep your personal data only for as long as necessary for the purposes described in this policy. Enquiry correspondence is normally kept for up to 24 months. Booking and payment records are kept for as long as required by Croatian accounting and tax law (generally up to 11 years). Analytics data is retained according to our Google Analytics settings.
9. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- ask us to correct inaccurate or incomplete data;
- ask us to delete your data (“right to be forgotten”), where there is no overriding legal reason to keep it;
- restrict or object to our processing of your data;
- receive your data in a portable format;
- withdraw your consent at any time, where processing is based on consent.
To exercise any of these rights, please contact us at info@trogir.tours. We will respond within one month.
If you believe we have not handled your data properly, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb (azop.hr).
10. How we protect your data
We use appropriate technical and organisational measures to keep your data secure, including encrypted connections (HTTPS) and access controls on our systems. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
11. Children’s privacy
Our website and services are intended for adults. Bookings that include children must be made by a parent or guardian. We do not knowingly collect personal data directly from children under 16.
12. Other websites
Our website may contain links to third-party websites (for example, maps or social media). We are not responsible for the privacy practices of those websites, and we encourage you to read their own privacy policies.
13. Changes to this policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised “Last updated” date. We encourage you to review it periodically.
14. Contact us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
Ćuvita, obrt za usluge (Trogir.Tours)
Put Dragulina 51A, 21220 Trogir, Croatia
Email: info@trogir.tours
Phone: +385 92 317 6909