Hidden Tree Heritage Hotel
Privacy Policy
Last updated: May 2026
This Privacy Policy explains how Hidden Tree collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and applicable laws of the Republic of Croatia.
1. Data Controller Information
The operator and data controller of the website www.hiddentree.hr is: Albergo d.o.o. Poljana Požarišće 4 23000 Zadar Croatia OIB: 95874654304 For all questions related to privacy and personal data protection, you may contact us at: E-mail: info@hiddentree.hr
2. Definitions
For the purposes of this Privacy Policy: "Website" means all webpages and content available under the domain www.hiddentree.hr. "User" means any natural or legal person accessing or using the Website or our services. "Personal Data" means any information relating to an identified or identifiable individual. "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
3. Scope of this Privacy Policy
This Privacy Policy applies to: the use of the Website, accommodation inquiries and reservations, communication with Users, newsletter subscriptions, marketing communication, and all services provided by Albergo d.o.o. through digital channels. By using the Website or contacting us, Users acknowledge that they have read and understood this Privacy Policy.
4. Personal Data We Collect
Depending on the interaction with the Website or our services, we may collect: full name, e-mail address, phone number, billing or residence address, city and postal code, reservation details, inquiry or message content, and other information voluntarily submitted by the User. Technical and usage data may include: IP address, browser type and version, operating system, device type, referral URLs, session and usage information, website interaction data, and analytics and diagnostic data. The Website uses cookies and similar technologies for functionality, analytics, performance monitoring, personalization, and marketing purposes. Detailed information is available in our Cookie Policy.
5. Legal Basis for Processing
We process personal data only where legally permitted under GDPR. The legal bases include: performance of a contract (accommodation reservations, responding to inquiries, communication regarding bookings or services); legitimate interests (website security, fraud prevention, analytics, service improvement, communication management); consent (newsletter subscriptions, marketing communication, non-essential cookies — Users may withdraw consent at any time); and legal obligations (accounting regulations, tax laws, hospitality regulations, or other applicable legislation).
6. How We Use Personal Data
We may use personal data for the following purposes: responding to inquiries and requests, managing reservations and accommodation services, communicating with Users, improving Website functionality and user experience, sending promotional and marketing communication, analyzing Website usage and performance, ensuring Website security, fulfilling legal and regulatory obligations, and preventing abuse, fraud, or unauthorized activity.
7. Sharing of Personal Data
We do not sell Users' personal data. Personal data may be shared only where necessary with: IT and hosting providers, cloud service providers, accounting and legal advisors, booking and reservation partners, marketing and analytics providers, and competent public authorities where required by law. All third-party service providers are required to process personal data in accordance with GDPR and applicable confidentiality obligations.
8. International Data Transfers
Some service providers may process data outside the European Economic Area (EEA). Where international data transfers occur, we ensure appropriate safeguards in accordance with GDPR, including: adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent protection mechanisms.
9. Data Retention
Personal data is retained only for as long as necessary for the purposes for which it was collected, including legal, accounting, and regulatory obligations. Certain accounting and invoicing data may be retained for up to 11 years in accordance with applicable Croatian legislation. Marketing data based on consent is retained until consent is withdrawn. When retention is no longer necessary, personal data is securely deleted or anonymized.
10. Data Security
We implement appropriate technical and organizational measures to protect personal data, including: secure servers and hosting, access controls, encrypted communication where applicable, regular security monitoring, staff confidentiality obligations, and internal privacy and security procedures. Despite these measures, no electronic transmission or storage system can be guaranteed as completely secure.
11. User Rights Under GDPR
Under GDPR, Users have the right to: request access to personal data, request correction of inaccurate data, request deletion of personal data, request restriction of processing, object to processing, withdraw consent at any time, request data portability, and lodge a complaint with a supervisory authority. Requests may be submitted via: info@hiddentree.hr. We may request identity verification before processing certain requests.
12. Third-Party Websites
The Website may contain links to third-party websites or services. We are not responsible for the privacy practices, security, or content of third-party websites. Users access such websites at their own responsibility.
13. Children's Privacy
The Website and services are not intended for children under the age of 16. We do not knowingly collect personal data from children without appropriate legal basis or parental authorization where required.
14. Amendments to this Privacy Policy
We reserve the right to amend this Privacy Policy at any time. Updated versions will be published on the Website together with the revised 'Last updated' date. Continued use of the Website after amendments constitutes acknowledgment of the updated Privacy Policy.
15. Contact Information
For all privacy-related questions, requests, or complaints, please contact: Albergo d.o.o. Poljana Požarišće 4 23000 Zadar Croatia E-mail: info@hiddentree.hr If you believe your rights under GDPR have been violated, you may file a complaint with the competent supervisory authority: Croatian Personal Data Protection Agency (AZOP).