Privacy Policy

Last updated: april 20, 2026

1. Data Controller

The data controller for this website is Kinetic d.o.o., M. Garbina 3, 52210, Rovinj, Croatia, OIB: 43770176773. You can reach us at: [email protected]

2. What Data We Collect

We collect the following types of personal data:

Contact and Inquiry Forms

When you submit a contact form, booking inquiry, or partner inquiry, we collect: first name, last name, email address, phone number (optional), message content, party size (optional), preferred date (optional).

Partner Registration

When businesses register as partners, we collect: business name, description, email, phone, website, WhatsApp number, address, and uploaded images.

Chatbot Conversations

When you use our chatbot, we store your messages and the chatbot's responses linked to your browser session. We do not require you to identify yourself to use the chatbot.

Technical Data

When you visit our website, our servers automatically collect: IP address, browser type, operating system, referring URL, pages visited, date and time of access. This data is collected through server logs and is used for security and performance purposes.

3. Purpose and Legal Basis

We process your data for the following purposes:

  • Contact inquiries: To forward your inquiry to the relevant business and send you a confirmation. Legal basis: performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).
  • Partner registration: To review and publish business listings. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • Chatbot: To provide tourism information assistance. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
  • Analytics and security: To maintain website security and improve our services. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

4. Data Sharing

When you submit an inquiry about a specific business (hotel, restaurant, partner), your contact information and message are forwarded to that business via email so they can respond to you directly.

Chatbot conversations are processed by Anthropic (our AI provider) to generate responses. Anthropic processes this data under a data processing agreement and does not use your conversations for training purposes.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Data Retention

  • Contact inquiries: Retained for 2 years for business analytics and dispute resolution, then deleted.
  • Partner registrations: Retained as long as the business listing is active. Deleted upon request or 1 year after deactivation.
  • Chatbot conversations: Retained for 90 days, then automatically deleted.
  • Server logs: Retained for 30 days.

6. Cookies

This website uses the following cookies:

  • Session cookie (csrftoken, sessionid): Essential for website functionality and security. These are strictly necessary and do not require consent.
  • Language preference (django_language): Stores your selected language. Strictly necessary for site functionality.

We do not use third-party tracking cookies or advertising cookies.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and Croatian data protection law (Zakon o provedbi Opće uredbe o zaštiti podataka, NN 42/18), you have the following rights:

  • Right of access — Request a copy of your personal data
  • Right to rectification — Request correction of inaccurate data
  • Right to erasure — Request deletion of your data ('right to be forgotten')
  • Right to restrict processing — Request limitation of how we use your data
  • Right to data portability — Receive your data in a machine-readable format
  • Right to object — Object to processing based on legitimate interest

To exercise any of these rights, contact us at: [email protected]. We will respond within 30 days.

8. Supervisory Authority

You have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka — AZOP):

Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136, 10000 Zagreb, Croatia
https://azop.hr
[email protected]

9. Data Security

We implement appropriate technical and organisational security measures to protect your personal data, including encryption in transit (HTTPS), access controls, and regular security updates. However, no method of transmission over the internet is 100% secure.

10. International Data Transfers

Our chatbot service uses Anthropic (based in the USA) for AI processing. This transfer is governed by EU Standard Contractual Clauses (SCCs) and Anthropic's data processing agreement, ensuring an adequate level of data protection as required by GDPR Chapter V.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

Visit Rovinj Concierge
Ask me anything about Rovinj!
Hi! I'm your Visit Rovinj concierge. I can help you find beaches, restaurants, activities, and local services. What are you looking for?
AI-generated responses — may be inaccurate. Verify important details independently.