Privacy notice


Data controller:
Villa Diana
Cesta Mutogras 59a
21312 Podstrana

  1. We're committed to safeguarding your personal data

With this privacy policy, Villa Diana sets a standard of data collection, processing, retention and deletion within its business.

Below you can find the types of data we collect and process, the purposes data is intended for, the lawful bases for the processing, the periods during which we store them, the measures we use to protect them, the third parties we transmit them to, and the rights you have regarding the protection of your data - in accordance with the General Data Protection Regulation (GDPR).

Contact mail-address:

  1. Purposes we collect data for, types of data and legal basis for processing

Booking form on the web site

  • Types of data: First name, last name, e-mail address, phone number, dates of preferred stay
  • Legal basis: Necessary for the performance of a contract/prior to entering into a contract

Contact form on the web site

  • Types of data: Name, e-mail address, message
  • Legal basis: Necessary for the performance of a contract/prior to entering into a contract


  • Types of data: First name, last name, address, city, postal code, country, OIB (for Croats)
  • Legal basis: Legal obligation

Collection of personal data for eVisitor registration – at the check-in

  • Types of data: Surname and first name, Place, country and date of birth, Citizenship, Type and identification document reference number, Place of residence (temporary residence) and address, Date and time of arrival, i.e. departure from the facility, Sex, The basis for exemption from paying the sojourn tax i.e. for the reduction of the sojourn tax payment.
  • Legal basis: Legal obligation

2.1. Cookies

Our website uses cookies - small text files that are stored on your device when you visit a particular website. We use two types of cookies: those necessary for the operation of the website, and statistics to understand how visitors interact with the website and improve our services.

Cookie nameProviderPurpose descriptionExpiry
_gavillapodstrana.comRegisters a unique ID that is used to generate statistical data on how the visitor uses the website.2 years
_gatvillapodstrana.comUsed by Google Analytics to throttle request rate1 day
_gidvillapodstrana.comRegisters a unique ID that is used to generate statistical data on how the visitor uses the website.1 day
collectgoogle-analytics.comUsed to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.Session
pinpoint_ounicutevdxxtvplvillapodstrana.comUsed to run Pinpoint booking systemSession
wp-api-schema-modelvillapodstrana.comMakes it possible to provide Schema JSON-LD / SEO markup for articlesSession
  1. Lawfulness and fairness of data collection and processing

Villa Diana collects and processes data in accordance with contractual obligations, legal obligations, or with provided consent.

We respect the fundamental principles laid down in the GDPR: we adhere to legal data processing mechanisms, the data is collected for specified, explicit and legitimate purposes and it's processed in accordance with them. We collect the minimum amount of data, strive to ensure that it is accurate, and we keep it only for as long as necessary for the purposes they're processed for. We conduct pseudonymization as well as anonymization of personal data wherever possible.

  1. Data subjects rights and their exercise
  • Right of access to personal data
  • Right to rectification of inaccurate personal data
  • Right to erasure of personal data
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to not be subject to automated decision-making

You can request the exercise of the rights by making an inquiry to our e-mail address:
You can also contact us for any interpretation of your rights. We respond to all requests within one month of receiving the request. You can also submit a complaint to the Croatian Data Protection Supervisor: Personal Data Protection Agency (AZOP), Martićeva 14, Zagreb,

  1. Relationship with third parties

Each relationship with our trusted partners is contractually specified for data protection. Our partners must not process your information outside of our instructions, they must take adequate measures to protect it securely and can only keep it for an agreed period.

These are the only purposes our partners can process your data for:

  • Accommodation providing
  • Website maintenance
  • Digital marketing
  1. Security of data protection

We use organizational, technical, and physical risk-based measures to protect personal data from destruction, loss, alteration, and unauthorized disclosure or access. We have an ongoing dimension of privacy culture: everyone working with villa Diana is educated about the obligations and rights prescribed by the GDPR. The data collected through the website is protected by an SSL certificate, a technology that encrypts the connection between our server and your internet browser, ensuring that no one else has access to the data you give us. We work with trusted and professional partners who are committed to using high standards of protection.

Last update: 05.09.2020.