top of page

Privacy Policy 
 

1. Introduction

Boutique Hotel Oasi (hereinafter referred to as "we," "our," or "the hotel") is committed to protecting the privacy of our guests. This privacy policy explains what personal data we collect, how we use it, and the measures we take to protect it.

This policy complies with the General Data Protection Regulation (GDPR) of the European Union.

2. Data We Collect

To facilitate bookings and provide our services, we collect the following personal data:

  • Full name

  • Email address

  • City of residence

  • Credit card details (used only for completing bookings and processing payments)

  • Booking information (check-in and check-out dates, room type, preferences, etc.)

  • Cookies and website usage data (collected via Google Analytics)

3. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Consent: When you voluntarily provide your data (e.g., when making a booking).

  • Contractual necessity: To fulfill and manage your booking.

  • Legal obligation: To comply with applicable laws in Croatia and the EU.

  • Legitimate interests: To improve our services, analyze website performance, and conduct marketing activities.

4. Purpose of Data Collection

We use the collected data for the following purposes:

  • To process and confirm bookings.

  • To communicate with guests regarding reservations and services.

  • To securely process payments.

  • To personalize guest experiences and offer tailored services.

  • To analyze website performance and improve usability through Google Analytics.

  • To send email marketing communications (with your consent).

5. Cookies and Tracking Technologies

We use cookies to enhance your experience on our website. Cookies help us:

  • Analyze website traffic and user behavior via Google Analytics.

  • Remember user preferences and improve website functionality.

You can configure your browser to refuse cookies, but this may limit certain website features.

6. Handling of Data for Children

Our services are available to guests traveling with children. We impose no age restrictions; however, we collect only the minimum data necessary to fulfill bookings.

7. Data Sharing with Third Parties

We share personal data with third parties only when necessary for the delivery of our services. Examples include:

  • Rentlio: For direct bookings and synchronization with platforms like Booking.com and Airbnb.

  • Payment processors: To securely handle credit card information.

  • Google Analytics: To monitor and analyze website traffic.

All third parties are required to comply with GDPR and relevant data protection laws.

8. Security Measures

We employ modern technical and organizational measures to protect your data, including:

  • Encryption of credit card data.

  • Restricted access to personal information for authorized personnel only.

  • Regular system monitoring to identify vulnerabilities.

9. Data Retention

We retain personal data for as long as necessary to fulfill the following purposes:

  • Bookings: Data is retained for 3 years after the completion of the reservation.

  • Marketing and analytics: Data is retained until you withdraw your consent.

Once the retention period expires, data is securely deleted or anonymized.

10. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Access: Request access to the personal data we hold about you.

  • Rectification: Request corrections or updates to your data.

  • Erasure: Request the deletion of your data where legally permissible.

  • Restriction: Limit the processing of your data in specific circumstances.

  • Data portability: Request the transfer of your data to another service provider.

  • Objection: Object to the processing of your data for specific purposes, such as marketing.

  • Opt-out of marketing: You can unsubscribe from email marketing communications by following the instructions in our emails or contacting us directly.

To exercise any of these rights, please contact us at oasi@oasicroatia.com.

11. Data Breach Notification

In the event of a data breach, we will notify affected individuals within 72 hours, as required by GDPR.

12. International Data Transfers

Your data may be transferred outside the European Union for booking and payment processing. We ensure that all data transfers comply with GDPR standards.

13. Jurisdiction

This privacy policy is governed by the laws of Croatia and the European Union. Any disputes will be resolved in the relevant courts of Croatia.

14. Contact Information

If you have any questions about this privacy policy or the handling of your data, please contact us:

15. Changes to This Privacy Policy

We reserve the right to make changes to this privacy policy at any time. Updates will be published on this page, and significant changes may be communicated directly to you. Please check this page periodically for updates.

© Oasi. All rights reserved.

bottom of page