Privacy Policy

At JetskiDubrovnik.Com (operated by Monza Gruppo d.o.o.), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, process, and store your personal information when you use our website or services.

Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it. By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

JetskiDubrovnik.Com is operated by Monza Gruppo d.o.o. ("we", "us", "our"), a company registered in Croatia with OIB: 54419028561, whose registered address is Od gaja 56, 20000 Dubrovnik, Croatia.

We are the data controller responsible for your personal data and committed to protecting and respecting your privacy in compliance with EU General Data Protection Regulation (GDPR) and Croatian data protection laws.

2. Information We Collect

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

• Identity Data: Includes first name, last name, username or similar identifier, date of birth, nationality, and identification documents (such as passport or ID card).
• Contact Data: Includes email address, telephone number, billing address, and accommodation address while in Dubrovnik.
• Financial Data: Includes payment card details. Note that full payment information is not stored on our servers but is processed through secure third-party payment providers.
• Transaction Data: Includes details about payments to and from you and other details of services you have purchased from us.
• Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
• Profile Data: Includes your bookings, preferences, feedback, and survey responses.
• Usage Data: Includes information about how you use our website and services.
• Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.
• Visual Records: Includes photographs and videos taken before and after equipment use for documentation purposes.

3. How We Collect Your Data

We collect data through various methods, including:

• Direct interactions: When you book our services, create an account, fill in forms, correspond with us, or provide feedback.
• Automated technologies: Through cookies and similar technologies as you interact with our website. Please see our Cookie Policy for more details.
• Third parties: We may receive personal data about you from various third parties, such as booking platforms, payment providers, and business partners.
• In person: When you visit our location and complete paperwork for jet ski rental and security deposit.

4. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• To perform the contract we are about to enter into or have entered into with you (e.g., to process your booking, provide our services, and process payments).
• Where it is necessary for our legitimate interests (e.g., to operate and improve our business and services, for administrative purposes, and to prevent fraud) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation (e.g., to comply with tax regulations or law enforcement requests).
• With your consent (e.g., to send you marketing communications).

Specifically, we use your data for the following purposes:

• Processing your bookings and providing our jet ski rental services
• Managing your account and relationship with us
• Processing payments, security deposits, and handling damage claims
• Verifying your identity and eligibility to use our services
• Sending service-related communications
• Responding to your inquiries and resolving complaints
• Complying with legal and regulatory requirements
• Improving our website, products, and services
• Marketing and promoting our services (with your consent)
• Conducting market research and surveys
• Preventing fraud and ensuring the security of our operations

5. Legal Basis for Processing

Under the GDPR, we must have a legal basis for processing your personal data. The legal bases we rely on include:

• Contract: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
• Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your interests and fundamental rights do not override those interests.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
• Consent: You have given consent to the processing of your personal data for one or more specific purposes.

6. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

• Service Providers: Including payment processors, IT service providers, email service providers, and other business services that help us operate our business.
• Professional Advisers: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
• Tax and Government Authorities: When required by law, we may need to share certain information with tax authorities or other governmental bodies.
• Business Partners: Such as hotels, travel agencies, or other partners with whom we collaborate to provide our services.
• Law Enforcement: In exceptional circumstances, we may need to disclose information to law enforcement agencies or during legal proceedings.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. International Transfers

Some of our external third-party service providers may be based outside the European Economic Area (EEA), so their processing of your personal data may involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

• Only transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Using specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Where we use providers based in the US, ensuring they are part of approved frameworks that provide equivalent protections.

8. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. These measures include:

• Encryption of sensitive data and secure communication protocols
• Access restrictions and authentication requirements for our staff
• Regular security assessments and testing
• Staff training on data protection and security
• Physical security measures for our premises and equipment

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In general, we keep basic customer information (Identity, Contact, Financial, and Transaction Data) for a period of 6 years after your last transaction with us for tax and legal purposes. Information related to equipment condition documentation (including photos and videos) is kept for up to 2 years to manage potential legal claims.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10. Your Legal Rights

Under the GDPR, you have several rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right of Rectification: You have the right to request correction of any inaccurate personal data we hold about you.
• Right of Erasure: You have the right to request that we delete your personal data in certain circumstances.
• Right to Restrict Processing: You have the right to request that we suspend the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to request that we transfer your personal data to you or a third party in certain circumstances.
• Right to Object: You have the right to object to the processing of your personal data in certain circumstances, particularly for direct marketing purposes.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided in the "Contact Information" section. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We try to respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

11. Cookies

Our website uses cookies and similar technologies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

For detailed information on the cookies we use, the purposes for which we use them, and how you can exercise your choices regarding our use of cookies, please see our Cookie Policy.

12. Children's Privacy

Our services are not intended for individuals under 18 years of age, and we do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us, and we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated "Last Updated" date.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.

14. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at:

15. Complaints

If you have concerns about our data practices or how we have handled your personal data, you have the right to make a complaint at any time to the Croatian Personal Data Protection Agency (AZOP), the supervisory authority for data protection issues in Croatia. However, we would appreciate the chance to deal with your concerns before you approach AZOP, so please contact us in the first instance.

Croatian Personal Data Protection Agency (AZOP)
Selska cesta 136
10000 Zagreb, Croatia
Website: https://azop.hr