Privacy Policy

1. Data Controller

NEPTUN MARINE GROUP d.o.o. Donji Kraj 6, Kraj, 51417 Mošćenička Draga, Croatia OIB: 18306357459 | MBS: 040494837 Email: [email protected] Phone: +385 97 728 0537 Director: Antonio Gržin

2. What Data We Collect

We collect the following personal data when you use our website and services:

Booking Inquiries: When you submit a booking form, we collect your name, email address, phone number, preferred dates, and any additional message you provide.

Website Analytics: With your consent, we use Google Analytics 4 to collect anonymized usage data including pages visited, time on site, device type, browser, approximate geographic location (country/city level), and referral source. IP addresses are anonymized.

Communication Data: When you contact us via email, WhatsApp, or phone, we process the content of your communication and contact details to respond to your inquiry.

3. Why We Process Your Data

We process your personal data for the following purposes and legal bases:

To respond to your booking inquiries — Legal basis: Pre-contractual measures (Art. 6(1)(b) GDPR)

To provide our charter services — Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

To analyze website usage — Legal basis: Your consent (Art. 6(1)(a) GDPR), given via our cookie consent banner

To comply with legal obligations — Legal basis: Legal obligation (Art. 6(1)(c) GDPR)

4. Cookies

Our website uses cookies. Essential cookies are required for the website to function properly and do not require your consent. Analytics cookies (Google Analytics 4) are only activated after you give explicit consent through our cookie banner.

For detailed information about the cookies we use, please see our Cookie Policy.

You can change your cookie preferences at any time by clicking "Cookie Settings" in the footer of our website.

5. Data Sharing

We do not sell your personal data. We share data only with:

Google LLC — for website analytics (Google Analytics 4), subject to your consent. Google processes data under Standard Contractual Clauses (SCCs) for international transfers.

Resend — for transactional email delivery of booking confirmations.

6. International Data Transfers

Some of our service providers (Google, Resend) are based in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

7. Data Retention

Booking inquiry data: Retained for the duration of the business relationship plus 5 years for legal/tax purposes.

Analytics data: Google Analytics data is retained for 14 months, after which it is automatically deleted.

Communication records: Retained for the duration of the business relationship plus 3 years.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access — Request a copy of your personal data

Right to rectification — Request correction of inaccurate data

Right to erasure — Request deletion of your data ("right to be forgotten")

Right to restriction — Request limited processing of your data

Right to data portability — Receive your data in a structured, machine-readable format

Right to object — Object to processing based on legitimate interest

Right to withdraw consent — Withdraw cookie consent at any time via "Cookie Settings" in the footer

To exercise any of these rights, contact us at: [email protected]

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Agencija za zaštitu osobnih podataka (AZOP) Selska cesta 136, 10000 Zagreb, Croatia Website: www.azop.hr Email: [email protected]

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date.