Villa Ljubica
Contact Info
Suđurađ 50, Šipan, Croatia
+385 99 224 3239
info@villa-ljubica-sipan.com
Learn more
Follow Us

Your privacy matters to us

We are committed to protecting personal data in accordance with applicable data protection laws. We ensure that any personal information received is processed with utmost care and security. The company’s data protection practices extend across all of its operations, safeguarding the privacy of individuals and their personal data throughout our business activities.

Cookie and Privacy Policy

Last updated: 18 April 2026

This Cookie and Privacy Policy explains how KADENA d.o.o., trading as Villa Ljubica, collects, uses and protects personal data when you visit villa-ljubica-sipan.com or make a reservation with us. We process personal data in accordance with the EU General Data Protection Regulation 2016/679 (GDPR) and the Croatian Act on the Implementation of the GDPR (Zakon o provedbi Opće uredbe o zaštiti podataka, NN 42/2018).

1. Who is the data controller?

The data controller is:

For any question about this policy, or to exercise any of the rights described below, please contact us at info@villa-ljubica-sipan.com.

2. What personal data we collect and why

We only collect data we actually need to run the booking service. Specifically:

  • Reservation data – name, email address, phone number, country, postal address, number of adults and children, arrival and departure dates, selected rooms, and any additional requests you add to the booking form. Collected when you submit a reservation through our website. Legal basis: performance of a contract (Article 6(1)(b) GDPR).
  • Payment data – if you pay by card, the transaction itself is handled by Stripe Payments Europe, Limited; we never see or store your card number. We do receive back from Stripe a payment reference (PaymentIntent ID), the amount, and whether the payment succeeded. Legal basis: performance of a contract and compliance with our legal tax-record obligations (Articles 6(1)(b) and 6(1)(c) GDPR).
  • Contact-form data – name, email and the text of any message you send us through the contact form. Legal basis: our legitimate interest in responding to your enquiries, or the pre-contractual steps at your request (Articles 6(1)(f) and 6(1)(b) GDPR).
  • Feedback data – name and the text of any review you leave via the feedback link we email two days after your stay. Submission is voluntary. Legal basis: your consent (Article 6(1)(a) GDPR), withdrawable at any time.
  • Technical log data – IP address, user agent, request URL and timestamp, recorded by our web-host server and kept in application logs for security and troubleshooting. Legal basis: our legitimate interest in securing and debugging the service (Article 6(1)(f) GDPR).

We do not run any advertising, marketing analytics, behavioural tracking, retargeting or social-media pixels on this site. We do not sell or rent personal data to anyone.

3. Cookies and similar technologies

A cookie is a small text file that a website places on your device. Our site uses only a minimal set of cookies and browser-storage items, all of which are strictly necessary for the booking flow or for remembering your cookie choice. We do not set any analytics, advertising, or social-media cookies.

The items set by this website are:

Name Type Purpose Lifetime Category
PHPSESSID HTTP session cookie (first-party) Keeps the reservation cart and form data together across the multi-step booking (dates → rooms → guest info → payment). Until you close the browser Strictly necessary
cookiesAccepted Browser localStorage (first-party) Remembers that you have seen and answered our cookie notice, so we don't show it on every page load. Persists until you clear your browser storage Strictly necessary

Under the EU ePrivacy Directive and GDPR, strictly necessary cookies may be set without consent because the service cannot be delivered without them. We do not set optional cookies. If that changes in the future, we will ask for your opt-in consent first.

You can manage cookies in your browser at any time (e.g. Chrome: Settings → Privacy and security → Cookies; Firefox: Settings → Privacy & Security; Safari: Settings → Privacy). Please note that blocking the session cookie will prevent the reservation form from working.

4. Who we share data with (recipients)

We share personal data only with processors and partners that are strictly needed to deliver the booking service. Each of them acts under a written data-processing agreement with us, or on their own legal basis as an independent controller where indicated.

  • Stripe Payments Europe, Limited (1 Grand Canal Street Lower, Dublin 2, Ireland) – processes card payments. Independent controller for fraud-prevention purposes, processor for the transaction itself. Privacy policy: stripe.com/privacy.
  • Nokumo d.o.o. – our property management system and channel manager. Receives reservation dates and room identifiers (not payment data) so availability stays in sync across booking channels.
  • Infonet d.o.o. (Zagreb, Croatia) – our web-hosting and email-hosting provider. Stores the website, database and email messages on servers located in the European Union.
  • Booking channels you choose (e.g. Booking.com, Airbnb, Expedia) – if you booked through one of these, they share your reservation details with us; their own privacy policy governs what they do with your data on their platform.
  • Croatian authorities (e.g. eVisitor / tourist-tax register, Ministry of the Interior) – where we are legally required to report guest data for accommodation purposes under Croatian hospitality law.

International transfers: Stripe may process payment data outside the European Economic Area (e.g. in the United States). Such transfers take place under the European Commission's Standard Contractual Clauses, which Stripe has in place with its sub-processors. You can review the safeguards at stripe.com/privacy-center/legal.

5. How long we keep your data

  • Reservation and payment records – kept for 11 years after the year of your stay, to comply with Croatian accounting and tax-record retention rules (General Tax Act and Accounting Act).
  • Contact-form messages – kept for up to 2 years after the last correspondence, then deleted.
  • Feedback / reviews – kept as long as the review remains relevant, or until you ask us to remove it.
  • Server and application logs – kept for up to 90 days, then overwritten.

6. How we protect your data

Our site is served over HTTPS (TLS encryption) and session cookies are set with Secure, HttpOnly and SameSite=Lax flags. Card data is entered directly on Stripe's PCI-DSS-certified infrastructure and never passes through our servers. Database passwords and API secrets are kept outside the public web root, and access to the administration area is restricted.

7. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you (Article 15).
  • Rectify inaccurate or incomplete data (Article 16).
  • Erase your data where the legal basis no longer applies (Article 17) – note that tax-record retention may override this for paid bookings.
  • Restrict processing in certain situations (Article 18).
  • Object to processing based on our legitimate interests (Article 21).
  • Data portability – receive your data in a machine-readable format (Article 20).
  • Withdraw consent at any time, where processing is based on consent (Article 7). Withdrawal does not affect the lawfulness of processing already carried out.

To exercise any of these rights, email us at info@villa-ljubica-sipan.com. We will respond within one month.

8. Right to lodge a complaint

If you believe your data-protection rights have been violated, you may lodge a complaint with the Croatian supervisory authority:

  • Agencija za zaštitu osobnih podataka (AZOP)
  • Selska cesta 136, 10000 Zagreb, Croatia
  • Phone: +385 (0)1 4609-000
  • Email: azop@azop.hr
  • Website: azop.hr

You may also contact the supervisory authority in the EU country where you live or work.

9. Children

Our reservation service is intended for adults (18+). Children may be listed as guests on a booking made by an adult, but we do not knowingly collect personal data directly from children.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page will show when the most recent version took effect. If changes are material, we will post a notice on the home page.

Book Rooms

Discover a peaceful retreat in this spacious villa. Book your stay today and experience true relaxation!

Reservation

We use only strictly necessary cookies to make the reservation form work and to remember this choice. We do not use advertising, marketing or analytics cookies. See our Cookie & Privacy Policy for details.