PRIVACY

Your data. Our responsibility.

No legalese. Here's what we collect, why, and how you can control your trail.

Last updated:27 April 2026

TL;DR

In short (TL;DR)

We don't sell your data to anyone.
We don't use Google Analytics, Meta Pixel, or any tracking pixels.
We use your data only for bookings, contact, and — with your consent — the newsletter.
You can request access, correction, or deletion any time — write to info@second-home.hr.

CONTROLLER

Who controls your data

The data controller under GDPR is the private host operating the Second-Home villa in Ražanj. The exact identification details are at the bottom of this page in the Contact section.

DATA

What data we collect

We collect only what we actually need to answer your question or process a booking.

Contact form

Name, email, phone (if you enter it), message, arrival/departure dates, number of guests. Plus IP address and user-agent for spam protection.

Newsletter

Email and language. Nothing else. Sign-up uses double-opt-in (confirmation by clicking a link in an email).

Visitor statistics

Anonymous page-view counts kept in-house (1st-party), no Google Analytics. We don't follow you across other websites.

Technical data

IP, user-agent, request time — automatically in server logs, kept up to 30 days, for security and troubleshooting.

PURPOSES

Why we collect this data

Answering and booking

Without contact data we can't reply. Legal basis: pre-contractual measures (Art. 6(1)(b) GDPR).

Site security

Preventing abuse (spam, brute-force, scraping). Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

Newsletter

Sending occasional updates about offers. Legal basis: consent (Art. 6(1)(a) GDPR), withdrawable any time.

Legal obligations

Storing accounting records and registering guests in the eVisitor system. Legal basis: legal obligation (Art. 6(1)(c) GDPR).

PROCESSORS

Who we share data with

We use a few trusted services that process data on our behalf. All operate under GDPR-compliant data processing agreements.

Supabase

PostgreSQL database and storage for apartment photos. Your bookings and messages live here, EU region.

EU/USA

Vercel

Hosting and CDN. Sees your IP and User-Agent in order to serve the page.

EU/USA

Resend

Sending transactional emails (contact confirmation, newsletter). Sees email address and message body.

EU/USA

Google Maps

Embedded map on apartment detail pages. Google can see your IP only when the map loads.

TRANSFERS

Transfers outside the EU

Resend and Vercel may process data in the USA, but only under the European Commission's Standard Contractual Clauses (SCC). Your bookings and the database remain in the EU region (Supabase).

RETENTION

How long we keep data

Contact messages

24 mo.

Deletion or anonymization

Newsletter

Until unsub.

Link in every email

Bookings

36 mo.

After end of stay

Accounting

11 years

Legal obligation

Analytics

14 mo.

Then anonymous aggregation

Server logs

30 days

Security and debugging

YOUR RIGHTS

Your rights

Under GDPR you have the following rights. To exercise any, email info@second-home.hr — we reply within 30 days, free of charge.

Access

A copy of all data we hold about you.

Rectification

Incorrect data must be corrected.

Erasure

Deletion when no longer needed.

Restriction

Restriction of processing.

Portability

In a machine-readable format.

Objection

Object to processing.

Withdraw

Withdraw consent any time.

Complaint

Complaint to supervisory authority.

Send a GDPR request

Complaint to the regulator

If you believe we mishandle your data, you may lodge a complaint with the Croatian Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb, email: azop@azop.hr. Visitors from other EU countries may also contact their national DPA.

Agencija za zaštitu osobnih podataka (AZOP)

SECURITY

Security

Passwords are stored using Argon2 hashing, sessions are transmitted via HttpOnly cookies, all communication runs over HTTPS. Database access is restricted to the back-end server — your browser never reads directly from the database.

MINORS

Minors

This site is not intended for persons under 16. We do not knowingly collect data about children. If you become aware that a child has shared data with us, please write — we will delete it.

CHANGES

Changes to this policy

If we materially change how we process data, we will update this page and the date above. Material changes are also announced in the newsletter (if you are subscribed).

CONTACT

Contact

Questions about this policy? Write or give us a call. The service address is in Section 1 above.

info@second-home.hr +385 98 187 9045

PRIVACY

Your data. Our responsibility.

No legalese. Here's what we collect, why, and how you can control your trail.

Last updated:27 April 2026

TL;DR

In short (TL;DR)

We don't sell your data to anyone.
We don't use Google Analytics, Meta Pixel, or any tracking pixels.
We use your data only for bookings, contact, and — with your consent — the newsletter.
You can request access, correction, or deletion any time — write to info@second-home.hr.

CONTROLLER

Who controls your data

The data controller under GDPR is the private host operating the Second-Home villa in Ražanj. The exact identification details are at the bottom of this page in the Contact section.

DATA

What data we collect

We collect only what we actually need to answer your question or process a booking.

Contact form

Name, email, phone (if you enter it), message, arrival/departure dates, number of guests. Plus IP address and user-agent for spam protection.

Newsletter

Email and language. Nothing else. Sign-up uses double-opt-in (confirmation by clicking a link in an email).

Visitor statistics

Anonymous page-view counts kept in-house (1st-party), no Google Analytics. We don't follow you across other websites.

Technical data

IP, user-agent, request time — automatically in server logs, kept up to 30 days, for security and troubleshooting.

PURPOSES

Why we collect this data

Answering and booking

Without contact data we can't reply. Legal basis: pre-contractual measures (Art. 6(1)(b) GDPR).

Site security

Preventing abuse (spam, brute-force, scraping). Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

Newsletter

Sending occasional updates about offers. Legal basis: consent (Art. 6(1)(a) GDPR), withdrawable any time.

Legal obligations

Storing accounting records and registering guests in the eVisitor system. Legal basis: legal obligation (Art. 6(1)(c) GDPR).

PROCESSORS

Who we share data with

We use a few trusted services that process data on our behalf. All operate under GDPR-compliant data processing agreements.

Supabase

PostgreSQL database and storage for apartment photos. Your bookings and messages live here, EU region.

EU/USA

Vercel

Hosting and CDN. Sees your IP and User-Agent in order to serve the page.

EU/USA

Resend

Sending transactional emails (contact confirmation, newsletter). Sees email address and message body.

EU/USA

Google Maps

Embedded map on apartment detail pages. Google can see your IP only when the map loads.

TRANSFERS

Transfers outside the EU

Resend and Vercel may process data in the USA, but only under the European Commission's Standard Contractual Clauses (SCC). Your bookings and the database remain in the EU region (Supabase).

RETENTION

How long we keep data

Contact messages

24 mo.

Deletion or anonymization

Newsletter

Until unsub.

Link in every email

Bookings

36 mo.

After end of stay

Accounting

11 years

Legal obligation

Analytics

14 mo.

Then anonymous aggregation

Server logs

30 days

Security and debugging

YOUR RIGHTS

Your rights

Under GDPR you have the following rights. To exercise any, email info@second-home.hr — we reply within 30 days, free of charge.

Access

A copy of all data we hold about you.

Rectification

Incorrect data must be corrected.

Erasure

Deletion when no longer needed.

Restriction

Restriction of processing.

Portability

In a machine-readable format.

Objection

Object to processing.

Withdraw

Withdraw consent any time.

Complaint

Complaint to supervisory authority.

Send a GDPR request

Complaint to the regulator

Agencija za zaštitu osobnih podataka (AZOP)

SECURITY

Security

MINORS

Minors

This site is not intended for persons under 16. We do not knowingly collect data about children. If you become aware that a child has shared data with us, please write — we will delete it.

CHANGES

Changes to this policy

If we materially change how we process data, we will update this page and the date above. Material changes are also announced in the newsletter (if you are subscribed).

CONTACT

Contact

Questions about this policy? Write or give us a call. The service address is in Section 1 above.

info@second-home.hr +385 98 187 9045