Privacy Policy

This privacy policy outlines the personal data we collect from you, the reasons for collecting it, and how we intend to use it. It also highlights some of the key rights you have under data protection laws. As of May 25, 2018, your personal data will be safeguarded by the EU General Data Protection Regulation (GDPR) and the new UK Data Protection Act 2018. Throughout this privacy policy, we refer to these regulations as data protection laws.

We will only process your personal data in accordance with our privacy policy, any notifications or agreements made with you, or as permitted by data protection laws.

In relation to data protection laws, we, Hvar Away Limited, are a data controller in respect of the personal data you provide us with.

When we refer to “personal data”, we are referring to any information that pertains to an identified or identifiable individual.

When we refer to processing personal data, this “processing” encompasses all actions we may take with your personal data, including but not limited to collecting, storing, using, disclosing to third parties, and erasing it.

We collect personal information from and about you whenever you interact with our services or contact us in any way, whether directly or indirectly. For instance, you might make a booking or enquiry through a travel agent, or share personal details with a third party involved in your travel arrangements, such as a local service provider in Croatia. We may also gather information from publicly available sources (for example, public records) to help us better understand our clients for internal marketing purposes.

Examples of the personal data we may collect include, but are not limited to:

For a simple enquiry, we typically need to process only the name and contact details of the person making it.

When processing a booking or enquiry, we handle your personal data (excluding any special category data – see below) on the basis that it is necessary to fulfil our contract with you, or to take steps at your request before entering into a contract. We may also process it to comply with legal obligations or to protect your vital interests (for example, in an emergency).

Personal data relating to your health, racial or ethnic origin, or sexual orientation falls under special categories of personal data. While other information may also fall under special categories, it is typically unrelated to the booking and provision of travel arrangements.

Processing special categories of personal data generally requires your explicit consent.

Therefore, details regarding any disabilities, medical conditions, mobility restrictions, or other health-related issues that may impact your travel arrangements (and associated needs), as well as dietary restrictions that reveal religious beliefs or health concerns, are considered special categories of personal data. We will request your consent to process this information when you make your booking or inquiry.

When you make a booking, we will share the necessary personal data with the relevant suppliers involved in your chosen arrangements (such as villa owners, caretakers, Experience providers, chefs, car rental companies, restaurants, etc.), as well as any other third parties (for example, banks or credit card providers) who require this information to facilitate your holiday.

This information may also be disclosed to government or public authorities, such as customs or immigration, if they require it or if mandated by law. Certain details may additionally be shared with security or credit reference agencies.

We may also provide personal data to companies or individuals that perform services on our behalf, such as marketing.

We only share with third parties the personal data that is essential for them to fulfil their roles. Except in the case of government or public authorities (over which we have no control), we take appropriate measures to ensure that any recipient of your personal data agrees to keep it secure, uses it solely for the purpose of delivering their services, and does not collect additional personal data from you while providing those services.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

This means that if you have opted in to receive SMS messages from us, your phone number and consent details will not be used for any other purpose or shared with any third party. We only use this information to deliver the messages you have agreed to receive.

We comply with UK data protection laws, including the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR). Where required, we will rely on either your explicit consent or legitimate interest/soft opt-in to send you marketing communications, and you can opt out at any time.

When you make a booking, we will share the necessary personal data with the relevant suppliers involved in your chosen arrangements (such as villa owners, caretakers, Experience providers, chefs, car rental providers, etc.)

Your personal data may undergo processing within the UK and/or any other country(ies) within the European Economic Area (EEA). The EEA comprises all member states of the European Union, including Croatia, along with Norway, Iceland, and Liechtenstein.

Additionally, we may process personal data outside the EEA. It's important to note that data protection laws outside the EEA may not be as stringent as those within the EEA. Personal data will not be transferred to a country outside the EEA unless one of the following conditions is met: (1) the European Commission deems the country to provide an adequate level of data protection, (2) the personal data is transferred to a company that is contractually obligated to handle the data in line with our instructions and to maintain appropriate security measures, as we deem satisfactory, or (3) we are compelled to provide the personal data to a government/public authority to facilitate your holiday arrangements.

We implement appropriate technical and organisational safeguards to prevent unauthorised or unlawful processing of personal data, as well as accidental loss, destruction, or damage to it. These measures are commensurate with the potential harm resulting from such unauthorised or unlawful processing or accidental loss, destruction, or damage, considering the nature of the data to be protected. We also take into account the state of technological advancements and the expenses associated with implementing these measures.

We will retain and use your personal data for marketing purposes only where you have explicitly consented to this, or (in the case of email marketing) where we are permitted to do so under the Privacy and Electronic Communications Regulations (PECR). Under PECR, we may send you marketing emails if you have previously shared your email address with us during the process of booking a holiday or during related negotiations, and the marketing relates to similar services or products we offer. You will always have the option to opt out of receiving such emails: this will be provided when you first give us your email address and in every marketing email we send.

You can give your consent to receive marketing materials online, by telephone, or via text message. For text message marketing, you will be given the opportunity to opt out when you first provide your phone number and in every marketing SMS (simply reply STOP). You are also free to specify your preferred communication channels.

You have the option to withdraw your consent for receiving marketing material or other communications from us, whether in general or via specific channels, at any time. You can do so by emailing us at hello@hvaraway.com or by calling us.

You have the right to request (by letter or email) details of the personal data we hold or process about you, including the purposes of processing and any recipients or categories of recipients to whom it may have been disclosed. We will not charge a fee for responding to such a request unless it is manifestly unfounded, excessive, or repetitive. We will respond promptly and in any case within one month, though this period may be extended by up to two further months if the request is complex or we receive multiple requests from you.

If you believe any of your personal data is incorrect, outdated, or incomplete, please inform us by email as soon as possible. We will correct it within one month, or within three months if the request is particularly complex.

We will retain your personal data in an identifiable form only for as long as necessary to fulfil the original purpose for which it was collected or for any other legitimate business needs.

For data provided in connection with holiday bookings or other contracted services, we may keep it for up to 6 years after the completion of those arrangements. In certain limited cases, a longer retention period may apply.

If you have consented to marketing communications, we may continue using your data for that purpose until you withdraw consent or until we reasonably determine that your consent is no longer valid.

In certain circumstances, you can ask us to erase your personal data – for example, if you withdraw consent to marketing and the data was processed solely for that purpose. However, this right is not absolute. Please refer to the section above for details on our standard retention periods.

We may update this privacy policy from time to time. Changes could be necessary due to developments in data protection legislation, guidance from regulators such as the Information Commissioner’s Office (ICO), or updates to our internal procedures.

Like most websites, ours uses cookies. A cookie is a small data file placed on your device by our server to collect information about your visit and to recognise you on future visits. Cookies help us identify users and personalise your experience by tailoring content to your preferences.

We may also work with third-party providers who collect non-personally identifiable data to analyse site traffic and perform similar functions. These providers may set their own cookies to gather information about your visit.

You can disable or delete cookies via your browser settings if you prefer. However, this may prevent access to certain parts of the site, reduce functionality, or mean you miss out on content relevant to your interests.

If you have visited our website, we may display advertisements for our services on other websites, apps, or social media platforms based on your browsing activity.

If you are unhappy with any aspect of our processing of your personal data, please contact us by email. We will investigate and respond as quickly as possible.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office. More information is available at www.ico.org.uk.