Privacy Policy
Last updated: June 2026
1. Who We Are
Lux Island Tours operates private and group boat tours from Trogir and Kaštela, Croatia. We are the data controller responsible for your personal data collected through this website.
Lux Island Tours
Obala bana Berislavi?a, 21218, Trogir, Croatia
Email: [email protected]
Phone: +385 97 652 6886
2. What Data We Collect
When you submit an enquiry or booking request through our website forms, we collect the following personal data:
- Name — to identify you and address communications
- Email address — to confirm your booking and send correspondence
- Phone number — to contact you about your booking
- Preferred tour date — to check availability
- Number of guests — to confirm capacity
- Any additional message you choose to include
We do not collect payment card data through this website. Payments are handled separately via bank transfer or in person.
3. How We Collect Your Data
We collect data directly from you when you complete and submit an enquiry or booking form on this website. We do not purchase data from third parties or acquire your data from any source other than you.
4. Why We Collect Your Data and Our Legal Basis
Under the EU General Data Protection Regulation (GDPR), we must have a lawful basis for processing your personal data. We rely on the following bases:
- Performance of a contract (Article 6(1)(b)) — processing your name, email, phone number, date and guest count is necessary to respond to your enquiry, confirm availability and complete your booking.
- Legitimate interests (Article 6(1)(f)) — we may use your contact details to follow up on an incomplete booking enquiry or to send relevant information about your upcoming tour. We have assessed that this does not override your rights and freedoms.
We do not use your data for automated decision-making or profiling.
5. How Long We Keep Your Data
We retain your personal data for as long as necessary to fulfil the purpose for which it was collected:
- Enquiries that do not result in a booking — deleted within 6 months of your enquiry.
- Confirmed bookings — retained for 3 years from the date of your tour, as required for accounting and legal compliance purposes under Croatian law.
After these periods, your data is securely deleted.
6. Who We Share Your Data With
We do not sell, rent or trade your personal data. We share your data only where strictly necessary:
- Email service provider — your enquiry is delivered to our inbox via our email server (Hostinger / WP Mail SMTP). Your data passes through this service solely to deliver the message.
- Legal obligations — we may disclose your data to competent authorities if required by Croatian or EU law.
All third-party processors we use are required to maintain the security and confidentiality of your data.
7. International Transfers
Your data is stored on servers located within the European Union. We do not transfer your personal data outside the EEA.
8. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights. To exercise any of them, contact us at [email protected].
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate or incomplete data.
- Right to erasure — you can ask us to delete your data where there is no legitimate reason for us to continue holding it.
- Right to restriction of processing — you can ask us to restrict how we use your data in certain circumstances.
- Right to data portability — you can request your data in a commonly used, machine-readable format.
- Right to object — you can object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent — where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
We will respond to all requests within 30 days. We may need to verify your identity before fulfilling a request.
9. Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the relevant supervisory authority. In Croatia, this is:
Agencija za zaštitu osobnih podataka (AZOP)
Croatian Personal Data Protection Agency
Selska cesta 136, 10000 Zagreb, Croatia
Web: azop.hr
You may also lodge a complaint with the supervisory authority in the EU member state where you live or work.
10. Cookies
This website uses cookies that are necessary for the site to function correctly. These include:
- Session cookies — temporary cookies that expire when you close your browser, used by WordPress to manage your session.
- LiteSpeed Cache cookies — used to serve cached versions of pages to improve performance. These do not collect personal data.
We do not use tracking, advertising or analytics cookies. We do not use Google Analytics or Facebook Pixel.
You can control or delete cookies through your browser settings. Disabling necessary cookies may affect how the website functions.
11. Data Security
We take appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration or disclosure. Our website uses HTTPS encryption for all data transmission. Access to booking form submissions is restricted to authorised personnel only.
12. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
13. Contact Us
For any questions about this privacy policy or how we handle your personal data, contact us:
Lux Island Tours
Email: [email protected]
Phone: +385 97 652 6886
WhatsApp: +385 97 652 6886