Weather data of this location not found.

Ražanac, Croatia

Book Now
Weather data of this location not found.

Ražanac, Kroatien

Home
The Hotel/Rooms
Restaurant
About Us
Explore Dalmatia
Gallery
Arrival

Follow us on

Imprint
Data Policy

Data Policy

1. Privacy Policy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any information by which you can be personally identified. For detailed information on data protection, please refer to our full privacy policy below.

Data Collection on This Website
Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section “Information on the controller” in this privacy policy.

How do we collect your data?

Some data is collected because you voluntarily provide it—for example, data you enter into a contact form.

Other data is collected automatically by our IT systems when you visit the website, either with or without your consent. These are mainly technical data (e.g., web browser, operating system, or time of page view). This data is collected automatically as soon as you enter the website.

What do we use your data for?

Part of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data may also be processed for contract offers, orders, or other service requests.

What rights do you have regarding your data?

You have the right at any time to obtain, free of charge, information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you may withdraw this consent at any time for the future. You also have the right to request restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this or any other questions about data protection, you can contact us at any time.

Analysis Tools and Third-Party Tools

When you visit this website, your browsing behavior may be statistically analyzed, mainly using so-called analysis programs. Detailed information on these analysis programs can be found in the full privacy policy below.

2 .Hosting

We host the content of our website with the following provider:

Strato

Provider: Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (“Strato”). When you visit our website, Strato records various log files, including your IP addresses.

For more information, please see Strato’s privacy policy: https://www.strato.de/datenschutz/.

The use of Strato is based on Article 6(1)(f) GDPR. We have a legitimate interest in a reliable presentation of our website. If consent is requested, processing is based solely on Article 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers storage of cookies or access to information on the user’s device (e.g., device fingerprinting). Consent may be revoked at any time.

Order Processing

We have concluded a data-processing agreement (AVV) for the use of the above service. This is a contract required under data protection law, ensuring that the processor only processes personal data of our website visitors according to our instructions and in compliance with the GDPR.

3. General Notes and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data by which you can be identified. This privacy policy explains which data we collect and for what purpose. It also explains how and why this happens.

Please note that data transmission over the Internet (e.g., when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Information on the Controller

The controller for data processing on this website is:

Vila Stošić

Bastian Stosic
Rtina I 177b
23248 Rtina, Croatia

Phone: +49 (0)170 5102007

Email: info@vila-stosic.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses).

Data Retention

Unless otherwise specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., statutory retention periods); in such cases, deletion occurs after these reasons cease to apply.

Legal Bases for Data Processing

If you have given consent, we process your personal data on the basis of Article 6(1)(a) GDPR and, for special categories of data, Article 9(2)(a) GDPR. In case of express consent to transfer personal data to third countries, processing also takes place on the basis of Article 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing also takes place on the basis of § 25(1) TDDDG. Consent may be revoked at any time.

If your data is necessary for the performance of a contract or pre-contractual measures, we process your data on the basis of Article 6(1)(b) GDPR. If data processing is necessary to comply with a legal obligation, we process on the basis of Article 6(1)(c) GDPR. Processing may also be based on our legitimate interest under Article 6(1)(f) GDPR. The specific legal bases are detailed in the respective sections below.

Recipients of Personal Data

In the course of our business activities, we work with various external entities, to which personal data may need to be transferred. We only pass on personal data to external bodies if it is necessary for contract fulfillment, if we are legally obliged to do so (e.g., disclosure to tax authorities), if we have a legitimate interest under Article 6(1)(f) GDPR, or if another legal basis permits the transfer. When using processors, we only pass on data on the basis of a valid data-processing agreement. In case of joint processing, a joint-processing agreement is concluded.

Withdrawal of Consent

Many processing operations are only possible with your explicit consent. You can withdraw any consent you have given at any time. The lawfulness of processing carried out up to the withdrawal remains unaffected.

Right to Object

If data processing is based on Article 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if processing serves the assertion, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. After objection, your personal data will no longer be used for direct marketing purposes.

Right to Lodge a Complaint

In case of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, workplace, or place of the alleged infringement.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or contract in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller where technically feasible.

Access, Correction, Deletion

Under the applicable legal provisions, you have at any time the right to free information about your stored personal data, its origin, recipients, and the purpose of data processing, and the right to request correction or deletion of this data. For this or any other questions, you can contact us at any time.

Right to Restrict Processing

You have the right to request restriction of the processing of your personal data. You can contact us at any time for this. Restriction of processing applies in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we generally need time to verify it. During the verification period, you can request restriction of your data processing.
  • If the processing of your personal data is unlawful, you may request restriction instead of deletion.
  • If we no longer need your personal data but you require it to assert, exercise, or defend legal claims, you have the right to request restriction instead of deletion.
  • If you have objected under Article 21(1) GDPR, a balancing of interests must be carried out. As long as it is not clear whose interests prevail, you may request restriction of processing.

Restricted data may only be processed—with the exception of storage—with your consent or to establish, exercise, or defend legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the EU or a member state.

4. Data Collection on This Website

Cookies

Our site uses so-called “cookies.” Cookies are small data packages that do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are deleted automatically at the end of your visit. Persistent cookies remain on your device until you delete them or they are automatically deleted by your browser.

Cookies can originate from us (first-party cookies) or from third parties (third-party cookies). Third-party cookies enable the integration of certain third-party services on web pages (e.g., cookies for payment processing). Cookies have various functions. Many are technically necessary because certain website functions would not work without them (e.g., shopping cart function or video playback). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are necessary for electronic communication processes, to provide certain features you request (e.g., for the shopping cart), or to optimize the website (e.g., audience measurement cookies) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the error-free and optimized provision of its services. If consent to store cookies and comparable recognition technologies is requested, processing is based solely on this consent (Article 6(1)(a) GDPR and § 25(1) TDDDG); consent may be revoked at any time.

You can configure your browser to inform you about cookie settings and only allow cookies on a case-by-case basis, to exclude cookies for certain cases or generally, or to activate automatic deletion of cookies when closing the browser. Disabling cookies may restrict the functionality of this website.

Which cookies and services are used on this website can be found in this privacy policy.

Contact Requests by Email, Phone, or Fax

If you contact us by email, phone, or fax, your inquiry—including all resulting personal data (name, inquiry)—is stored and processed by us to handle your request. We do not pass on this data without your consent.

Processing is based on Article 6(1)(b) GDPR if your inquiry is related to contract fulfillment or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) if requested; consent may be revoked at any time.

The data you send us via contact inquiries remains with us until you request deletion, revoke consent to storage, or the purpose for data storage no longer applies (e.g., after completion of your inquiry). Mandatory statutory provisions—particularly statutory retention periods—remain unaffected.

5. Social Media

Instagram

This website includes features of the Instagram service, provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social-media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information that you have visited this website.

If you are logged into your Instagram account, clicking the Instagram button links the content of this website to your profile. Instagram can then associate your visit with your account. We have no knowledge of the content of the data transferred or its use by Instagram.

Use of this service is based on your consent under Article 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

Where personal data is collected on our website and forwarded to Facebook/Instagram, we and Meta Platforms Ireland Limited are jointly responsible for this data processing (Article 26 GDPR). Joint responsibility is limited to collecting and forwarding data. Subsequent processing by Facebook/Instagram is not part of the joint responsibility.

Our joint obligations are recorded in a joint-processing agreement, available at:

https://www.facebook.com/legal/controller_addendum

Subject-rights requests regarding data processed by Facebook/Instagram can be made directly to Facebook. If you assert rights with us, we must forward them to Facebook.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details at:

https://www.facebook.com/legal/EU_data_transfer_addendum

https://privacycenter.instagram.com/policy/

https://de-de.facebook.com/help/566994660333381

Meta holds certification under the “EU-US Data Privacy Framework” (DPF). Details: https://www.dataprivacyframework.gov/participant/4452

For Instagram’s privacy policy see: https://privacycenter.instagram.com/policy/.

6. Plugins and Tools

Google Maps

This site uses the Google Maps service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This enables us to embed maps on our website.

To use Google Maps functions, your IP address must be stored and is usually transmitted to a Google server in the USA and stored there. We have no control over this data transfer. If Google Maps is activated, Google may use Google Fonts for uniform font display. When loading Google Maps, your browser loads the required web fonts into its cache to display texts and fonts correctly.

Use of Google Maps is in our interest for an attractive presentation of our online offerings and easy findability of the places we list. This is a legitimate interest under Article 6(1)(f) GDPR. If consent is requested, processing is based solely on Article 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details:

https://privacy.google.com/businesses/gdprcontrollerterms/

https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

For more on Google’s handling of user data see: https://policies.google.com/privacy?hl=de

Google is certified under the “EU-US Data Privacy Framework” (DPF). Details: https://www.dataprivacyframework.gov/participant/5780

Google reCAPTCHA

We use “Google reCAPTCHA” by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to check whether data entry on this site (e.g., in a contact form) is made by a human or an automated program. reCAPTCHA analyzes user behavior based on various characteristics as soon as the visitor enters the site. It evaluates information such as IP address, time spent on the site, or mouse movements, and forwards this data to Google.

The reCAPTCHA analysis runs entirely in the background. Visitors are not notified that an analysis is taking place.

Storage and analysis of data are based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting the site against abusive automated scraping and spam. If consent is requested, processing is based solely on Article 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

For more information, see Google’s privacy policy and terms:

https://policies.google.com/privacy?hl=de

https://policies.google.com/terms?hl=de

Google is certified under the “EU-US Data Privacy Framework” (DPF). Details: https://www.dataprivacyframework.gov/participant/5780

7. Encrypted Payment Transactions on the Website

We use end-to-end encryption (SSL/TLS) for all payments on our website, protecting your payment data during transmission. Encryption is based on TLS 1.2 or higher. Your payment information is transmitted only to the respective payment service provider and is not stored by us (see also section 8). The legal basis for transmitting payment data is Article 6(1)(b) GDPR (contract fulfillment).

8. Third-Party Payment Services

We work with external payment service providers such as Stripe, PayPal, or Klarna to process payments.

Purpose of data processing: Handling your payment transactions and fraud prevention.

Data categories: Payment amount, currency, payment method, transaction date, name, address, email address, and, if applicable, bank account details.

Legal basis: Article 6(1)(b) GDPR (contract fulfillment) and our legitimate interest under Article 6(1)(f) GDPR (security and fraud prevention).

Order processing: We have concluded a data-processing agreement with each payment service provider.

9. Processing of Customer and Contract Data

If you conclude contracts with us via our website (e.g., booking accommodations, purchasing goods or services), we process the following data:

  • Contact data (name, address, email, phone)

  • Contract data (e.g., booking date, scope of service, price)

  • Payment data (see sections 7 and 8)
    These data are processed for contract performance, invoicing, and compliance with statutory retention obligations.

  • Legal basis: Article 6(1)(b) GDPR.

  • Retention period: Until the expiration of tax and commercial retention periods (usually 10 years), thereafter deleted unless other legitimate interests exist.

10. Data Transfer Upon Contract Conclusion for Online Shops, Retailers, and Shipping

To deliver goods, we forward your order data (name, delivery address, email, if applicable phone number) to shipping service providers (e.g., DHL, UPS, Hermes).

  • Purpose: Delivery of the ordered goods.
  • Legal basis: Article 6(1)(b) GDPR (contract fulfillment).
  • Recipients: External processors contractually bound to comply with the GDPR.

11. Cookie Management with Usercentrics and Cookiebot

We use consent-management tools from Usercentrics and Cookiebot to legally manage storage of cookies and similar tracking technologies.

  • How it works: Both tools display a consent banner on first visit, where you can select or reject desired cookie categories (e.g., “Necessary,” “Statistics,” “Marketing”).
  • Data collected: Selected cookie categories, cookie status, timestamp of consent.
  • Retention of consent: Until withdrawal, maximum 1 year.
  • Legal basis: Article 6(1)(c) GDPR (legal obligation to document consent) and Article 6(1)(a) GDPR (consent).
  • Withdrawal: You can change or withdraw your consent at any time via the “Cookie Settings” link in our website footer.

12. Google Analytics

We use Google Analytics (GA4) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to analyze website usage.

  • Purpose: Improve our offerings through statistical analysis of your user behavior.
  • Data categories: (Anonymized) IP address, page views, time on site, technical data (browser, operating system), referrer URL.
  • Anonymization: IP masking (“AnonymizeIP”) is enabled so that your IP address is truncated and not directly stored.
  • Legal basis: Article 6(1)(f) GDPR (legitimate interest in web analytics) and Article 6(1)(a) GDPR (consent), if tracking cookies are set.
  • Order processing: A data-processing agreement with Google is in place.
  • Retention period: Google stores analytics data for a maximum of 14 months, then automatically deletes it.
  • Opt-out: You can disable data collection by installing the “Google Analytics Opt-out” browser add-on or by withdrawing consent in the cookie banner.