Get Started

Privacy Policy for Croatia Insider

Effective Date: Sun Sep 21 2025

Table Of Contents
  1. Introduction
  2. 1. Who we are (Data Controller)
  3. 2. What data we collect & why
  4. 3) Cookies & similar technologies
  5. 4) How we protect data
  6. 5) How long we keep data (retention)
  7. 6) Who we share data with (processors)
  8. 7) International data transfers
  9. 8) Your rights (GDPR)
  10. 9) Children’s data
  11. 10) User content & DSA (if applicable)
  12. 11) Third-party links
  13. 12) Changes to this policy
  14. 13) Contact

Introduction

This Privacy Policy explains what personal data we collect, how we use it, and the rights you have. We follow the EU General Data Protection Regulation (GDPR), Croatia’s Act on the Implementation of the GDPR, the ePrivacy rules on cookies, and-if/when we host user content—the EU Digital Services Act (DSA).

1. Who we are (Data Controller)

Controller: Croatia Insider, operated by Orsat Munitic
Registered/Postal address: Orsat Munitić, Iva Dulčića 5, Dubrovnik, Croatia
Email (privacy): orsat@croatiainsider.com

Data Protection Officer (DPO): Orsat Munitic
DPO contact: orsat@croatiainsider.comPostal: (same as above]

For any privacy requests (access/correction/erasure/etc.), contact the DPO at orsat@croatiainsider.com.

2. What data we collect & why

We collect only what’s necessary for specific purposes:

  • Site usage & analytics (with consent): IP address (short-lived), device/browser info, pages viewed, events to improve performance and content.
  • Contact forms & email: Name, email, message to respond to your inquiry.
  • Newsletter (if used): Name, email, preferences to send updates; unsubscribe anytime.
  • Accounts / bookings / purchases (if launched): Basic profile, preferences, and transaction data to provide the service you request.
  • Cookies/trackers: See Section 3.

Legal bases:

Legal obligation where applicable (e.g., tax/records).

Consent (Art. 6(1)(a)) for analytics/marketing cookies and newsletters.

Contract (Art. 6(1)(b)) to deliver services you request (e.g., account areas).

Legitimate interests (Art. 6(1)(f)) for security, fraud prevention, service improvement (balanced against your rights).

3) Cookies & similar technologies

We use cookies to run the site, measure usage (with consent), and, if enabled, support social embeds or remarketing.

Categories

  • Essential: Required for core functionality (no consent needed).
  • Analytics: Help us understand traffic and improve content (consent required).
  • Marketing / Social: Remarketing, social embeds (consent required).

Your choices

  • A cookie banner appears on first visit. You can accept all, reject non-essential, or customize.
  • You can withdraw consent anytime via Cookie Settings in the footer.

Read more about our Cookie Policy.

4) How we protect data

We apply appropriate technical and organizational measures (TLS encryption, access controls, least-privilege accounts, vetted processors, backups). If a data breach occurs, we assess risk and notify the authority and affected individuals where required.

5) How long we keep data (retention)

  • Contact emails: typically 12–24 months unless required longer for requests/claims.
  • Newsletter data: until you unsubscribe or we remove inactive contacts.
  • Analytics: per tool settings (e.g., ≤14 months, or shorter).
  • Account/transaction data (if any): while the account is active and for legally required periods thereafter.

6) Who we share data with (processors)

We do not sell personal data. We use carefully chosen processors who act on our instructions:

  • Hosting/CDN
  • Email/newsletters
  • Analytics
  • Payments (if enabled)

We keep an updated list here and in our records.

7) International data transfers

If data leaves the EEA (e.g., to US-based tools), we use safeguards such as Standard Contractual Clauses (SCCs) and appropriate supplementary measures.

8) Your rights (GDPR)

You can access, rectify, erase, restrict, or object to processing, request portability, and withdraw consent at any time (without affecting prior processing).
How to exercise: Email orsat@croatiainsider.com.
You also have the right to complain to Croatia’s data protection authority (AZOP):

AZOP – Croatian Personal Data Protection Agency
Ulica Metela Ožegovića 16, 10000 Zagreb • azop@azop.hr • +385 1 4609 000

9) Children’s data

Our site is not intended for children under 16. We do not knowingly collect children’s data. If you believe a child provided data, contact us for prompt deletion.

10) User content & DSA (if applicable)

If we enable comments, listings, or user posts, we will:

  • Provide clear reporting tools for illegal content and act on notices,
  • Maintain transparent moderation procedures,
  • Respect users’ rights under the Digital Services Act (DSA).

11) Third-party links

We may link to other sites. Their privacy and cookies are governed by their own policies. Croatia Insider may include affiliate links to external sites such as accommodations or activities. If you make a purchase through these links, we receive a small commission at no additional cost to you.

12) Changes to this policy

We’ll update this page when our processing changes. Material updates will be signposted on the site.

13) Contact

Controller & DPO: Orsat Munitic
Email: orsat@croatiainsider.com
Postal: Croatia Insider, Iva Dulčića 5, 20000 Dubrovnik, Croatia

By:

Orsat Munitić

·

Last update on

·