Last updated: May 16, 2026

1. Data Controller

The data controller for this website is Kinetic d.o.o., M. Garbina 3, 52210, Rovinj, Croatia, OIB: 43770176773. You can reach us at: [email protected]

2. What Data We Collect

We collect the following types of personal data:

Contact and Inquiry Forms

When you submit a contact form, booking inquiry, or partner inquiry, we collect: first name, last name, email address, phone number (optional), message content, party size (optional), preferred date (optional).

Partner Registration

When businesses register as partners, we collect: business name, description, email, phone, website, WhatsApp number, address, and uploaded images.

Chatbot Conversations

When you use our chatbot, we store your messages and the chatbot's responses linked to your browser session. We do not require you to identify yourself to use the chatbot.

Technical Data

When you visit our website, our servers automatically collect: IP address, browser type, operating system, referring URL, pages visited, date and time of access. This data is collected through server logs and is used for security and performance purposes.

3. Purpose and Legal Basis

We process your data for the following purposes:

• Contact inquiries: To forward your inquiry to the relevant business and send you a confirmation. Legal basis: performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).
• Partner registration: To review and publish business listings. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Chatbot: To provide tourism information assistance. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
• Analytics and security: To maintain website security and improve our services. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

4. Data Sharing

When you submit an inquiry about a specific business (hotel, restaurant, partner), your contact information and message are forwarded to that business via email so they can respond to you directly.

Chatbot conversations are processed by Anthropic (our AI provider) to generate responses. Anthropic processes this data under a data processing agreement and does not use your conversations for training purposes.

Google Analytics (only with your consent): When you accept analytics cookies, anonymized usage data (page views, language, approximate location derived from IP) is processed by Google Ireland Limited under the Google Cloud Data Processing Addendum. IP addresses are truncated before storage. We never opt in by default — analytics fire only after you click "Accept all" in the cookie banner.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Data Retention

• Contact inquiries: Retained for 2 years for business analytics and dispute resolution, then deleted.
• Partner registrations: Retained as long as the business listing is active. Deleted upon request or 1 year after deactivation.
• Chatbot conversations: Retained for 90 days, then automatically deleted.
• Server logs: Retained for 30 days.

6. Cookies

This website uses the following cookies:

Strictly necessary cookies (no consent required)

• Session cookie (csrftoken, sessionid): Essential for website functionality and security.
• Language preference (django_language): Stores your selected language.
• Consent record (cookie_consent): Remembers your cookie-banner choice for one year so we don't ask again on every page.

Statistical cookies (only with your consent)

• Google Analytics (_ga, _ga_*): Anonymous traffic measurement (page views, language, approximate location). Set only after you click "Accept all" in the cookie banner. You can revoke consent at any time via the "Cookies" link in the footer.

We do not use advertising or marketing cookies. We do not share your data with social networks. The cookie banner offers an equal-weight "Accept all" and "Only necessary" choice, with no pre-ticked boxes and no implied consent.

To demonstrate consent as required by Art. 7(1) GDPR, we keep an append-only server-side record of every banner click (a salted hash of your IP and browser, the choice made, the page URL, and timestamp). This record is retained for 2 years. Raw IP and User-Agent values are never stored.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and Croatian data protection law (Zakon o provedbi Opće uredbe o zaštiti podataka, NN 42/18), you have the following rights:

• Right of access — Request a copy of your personal data
• Right to rectification — Request correction of inaccurate data
• Right to erasure — Request deletion of your data ('right to be forgotten')
• Right to restrict processing — Request limitation of how we use your data
• Right to data portability — Receive your data in a machine-readable format
• Right to object — Object to processing based on legitimate interest

To exercise any of these rights, contact us at: [email protected]. We will respond within 30 days.

8. Supervisory Authority

You have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka — AZOP):

Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136, 10000 Zagreb, Croatia
https://azop.hr
[email protected]

9. Data Security

We implement appropriate technical and organisational security measures to protect your personal data, including encryption in transit (HTTPS), access controls, and regular security updates. However, no method of transmission over the internet is 100% secure.

10. International Data Transfers

Our chatbot service uses Anthropic (based in the USA) for AI processing. This transfer is governed by EU Standard Contractual Clauses (SCCs) and Anthropic's data processing agreement, ensuring an adequate level of data protection as required by GDPR Chapter V.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.