Privacy Policy - Boat4You.com

Introduction

Welcome to Boat4You.com, an international yacht charter platform operated by Cusmanich d.o.o. (referred to as "we", "us" or "our"). We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our services (such as creating an account or booking a yacht), as well as your rights under the EU General Data Protection Regulation ("GDPR"). By using Boat4You.com (the "Platform"), you agree to the terms of this Privacy Policy. If you have any questions or concerns about our privacy practices, please contact us using the information provided in the Contact Us section below.

Company Identity and Contact Information

Controller: Cusmanich d.o.o. (doing business as Boat4You) -- a company registered in Croatia (MB: 4026365, OIB: 87394862517).
Registered Address: Vrboran 37, 21000 Split, Croatia.
Contact Email: support@boat4you.com (for privacy inquiries and data requests).

Note: We have not appointed a dedicated Data Protection Officer, as we are not legally required to do so. However, you can reach out to us at the above contact for any questions or requests regarding your personal data.

Personal Data We Collect

We only collect personal data that is necessary for providing our yacht charter services and enhancing your experience on our Platform. This includes information you provide directly, data collected automatically (e.g. via cookies), and data from third parties as described below:

Data You Provide to Us

When you interact with Boat4You (such as when creating an account, making a booking, or contacting us), you may provide the following personal information:

  • Identity Details: Your full name, date of birth, and identification documents (such as passport or ID card details) where required for booking a yacht charter (for example, certain destinations require passport information for crew lists and check-in).
  • Contact Information: Email address, telephone number, and mailing address -- used for account verification, booking communication, and sending trip documents or invoices.
  • Account Credentials: Username and password chosen by you when registering an account. We store passwords in an encrypted form for security.
  • Booking Details: Information related to your yacht charter booking, such as travel dates, destination, yacht preferences, group size, and special requests. If you book on behalf of others, we collect the personal details of your traveling companions (e.g. names, ages) -- please ensure you have their permission to share this data.
  • Payment Information: For processing payments, we collect necessary billing details. Payment card information (e.g. credit card number) is collected through our secure payment processor. We do not store full card numbers on our servers; payment data is handled by accredited third-party payment providers in compliance with security standards.
  • Communication Records: Copies of your correspondence with us, including emails, phone call logs, or chat messages, and any information you choose to provide when you contact customer support or request information. This may include feedback or survey responses.

Data We Collect Automatically

When you use our Platform, we automatically collect certain technical and usage data to help us understand how the site is being used and to improve our services. This data may include:

  • Usage and Device Information: Details about your visits and actions on our website, such as pages viewed, how long you stay, navigation paths, click streams, booking searches, and features used. We also log standard technical information sent by your browser: your IP address, device type, operating system, browser type and version, referring website, and timestamps of access.
  • Cookies and Tracking Data: We use cookies and similar technologies (like web beacons and pixels) to collect information about your interactions with our site. This can include your preferences (e.g. selected currency or language), authentication tokens (to keep you logged in), and analytic identifiers. For details on our use of cookies and third-party tracking, see Cookies and Tracking Technologies below. These tools help us recognize your browser or device, remember your settings, and analyze site traffic. You can refuse or manage cookies as described in the Cookies section of this Policy.
  • Location Data: When you use our Platform, we might infer your general location from your IP address (for example, to display site content in the appropriate language or currency). We do not collect precise GPS location from your device unless you explicitly allow it (for instance, if using a mobile app with your permission).

We do not intentionally collect any special categories of personal data (such as information about health, religion, or biometric data) as part of our services. Please refrain from providing such sensitive information on our Platform.

Cookies and Tracking Technologies

Cookies are small text files stored on your device when you visit websites. We use cookies and similar tracking technologies to improve your experience and gather useful data about how our Platform is used. In particular, Boat4You uses both first-party and third-party cookies for the following purposes:

  • Essential Cookies: These are necessary for the functioning of our website and enable core features such as secure log-in, account management, and booking checkout. Without these, the site may not work properly.
  • Preference Cookies: To remember your settings and choices (e.g. language, currency, or search filters) so that we can personalize content for you on repeat visits.
  • Analytics Cookies: To understand how users navigate and use our site, which helps us improve functionality and user experience. For example, we use Google Analytics to collect anonymized statistical information such as page visit frequency, source of traffic, and user interactions. Google Analytics uses cookies to analyze website usage; the information (including your IP address) is transmitted to Google in an aggregated form for reporting. (See Google's own Privacy Policy for more details.)
  • Advertising & Tracking Cookies: To support our marketing efforts, we use third-party tools that set cookies or pixels on our site with your consent. These include:
    • Google Ads Cookies: We use Google Ads (formerly AdWords) conversion tracking and remarketing cookies to measure the effectiveness of our Google advertisements and to serve you tailored ads on Google's advertising network. For example, if you search yachts on our site, Google Ads cookies help us show relevant ads for Boat4You deals when you later use Google or partner sites. These cookies allow Google to record that you visited our site and the pages you viewed. You can manage your Google Ads settings via Google's Ads Preferences Manager or opt out using Google's browser ad-on.
    • Facebook Pixel: We have integrated Facebook Pixel (provided by Meta Platforms) on our Platform, which, with your permission, tracks certain actions you take on our site after interacting with our Facebook/Instagram ads. This helps us understand ad performance and enable re-targeting, so we can show you relevant offers on Facebook or Instagram. The data collected via Facebook Pixel (such as pages visited or a booking made) is sent to Facebook and may result in you seeing personalized ads. This information is aggregated and anonymized to us -- we cannot see individual personal identifiers in this data. However, Facebook may link it to your user account on their platform per their own privacy policy.
    • Other Third-Party Trackers: We may use other marketing and analytics partners from time to time, such as Google Tag Manager (for managing tracking scripts), Hotjar or similar user experience analytics, or email marketing pixels that tell us if you open our emails. Any third-party cookie usage on our site will be disclosed in our Cookie consent banner and managed according to applicable law.

We only deploy non-essential cookies (analytics and advertising cookies) if you have given opt-in consent via our cookie banner. On your first visit, you will be prompted to accept or customize your cookie preferences. You can change your preference at any time by using our website's cookie settings tool or by adjusting your browser settings to block or delete cookies. Please note that if you disable certain cookies, some features of the site (like remembering your account login or maintaining your booking cart) may not function correctly.

User Choices for Cookies: In addition to our on-site controls, you can manage cookies through your web browser settings. Most browsers allow you to delete cookies or prevent them from being set. You can also opt out of certain third-party tracking by using tools such as the Google Analytics opt-out browser add-on or setting preferences directly on third-party sites (for example, Facebook Ad Preferences or using industry opt-out sites like YourOnlineChoices.eu for European users). Keep in mind that opting out of advertising cookies does not mean you will see no ads, only that they will be less relevant to your interests.

Purpose of Collecting Your Data

We process your personal data for specific and lawful purposes. In general, we use the information we collect to operate our Platform, provide our services to you, improve our offerings, and comply with legal requirements. The main purposes for which Boat4You processes personal data are:

  • Booking & Service Delivery: To facilitate yacht charter bookings that you request through our Platform. This includes processing reservations, creating charter contracts, generating invoices, and communicating with you about your trip. For example, we need your personal and passport information to complete the booking and passenger manifest for a yacht charter, and your contact details to send booking confirmations and updates.
  • User Account Management: To create and maintain your user account on Boat4You. We use your data to register you as a user, authenticate your login, and allow you to manage your profile, saved preferences, and booking history.
  • Payments and Transactions: To process payments for bookings or related services. This involves using your payment and billing data to charge for reservations and verify payment, as well as processing refunds when applicable. Third-party payment processors use your payment details to complete transactions securely.
  • Customer Support and Communication: To communicate with you regarding inquiries, support requests, or complaints. We will use your contact information to respond when you reach out to us, and we may also send service-related announcements (such as changes to your booking, security alerts, or updates to our terms).
  • Marketing (With Consent): If you opt-in to receive marketing communications, we will use your email or phone number to send you newsletters, special offers, or promotional materials about our yacht charters and related services. We only send marketing emails or texts with your prior consent, and you can unsubscribe at any time (see Marketing Communications below for details).
  • Personalization & User Experience: To tailor our services and content to your interests. For instance, we may use your past charter history or browsing behavior to recommend yachts or destinations you might like. We also remember your preferences (such as language or past searches) to make the Platform more user-friendly for you.
  • Analytics and Improvements: To analyze usage of our website and services so we can improve performance and develop new features. We compile aggregated data (e.g. total visitors, popular pages, booking trends) to understand how our Platform is used. This helps us troubleshoot issues, test out new features, and enhance the quality and reliability of our services.
  • Security and Fraud Prevention: To keep our Platform safe and secure. We may monitor activity and use personal data (like IP addresses or account login attempts) to detect and prevent fraud, cyber-attacks, or other malicious activities. This also includes verifying your identity where necessary to protect against unauthorized access to your account or bookings.
  • Legal Compliance: To fulfill our legal obligations and exercise our legal rights. For example, we may retain transaction records for tax and accounting laws, use identity information to comply with maritime or travel regulations (such as providing crew lists to port authorities), or disclose data when required by law enforcement. We also process data as needed to comply with GDPR and other data protection laws (e.g. to honor user rights requests).

We will not use your personal data for any purpose that is incompatible with the original reasons it was collected, unless we obtain your consent or are otherwise permitted by law. If we plan to process your data for a new purpose, we will inform you and, if necessary, seek your permission in advance.

Legal Bases for Processing

Under the GDPR, we must have a valid legal basis for processing your personal data. Depending on the specific situation, Boat4You relies on one or more of the following legal grounds as defined in Article 6 of the GDPRdataprotection.ie:

  • Performance of a Contract: We process most of your personal data on this basis. When you create an account or make a booking, we must use your personal information to perform our contract with you -- for instance, to provide the charter services you requested, manage your reservations, and fulfill our Terms and Conditions. Without this data, we cannot execute the booking contract or provide the requested services.
  • Consent: We rely on your consent for certain types of processing. In particular, we will ask for your opt-in consent before sending you marketing emails or texts, and before enabling non-essential cookies or third-party trackers on your device (such as for analytics and advertising purposes). Where we process personal data based on your consent, you have the right to withdraw that consent at any time (see Your GDPR Rights below). Withdrawal of consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
  • Legal Obligation: Some data processing is necessary for us to comply with our legal and regulatory obligations. For example, we may be required by law to keep records of transactions for a certain period (for tax or accounting purposes), verify identities for fraud prevention or immigration laws, or disclose information to authorities if properly mandated (such as complying with a court order or law enforcement request). In such cases, we will process and retain the necessary personal data to meet our legal obligations.
  • Legitimate Interests: In certain scenarios, we process your data to pursue our legitimate business interests, but only if these are not overridden by your data protection rights. We rely on this basis to improve and secure our services -- for instance, analyzing usage data to enhance user experience, performing analytics (when not done on consent), communicating with existing customers about similar services, or preventing fraud and ensuring IT security. Whenever we process data on legitimate interests, we carefully consider and balance any potential impact on your rights. You have the right to object to processing done on this basis (see Your GDPR Rights).

If multiple legal bases apply to the same data (for example, we may process your email both to perform the contract and because you consented to marketing), we will identify and rely on all relevant bases. We will always make sure that we have a lawful reason to process your personal informationdataprotection.ie, and we will document our decisions in our internal records of processing.

Marketing Communications

We would like to send you information about our yacht charters, promotions, and news only if you want to hear from us. We use the contact details you provide (usually your email address) to send marketing communications exclusively on an opt-in basis. This means:

  • Consent for Marketing: We will ask you to tick a checkbox or otherwise clearly agree (consent) before adding you to our marketing email list. For example, when you sign up or make a booking, you may have the option to subscribe to our newsletter. You are not automatically subscribed by default -- we only send marketing emails if you opted in.
  • Content of Messages: Our marketing communications may include newsletters, special charter deals, discount offers, new destination announcements, or personalized recommendations. We aim to make these communications relevant to your interests based on your booking history or preferences.
  • Frequency: We send marketing emails occasionally and strive not to overwhelm your inbox. Typically, you might receive our newsletter or promotional offers a few times a month, unless you have interacted in a way that triggers a specific follow-up (for example, requesting a quote might result in a one-time follow-up email).

Your Choices: If you have consented to marketing, you have the right to change your mind at any time. Every marketing email we send will include an "Unsubscribe" link at the bottom. Simply click that link to stop receiving future emails from us. You can also manage your subscription preferences in your account settings or by contacting us directly to opt out. Once you unsubscribe, we will remove you from our marketing distribution list promptly. (Note: Even if you opt out of marketing messages, we may still send you service-related communications as needed, such as booking confirmations or notices about your account, since those are not promotional.)

We do not share your contact information with third-party companies for their own marketing without your explicit consent. However, as described under Cookies and Tracking, we may use platforms like Facebook or Google to show you ads -- but this is done via hashed or device information and not by giving those platforms your email. If we ever wish to use your personal data in any new marketing initiatives beyond what is described here, we will seek your consent or inform you of the new use, as required by law.

User Accounts and Booking Requirements

To book a yacht through Boat4You, you will need to create a user account on our Platform. This account is necessary to manage your bookings and ensure a personalized, secure experience. Here's what you should know about account registration and booking:

  • Account Creation: When you register, we ask for basic personal data (such as name, email, and password) to set up your account. This information is used to uniquely identify you in our system and to facilitate easier bookings in the future (for example, saving your contact details so you don't have to re-enter them for each booking). You must provide accurate information and keep your login credentials confidential -- you are responsible for all activities under your account.
  • Required Information for Booking: Our yacht charter services often require additional personal details to finalize a reservation. All charter guests are typically required to provide identification details. For instance, for international or certain sensitive destinations, charter companies and maritime laws require a passenger manifest including full names, nationalities, dates of birth, and passport or ID numbers of all passengers. We will collect such information during the booking process or follow up with you to gather it before your departure. You may also need to provide a boating license or certification if you are renting a bareboat (captain yourself) -- this will be specified as needed. Rest assured, we only collect what is necessary for arranging the charter with the yacht operator and complying with the law.
  • Profile Management: Through your Boat4You account, you can access and update your personal data at any time. It's important to keep your information up-to-date (especially contact info and passport details for upcoming trips). In your profile settings, you can also view your past bookings, save favorite yachts or itineraries, and manage preferences (like communication settings or saved payment methods if that feature is available).
  • Account is Necessary for Booking: You generally must have an active account to make a booking on our Platform. This allows us to tie your reservation to you and gives you a way to review the booking details. If you attempt to book as a "guest" without registration (if such option exists), we will still need to collect the same personal and payment information to process the booking, and an account may be automatically generated for you with your email on file.
  • Closing Your Account: If you wish to delete your Boat4You account, you may do so by contacting us at our support email. Upon verification of your identity and request, we will deactivate or delete your account and remove or anonymize personal data associated with it, except for data we are required or permitted to retain (e.g. past transaction records, which we keep to fulfill legal/tax obligations or resolve disputes). Account deletion is irreversible -- if you later wish to use our services, you would need to sign up again.

Your account is intended for personal use. Please do not share your account credentials with others. If you book on behalf of someone else (e.g. you organize a charter for friends/family), ensure you have the rights to provide their personal data to us and inform them of this Privacy Policy. We treat the person making the booking as the primary contact with responsibility to relay information to other passengers in the group.

Data Sharing and Disclosure

We treat your personal data with care and do not sell or rent it to unrelated third parties for their own use. However, in order to run our business and provide you with services, we may need to share your information with certain trusted parties in the following situations:

Sharing with Service Providers and Partners

  • Yacht Charter Operators and Partners: When you book a yacht, we must share relevant personal information with the charter operator or owner that will deliver the service. This includes details like your name, contact info, and passport/crew list details for all passengers, so the operator can prepare for your charter (e.g. registering guests with marinas or authorities, arranging crew, etc.). We only share what is necessary for the booking. Similarly, if your itinerary involves third-party services (such as a skipper, catering, or travel agency partners), we will provide them the data needed to fulfill those services.
  • Payment Processors: We use external payment gateways (for example, credit card processors or banking services) to handle payments securely. These third-party processors will receive your payment data (such as cardholder name, card number, expiration date, billing address, and transaction amount) in order to process the payment. They are authorized to use this information only as needed to provide their payment services. We ensure any payment processor we use is compliant with PCI-DSS security standards.
  • Technical and Administrative Service Providers: We employ other companies or individuals to perform functions on our behalf. Examples include website hosting providers, cloud data storage (servers), IT support, email delivery services, analytics providers (like Google Analytics), marketing platforms (like email newsletter tools), or customer support software. These service providers may access personal data strictly as needed to perform their tasks for us -- for instance, our cloud hosting provider stores our database which contains personal information, or our email provider processes the emails we send to you. We require all such vendors to handle personal data securely and in accordance with applicable data protection laws, and we do not allow them to use your data for any other purposes.
  • Advertising and Analytics Partners: As noted in Cookies and Tracking Technologies, third-party companies like Google and Meta (Facebook) may collect or receive certain information about you via cookies/pixels on our site for advertising and analytics. For example, Google and Facebook may process data about your visit to our site to help us measure ad effectiveness and reach you with relevant ads. This involves some data sharing: we implement their code on our site which sends device and usage data (like a unique cookie ID, and event info such as "charter searched" or "booking completed") to those partners. These partners act as independent data controllers for their use of data (e.g. personalizing ads on their platforms), but they are still expected to comply with privacy laws. We recommend reviewing their privacy policies for details on how they handle information. If you prefer not to share data with these partners, you can opt out of marketing cookies as described in the Cookies section.

In all cases of sharing above, we minimize the data provided to what the third party legitimately needs. We also have contracts or data processing agreements in place with these providers to ensure your data is protected. They must implement appropriate security measures and confidentiality obligations.

Legal and Safety Disclosures

We may disclose personal information to third parties outside of our regular operations only in certain exceptional circumstances:

  • Legal Compliance: If we are under a duty to disclose or share your data in order to comply with a legal obligation, we will do so. This includes responding to lawful requests by public authorities, such as complying with court orders, valid subpoenas, or investigative demands. For example, under Croatian law or other applicable jurisdiction, we might be required to provide booking records or identification details to government agencies (such as customs, immigration, port authorities, or tax authorities). We will carefully review each request to ensure it has appropriate legal basis before releasing any information.
  • Enforcing Our Terms & Protection of Rights: We may share information if necessary to enforce our Terms and Conditions or other agreements, or to investigate potential violations thereof. We may also disclose data to protect our rights, property, and safety, or that of our customers and others. For instance, we might exchange information with other companies and organizations for fraud protection and credit risk reduction. If you engage in behavior that is unlawful or poses a security risk, relevant data may be shared with law enforcement to address the issue.
  • Business Transactions: In the event that our company is involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, personal data might be transferred to a successor or affiliate as part of that transaction. If such a change happens, we will ensure the new owner uses your data only in accordance with this Privacy Policy (or provides notice of any changes). We will notify you of any change in ownership or use of your personal information as required by law.

Other than the situations outlined above, we will not disclose your personal data to any third party without your consent. If we ever need to share information for a new purpose not covered by this Policy, we will update you and obtain consent if necessary.

International Data Transfers

Boat4You is based in the European Union (Croatia), but we operate a global service. This means your personal data may be transferred to and processed by entities in countries outside the European Economic Area (EEA). For example, if you book a yacht in a non-EU country, we will send your information to our partner or operator in that country to fulfill the booking. Likewise, some of our third-party service providers (such as cloud hosting or marketing platforms) might be located outside the EEA.

When transferring personal data internationally, we take steps to ensure that an adequate level of data protection is maintained, as required by GDPR's Chapter V provisions. Our measures include:

  • Adequacy Decisions: Whenever possible, we transfer data to countries that the European Commission has determined to have an adequate level of data protection. (For instance, transfers to countries like Switzerland, the UK, or others with adequacy decisions are treated similarly to intra-EU data flows.)
  • Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (such as the United States in some cases), we put in place European Commission-approved Standard Contractual Clauses or equivalent contractual safeguards with the data importer. These clauses contractually require the recipient to protect your data to EU standards. For example, our cloud service providers or marketing partners in the U.S. have signed SCCs committing to secure your information and respect GDPR principles.
  • Additional Safeguards: We also assess on a case-by-case basis whether further measures are needed (technical or organizational) to ensure your data is secure when transferred abroad. This can include encryption of data in transit, pseudonymization (replacing identifying info with codes), and strict access controls. We also consider any local laws that might affect the privacy of your data and work to mitigate risks.
  • Contract Necessity: In some situations, an international transfer is necessary for the performance of your contract with us or to fulfill a contract in your interest (GDPR Art. 49 exceptions). For example, if you book a yacht in a country outside the EEA, transmitting your personal details to that yacht provider is necessary to execute the booking contract you've entered into. In such cases, we will ensure you are aware of the transfer and that it is only done to fulfill your request.

You can contact us if you have questions about the specific safeguards in place for transfers of your data outside the EEA, or if you wish to obtain a copy of the relevant contractual commitments (we may redact some sections for confidentiality). Our aim is to ensure that your rights and protections travel with your data, no matter where it is processed.

Data Storage, Security, and Retention

How We Protect Your Data

We have implemented a variety of security measures to guard your personal data against unauthorized access, alteration, disclosure, or destruction. Boat4You takes data security very seriously, and we follow industry best practices to ensure confidentiality and integrity of your information. Our measures include:

  • Encryption: All sensitive data transfers on our site (such as payment transactions and login credentials) are protected by encryption protocols like HTTPS/TLS. This means that when you enter information on our website, it is encrypted in transit to our servers. We also encrypt certain data at rest (in storage), especially financial information or passwords (which are stored using one-way hashing and salt).
  • Access Controls: Personal data is accessible only to authorized personnel who need it to perform their job duties (for example, our booking agents or customer support team). We limit access through role-based controls and multifactor authentication for our internal systems. All employees and contractors are bound by confidentiality obligations.
  • Secure Infrastructure: Our Platform is hosted on secure servers with firewalls and monitoring in place to prevent and detect intrusion. We regularly update our software and frameworks to patch vulnerabilities. Data centers used by us or our processors have physical security controls as well (e.g. 24/7 monitoring, restricted entry).
  • Periodic Assessments: We routinely review our security practices and may employ third-party specialists to conduct penetration tests or security audits on our systems. This helps us identify and fix potential weaknesses. We also have an incident response plan ready in case of any security breaches.
  • Payment Security: As noted, we do not store full payment card details on our own servers. All credit card processing is done through PCI-DSS compliant providers. This adds an extra layer of security for financial data.
  • Staff Training: Our team members are trained on data protection principles and security awareness. We emphasize the importance of protecting personal data and have internal policies governing how information should be handled.

While we strive to protect your data, please understand that no method of transmission over the internet or electronic storage is 100% secure. We thus cannot guarantee absolute security. However, we continuously work to update and improve our security measures. In the unlikely event of a data breach that poses a high risk to your rights (for example, a leak of your personal data despite our safeguards), we will notify you and the relevant authorities as required by law.

Data Retention Policy

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. How long we keep your information depends on the type of data and the purpose of processing:

  • Account Information: As long as you have an active account with Boat4You, we will keep the personal information associated with your account. If you decide to close your account, we will delete or anonymize your personal data within a reasonable timeframe after your request, except for information we must retain (see below). If your account remains inactive for an extended period (we may define this in our terms, e.g. 2 years), we might contact you to confirm if you wish to keep it open, and in absence of a response, we may remove or anonymize the account.
  • Booking and Transaction Data: We retain records of your bookings, payments, and invoices to provide customer service and for our financial record-keeping. Even if you delete your account, we may keep booking history and payment records as needed for business and legal purposes. For instance, Croatian financial regulations or tax laws may require us to retain transaction records for a certain number of years (often 7-10 years). Also, if you made a complaint or there is a dispute, we will retain relevant data until it is resolved and for a period thereafter as permitted by law.
  • Communications: Emails, support tickets, and other communications with you may be retained for a period (for example, up to 2-3 years) to allow us to refer back to prior conversations if you contact us again, and to train or audit our customer service. We will delete these earlier if requested and no longer needed.
  • Marketing Data: If you have consented to receive marketing emails, we will retain the necessary data (like your name, email, and marketing preferences) until you opt out or unsubscribe. Once you unsubscribe, we will stop using your data for marketing and will remove your contact from our mailing list (though we may keep a record of your opt-out request to ensure we honor it going forward).
  • Cookies: Data collected through cookies and similar technologies is typically retained as per the cookie's lifetime or as required for analytics. For example, Google Analytics data may be retained for a certain period (e.g. 14 months) as set in our Google Analytics settings, after which it gets deleted automatically. You can clear cookies from your browser to remove data stored in those cookies on your side at any time.

After the applicable retention period has ended, or at your valid request, we will either securely erase your personal data or anonymize it so that it can no longer be associated with you. For example, we might aggregate and anonymize usage data for statistical analysis, which no longer identifies any individual. If we are unable to fully delete data (e.g. it's stored in backups), we will ensure it is isolated and protected until deletion is possible.

Your GDPR Rights

As a user of our Platform and as a data subject under the GDPR, you have specific rights regarding your personal data. Boat4You is committed to respecting these rights and has procedures in place to enable you to exercise them. Your rights include:

  • Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to access that data. We will provide you with a copy of the personal information we hold about you, along with details on how we use it. This is commonly known as a "Data Subject Access Request."
  • Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct it. You can also update some of your information directly by logging into your account. We encourage you to keep your data up-to-date, and we will promptly rectify any mistakes you report.
  • Right to Erasure: Also called the "right to be forgotten," this allows you to request that we delete your personal data when it is no longer needed for the purposes for which it was collected, or when you withdraw consent (where applicable) or successfully object to processing. We will honor valid deletion requests so long as we do not have a compelling legal reason to retain the data (for example, we may not erase data that we must keep for legal compliance).
  • Right to Restrict Processing: You can ask us to limit the processing of your data in certain circumstances -- for instance, if you contest the accuracy of the data or if you object to our processing and we are evaluating your request. While under restriction, your data will be stored but not actively processed (aside from keeping it secure). We will inform you before lifting any such restriction.
  • Right to Data Portability: You have the right to receive the personal data that you have provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller where technically feasible. This right applies when the processing is based on your consent or on a contract and is carried out by automated means. For example, you can request a copy of the data you provided in your account profile and booking history to transfer to a competing service.
  • Right to Object: You may object to our processing of your personal data when that processing is based on legitimate interests or public interest. If you object, we will stop processing your data unless we have compelling legitimate grounds that override your rights or we need to continue processing for the establishment, exercise, or defense of legal claims. Importantly, you have an unconditional right to object to your data being used for direct marketing purposes at any time. If you object to marketing, we will cease processing your data for those purposes immediately.
  • Right to Withdraw Consent: Where we rely on your consent to process data (e.g. for marketing emails or certain cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the legality of any processing we conducted prior to your withdrawal. If you withdraw consent for marketing, we will stop sending you marketing messages. If you withdraw consent for cookies, we will stop any non-essential cookies (you may need to adjust browser settings or use our cookie management tools for this).
  • Right Not to Be Subject to Automated Decisions: We generally do not make any legally significant decisions about you based solely on automated processing (without human involvement). If that ever changes (for example, if we implement automated profiling that could affect your rights or interests), you have the right to not be subject to such decisions unless necessary for a contract or authorized by law, and to request human intervention.
  • Right to Lodge a Complaint: If you believe we have infringed your data protection rights or violated GDPR, you have the right to file a complaint with a supervisory authority. We sincerely hope to resolve any issues by working directly with you, but you may contact an EU Data Protection Authority, in particular the one in the country of your habitual residence, place of work, or where an alleged infringement occurred. As our company is established in Croatia, our lead supervisory authority is the Croatian Personal Data Protection Agency (AZOP). You can find their contact details on their official website.

How to Exercise Your Rights: You can exercise most of the rights above by contacting us via email at support@boat4you.com. Please clearly state what right you wish to exercise and provide necessary information to verify your identity (we need to ensure we're altering or disclosing data to the correct person). We will respond to your request as soon as possible, and in any event within one month as required by GDPR. If your request is complex or if you have made multiple requests, we may inform you that we need an extension of up to two further months, but we will still reach out with an update within the first month. For cost-free rights requests, we will not charge you a fee. However, if a request is manifestly unfounded or excessive (for example, repetitive requests), we may either refuse it or charge a reasonable fee as permitted by law. If we refuse a request, we will explain our reasons and inform you of your ability to complain to a DPA.

We will honor your rights to the fullest extent possible. There may be cases where certain rights do not apply -- for instance, if you request deletion, we might retain some data that we are legally required to keep, or if you request data portability, it only applies to data you provided us, not data we created. But we will always inform you and justify any limitations or refusals. We also commit to transparency: if you have any questions about your rights or how to exercise them, just ask us and we will guide you.

Updates to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make significant changes, we will notify you by appropriate means -- for example, by posting a prominent notice on our website or by emailing you (if you have provided your email) to explain any updates. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

When we update the Privacy Policy, we will modify the "last updated" date at the bottom of this document. Any changes will be effective when posted on this page, unless stated otherwise. If the changes materially affect how your personal data is processed, we will seek your consent if required by applicable law. Your continued use of the Platform after the effective date of the revised Policy will signify your acceptance of the changes, to the extent permitted by law.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us:

Cusmanich d.o.o. (Boat4You)
Vrboran 37, 21000 Split, Croatia
Email: support@boat4you.com

We will gladly assist you with any inquiries -- whether it's helping you understand this Policy, addressing issues with your account data, or fulfilling an individual rights request. Your privacy is important to us, and we are here to help.

Effective Date: June 17, 2025.

This Privacy Policy is effective as of the date above and supersedes any prior versions.