Private Boat Tours Hvar

Privacy Policy

Last updated: 5/24/2026

1. Information We Collect

We collect information when you:

  • Book a tour through our website or phone
  • Contact us with inquiries

Personal Information includes:

  • Name and contact details
  • Payment information

2. How We Use Your Information

Your information is used to:

  • Process your bookings and payments
  • Communicate about your tours
  • Ensure safety during tours
  • Comply with legal obligations

3. Information Sharing

We do not sell or share your personal information with third parties except:

  • When required by law
  • To protect our rights and safety
  • With service providers who assist our operations

4. Data Security

We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

5. Your Rights (GDPR)

Under EU data protection law, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability

6. Data Controller

Private Boat Tours Hvar · Private boat tours from Hvar, Domovinskog Rata 37, 21450 Hvar, Croatia. Email: info@privateboatshvar.com. Phone: +385 91 356 8732. We are responsible for deciding how your personal data is processed.

7. Legal Basis for Processing

We process your data based on:

  • Contract performance: to fulfill your tour booking
  • Consent: for analytics and session-replay cookies
  • Legitimate interest: for fraud prevention and service improvement
  • Legal obligation: tax records and regulatory compliance

8. Data Retention

We retain your data for:

  • Booking and financial records: 11 years (Croatian Accounting Act requirement)
  • Analytics data: 14 months
  • Account data: until account deletion

After retention periods expire, data is securely deleted or anonymized.

9. Service Providers & Sub-Processors

We share data with trusted providers who process it on our behalf:

  • Stripe Inc. (USA/Ireland): payment processing
  • Resend (USA): transactional emails
  • Vercel Inc. (USA): website hosting and analytics
  • Supabase (USA): database hosting
  • Upstash (USA/EU): rate limiting and security
  • Google LLC (USA): analytics (Google Analytics 4) and maps (Google Maps Platform)
  • Microsoft Corporation (USA): Clarity session replay and heatmaps, loaded only with your consent
  • Cloudflare, Inc. (USA): image storage (R2) and content delivery
  • CARTO (USA/EU): interactive map tiles
  • Sentry (Functional Software, Inc., USA): error monitoring. Error reports may include technical request metadata; personal data is minimised and scrubbed before transmission.

All providers are bound by data processing agreements and comply with GDPR through EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework.

10. International Data Transfers

Our website is hosted in a European Union region (Frankfurt). Some of our service providers are incorporated in the United States and some data may be processed there; such transfers are protected by EU Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Cookies

Our website uses essential cookies for functionality and optional analytics and session-replay cookies (Google Analytics, Vercel Analytics, Microsoft Clarity) to understand usage. You can accept or decline non-essential cookies via our cookie banner. Essential cookies cannot be disabled as they are required for the website to function.

Cookies we set

  • cookie-consent (essential): remembers your choice on this banner. Retained 12 months.
  • _ga (Google Analytics): distinguishes unique visitors. Retained up to 24 months.
  • _gid (Google Analytics): distinguishes unique visitors within a 24-hour session.
  • _ga_<ID> (Google Analytics 4): persists session state. Retained up to 24 months.
  • _clck, _clsk (Microsoft Clarity): record anonymised session replays and heatmaps to improve usability. Set only with your consent.

You can change your mind at any time. The button below clears your stored choice so the cookie banner will re-appear on your next visit.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP): Agencija za zaštitu osobnih podataka, Selska cesta 136, 10000 Zagreb, Croatia. Website: azop.hr. Email: azop@azop.hr.

15. Contact Us

For privacy-related questions or to exercise your rights, contact us at: info@privateboatshvar.com. We will respond within 30 days as required by GDPR.