All About Data Protection

Privacy Policy

Privacy Policy

This website as well as all offered services and products are provided by Let’s travel, travel agency, address: Ive Druzica 82 located in Sibenik, Croatia, personal identification number OIB: 91621773470 (further on “Service provider” or “us” or “us”) as the data controller in accordance with the General Data Protection Directive (GDPR).
The protection of your personal data is very important for us. Therefore, we provide detailed information on how we collect and use your data.
Persons under the age of 18 may not use our services.


The Service provider presents informatively his products and services, and gives future customers the possibility of establishing a contact with the Service provider. All information published on this website by us is assembled with care and for general information purposes. We provide no guarantee for the accuracy, completeness and topicality of the information on the website and websites which are referred to via hyperlinks. We assume no liability for losses or any damages incurred by any visitor of this website through the use or misuse of information published on this website. We accept no responsibility for the contents of third-party websites which may be entered per link via our website.


In general, you can visit our website without providing us your personal data. In this case only data will be collected, which cannot be referred to a person, like e.g. the URL-path, date and time, access status and the type and kind of operating system of the used web browser. If you want to send us a request using our contact form, the following data will be collected: first- and last name, email address, phone number, nationality, tour details and your text message.


The website provider automatically collects and stores information in so-called Server-log Files, which are automatically transmitted from the visitors’ browser to the provider. The following data is collected: browser type/ browser version, operating system used, referrer URL, host name of the accessing computer and time of the server request. These data are anonymous and can not be assigned to a particular person. These data will not be combined with data from other sources. These data will be checked by the Service Provider if there are clear indications of a breach of the law. The basis for this data processing is Article 6 (1) (b) of the EU GDPR which allows the processing of data to fulfill a contract or for measures preliminary to a contract.



In general, your personal data are collected and processed following the specifications of the GDPR for the purposes listed below: a) Fulfilling our contractual obligations according to Art. 6 §1b GDPR b) Fulfilling legal obligations according to Art.6 §1c GDPR c) If you have given your consent according Art.6 §1a GDPR d) A legitimate interest according to Art.6 §1f GDPR We use the data (phone, email, etc.) provided by you without your permission for purposes, which are in relation to our business relationship and contract fulfillment (according to point 3.1. a)) (like e.g. offer and invoice creation, your enquiries, reservation, necessary contacting) or are required for fulfillment of legal obligations (according to point 3.1. b)) respectively because we have a legitimate interest to design the usage of our website as efficient as possible (according to point d)).



To design our website appealing and to make some functions possible, we use on several pages so-called cookies. We transmit persistent cookies (also Session-Cookies), which remain also after closing your browser on your device to allow us to recognize your browser and your next visit.
What are cookies? Cookies are small alphanumeric text-files which your browser can save on your device. You can set your browser to inform you about every cookie-save to decide if you want to save the cookie or not. If you do not accept some cookies, we point out, that in this case probably some functions of this website won‘ t work properly.
The above-mentioned data processing is carried out based on our legitimate interest according to point 3.1. d) of this Privacy policy.


This website uses WP Statistics a WordPress plugin for web analysis. The provider of this plugin is owned by VeronaLabs. This plugin collects and stores data from visitors to our site. Collecting and storing of this data serves the single purpose of website analysis. The use of the WordPress Statistics plugin and the storing of Cookies takes place in accordance with Article 6 (1) (f) of the European General Data Protection Regulation (further on EU GDPR).

This data is processed in anonymous form for creating simple statistics, without saving the IP-addresses. IP anonymization has been activated in the WordPress Statistics plugin, therefore user profiles are created anonymously by using a pseudonym. A personal identification of a visitor is not possible. Cookies are used for collecting and storing usage data (read more about cookies at point 3.2.1. Usage of cookies). The information which is generated by the cookie is transferred to the server of this website and stored. The server is located in Croatia and is subject to Croatian data protection. We will not pass or sell your data to third parties.

The following data is stored:
• anonymized IP address
• origin of visitors (country, used search engines, links etc.)
• date and time of the page view
• which page was loaded (landing page or other pages)
• the number of accesses
• if the visitor of our website arrived via a search engine: the (“search words”).

You can find more information regarding this on the developers’ homepage:


This website uses the following services for marketing purposes:


This website uses Google AdWords, a service of the Google Inc. (1600 Amphitheater Pkxy, Mountain View, CA 94043-1351, USA; ”Google”). Google AdWords is a service for internet advertising which allows advertisers to place ads within Google search results and within the Google-Advertising-Network.

Purpose of Google AdWords is the promotion of our website by showing ads on third-party websites and within the search results of the Goolge search engine.

Within Google AdWords Conversion-Tracking will also be used. A cookie for conversion tracking will be set, if a user clicks on an ad placed by Google. These cookies expire after 30 days and do not serve to identify the user. If a user visits certain sites, and the cookie is not expired, Google and we can recognize that the user has clicked on the ad and has been redirected to this website. Every AdWords-customer gets another cookie. Cookies can not be tracked across websites of other AdWords-customers. Information collected by conversion-cookies, serves for creation of visit statistics for AdWords-customers, which have decided to use Conversion-tracking. The customers will know the total count of users, which clicked on their ad and has been redirected to a page with an embeded Conversion-tracking-tag. They do not receive any information with which they can recognize the visitor.
Therefore personal information like e.g. visited websites by the person will be stored with the help of conversion-cookies. With every visit of our website personal information, including IP-address of the visitor’s used internet connection, will be send and stored at Google USA. Google will, under certain circumstances, share personal data collected with this technical process with third parties.

If you don’t want to take part in the Tracking, you can disagree to this use by easily deactivating the Google Conversion-Tracking Cookie over your internet browser under user settings. After that you will not be included in the Conversion-Tracking statistics. At the following internet address you can find further information about data protection regulations from Google:

The possibility to Opt-out you can find here and under


Social networks are integrated on our website only by link. Additional information is provided in our disclaimer under point 9.
As the provider of this website we also have publicly available profiles in social networks like Facebook and Instagram.
By visiting our social media presence many data-security relevant processing operations are initiated. Because we cannot oversee them exactly, we would ask you to read the Terms and Conditions and the Privacy Policy of the corresponding Social media portals.


We have a Facebook-profile. Provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to the statement of Facebook the collected data can also be transferred to the US or third countries.
We have signed a Controller Addendum agreement with Facebook about a joint processing. This agreement shall specify for which processing operations we respectively Facebook is responsible for, when you visit our website. You can read this agreement under the following link:
You can adopt your advertising preferences in your User-Account. To do so, please click on the following link and log-in:
For more details please read the Privacy Policy of Facebook:


We have an Instagram-profile. Provider of this service is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. More details on how your personal data is collected and proceeded, you can read in the Privacy Policy of Instagram:



This website uses Google reCAPTCHA to check and prevent automated servers (“bots”) from accessing and interacting with our website. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service. Through certification according to the EU-US Privacy Shield
Google guarantees that it will follow the EU’s data protection regulations when processing data in the United States.
The legal basis is accordingly to point 3.1. d) of this Privacy Policy. Our legitimate interest lies in the security of our website and in the prevention of unwanted, automated access in the form of spam or similar.
Google offers detailed information at concerning the general handling of your user data.


This website uses WordFence, a security software provided by: Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA – We have signed the provided EU-US data protection agreement with the provider. Wordfence collects the IP address when users visit our website, as well as data related to the users‘ behavior on our website like e.g. Header-information or accessed URLs, against internet-based attacks. In this process the IP-address of the user is detected and compared with a list of known attackers and cookies are set for registered users. If a user attempt to gain unauthorized access to e.g. the web administration or perform automated access to the website like e.g. by automated scripts, his IP-address can be stored and disabled for any further access.
More information about the used cookies and their function you can read in our Cookie Policy.


We handle your personal data strictly confidential and do not refer them to a third party.
Your data will only be disclosed within a normal business processes to our external service provider, an invoice- and accountancy service. Your data will be processed by us and our service provider within the EU.
A further disclosure of your data takes place only on legal duty like e.g. prosecution. We are obliged by law to give information on request.
We would also like to point out, that all data you have given us will not be sold or distributed to third parties for economic reasons.
The processing takes place on the basis of our legitimate interest accordingly to point 3.1. d) of this Privacy Policy.


Your personal data will be processed and stored as long as it is necessary for legal and contractual obligations.
If we receive a cancellation-request from you your data will be deleted after 14 days if its storage is not required for fulfilling of trade- or tax-law retention requirements. Otherwise the data will be disabled for further use until expiry.
If your data is submitted to third parties within contract processing, these parties are responsible for storage and cancellation of your data.


The processing of your data takes place within the EU.
Specified services referred to in point 2.4., could transfer collected data to third countries.


This Privacy policy is related to our use of data.
If you use services of third parties, their Privacy Policy and Terms shall apply. They won‘ t be checked by us. We point out as a precaution to check the user conditions by yourself before using their services.


On our webpage we refer to other webpages on the internet with links. For all these links we declare explicitly that we do not have any influence on design and contents of these linked sites and therefore dissociate ourselves from all third party linked sites on and reject ownership of such sites.


This website uses external fonts „Google Fonts“, a Service of Google Inc. (“Google”). Inclusion of these fonts is performed by a server call usually a server operated by Google in the USA. Thereby data is transferred regarding which website the visitor has accessed. In this process, the IP address of the visitor’s browser is stored by Google. More information you can find in the Privacy Policy of Google, which you can reach via the following links:


On this website third-party content, like videos, pictures etc. is embedded in some places and contributions. This also implies that the provider of these contents perceives the visitor’s IP address, because the content transfer to the browser of the respective user/visitor can not be proceeded without the IP-address. Thus, the IP-address is needed for the presentation of the content.


This website uses a secure connection provided by Let’s Encrypt. The TLS-encryption ensures, that the online transmitted data cannot be viewed by third parties, even if they record the full data traffic. A TLS encryption can be recognized by the extension “https://” in the address-bar. Additionally, depending on your browser, a safety lock or key symbol will be displayed in the address-bar of your browser. The communicated data will be saved on a server of our hosting-provider within the EU.


The concerned party has the following rights:

  1. the right, according to Art.15 GDPR, to receive information about your personal data stored by us, as well as information on type and purpose of your data processing, information about recipients of personal data and the storage duration of your personal data.
  2. the right of data correction or completion, if the data is incorrect or incomplete. (Art. 16(2) GDPR)
  3. the right of erasing or blocking of your personal data according to the requirement in Art. 17 GDPR.
  4. the right to withdraw your consent for processing your data, which you have provided for the future at any time. The withdrawal can be made via the contact below.
  5. the right, to demand restrictions in how we process your personal data according to Art. 18 GDPR
  6. the right, according to Art. 20 GDPR, to receive the data you have made available to us as well as to request that your personal data has to be transferred to another controller.
    Should you have further questions regarding collection, processing or use of your personal data or if you have information-, blocking-, deletion- or correction-wishes regarding your personal data, which you want to submit to us, as well as revocation of any consents granted, you can freely contact us as the responsible:


Let’s travel, travel agency, Ive Družića 82, Šibenik, Croatia,

Personal identification number VAT (OIB): 91621773470

Or via our contact form
For complaints you can at any time contact the privacy-supervisory-authority of the EU or the EU member states.


As we are constantly refining our services and the functionalities of our website, this can influence the usage of personal data so this Privacy Policy will be changed from time to time. Therefore, we invite you to keep yourself informed of the current status. The current version is available on our website.

Status as of 15th February 2020.