MAR ESCAPE

Privacy Policy

This Privacy Policy explains how Mar Escape Villa (“we”, “us”, “our”) collects and processes personal data when you use www.mar-escape.com (the “Website”).

We are committed to protecting your privacy and handling your personal data transparently and securely, in accordance with the EU General Data Protection Regulation (GDPR). :contentReference[oaicite:4]{index=4}

1) Controller (Who is responsible?)

Data Controller / Owner: Ionut Leonard Copoiu
Address: Vinišće 21222, Croatia
Email: [email protected] (recommended for privacy requests)
Alternative contact: [email protected]

Data Protection Officer (DPO): We are not legally required to appoint a DPO at this time. If this changes, we will update this policy. :contentReference[oaicite:5]{index=5}

2) What personal data we collect

Depending on how you use the Website, we may collect:

  • Contact / inquiry data: your name, email address, phone number, country, and the details you write in your message.
  • Booking / stay communication data (if you contact us): dates, group details, preferences and requests you voluntarily provide.
  • Technical & usage data: IP address (may be processed by hosting/analytics), device/browser information, pages viewed, approximate location (city/region), referral source, and session statistics (depending on your browser settings and cookies).
  • Cookies / similar technologies: small files used for website functionality and (if enabled) analytics/marketing.

3) How we collect data

  • Directly from you: when you submit a form or contact us by email/phone/WhatsApp.
  • Automatically: when you browse the Website (technical logs and cookies, depending on settings).
  • From service providers: limited data may be provided to us by tools we use to operate the Website (e.g., form delivery, hosting, analytics).

4) Why we process your data (purposes) and legal basis

We process personal data for the following purposes and legal bases:

A) Respond to inquiries and provide concierge assistance

Purpose: answering your questions, providing quotes/options, arranging services you request.
Legal basis: steps prior to entering a contract / performance of a contract, and/or our legitimate interest in responding to your request.

B) Website operation, security and fraud prevention

Purpose: keep the Website running, secure, and protect against abuse.
Legal basis: legitimate interests (security and service stability).

C) Analytics and improvement (if enabled)

Purpose: understand how visitors use the Website and improve content and user experience.
Legal basis: consent for non-essential cookies/trackers (where required), otherwise legitimate interests for strictly necessary measurement depending on configuration.

When GDPR requires that we provide information at the time of collection, we do so via this policy and (where applicable) cookie banners/controls. :contentReference[oaicite:6]{index=6}

5) Who we share data with (processors and recipients)

We do not sell your personal data. We may share data only with trusted service providers that help us operate the Website and respond to you, such as:

  • Form delivery provider: We currently use FormSubmit to deliver messages submitted via forms to our email inbox. Your form data is transmitted through their service. :contentReference[oaicite:7]{index=7}
  • Website/hosting providers: hosting, CDN, and infrastructure vendors needed to run the Website (may process technical logs).
  • Analytics providers (if enabled): tools that measure site traffic and usage (depending on your cookie preferences and our configuration).
  • Professional advisors: accountants/legal advisors when necessary, and only under confidentiality.
  • Legal requirements: authorities where required by law.

[UPDATE IF YOU CAN] If you want this list to be ultra-precise, add the names of the exact tools you use (e.g., Google Analytics, Meta Pixel, Lodgify, etc.) and we’ll tailor this section perfectly.

6) International transfers

Some of our service providers may process data outside the European Economic Area (EEA). When this happens, we use appropriate safeguards (such as Standard Contractual Clauses) where required, and we limit transfers to what is necessary.

7) How long we keep your data (retention)

  • Inquiry / concierge requests: kept as long as needed to respond and manage our relationship, then archived/deleted periodically.
  • Booking-related communications: kept for the duration of our relationship and for a reasonable period after, for administration and legal protection.
  • Technical logs: typically kept for a short period unless required for security investigations.
  • Cookies: stored for durations described in the cookie settings/banner (if used) or in your browser until deletion.

We aim to keep personal data only for as long as necessary for the purposes described above. :contentReference[oaicite:8]{index=8}

8) Your rights under GDPR

You may have the right to:

  • request access to your personal data;
  • request correction (rectification) of inaccurate or incomplete data;
  • request deletion (erasure) of your data in certain situations;
  • request restriction of processing in certain situations;
  • object to processing based on legitimate interests in certain situations;
  • request data portability (where applicable);
  • withdraw consent at any time where processing is based on consent (this does not affect processing already carried out).

These rights are described in GDPR Chapter 3. :contentReference[oaicite:9]{index=9}

9) How to exercise your rights

To exercise your rights, email us at [email protected]. Please include enough information for us to identify your request. We may ask for additional information to verify your identity.

10) Complaints (Supervisory Authority)

If you believe your data protection rights have been violated, you can lodge a complaint with the Croatian supervisory authority:

Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136, 10 000 Zagreb, Croatia
Email: [email protected]
Website: azop.hr

AZOP provides instructions on how to lodge a complaint. :contentReference[oaicite:10]{index=10}

11) Cookies and tracking

We may use cookies and similar technologies for: (a) essential website functions and security; and (b) analytics/marketing (only where enabled and permitted, often requiring consent).

You can control cookies through your browser settings and (where implemented) through our cookie banner/preferences tool. Some third-party services (such as FormSubmit) may also use cookies when you interact with their service. :contentReference[oaicite:11]{index=11}

12) Security

We apply appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. No internet transmission is fully secure; if you suspect a security issue, please contact us.

13) Children

The Website is not intended for children, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can delete it where appropriate.

14) Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The updated version will be posted on this page with a new “Last updated” date.

Last updated: [13 January 2026]

Note: This document is a practical website privacy notice designed to meet transparency requirements. For complex setups (ads pixels, remarketing, newsletter automation, multiple vendors), consider a legal review.

Iscriviti alla nostra newsletter

00385 91 92 77 698

Petrovi 4, Vinisce, Splitska Dalmatinska, Croazia 21226.
[email protected]
©2026 MAR ESCAPE Tutti i diritti riservati - Offerto daLodgify