Rocca Riviera

Rocca Riviera privacy policy banner with lock icon for luxury apartments in Umag Croatia
Entry-header image

Privacy Policy

Privacy Policy for Rocca Riviera Guests

This Privacy Policy explains how Rocca Riviera collects, uses, protects and stores personal data when guests visit our website, contact us or make an accommodation reservation.

Effective date: May 9, 2026

1. Introduction

Rocca Riviera respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website, contact us, make an accommodation inquiry, submit a booking request, or use any services available through our website.

This Privacy Policy applies to the website:

Home

By using our website, you acknowledge that you have read and understood this Privacy Policy.

2. Who we are

Rocca Riviera is a luxury residence located in Umag, Croatia.

For the purposes of this Privacy Policy, Rocca Riviera acts as the data controller for personal data collected through this website and through direct communication with guests, unless stated otherwise.

Contact details:

Rocca Riviera
Jadranska ul. 23
52470 Umag
Croatia

Email: info@roccariviera.hr

3. What personal data we collect

Depending on how you use our website or services, we may collect the following categories of personal data:

a) Contact information

This may include your name, surname, e-mail address, phone number and any information you provide when contacting us through a contact form, e-mail, phone or other communication channel.

b) Booking and stay information

When you make an inquiry or reservation, we may process information related to your stay, including arrival and departure dates, number of guests, selected apartment, special requests, payment status and booking history.

c) Identification information

Where required by law, guests may be asked to provide identification details, such as passport, national ID card or other valid proof of identity, for guest registration and legal reporting purposes.

d) Payment-related information

If payment is made through a bank, card processor, booking platform or other payment provider, relevant payment information may be processed by those service providers. Rocca Riviera does not store full credit card details on the website.

e) Technical and website usage data

When you visit our website, certain technical information may be collected automatically, such as IP address, browser type, device type, pages visited, time spent on the website, referring website and similar usage data.

f) Cookies and similar technologies

Our website may use cookies and similar technologies to ensure proper website functionality, improve user experience, protect the website and, where applicable, analyse website traffic.

4. How we collect personal data

We may collect personal data in the following ways:

1. When you submit a contact form.
2. When you make an inquiry or reservation.
3. When you communicate with us by e-mail, phone, messaging applications or booking platforms.
4. When you visit and browse our website.
5. When third-party service providers process data necessary for booking, payment, website security or technical functionality.

5. Why we process personal data

We process personal data for the following purposes:

1. To respond to your inquiries.
2. To manage reservations and accommodation services.
3. To provide guest support before, during and after your stay.
4. To process payments and booking-related communication.
5. To comply with legal obligations, including guest registration and accounting requirements.
6. To maintain the security and functionality of our website.
7. To improve the website, services and guest experience.
8. To communicate important information related to your stay.
9. To handle complaints, requests or disputes.
10. To protect the rights, property and safety of Rocca Riviera, our guests and third parties.

6. Legal basis for processing

We process personal data only when there is a valid legal basis for doing so. Depending on the situation, the legal basis may include:

1. Performance of a contract, when processing is necessary to manage your booking or provide accommodation services.
2. Legal obligation, when we are required to process or retain certain information under applicable laws.
3. Legitimate interest, when processing is necessary for website security, guest communication, business administration or service improvement, provided that your rights and interests do not override those interests.
4. Consent, where you have given clear consent for specific processing, such as certain cookies or marketing communication, where applicable.

7. Booking, contact forms and guest communication

When you contact Rocca Riviera or submit a booking inquiry, we use the information provided to respond to your request, prepare an offer, confirm availability, manage reservations and communicate relevant information about your stay.

Please do not send sensitive personal data through our contact forms unless it is strictly necessary for your request.

8. Cookies

Cookies are small text files stored on your device when you visit a website.

Our website may use cookies for the following purposes:

1. Essential cookies, required for the website to function properly.
2. Security cookies, used to protect the website and prevent misuse.
3. Preference cookies, used to remember selected settings where applicable.
4. Analytics cookies, used to understand website performance and visitor behaviour, where such tools are active.
5. Third-party cookies, which may be set by external services such as embedded maps, booking tools or analytics providers.

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

Where required, non-essential cookies should only be used with your consent.

9. Google Maps and embedded third-party content

Our website may display embedded Google Maps or similar third-party content to help guests find our location.

When you interact with embedded third-party content, the relevant provider may collect technical data such as IP address, browser information or interaction data. These services are governed by the privacy policies of the respective third-party providers.

10. Website security

Our website may use security tools and plugins to protect against spam, malware, unauthorised access and other security risks.

These tools may process technical information such as IP address, login attempts, browser information and security logs for the purpose of website protection and fraud prevention.

11. Payment and reservation services

If you complete a payment or booking through a third-party provider, payment data may be processed by that provider in accordance with its own terms and privacy policy.

Rocca Riviera only processes payment-related information to the extent necessary to confirm, manage and record your reservation.

12. Sharing personal data with third parties

We do not sell your personal data.

We may share personal data only when necessary and appropriate, including with:

1. Booking and reservation service providers.
2. Payment processors, banks or financial service providers.
3. Website hosting and IT support providers.
4. E-mail and communication service providers.
5. Accounting, legal or administrative service providers.
6. Public authorities, where required by applicable law.
7. Security or fraud prevention service providers.

Third parties are expected to process personal data only for the agreed purpose and in accordance with applicable data protection laws.

13. International data transfers

Some third-party service providers may process data outside Croatia or the European Economic Area.

Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards where required by applicable data protection laws, such as adequacy decisions, standard contractual clauses or other lawful transfer mechanisms.

14. How long we keep personal data

We retain personal data only for as long as necessary for the purpose for which it was collected, including legal, accounting, tax, administrative and dispute-resolution requirements.

Typical retention periods may include:

1. Booking and guest communication data: retained for as long as necessary to manage the booking and comply with legal or accounting obligations.
2. Accounting and payment records: retained in accordance with applicable tax and accounting laws.
3. Contact form inquiries: retained only as long as necessary to respond to the inquiry and manage follow-up communication.
4. Website security logs: retained for a limited period necessary for security monitoring and protection.
5. Cookie data: retained according to the type of cookie and applicable cookie settings.

15. How we protect personal data

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, disclosure, alteration or destruction.

These measures may include access controls, secure website connections, password protection, security monitoring and limited access to personal data by authorised persons only.

However, no method of transmission over the internet or electronic storage is completely secure. While we take reasonable steps to protect personal data, we cannot guarantee absolute security.

16. Your rights

Under applicable data protection laws, including the General Data Protection Regulation, you may have the following rights:

1. The right to be informed about how your personal data is processed.
2. The right of access to your personal data.
3. The right to request correction of inaccurate or incomplete personal data.
4. The right to request deletion of personal data, where legally applicable.
5. The right to request restriction of processing.
6. The right to object to processing based on legitimate interests.
7. The right to data portability, where applicable.
8. The right to withdraw consent at any time, where processing is based on consent.
9. The right to lodge a complaint with a supervisory authority.

To exercise your rights, you may contact us at:

info@roccariviera.hr

We may need to verify your identity before responding to certain requests.

17. Complaints to the supervisory authority

If you believe that your personal data has been processed unlawfully or that your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority.

In Croatia, the supervisory authority is:

Croatian Personal Data Protection Agency
Agencija za zaštitu osobnih podataka, AZOP
Ulica Metela Ožegovića 16
HR-10000 Zagreb
Croatia

18. Links to other websites

Our website may contain links to third-party websites, platforms or services.

Rocca Riviera is not responsible for the privacy practices, content or security of external websites. We recommend that you review the privacy policies of any third-party websites you visit.

19. Children’s privacy

Our website and services are not intended for the direct collection of personal data from children without the involvement of a parent or legal guardian.

Where children stay at Rocca Riviera, personal data may be processed only to the extent necessary for booking, guest registration, legal obligations and accommodation services.

20. Marketing communication

We may send marketing communication only where legally permitted or where you have given consent.

You may unsubscribe or opt out of marketing communication at any time by following the instructions in the relevant message or by contacting us at:

info@roccariviera.hr

21. Changes to this Privacy Policy

Rocca Riviera may update this Privacy Policy from time to time to reflect changes in legal requirements, website functionality, services or business operations.

The updated version will be published on this website with a revised effective date.

22. Contact

For any questions regarding this Privacy Policy or the processing of your personal data, please contact:

Rocca Riviera
Jadranska ul. 23
52470 Umag
Croatia

Email: info@roccariviera.hr