Privacy Policy
Last updated: 14 May 2026
1. Data Controller
The controller of your personal data within the meaning of Regulation (EU) 2016/679 (GDPR) is:
UNINE j.d.o.o.(operating as "Salty Society")
Krešimirova Obala 36, 23000 Zadar, Croatia
OIB: 00548513933 · MBS: 110147524
Email: info@salty.hr
Phone: +385 95 573 9797
2. What Data We Collect
We collect only the data necessary to provide our SUP rental and delivery services:
- Booking data: name, phone number, email address, delivery location, rental date and time, number of boards.
- Communication data: messages you send us via the booking form, WhatsApp, Instagram, or email.
- Payment data: we do not store card details. Payments are processed by third-party providers (see Section 6).
- Technical data: IP address, browser type, device type, referring page, and analytics events collected via cookies (see Section 7).
3. Legal Basis and Purpose of Processing
- Performance of a contract (Art. 6(1)(b) GDPR): processing bookings, delivering boards, customer support.
- Legal obligation (Art. 6(1)(c) GDPR): bookkeeping, invoicing, and tax records under Croatian law.
- Legitimate interest (Art. 6(1)(f) GDPR): securing our website, preventing fraud, and basic anonymous analytics.
- Consent (Art. 6(1)(a) GDPR): non-essential cookies, marketing pixels, and optional newsletters. You may withdraw consent at any time.
4. Data Retention
Booking and invoicing data are retained for 11 years as required by the Croatian General Tax Act (Opći porezni zakon). Communication and marketing data are deleted after 2 years of inactivity or sooner upon request.
5. Recipients of Your Data
We share data only with processors that help us run the service:
- Hosting and infrastructure: Vercel Inc. (USA, EU data residency where available)
- Analytics: Google Analytics / Google Tag Manager, Microsoft Clarity, Meta Pixel
- Communication: WhatsApp (Meta), email providers
- Accounting and tax advisors (only invoicing data)
- Competent public authorities when required by Croatian law
6. International Transfers
Some processors (Google, Meta, Microsoft, Vercel) may transfer data outside the EEA. Such transfers are protected by Standard Contractual Clauses approved by the European Commission and/or the EU–US Data Privacy Framework.
7. Cookies and Tracking
We use essential cookies necessary for the site to function, and — with your consent — analytics and marketing cookies (Google Analytics, Meta Pixel, Microsoft Clarity). You can manage or withdraw cookie consent at any time through your browser settings.
8. Your Rights Under GDPR
You have the right to:
- Access your personal data (Art. 15)
- Request rectification (Art. 16) or erasure (Art. 17)
- Request restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing based on legitimate interests (Art. 21)
- Withdraw consent at any time (Art. 7(3))
- Lodge a complaint with the Croatian Data Protection Authority — Agencija za zaštitu osobnih podataka (AZOP), Selska cesta 136, 10000 Zagreb, azop.hr
To exercise any of these rights, email info@salty.hr. We will respond within 30 days.
9. Security
We use HTTPS, restricted access, and reputable processors. No internet transmission is 100% secure; we cannot guarantee absolute security but apply reasonable technical and organisational measures.
10. Children
Our services are not directed at children under 16. We do not knowingly collect data from minors without parental consent.
11. Changes to This Policy
We may update this policy from time to time. The current version is always available on this page with the "Last updated" date.