Debonda Customer Privacy Policy

General information

This Privacy Policy explains how Island Essence d.o.o., Kranjčevićeva 26, 21000 Split, Croatia, OIB: 64945300604 (hereinafter referred to as the “Company”), collects, uses, processes and protects personal data of users of the website debonda.com.

The Company processes personal data in accordance with the applicable laws of the Republic of Croatia and Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), respecting the principles of lawfulness, transparency, purpose limitation and data minimisation.

For all matters related to the processing of personal data, users may contact the Company at:

privacy@debonda.com

Personal data we collect

The Company collects only personal data that is necessary for the provision of its services, handling enquiries and processing reservations.

This includes the following data:

first and last name

email address

telephone number

country of residence

address, city and postal code (optional)

reservation-related information (selected service, date, number of participants)

special notes voluntarily provided by the user

The Company does not collect:

personal data of children, except for the number of children solely for pricing purposes

health data, biometric data or other sensitive personal data

How personal data is collected

Personal data is collected when the user:

completes a contact or booking form

submits an enquiry via the website

makes a reservation and completes a payment

subscribes to the newsletter

communicates with the Company via email, chat or connected communication tools

Purpose of personal data processing

Personal data is processed exclusively for the following purposes:

handling enquiries and communication with users

organising and delivering booked services

issuing invoices and fulfilling legal obligations

processing payments through authorised payment processors

sending newsletters and notifications, subject to prior user consent

analysing website usage and improving services

Personal data will not be used for purposes that are incompatible with the above, nor processed in a manner that would be unexpected or unreasonable from the user’s perspective.

Legal basis for processing

The Company processes personal data based on:

performance of a contract or steps taken prior to entering into a contract

compliance with legal obligations, including accounting and tax regulations

user consent, where required (newsletter, cookies, marketing tools)

the Company’s legitimate interests, where applicable and proportionate

Newsletter and marketing communications

Newsletter subscriptions are managed through a double opt-in system, meaning that users must confirm their subscription via a link sent to their email address.

Users may withdraw their consent at any time by clicking the unsubscribe link in any newsletter message or by sending a request to privacy@debonda.com.

Cookies and third-party tools

The website uses cookies and similar technologies exclusively with prior user consent, managed through a consent management tool.

The Company uses the following third-party tools:

Google Analytics (GA4)

Meta Pixel

TikTok Pixel

Google Ads

Klaviyo (newsletter platform)

These tools are activated only after the user has provided consent. Cookie preferences may be modified at any time.

Sharing of personal data

Personal data is shared only when necessary to provide the contracted service, and exclusively with:

service providers involved in the execution of reservations (e.g. guides, skippers)

payment processors (Stripe, PayPal, banks)

technical service providers (hosting, security systems)

Only the minimum amount of data required for the specific purpose is shared.

Data retention periods

Personal data is retained for the following periods:

enquiry-related data: up to 12 months

reservation and invoicing data: 11 years, in accordance with legal obligations

newsletter data: until consent is withdrawn

After the applicable retention period expires, personal data is deleted or anonymised.

User rights

Users have the right to:

request access to their personal data

request correction of inaccurate or incomplete data

request deletion of personal data

request restriction of processing

object to the processing of personal data

Requests relating to user rights may be submitted by email to:

privacy@debonda.com

Personal data security

The Company applies appropriate technical and organisational measures to protect personal data, including access controls, security plugins and safeguards against unauthorised access or misuse.

Transfers of personal data outside the European Union

If personal data is transferred outside the European Union, such transfers are carried out with appropriate safeguards in accordance with GDPR requirements.

Changes to this Privacy Policy

The Company reserves the right to amend this Privacy Policy at any time. The current version is always available on the website.