Privacy Policy

1. Data Controller

Žale Beach Bar (hereinafter “we”, “us”, or “our”) is the data controller responsible for your personal data.

• Address: Adriatic Coast, Croatia
• Email: info@zalebeach.com
• Phone: +385 (0) 00 000 0000

2. Data We Collect

We collect personal data that you voluntarily provide when using our services:

We do not collect special categories of data (health, biometric, religious data, etc.).

3. Legal Basis for Processing

• Reservations: Processing is necessary for the performance of a contract or pre-contractual steps at your request (Article 6(1)(b) GDPR). We need your data to fulfill your booking.
• Contact form: Processing is based on our legitimate interest in responding to your inquiry (Article 6(1)(f) GDPR).

4. Data Recipients & Processors

Your data may be processed by the following third-party service providers:

• Vercel Inc. (USA) — website hosting and database. Data may be processed in the United States under the EU-US Data Privacy Framework and Standard Contractual Clauses.
• Cloudflare Inc. (USA) — content delivery, DDoS protection, and admin access authentication. Data processed under Standard Contractual Clauses.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. International Data Transfers

Our hosting provider (Vercel) and CDN provider (Cloudflare) may process data outside the European Economic Area (EEA), primarily in the United States. These transfers are protected by the EU-US Data Privacy Framework and/or Standard Contractual Clauses approved by the European Commission.

6. Data Retention

• Reservation data: retained for 12 months after the reservation date, then automatically deleted.
• Contact form messages: retained for 6 months after resolution, then deleted.
• Financial records: if payment processing is introduced, transaction records may be retained as required by Croatian tax law (up to 11 years).

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you.
• Right to rectification — request correction of inaccurate data.
• Right to erasure — request deletion of your data (“right to be forgotten”).
• Right to restriction — request that we limit processing of your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interest.

To exercise any of these rights, contact us at info@zalebeach.com. We will respond within 30 days.

8. Cookies

Our website uses only strictly necessary cookies that are essential for the website to function. These include:

• Cloudflare cookies (__cf_bm, cf_clearance) — bot protection and security. These are essential for protecting the website from malicious traffic.
• Cloudflare Access cookies (CF_Authorization) — used only for staff/admin authentication, not for public visitors.
• Google Maps— our location pages embed Google Maps, which may set cookies when the map loads. These are used by Google to provide the map service. Google's privacy policy applies to data processed through Maps.

We do not use analytics, advertising, or tracking cookies. No cookie consent is required for strictly necessary cookies under the ePrivacy Directive.

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

10. Right to Complain

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Croatian Data Protection Authority:

• AZOP — Agencija za zaštitu osobnih podataka
• Address: Fra Grge Martića 14, 10 000 Zagreb, Croatia
• Website: azop.hr

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. We encourage you to review this page periodically.