book your stay
preelook apartments & rooms

Privacy Policy

Effective Date: 09.09.2025
Website: www.preelook.com
Legal Entity: Vigilo j.d.o.o
VAT: 10083013956
Address: Preluk 4, 51000, Rijeka, Hrvatska
Email: info@preelook.com
Phone: +385 91 6125 689

At Preelook Apartments, we value your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect, why we need it, how we use it, who we share it with, and your rights under the General Data Protection Regulation (GDPR).

1. Data Controller

For GDPR purposes, the data controller is Vigilo j.d.o.o, located at Preluk 4, 51000, Rijeka, Hrvatska. You can contact us about privacy matters at info@preelook.com.

The Croatian Data Protection Authority (AZOP – Agencija za zaštitu osobnih podataka) supervises data protection compliance. You may contact AZOP if you believe your privacy rights have been violated: azop.hr

2. Information We Collect

2.1 Online Booking Information

When you make a reservation through our website, we collect:

  • Contact details: Full name, email address, phone number
  • Booking details: Check-in/out dates, accommodation type, number of guests (adults/children), special requests
  • Billing information: ZIP/postal code (for payment processing)

2.2 Check-in Registration (eVisitor)

Upon arrival at our property, Croatian law requires us to collect and register additional guest information in the eVisitor system:

  • Full name, date and place of birth, citizenship, permanent address
  • ID document type and number, gender
  • Arrival/departure dates, sojourn tax exemptions (if applicable)

This data collection at check-in is mandatory under Croatian tourism regulations.

2.3 Payment Information

We process payments through Stripe’s secure hosted checkout. We never store your full card details on our servers. Stripe handles all payment data according to PCI DSS security standards. Learn more: stripe.com/privacy

2.4 Communications

If you opt in, we collect:

  • Email engagement data for service messages (booking confirmations, check-in instructions)
  • Marketing preferences for optional promotional communications

2.5 Website Analytics

We use:

  • Essential cookies: Required for website functionality
  • Analytics cookies: With your consent only, to improve our services and measure website performance

3. Legal Basis for Processing

We process your data based on:

  • Contract (Article 6(1)(b) GDPR): To fulfill your booking, provide accommodation services, and manage your reservation
  • Legal Obligation (Article 6(1)(c) GDPR): To comply with Croatian guest registration requirements (eVisitor), tax regulations, and accounting laws
  • Legitimate Interests (Article 6(1)(f) GDPR): For service improvements, fraud prevention, and security (balanced against your rights)
  • Consent (Article 6(1)(a) GDPR): For marketing communications and non-essential cookies

4. How We Use Your Data

We use your information to:

  • Process and manage your reservation
  • Send booking confirmations and pre-arrival information
  • Handle payments and refunds through our payment processor
  • Register guests with Croatian authorities as legally required (at check-in)
  • Provide customer support and respond to inquiries
  • With your consent: Send promotional offers and analyze website usage to improve our services

5. Data Sharing

We never sell your personal data. We share information only when necessary to provide services or meet legal requirements:

Service Providers

  • Website & Booking System: WordPress with MotoPress Hotel Booking
  • Payment Processing: Stripe Payments Europe Ltd. for secure payment handling
  • Email Services:
    • Phase 1: Mailchimp (Intuit Inc.) for automated communications
    • Phase 2: Mailgun for enhanced email delivery
  • Hosting: Hostinger
  • Analytics: Google Analytics

Legal Requirements

  • Croatian tourist authorities via eVisitor system (for check-in data)
  • Tax authorities for fiscal compliance
  • Law enforcement or courts when legally required

6. International Data Transfers

Some service providers may process data outside the European Economic Area. Where this occurs, we ensure appropriate safeguards:

  • EU-US Data Privacy Framework (for certified providers like Mailchimp)
  • Standard Contractual Clauses with supplementary measures
  • Adequacy decisions by the European Commission

7. Data Retention

We retain your data for:

  • Guest registration records (eVisitor): 10 years (Croatian legal requirement)
  • Financial records: 11 years (Croatian accounting regulations)
  • Booking correspondence: 5 years for potential disputes
  • Marketing data: Until you unsubscribe or after 24 months of inactivity

We delete or anonymize data when retention periods expire, unless longer retention is required by law.

8. Your Privacy Rights

Under GDPR, you have the right to:

  • Access your personal data we hold
  • Rectify inaccurate information
  • Erase your data (where legally permitted)
  • Restrict processing in certain circumstances
  • Data portability to transfer your data
  • Object to certain types of processing
  • Withdraw consent at any time (for consent-based processing)
  • Lodge a complaint with AZOP

To exercise these rights, contact us at info@preelook.com. We’ll respond within 30 days.

9. Cookie Policy

Essential Cookies

Required for website operation (booking process, security, session management). These cannot be disabled.

Optional Cookies

Analytics and marketing cookies are only set after you provide consent. You can manage your preferences anytime via our cookie consent tool.

10. Security Measures

We protect your data through:

  • SSL/TLS encryption across our entire website
  • Secure payment processing via PCI-compliant providers
  • Access controls limiting data access to authorized personnel
  • Regular security assessments and updates

11. Children’s Privacy

Our services are available to families traveling with children. For guests under 16 years old, bookings should be made by a parent or guardian. We collect children’s data only as required for accommodation services and legal compliance.

12. Third-Party Bookings

If you book through an online travel agency (OTA), they act as an independent data controller. We receive only the information necessary to fulfill your reservation and meet legal obligations. OTA bookings are also subject to the OTA’s privacy policy.

13. Additional Information

Data Protection Officer

We are not required to appoint a DPO under GDPR. For privacy matters, please contact us at info@preelook.com.

14. Updates to This Policy

We may update this policy to reflect changes in law or our practices. Significant changes will be communicated via our website with an updated effective date.

15. Contact Us

For any privacy-related questions or to exercise your rights:

Vigilo j.d.o.o
Preluk 4, 51000, Rijeka, Hrvatska
Email: info@preelook.com
Phone: +385 91 6125 689

This policy was last updated on 09.09.2025