Privacy Policy

Privacy Policy

Data Controller

The controller of your personal data is:

BRID d.o.o.

Proštinske bune 41, 52100 Pula, Croatia

OIB: 36570179559 | VAT: HR36570179559

E-mail: info@zeppelin-adventure.com

Phone: +385 912545117

What Data We Collect

When you make a booking through our website, we collect the following personal data:

  • Full name
  • Email address
  • Phone number

Photographs and video recordings of participants for promotional purposes are collected exclusively with your explicit consent (see Sections 3 and 5).

We do not collect sensitive data such as payment card information. Card payments are processed securely by CorvusPay as an independent payment processor.

Legal Basis and Purposes of Processing

We process your personal data on the following legal bases in accordance with Article 6 of the General Data Protection Regulation (GDPR):

PurposeLegal BasisRetention Period
Processing your booking and delivering the serviceArt. 6(1)(b) GDPR – performance of a contract11 years (accounting obligations under Croatian law)
Sending marketing communicationsArt. 6(1)(a) GDPR – your explicit consentUntil you withdraw your consent
Compliance with legal obligationsArt. 6(1)(c) GDPR – legal obligationAs required by applicable law
Photographs and video recordings for promotional purposes (with consent)Art. 6(1)(a) GDPR – your explicit consentUp to 3 years from the activity date, or until consent is withdrawn

Marketing communications will only be sent if you have given explicit, separate consent at the time of booking. You may withdraw your consent at any time by contacting erik.birgmajer@gmail.com or by clicking the unsubscribe link in any marketing email.

Photographs and video recordings: Recording of participants for promotion and marketing (publication on the website, social media, and in advertising) is carried out exclusively in accordance with Art. 6(1)(a) GDPR — your explicit consent. Consent is given by ticking the appropriate checkbox during the booking process. If consent has not been given, you must not be photographed or recorded. Consent may be withdrawn at any time, and upon request, we will remove your images and recordings from all promotional materials.

Data Sharing and Third Parties

We do not sell, trade, or share your personal data with third parties for their own marketing purposes.

We use the following third-party processors, who may access your data solely to provide their services:

  • CorvusPay – payment processing (your card data is processed directly by CorvusPay; BRID d.o.o. does not have access to your full card details)
  • Google LLC (Google Analytics 4) – anonymous website usage statistics. IP addresses are anonymised. Google may transfer data outside the European Economic Area (EEA) under Standard Contractual Clauses approved by the European Commission. More information: https://policies.google.com/privacy

Cookies

Our website uses the following types of cookies:

  • Essential cookies: Required for the website to function. These cannot be disabled.
  • Session cookies: Temporary cookies are deleted when you close your browser. Used for login verification and filtering features.
  • Persistent cookies (up to 12 months): Used to remember your preferences (e.g. the ‘Remember me’ login option).
  • Analytics cookies (Google Analytics 4, up to 24 months): Used to collect aggregated, anonymous statistics about website usage.

Non-essential cookies (analytics) are only placed after you provide your consent via our cookie consent banner. You can change or withdraw your cookie preferences at any time through your browser settings or via the cookie banner on our website.

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your data where there is no legitimate reason to continue processing it.
  • Right to restriction of processing (Art. 18): Request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Art. 20): Request that your data be provided to you or a third party in a structured, commonly used format.
  • Right to object (Art. 21): Object to processing based on legitimate interests, or to direct marketing at any time.
  • Right to object to automated decision-making (Art. 22): BRID d.o.o. does not carry out automated decision-making or profiling within the meaning of Art. 22 GDPR.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of the above rights, please get in touch with us at: info@zeppelin-adventure.com

Right to Lodge a Complaint

If you believe that your data has been processed unlawfully, you have the right to lodge a complaint with the Croatian supervisory authority:

Agencija za zaštitu osobnih podataka (AZOP)

Selska cesta 136, 10000 Zagreb, Croatia

Website: www.azop.hr | Email: azop@azop.hr

Links to External Websites

Our website may contain links to third-party websites not operated by BRID d.o.o. We have no control over and assume no responsibility for the content or privacy practices of those websites. We encourage you to review their privacy policies independently.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated date. We encourage you to review this policy periodically.

Contact

For any questions regarding this Privacy Policy or your personal data, please get in touch.

E-mail: info@zeppelin-adventure.com

Phone: +385 912545117

Address: Proštinske bune 41, 52100 Pula, Croatia