Privacy Policy
Villa Deluxe – www.villadeluxe.net
Valid from: March 2026 Last updated: March 2026
As the operator of this website, I am responsible for the processing of your personal data in accordance with the General Data Protection Regulation (GDPR) and the German Telemedia Act (TMG).
Provider / Data controller:
Villa Deluxe
Hercegovacka ulica 31
21311 Split – Croatia
Telephone: 0049 136 3011 711
E‑Mail: info@villadeluxe.net
OID: 84811554809
2. Types and scope of data processing
We collect and process the following categories of personal data:
| Data type | Source | Purpose | Legal basis |
| Contact details (name, email, telephone number, address) | Booking form | Apartment bookings, payment processing, customer communication | Article 6(1)(b) of the GDPR (performance of a contract) |
| Travel dates (Arrival date, departure date, number of people) | Booking form | Booking, Availability Management | Article 6(1)(b) of the GDPR |
| Payment details (credit card, bank details) | Payment provider / Payment gateway | Payment processing | Article 6(1)(b) of the GDPR |
| Communication data (emails, messages) | Direct contact via the website | Customer service, responding to enquiries | Article 6(1)(b) of the GDPR |
| Visitor data (IP address, browser data, time of access) | Web server log files / Analytics | Security, troubleshooting, usage analysis | Article 6(1)(f) of the GDPR (legitimate interests) |
| Cookies (Session IDs, preferences) | Visitor's browser | Functionality, user-friendliness | Article 6(1)(a) of the GDPR (Consent) |
3. Legal basis for data processing
We process your data on the following legal grounds (GDPR):
- Article 6(1)(b) of the GDPR – Fulfilment of the contract (e.g. bookings, payments, customer service)
- Article 6(1)(f) of the GDPR – Legitimate interests (e.g. security, fraud prevention, usage analysis)
- Article 6(1)(a) of the GDPR – Consent (e.g. newsletters, optional cookies)
- Article 6(1)(c) of the GDPR – Legal obligation (e.g. tax, accounting)
4. Recipients / Disclosure of data
Your data will only be disclosed to the following parties where this is necessary for the performance of the contract or due to a legal obligation:
- Administration / Bookkeeping
- Customer Service Team
- Cleaning and property management (arrival dates and number of guests only)
4.2 External service providers (data processors pursuant to Article 28 of the GDPR)
| service provider | Activity | Data transmission | Location |
| Payment provider [Paypal] | Payment processing | Payment details | [Deutschland] |
| Hosting‑Provider [Strato] | Server / Database | All website data | [Deutschland] |
| E‑Mail‑Service [Strato] | Newsletters, confirmations | email addresses | [Deutschland] |
| booking system [MotoPres Hotel Booking] | Booking management | Booking details | [Deutschland] |
| Google Analytics [If used] | Visitor statistics | IP addresses, browser data | USA / EU (Data Processing Agreement) |
Important: We have data processing agreements (DPAs) in place with all these service providers in accordance with Article 28 of the GDPR to protect your data.
- Public authorities and law enforcement agencies (upon legal request)
- Tax advisors / tax authorities (accounting, anti-money laundering)
4.4 International data transfers
If your data is transferred to countries outside the EU/EEA (e.g. the USA), this is done on the basis of:
- Adequacy Decisions the European Commission (e.g. the UK post-Brexit with the UK GDPR Agreement)
- Standard Contractual Clauses (SCCs) (EU Standard Contractual Clauses)
- Your consent (where justified)
Your data will be stored for as long as is necessary for the purpose of processing:
| Data type | Retention period | Reason |
| Booking details | 10 years | German tax liability / Accounting |
| Payment details | 3 years | PCI DSS compliance, warranty period |
| E-mailaddress (newsletter) | Until you log out | Legitimate interests, revocable consent |
| Cookies (Session) | During the visit | functionality |
| Cookies (Persistent) | Up to 2 years | User preferences |
| Webserver‑Logfiles | 7 days | Security, fault analysis |
| Analyticsdata | 14 months | Aggregated statistics (anonymised) |
Under the GDPR, you have the following rights:
6.1 Right of access (Art. 15 GDPR)
You can request information at any time about which of your personal data we process, for what purpose, and for how long.
Enquiry to: info@villadeluxe.net
6.2 Right to rectification (Article 16 of the GDPR)
You can have incorrect or incomplete data corrected.
6.3 Right to erasure (Article 17 of the GDPR)
You may request the erasure of your data, provided there is no legal obligation to retain it.
Exceptions:
- Accounting (10-year retention period required)
- Ongoing accounting processing
- Legal disputes
6.4 Right to data portability (Article 20 of the GDPR)
You can receive your data in a structured, commonly used format and transfer it to another provider.
6.5 Right to object (Article 21 of the GDPR)
You have the right to object to the processing of your data, in particular in the following cases:
- Direct marketing / Newsletter
- Profiling and automated decision-making
- Processing on the basis of legitimate interests
6.6 Right to restriction of processing (Article 18 of the GDPR)
You may request that your data be stored but no longer processed.
If you have given your consent (e.g. for newsletters or cookies), you can withdraw it at any time.
Wie Sie Ihre Rechte ausüben:
Please send a written enquiry or an email to:
E‑Mail: info@villadeluxe.net
Adresse:
Villa Deluxe
Hercegovacka ulica 31
21311 Split – Croatia
We will respond to your enquiry within 30 days Edit. If necessary, we can extend the period by a further 60 days.
We protect your personal data using appropriate technical and organisational measures:
- HTTPS encryption (TLS 1.3) for all data transfers
- Secure payment processing via certified payment providers (PCI DSS compliant)
- Password protection and access control for internal systems
- Regular backups and disaster recovery planning
- Firewall and anti-malwaresystems
- Data encryption in the database (for sensitive data)
- Regular security audits and penetration tests
- Staff training on data protection
Note: No data transmission over the internet is completely secure. Although we take appropriate security measures, we cannot guarantee absolute security.
8. Cookies and web technologies
Cookies are small text files that are stored on your device and contain information about your visit.
8.2 Types of cookies on our website
| Cookie‑Typ | Name (example) | Purpose | Duration | Consent required |
| Session‑Cookie | PHPSESSID | User session, shopping basket management | Session | No (required) |
| Analytics | _ga, _gid | Google Analytics usage statistics | 2 years | Yes (opt-in) |
| Marketing | Retargeting‑Pixel | Targeted advertising | Up to 1 year | Yes (opt-in) |
| Functional | Language settings | Website preferences | 1 year | No (required) |
The first time you visit our website, you will be asked to agree to our cookie settings. You can change these at any time:
- Browser settings (Firefox, Chrome, Safari, Edge)
- Cookie‑Banner on our website
- Opt‑out‑links for Google Analytics: [https://tools.google.com/dlpage/gaoptout]
Note: Disabling essential cookies may result in some features not working properly.
8.4 External content and scripts
Our website may contain external content:
- Google Maps (location of the villa)
- YouTube‑Videos
- Social media buttons (Facebook, Instagram)
These providers may set their own cookies and log your IP address.
9. Google Analytics and similar tools
If we use Google Analytics 4 or similar analytics tools:
9.1 What do we use analytics for?
- Visitor numbers and page views
- Time spent on site and bounce rate
- Countries of origin and browser information
- Errors and technical issues
9.2 Transfer of data to the USA
Google Analytics may transmit IP addresses and cookies to servers in the USA. Google has undertaken to Data Processing Amendment (DPA) and Standard Contractual Clauses (SCCs) to be observed.
- IP anonymisation: The last octet ranges are removed before storage
- Opt‑out: You can disable Analytics using the Google Opt‑out browser: [https://tools.google.com/dlpage/gaoptout]
- Turn off ad personalisation: In your Google Account settings
If you sign up for our newsletter, you will receive regular updates on:
- New apartments and availability
- Special offers and discounts
- Latest information about the villa
The newsletter will only be sent with your express consent in accordance with Article 7 of the GDPR (double opt-in).
You can unsubscribe at any time free of charge:
- Click on “Log out” in the newsletter
- Email: info@villadeluxe.net
Your email address will then be deleted within 7 days.
11. External links and third-party providers
This website may contain links to external websites. We are not responsible for the data protection practices of these third-party providers.
Please check the privacy policy of any external website before entering personal data.
12. Special categories of data
We do not process any special categories of data within the meaning of Article 9 of the GDPR (e.g. health data, ethnic origin, political opinions).
Exception: If you voluntarily provide us with specific requirements (e.g. accessibility, allergies), these will only be used to fulfil your booking.
This website is not intended for children under the age of 13. We do not knowingly collect data from children.
If you believe we have inadvertently collected data relating to a child, please contact us immediately at: Email: info@villadeluxe.net
14. Right to lodge a complaint with a supervisory authority
Sie haben das Recht, sich bei einer Datenschutzbehörde zu beschweren, wenn Sie der Meinung sind, dass die Verarbeitung Ihrer Daten gegen die DSGVO verstößt.
15. Kontakt und Datenschutzanfragen
If you have any questions about this privacy policy or wish to exercise your rights, please contact us:
Villa Deluxe
Hercegovacka ulica 31
21311 Split
Croatia
Telephone: 0049 163 3011 711
E‑Mail: info@villadeluxe.net
Website: www.villadeluxe.net
16. Changes to this Privacy Policy
We reserve the right to update this privacy policy to reflect changes in data processing or applicable laws.
The latest version is available on this website. In the event of significant changes, you will be notified via a clear message.
Version history:
- Version 1.0 – March 2026 – First published
17. Legal basis and references
- General Data Protection Regulation (GDPR, EU 2016/679)
- Telemedia Act (TMG) – Germany
- Federal Data Protection Act (BDSG)
- EDPB Guidelines and the Schrems II ruling
- PCI DSS Standards (payment security)
Date: March 2026 Last updated: March 2026 Valid from: March 2026