Privacy Policy

The protection of your personal data is very important to us, so we always act in accordance with the legislation of the Republic of Croatia and the European Union, in particular the General Data Protection Regulation (GDPR), taking into account the current legislation.

The data controller undertakes that its data processing set out in the prospectus complies with the provisions of European Union legislation, in particular the provisions of the GDPR, which must be applied after 25 May 2018.


Blue Horizon Apartments is operated by Zoltán Ónodi (Data Manager)
Address: Petra Kružića Ulica 30, 53270 Senj, HR
Registration number: HR-OB 91600754794
Phone number: +36 20-9612-631, +385 99-4498-292
Email address:


Personal data:

Personal information is any information about an identified or identifiable natural person; identifies a natural person whose identity is directly or indirectly identifiable, in particular by an identifier, an online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.


Any natural person identified or identifiable, directly or indirectly, on the basis of personal data


The set of data managed in one record.

Data Manager:

A natural or legal person or an organization without legal personality, which also concludes a contract on the basis of a concluded contract or a provision of law, performs data management and its processing.

Data handling:

Irrespective of the procedure used, any operation or set of operations on data, in particular the collection, recording, recording, systematisation, storage, alteration, use, consultation, transmission, disclosure, coordination or linking, blocking, erasure and destruction of data, prevent its use, take photographs, sound or images, and record physical identifiers (eg fingerprints or palm prints, DNA samples, irises).

Data processing:

Performing technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.

Data transmission:

Making the data available to a specific third party.

Third party:

A natural or legal person or an organization without legal personality who is not the data subject, the controller or the processor.


A statement by the Data Subject objecting to the processing of his / her personal data and requesting the termination of the data processing or the deletion of the processed data.

Data deletion:

Making data unrecognizable in such a way that it is no longer possible to recover it.

Data mark:

Identifying the data to distinguish it.

Data lock:

Identification of the data in order to limit its further processing definitively or for a specified period.


Voluntary and firm expression of the data subject’s will, based on adequate information and giving his or her unambiguous consent to the processing of personal data concerning him or her, in full or in part.

Consent shall be deemed to be consent if the Data Subject selects a check box or makes technical adjustments in this regard when viewing the website or finalizing a booking, as well as any other statement or action that is intended to affect the intended processing of the data subject’s personal data in that context. clearly indicates its consent.

Privacy incident:

Unlawful handling or processing of personal data, in particular unauthorized access, alteration, transfer, disclosure, deletion or destruction, and accidental destruction and damage.


Scope of data managed:

  • Last name
  • first name
  • E-mail
  • phone number
  • Exact address
  • Date of arrival
  • Date of departure
  • The number of adults
  • Number and age of children
  • Billing address
  • In the case of a corporate or business booking, the exact details are required to issue the invoice.
  • Other information provided by the booking person in the comments box.

The purpose of entering the guest data into the eVisitor is to register the tourists in the information system of the tourist bodies of the Republic of Croatia, to check in and check out the tourists. (Residence Act NN 152/08).

  • Last name
  • first name
  • Date and place of birth
  • Country of birth
  • Title
  • Nationality
  • gender
  • Type of identification document (personal / passport)
  • Identification document number

Data from the 3rd party – hotel reservation, offer request:

Accommodation portals related to the Data Controller, for which it is possible to book accommodation through its own website, are separate data controllers independent of the Data Controller. Please find out more about the principles and regulations of data management through the websites of the given accommodation portal.

In case of a request for quotation, the Data Controller will receive the personal data of the Contracting Authority (name, e-mail address, telephone number, address, number of children and age) at the same time as the data subject’s voluntary consent.

When booking through the accommodation portals, they manage the following data: name, address, email address, telephone number, arrival and departure data, number of adults and children, age of children, credit card data, other data provided by the booking person in the comment box.

Within the framework of accommodation booking, the processing of all data related to the data subject is based on voluntary consent, and the purpose is to ensure the booking of the accommodation, contact and invoicing. The personal data contained in this section shall be kept by the data controller for a period of time in accordance with the applicable tax and accounting regulations.

Purpose of data management

– issuing the necessary invoice, fulfilling the accounting obligation and in connection with this, documenting the payment, performing accounting tasks, initiating legal action in case of non-payment.

– for information, communication and complaint handling.

– for the purpose of issuing an invoice certifying the payment of the accommodation fee and the tourist tax.

– tourist tax for registration obligation.

– making the appropriate offer and keeping in touch.


All natural persons who are registered on the social media site of the data controller and share, like and voluntarily follow the content appearing on it.

Data registered on the social site: name, photo, e-mail address and opinion, message sent in connection with the website and accommodation.

The purpose of data management on the given social site is to make the accommodation better known, to pass on information by sharing and liking.

If the data is not provided or a non-real person, the Data Controller may exclude it from appearing on the social site.

Facebook and separate data controllers independent of the data controller. Please find out more about the principles and regulations of data management through the websites of the given social site.


Personal data may only be processed in accordance with the activities referred to in point 2, for the purpose of data processing.

The Data Controller hereby informs the visitors of its website that all possible measures have been taken in accordance with Article 32 (1) of the GDPR and Paragraph 83 of the GDPR Preamble and the Info TV. Pursuant to Section 7 of the GDPR and the Info tv. can provide in accordance with the requirements of

The Data Controller shall ensure the IT environment used for the management of personal data by linking the personal data provided by the Data Subject only and exclusively with the data and in the manner specified in these Regulations, ensuring that all changes to the data are made, in particular prevention of unauthorized access, deletion, destruction, alteration, disclosure.

All personal data processed by the Data Controller shall be retained by the processor within the time limit prescribed by law.

The Data Controller will store personal data related to financial transactions for at least 11 years, as required by the legislation in force in the Republic of Croatia.

The Data Controller stores personal data in accordance with the relevant Personal Data Protection Act.

It is possible to modify and delete personal data, to withdraw voluntary consent, and to request information on the processing of personal data at the following e-mail address:


The Data Subject may request the controller to delete his or her personal data without undue delay if one of the following reasons exists:

  • personal data are no longer required for the purpose for which they were collected or not properly processed
  • The data subject withdraws the consent on which the data processing is based and there is no other legal basis for the data processing
  • The data subject objects to his or her data processing and there is no priority legitimate reason for the data processing
  • personal data must be deleted in order to comply with a legal obligation under EU or Member State law applicable to the Data Controller
  • The lawfulness of data processing is based on the consent given by the parent, or you are the child’s guardian and the child concerned has not yet reached the age required for consent, or you are the child who has reached the age required for consent.

The Data Subject is obliged to submit his / her request related to the deletion in writing and is obliged to indicate which personal data he / she intends to delete for what reason.

If the Data Controller accepts the Data Subject’s proposal related to the deletion, it shall delete the processed personal data from all its records and inform the data subject accordingly.

The data subject’s personal data will not be deleted if the data processing is necessary for the following reasons:

  • to exercise the right to freedom of expression and information
  • fulfillment of a legal obligation to process personal data
  • on the basis of the public interest in the field of public health
  • for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, where such a request would be likely to make this data processing impossible or seriously jeopardize; obsession
  • to submit, enforce or defend legal claims.

Please note that the withdrawal of your consent does not affect the data processing we have already carried out.


The Data Subject is entitled to propose that the Data Controller restrict the handling and use of personal data relating to him or her if one of the following reasons exists:

  • The data subject disputes the accuracy of the personal data (in this case the restriction lasts as long as the Data Controller checks the accuracy of the data)
  • The data controller has unlawfully handled the personal data, but requests a restriction instead of deleting the Data Subject.
  • For the data controller, the purpose of the data processing has ceased, but the Data Subject requests them in order to submit, enforce or protect legal claims.
  • The Data Subject objects to the data processing with regard to data processing based on the legitimate interests of the Data Controller and there are no compelling legitimate reasons for the Data Controller that take precedence over the Data Subject’s interests, rights and freedoms or related to filing, enforcing or defending legal claims; in this case, the restriction shall remain in force until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the Data Subject.

These are small files that store information in your web browser. A “cookie” is a means of exchanging information between a web server and a user’s browser.

These data files are not executable, do not contain spyware and viruses, and do not allow access to users’ hard disk contents.

Websites operating within the countries of the European Union must use the user’s consent to use “cookies” and store them on the user’s computer or other device.

Cookies make browsing more convenient, including online data security needs and relevant advertisements.

“Cookies” also allow website operators to compile anonymous statistics about the habits of page visitors.

Using these, page editors can further customize the look and content of the page.

“Cookies” can be deleted or disabled in the browsers you use.

Browsers allow you to place “cookies” by default. You can disable this in your browser settings and delete existing ones. However, you can also set the browser to notify the user when it sends a “cookie” to the device.

It is important to emphasize, however, that disabling or restricting these files will degrade your browsing experience, as well as error in the functionality of the website.


In order to ensure the personal data, security and confidentiality of the Data Subject, the Data Controller applies technical and organizational measures, in particular to protect against unauthorized access and misuse of data, to ensure the security of our IT systems and to recover data in the event of events.

The Data Controller shall take all necessary steps to ensure the security of the personal data provided by the Guests during the storage and preservation of both the network system and the data.

The reservation system operating via the Data Controller’s website has been placed with an external secure hosting provider, which does not have access to the data managed by the hosting provider. The data manager works on a computer protected by a password and antivirus software.


In particular, when processing your personal data, you have the following rights:

– Receive transparent and comprehensible information about how we use your personal data and what your rights are.

– the right of the Data Controller to access personal data and to provide additional information related to its processing.

– the right to correct incorrect and incomplete personal data

– the right to have your personal data deleted, in particular when no further processing is required; withdrew its consent to their processing; lawfully objected to the processing; processed unlawfully; or be deleted by law.

– the right to restrict the processing of your personal data if you dispute the accuracy of your personal data until the Data Controller checks their accuracy; processing is illegal; it is no longer needed, but needs the data to enforce their legal claims, or objects to the processing until the Data Processor verifies that legitimate reasons outweigh the interests of the Data Subject;

– the right to object to the processing of your personal data when it is processed for direct marketing purposes or in our legitimate interests;

– the right to obtain and transfer personal data to another service provider

If you wish to exercise any of the above rights, please contact the Data Controller from the contact details above.


In the event of a violation of his / her rights, the Data Subject may take legal action against the accommodation service. The court proceedings are governed by the Data Protection Act and other relevant legal regulations.

Other provisions

Accommodation reserves the right to amend this Prospectus.

The Accommodation is not responsible for the accuracy of the data provided by the visitors of the websites or the Guests.