Privacy Policy

1. Controller and Contact Information

The controller responsible for data processing on the greenresorts.hr website (hereinafter referred to as "the website") is Green Villa and Apartment Resorts d.o.o. (hereinafter referred to as "the controller" or "we"). We process the data provided by the data subject (hereinafter referred to as "the user" or "you") in accordance with legal regulations, particularly the General Data Protection Regulation (GDPR), the Data Protection Act (DSG), and the Telecommunications Act 2021 (TKG).

Below, we inform you in accordance with the provisions of the GDPR about our company, the type, scope, and purpose of data collection and use, as well as your rights.

Our Contact Information:

📍 Address: Via dell’Istria 4, 52460 Buje
📞 Phone: +43 677 6303 8568
📧 Email: office@greenresorts.hr

2. Data Processing, Purposes, and Legal Basis

2.1. Contacting Us

If you contact us via email, telephone, or postal mail, we process the personal data you voluntarily provide (e.g., name, email address, phone number, postal address, and the content of your message).

We process the personal data you provide in the context of contacting us to handle your inquiry and provide the requested information. This data processing is necessary for the fulfillment of our (pre-)contractual obligations pursuant to Art. 6 (1) lit. b GDPR as well as our legitimate interest in maintaining our business relationship with you pursuant to Art. 6 (1) lit. f GDPR.

2.2. Access Data and Server Log Files

When you use our website, we collect and process the following data (so-called server log files): the accessed URL, date and time of access, transferred data volume, server status codes, processing time, browser and client type including version, your operating system, referrer URL (the previously visited page), IP address, and connection data, including source and destination network identifiers and port numbers.

These data are automatically generated by our servers when you use our website and are necessary to provide you with the requested services. We process server log files exclusively to enable access to our website and related services, to identify authorized users, to distribute web server requests within our server pool, and for security reasons (e.g., detecting and investigating misuse or fraudulent activities). This data processing is necessary to safeguard our legitimate interest in providing a user-friendly and secure website pursuant to Art. 6 (1) lit. f GDPR.

2.3. Contract Initiation and Fulfillment

We collect and process the personal data you provide to us (e.g., name, address, telephone number, email address, bank details) in the context of an inquiry or when concluding a contract.

Providing your name and email address is mandatory for concluding a contract. These are required fields. All other information is voluntary and not necessary for contract execution. If the required mandatory information is not provided, a contract cannot be concluded. The omission of voluntary information has no impact on contract formation.

The provided data will be processed for the following purposes:

Contract initiation and fulfillment: To fulfill our obligations towards our contractual partners, we need to process your data (Art. 6 (1) lit. b GDPR).

Compliance with legal obligations: Data processing may be necessary to meet various legal obligations, for example, under the Federal Fiscal Code (BAO) or the Commercial Code (UGB) (Art. 6 (1) lit. c GDPR).

Consent: If you have given voluntary consent for data processing, particularly for direct marketing purposes, processing will be carried out solely in accordance with the purposes and scope specified in the consent declaration (Art. 6 (1) lit. a GDPR).

3. Cookies

3.1. General Information

Our website uses so-called cookies. These are small text files stored on your device through your browser. Some cookies require your voluntary consent before they can be stored on your device, while others are activated without your consent as they are technically necessary for providing our services ("strictly necessary cookies").

We use cookies to make our website and services user-friendly and tailored to your needs. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser the next time you visit our site.

If you do not wish to use cookies, you can configure your browser to notify you before a cookie is set and allow cookies only in individual cases. However, disabling cookies may limit the functionality of our website.

Specific details about which cookies are used, for what purposes, and under which legal basis, can be found in the Cookie Banner. This banner is displayed when you visit our website for the first time. Additionally, at the bottom of our website, you will find a link, button, or icon that allows you to change your preferences at any time (depending on the system used, labeled as "Cookie Settings," "Cookie Policy," or with a cookie icon).

This section also contains an up-to-date list of cookie providers categorized by purpose. Some of these providers are located in third countries without an adequate level of data protection, such as the United States.

If you voluntarily consent to the use of cookies that involve data transfer to third countries, your consent under Art. 49 (1) lit. a GDPR also includes this transfer. Please note that there is a risk that data transferred to these countries may be subject to government access for monitoring and surveillance purposes, with no effective legal remedies available.

3.2. Processed Data

Depending on the type of cookies used, the following information may be collected and processed about you: your IP address, log files, domain, browser type and language, visited pages, date and time of accessing the website, search terms, visitor activities and actions on the website, browser history (within our domain), internet service provider, referrer/exiting pages, platform type, geolocation, user habits and characteristics, the type of advertisements viewed, and information about your device, such as device type, model, operating system, operating system version, type of data connection, and transferred data volume.

3.3. Strictly Necessary Cookies

For strictly necessary cookies, data processing is required for data security measures, fraud prevention, and optimization of the website. This processing is based on our legitimate interests under Art. 6 (1) lit. f GDPR in conjunction with § 165 (3) TKG.

These cookies are essential for the proper functioning of the website and cannot be deactivated in your system. Typically, these cookies are only set in response to actions you take that amount to a request for services, such as setting your privacy preferences, logging in, or filling out forms.

You can configure your browser to block these cookies or notify you about them. However, in that case, some areas of the website may not function properly.

3.4. Cookies Requiring Consent

All other cookies on our website are used exclusively based on your prior explicit and voluntary consent, in accordance with Art. 6 (1) lit. a GDPR in conjunction with § 165 (3) TKG, through the Cookie Banner.

You can give your voluntary consent at the beginning of your visit to the website, depending on the consent management system used, by clicking on buttons such as "Accept All," "Accept," "Save Selection," "Allow All," etc. Alternatively, you can manually select each cookie type by clicking "Customize" or "Cookie Settings." If you do not select any cookies and click "Save My Settings," "Save Settings," or "Confirm My Selection," no consent-based cookies will be activated.

You can change your settings at any time via a link, button, or icon located at the bottom of our website (depending on the system used, labeled "Cookie Settings," "Cookie Policy," or with a cookie icon).

These cookies are used for the following purposes:

To gain valuable insights into user needs with the goal of improving the high quality of the website and its services and making it more user-friendly.

To measure website traffic and general user behavior patterns to quickly identify and fix errors and manage server capacities, ensuring optimal data volume availability during peak times.

To inform advertisers about user habits and characteristics, enabling them to provide targeted advertising.

For market research purposes to help us refine our services based on user behavior and trends.

The cookies used by the data controller are designed to make the website more user-friendly, efficient, and secure. Their purpose is to adapt the website’s offerings to user preferences, improve navigation speed, and display personalized advertising. Users benefit from faster information retrieval, customized content, and automatic recognition when they revisit the website.

Revoking Your Consent

You can revoke your consent at any time without providing a reason, with effect for the future:

Via your browser settings, where you can reject or delete accepted cookies. You can also configure your browser to allow cookie storage only with your explicit approval. If you do not wish to accept third-party cookies, you can select the "Block third-party cookies" option in your browser settings.

Via the settings on our website – A link, button, or icon is always available at the bottom of our website, where you can change your cookie settings and revoke your consent for specific purposes or providers (depending on the system used, labeled "Cookie Settings," "Cookie Policy," or with a cookie icon).

We generally distinguish between the following types of cookies:

3.4.1. Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us understand which pages are the most popular, which are the least used, and how visitors navigate through the website.

3.4.2. Functional Cookies

These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we use on our pages. If you do not allow these cookies, some or all of these services may not function properly. You can find the full list of third-party providers in the Cookie Banner.

3.4.3. Marketing & Analytics Cookies

These cookies may be set by our advertising partners through our website. They allow advertisers to measure the effectiveness of their ads, for example, by tracking how many users have seen a specific advertisement.

Additionally, these cookies can be used to track a user's visits across multiple websites where advertisements are displayed. This data enables advertising networks to create user profiles based on interests and show relevant ads both on our website and on others. These cookies do not store personal data directly but rely on a unique identification of your browser and internet device.

If you do not allow these cookies, you will see less targeted advertising based on your interests.

4. Transfer of Personal Data

To fulfill our contractual obligations and for other necessary data processing purposes, the data controller engages service providers. To the necessary extent, we transfer personal data to the following service providers (data processors):

  • IT service providers and/or data hosting or data processing providers
  • Software providers for service delivery
  • Providers of marketing tools, communication services, and messaging services
  • Providers of web analytics tools

We have entered into data processing agreements with all our data processors, meaning they process the data on our behalf and in accordance with our documented instructions.

Additionally, we transfer your personal data, to the necessary extent, to the following recipients (data controllers):

External third parties and authorities based on our legitimate interests in fulfilling our legal obligations, complying with official requirements, or asserting, exercising, or defending legal claims of the data controller (e.g., auditors, legal representatives in case of disputes, collection agencies, credit rating agencies).

Third parties involved in service provision to you, ensuring the fulfillment of our contractual obligations (e.g., payment service providers, postal service providers).

Companies supporting the execution of our services, such as web agencies and domain registrars.

The transfer of personal data to third countries outside the EU or EEA occurs only if:

  • The European Commission has issued an adequacy decision for that country,
  • Legally binding documents with appropriate safeguards have been concluded, or
  • You have given your explicit voluntary consent in accordance with Art. 49 (1) lit. a GDPR for a specific case.

If payment options are integrated via payment providers or comparable third parties, the necessary data transfer for payment processing is carried out within the framework of contract performance (Art. 6 (1) lit. b GDPR).

5. Data Retention and Deletion

We store your personal data only for as long as necessary to fulfill the purposes for which they are processed. Additionally, we may be legally obligated to retain your data for longer periods due to statutory retention requirements.

Specifically:

  • Data related to contact inquiries will be stored for three years to allow us to respond to any follow-up questions.
  • Data related to contractual relationships will be stored until the end of your customer relationship with us and beyond that until the expiration of statutory retention obligations, which typically last seven years.
  • If you withdraw your voluntary consent, we will delete any personal data processed on that basis, unless legal retention obligations apply.
  • Data collected for marketing purposes will be stored for five years.
  • Server log files of the website will be stored for a maximum of 31 days and then deleted.

In exceptional cases, we may retain your personal data beyond these periods if necessary to assert or defend legal claims arising from our relationship with you or until the final resolution of a specific dispute or legal matter. This extended retention is based on our legitimate interest in asserting, investigating, and defending legal claims.

6. Your Rights

If your personal data is processed, you have the following rights regarding the data controller:

  • Right of access – You have the right to receive information about the personal data we process about you.
  • Right to rectification – You have the right to request the correction of inaccurate personal data.
  • Right to erasure ("Right to be forgotten") – You can request the deletion of your data.
  • Right to withdraw consent – You can withdraw your previously given consent for data processing at any time, with effect for the future.
  • Right to restriction of processing – You have the right to request the limitation of data processing under certain conditions.
  • Right to data portability – You have the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format.

Additionally, you have the right to object to the processing of your data for reasons related to your particular situation, if we process your data based on legitimate interests. This includes, in particular, the right to object to the processing of your data for direct marketing purposes.

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority.

The competent data protection authority for the data controller is:

📍 Austrian Data Protection Authority
 Barichgasse 40-42, 1030 Vienna, Austria

However, we kindly ask you to contact us first in case of any complaints or questions. You can reach us using the contact details provided in Section 1.