Privacy Policy 1. Privacy at a Glance General Information The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to the full privacy policy below. Data Collection on This Website Who is responsible for data collection on this website? Data processing on this website is carried out by the website operator. Their contact details can be found in the "Information about the Responsible Party" section of this privacy policy. How do we collect your data? Your data is collected in two ways: data you provide directly to us (e.g. via a contact form), and data collected automatically by our IT systems when you visit the website (e.g. browser type, operating system, time of page visit). What do we use your data for? Some data is used to ensure the website functions correctly. Other data may be used to analyze your browsing behavior. If contracts can be initiated or concluded via the website, the submitted data will also be processed for contract offers, orders, or other requests. What rights do you have regarding your data? You have the right to receive free information about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data, to withdraw consent, to restrict processing, and to lodge a complaint with the relevant supervisory authority. 2. Hosting We host our website with the following provider: All-Inkl Provider: ALL-INKL.COM – Neue Medien Münnich, Inh. René Münnich, Hauptstraße 68, 02742 Friedersdorf For details, see All-Inkl's privacy policy: https://all-inkl.com/datenschutzinformationen/ Use of All-Inkl is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the reliable presentation of our website. A data processing agreement (DPA) has been concluded with this provider. 3. General Information and Mandatory Disclosures Data Protection The operators of this website take the protection of your personal data very seriously. We treat your data confidentially and in accordance with applicable data protection regulations. Information about the Responsible Party Ljupka Santoro Obala Španja Roka 54 22000 Brodarica Croatia Phone: +385 99 2187 340 Email: info@vila-santa.com Storage Duration Your personal data will be stored until the purpose for data processing no longer applies. If you submit a legitimate request for deletion or withdraw consent, your data will be deleted unless other legally permissible reasons for storage exist (e.g. tax or commercial retention obligations). Legal Basis for Data Processing Consent: Art. 6(1)(a) GDPR Contract fulfillment: Art. 6(1)(b) GDPR Legal obligation: Art. 6(1)(c) GDPR Legitimate interest: Art. 6(1)(f) GDPR Your Rights Right to information, correction, and deletion of your data Right to withdraw consent at any time Right to restrict processing Right to data portability Right to lodge a complaint with the supervisory authority Right to object to data processing based on Art. 6(1)(e) or (f) GDPR SSL/TLS Encryption This website uses SSL/TLS encryption for security purposes. You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser's address bar. Objection to Promotional Emails The use of contact data published as part of our legal notice obligation for sending unsolicited advertising is hereby prohibited. We reserve the right to take legal action in the event of unsolicited promotional communications such as spam emails. 4. Data Collection on This Website Cookies Our website uses cookies — small data packets stored on your device. These may be session cookies (deleted after your visit) or permanent cookies (stored until manually deleted or browser auto-deletion). Cookies can be first-party or third-party (e.g. for payment processing). Technically necessary cookies are stored on the basis of Art. 6(1)(f) GDPR Consent-based cookies are stored on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG You can configure your browser to notify you about cookies, block them, or delete them automatically. Server Log Files Our hosting provider automatically collects the following information in server log files: Browser type and version Operating system Referrer URL Hostname of the accessing device Time of the server request IP address This data is not merged with other data sources. Collection is based on Art. 6(1)(f) GDPR. Contact by Email or Phone If you contact us by email or phone, your request including all resulting personal data (name, inquiry) will be stored and processed for the purpose of handling your request. This data will not be passed on without your consent. Storage is based on Art. 6(1)(b) or (f) GDPR. Data will be deleted once the purpose no longer applies, unless legal retention obligations require otherwise. 5. Plugins and Tools OpenStreetMap We use the mapping service OpenStreetMap (OSM), provided by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The UK is considered a safe third country under data protection law. When using OpenStreetMap, a connection to the OSMF servers is established, which may transmit your IP address and browsing behavior. OSM may store cookies or use similar tracking technologies. Use of OpenStreetMap is based on Art. 6(1)(f) GDPR — we have a legitimate interest in presenting our location clearly and attractively. Where consent has been obtained, processing is based on Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be withdrawn at any time. Source: https://www.e-recht24.de