PRIVACY POLICY – Istra Nest d.o.o.

Controller:
Istra Nest d.o.o.
Address: Škokovica ul. 29, 52100 Pula, Croatia
OIB (Tax ID): 33679118296
Data protection email: office@istranest.hr
Web: https://istranest.hr
Phone: +385 99 38 38 300

1. Introduction

This Privacy Policy explains how Istra Nest d.o.o. (“we”, “us”, “the Agency”) processes personal data of guests, property owners, website users and business partners.
Data processing is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable Croatian regulations.

2. What data do we collect?

2.1. Guest data (reservations and stay)

• full name
• residential address
• email and phone number
• date of birth
• gender
• nationality
• ID card / passport number
• document issue date and issuing authority
• reservation details (dates, number of guests, apartment, price)
• payment information (part processed via OTA platforms, part via us)

2.2. Property owner / host data

• full name / company name
• address
• OIB (Croatian tax number)
• contact details
• property details

2.3. Automatically collected website data

• IP address
• device information
• cookies
• analytics data (Google Analytics, Meta Pixel, etc.)

2.4. Data collected via forms (contact & inquiries)

• name and surname
• email
• phone
• message content

3. Purpose and legal basis for processing

3.1. Accommodation reservation and contract performance

Processing is necessary for providing the booked accommodation service.
(GDPR Art. 6(1)(b))

3.2. Legal obligations (eVisitor guest registration)

Processing is mandatory for reporting guests to the eVisitor system.
(GDPR Art. 6(1)(c))

3.3. Communication with guests and property owners

Confirmations, changes, important information.

3.4. Protection of the Agency’s property and interests

Damage claims, fraud prevention.

3.5. Marketing communication

Only with the user’s explicit consent.
(GDPR Art. 6(1)(a))

3.6. Website statistics and improvements

Legitimate interest.
(GDPR Art. 6(1)(f))

4. Who has access to your data?

Data may be shared with:

4.1. Legal and tourism institutions

• eVisitor system (mandatory)
• Ministry of Tourism and Sports
• Tax Administration

4.2. Technical and business partners

• MARS / NeoLab (channel manager)
• Booking.com, Airbnb, VRBO, HomeToGo and other OTA partners
• accounting services
• payment processors (Stripe, PayPal, banks)

4.3. IT and hosting partners

• hosting providers, backup providers, email platforms

All partners process data strictly according to GDPR and only for the purpose of service provision.

5. Data transfers outside the EU

Some OTA platforms (e.g. Airbnb, VRBO) are based outside the EU.
Transfers are carried out using Standard Contractual Clauses (SCC) and GDPR compliance frameworks.

6. Data retention periods

• eVisitor records → 10 years (legal requirement)
• reservation records → 10 years (accounting requirement)
• contact inquiries → 12 months
• marketing databases → until consent is withdrawn
• cookies → depending on cookie type (see Cookie Policy)

7. Your rights

You have the right to:

• access your personal data
• rectification
• deletion (“right to be forgotten”), except where data must be retained by law
• restriction of processing
• data portability
• objection
• withdrawal of consent

For exercising rights: office@istranest.hr

8. Right to lodge a complaint with a supervisory authority

If you believe your rights have been violated, you may file a complaint with:

AZOP – Croatian Personal Data Protection Agency
www.azop.hr

9. Automated decision-making and profiling

We do not use automated decision-making that produces legal effects.
Basic advertising (remarketing) may be used with cookie consent.

10. Data security

We apply technical and organisational measures:

• encryption
• backups
• restricted access
• SSL certificate
• contractual protection with partners

11. Changes to the Privacy Policy

This Policy may be updated. The latest version is always available on our website.

COOKIE POLICY

1. What are cookies?

Cookies are small text files stored on your device when you visit a website. They are used for functionality, analytics, security and marketing.

2. Types of cookies we use

2.1. Essential cookies

Enable core website functionality (security, login, forms).

2.2. Analytical cookies

We use:

• Google Analytics (IP anonymised)
• Matomo or other tools (if applicable)

2.3. Marketing cookies

Used for:

• Meta Pixel (Facebook/Instagram advertising)
• Google Ads remarketing
  Used only with consent.

2.4. Third-party cookies

Integrated content (YouTube, Google Maps, OTA widgets).

3. How to manage cookies?

When you first visit the site, a banner allows you to:

• accept all
• reject all
• choose categories

You can change settings anytime via “Cookie Settings”.

4. Cookie duration

• session cookies → removed when closing browser
• persistent cookies → 1–12 months depending on purpose

5. How to disable cookies manually

Users can block cookies in browser settings (Chrome, Firefox, Edge), but the site may function with limitations.

GDPR STATEMENT – eVisitor & OTA DATA PROCESSING

Istra Nest d.o.o. collects and processes guest personal data exclusively for accommodation service provision, legal obligations (eVisitor registration) and reservation processing through online platforms and partners (Booking.com, Airbnb, VRBO, HomeToGo, NeoLab/MARS, etc.).

We process:

• identification data (ID card/passport)
• contact details
• reservation details
• stay duration information

Legal basis:

• contract performance
• legal obligation under Croatian tourism regulations and eVisitor system
• legitimate interest
• consent (only for marketing)

Data is not used for other purposes.
All processing is GDPR compliant.
Users may request access, correction, deletion and restriction of processing.