By accessing the Site or using our services, you agree to the terms described in this Policy. If you do not agree, please do not use the Site or our services.
1. What data do we collect?
We collect the following types of information:
1.1. Data you provide voluntarily
-
Contact Information: Name, surname, email address, telephone number, or other information you enter via contact forms, quote requests, or email communication (e.g., info@cityofstone.eu).
-
Messages and Inquiries: The content of your messages, including information about the project or service you are requesting (e.g., tour bookings, transfers, or custom experiences).
1.2. Data collected automatically
-
Usage Data: Information about your visit, including IP address, device type, browser, operating system, time of visit, and the pages you visited. This data is collected through cookies and similar technologies (see our Cookie Policy).
-
Analytical Data: Anonymous data on user behavior, collected through third-party tools such as Google Analytics (if applicable), to help us understand how you use the Site and improve our services.
-
Independent Analytics: We use Independent Analytics, a WordPress analytics plugin hosted on our own server. It does not use cookies and does not store personal data. All data remains on our server and is stored locally in our WordPress site’s database.
1.3. Third-party data
If we use third-party services (e.g., hosting, external analytics, or platforms like WordPress), they may collect anonymous data in accordance with their own privacy policies.
2. How do we use your data?
We use your data for the following purposes:
-
Provision of Services: Responding to your inquiries, creating offers, and providing requested services (e.g., private tours, transfers, maintenance).
-
Site Improvement: Analyzing user behavior to optimize user experience, content, and Site performance.
-
Communication: Sending responses to your inquiries via email or phone (+385 99 257 7870) and, with your consent, sending information about new services or promotions.
-
Legal Obligations: Fulfilling legal requirements, such as record-keeping or protection against abuse.
3. Payment Processing
All payments on our Site are processed securely through Stripe. We do not store your credit card or payment information on our servers. When you make a payment, your data is handled directly by Stripe. Their use of your personal information is governed by their own Privacy Policy and Terms of Service.
We encourage you to review Stripe’s policies to understand how they manage your data:
-
Stripe Privacy Policy: https://stripe.com/privacy
-
Stripe Terms of Service: https://stripe.com/checkout/legal
4. Legal basis for data processing
The processing of your data is based on the following legal grounds under the GDPR:
-
Consent (Article 6(1)(a)): When you voluntarily provide data via forms or email.
-
Contract (Article 6(1)(b)): When processing is necessary to provide requested services or fulfill a contract.
-
Legitimate Interest (Article 6(1)(f)): For analytical purposes and Site improvement, with minimal impact on your privacy.
-
Legal Obligation (Article 6(1)(c)): When we are required to comply with legal requirements.
5. Who do we share your data with?
We do not sell or share your personal data with third parties, except in the following cases:
-
Service Providers: Hosting companies, analytical tools, payment processors (Stripe), or CMS platforms (WordPress) that assist in operating the Site.
-
Legal Requirements: If required by competent authorities or by law. All service providers are obliged to comply with GDPR and use data only for agreed purposes.
6. How do we protect your data?
We apply appropriate technical and organizational measures to protect your data, including:
-
Encryption: Use of SSL/TLS protocols for secure communication.
-
Limited Access: Only authorized personnel have access to your data.
-
Regular Updates: Maintaining the Site’s security systems and software.
7. How long do we keep your data?
-
Contact Information: We keep it as long as necessary to provide services or until you request deletion (unless otherwise required by law).
-
Analytical Data: Stored for up to 2 years, depending on tool settings (e.g., Independent Analytics or Google Analytics).
-
Cookies: Please see our Cookie Policy for details on cookie duration.
8. Your rights under the GDPR
You have the following rights regarding your personal data:
-
Access, Rectification, and Erasure: The right to see, correct, or delete (“right to be forgotten”) the data we hold about you.
-
Restriction and Objection: The right to limit or object to the processing of your data.
-
Portability: The right to transfer data to another controller.
-
Withdrawal of Consent: If processing is based on consent, you can withdraw it at any time.
To exercise these rights, please contact us at info@cityofstone.eu.
9. Cookies and similar technologies
For more information on the use of cookies, please see our Cookie Policy.
10. Changes to the Privacy Policy
This Policy may be updated periodically to reflect changes in technology or legislation. We recommend regular review.
11. Contact
For any questions, complaints, or requests regarding data protection, please contact:
-
Email: info@cityofstone.eu
-
Phone: +385 99 257 7870
-
Address: Liechtensteinov put 2, 20000 Dubrovnik, Croatia
If you believe your rights have been violated, you can file a complaint with the Croatian Personal Data Protection Agency (AZOP) at: Selska cesta 136, 10000 Zagreb, or via email: azop@azop.hr