Privacy policy

About Us and This Policy

SALVE REGINA-MARIJA BISTRICA d.o.o., VAT ID (OIB): 00925470789, with its registered office at Trpinjska ulica 9, 10000 Zagreb, Croatia (hereinafter referred to as the “Controller”), operates the website hotelkaj.hr and provides hotel, hospitality, wellness, conference, event and related tourism services of Hotel Kaj.

This Privacy Policy explains in a clear and understandable manner which personal data we collect, for what purposes we use it, on what legal basis we process it, with whom we may share it, how long we retain it, and what rights you have regarding the processing of your personal data.

We process personal data in accordance with the General Data Protection Regulation (GDPR), the Croatian Act on the Implementation of the General Data Protection Regulation, and other applicable laws and regulations of the Republic of Croatia.

If you have any questions regarding the processing of personal data, you may contact us by e-mail at kaj@salveregina.hr or by post at:

SALVE REGINA-MARIJA BISTRICA d.o.o.
Trpinjska ulica 9
10000 Zagreb
Croatia

While using our website, communicating with us, making accommodation reservations, staying at the hotel, or using our services, we may collect different categories of personal data, depending on your relationship with us.

When you visit hotelkaj.hr, we may automatically collect certain technical information about your device and website usage, such as:

• IP address
• Device type
• Browser type
• Operating system
• Language settings
• Pages visited
• Date and duration of visit
• Referral source
• Interactions with website content

We use this information for website security, technical maintenance, traffic analysis, and improving the user experience.

When you contact us via a web form, e-mail, telephone, or any other communication channel, we may process the information you voluntarily provide, including:

• First and last name
• E-mail address
• Telephone number
• Contents of your message
• Information regarding the requested service
• Information necessary for preparing an offer or responding to your enquiry

We use this information to respond to your enquiry, prepare an offer, provide the requested information, or continue communication initiated by you.

When you submit an accommodation enquiry, make a reservation, or use hotel services, we may process data necessary for handling and fulfilling your reservation, including:

• First and last name
• Contact details
• Address or country of residence
• Arrival and departure dates
• Arrival and departure times
• Number of guests
• Room or service type
• Special requests
• Payment-related information
• Reservation-related communication
• Information required for invoicing

We use PHOBS, a booking and property management system (PMS), for reservation processing. PHOBS enables the management of enquiries, reservation confirmations, reservation administration, and related hotel operations. Personal data is processed within PHOBS only to the extent necessary for booking management, confirmation, amendments, billing, and fulfilment of reservations.

As an accommodation provider, we are legally required to collect and process certain guest information for the purpose of registering and deregistering tourists in the relevant official systems, including the eVisitor system of the Republic of Croatia.

The following data may be collected and processed:

• Accommodation facility
• Date and time of arrival
• Date and time of departure
• Type and number of identification document
• First and last name
• Country and city of residence
• Nationality
• Tourist tax category
• Method of arrival
• Type of service provided
• Other information required by applicable laws and regulations

This processing is based on our legal obligations, and the data is retained for the periods prescribed by applicable legislation.

When you pay for our services, we process the information necessary to execute and record payments, issue invoices, and comply with accounting and tax obligations.

For online payments, we use MONRI WSPay. Payment card and other payment-related information are processed through the secure systems of the payment service provider.

As a rule, Hotel Kaj does not have access to full payment card details, except where such access is necessary and legally permitted for reservation processing, pre-authorisation, payment collection, or compliance with contractual and legal obligations.

If you subscribe to our newsletter or provide consent to receive marketing communications, we may process:

• Your e-mail address
• Your first and last name (if provided)
• Information regarding the consent you have given
• Information about your interaction with our communications, where supported by the tools used

We send newsletters and marketing communications only when we have an appropriate legal basis to do so, most commonly your consent.

You may withdraw your consent and unsubscribe from marketing communications at any time by clicking the unsubscribe link included in our messages or by contacting us at kaj@salveregina.hr.

If, during the reservation process, communication with us, or your stay, you voluntarily provide information regarding special needs, allergies, dietary restrictions, disabilities, health conditions, or other circumstances relevant to the safe and appropriate provision of services, such information will be processed with particular care.

We use this information solely to provide services tailored to your needs, such as adapting accommodation, meals, wellness treatments, or other aspects of your stay.

Access to such information is restricted to a limited number of authorised persons who require the information in order to provide the requested service.

Certain areas of Hotel Kaj are protected by a video surveillance system for the purposes of:

• Protection of persons and property
• Safety and security of guests, employees, and visitors
• Prevention and detection of unlawful activities

Areas under video surveillance are clearly marked with appropriate notices.

Video recordings are retained for a maximum period of 30 days, unless a longer retention period is required for legal proceedings, evidentiary purposes, or the establishment, exercise, or defence of legal claims.

If you apply for a position at Hotel Kaj or SALVE REGINA-MARIJA BISTRICA d.o.o., we may process the information contained in your application, including:

• First and last name
• Contact details
• Curriculum Vitae (CV)
• Educational background
• Employment history
• Cover letter
• Any other information you choose to provide

This information is used exclusively for recruitment purposes and candidate assessment.

Applicant data is retained for the duration of the recruitment process and for an additional six (6) months following its completion, unless you provide separate consent for longer retention for future recruitment opportunities.

We process personal data for the following purposes:

Communication with You

To respond to enquiries, provide requested information, send offers, process requests, and maintain communication regarding our services.

Reservation Processing and Service Delivery

To process accommodation enquiries and reservations, confirm, amend or cancel reservations, provide accommodation and related services, communicate before, during and after your stay, collect payments, and issue invoices.

Compliance with Legal Obligations

To register and deregister guests, maintain records required under tourism regulations, calculate and collect tourist taxes, comply with tax and accounting obligations, and respond to requests from competent authorities.

Newsletters and Promotion of Services

To send news, special offers, accommodation packages, wellness offers, conference services, wedding services, events, and other promotional communications where we have an appropriate legal basis to do so.

Website Analytics and Improvement

To understand visitor behaviour, measure website performance, improve content, and enhance user experience.

Advertising and Campaign Performance Measurement

To measure conversions, conduct remarketing activities, and display more relevant advertising where you have provided consent.

Security, Fraud Prevention and Protection of Rights

To protect our website, information systems, guests, employees, property, business operations, and legal interests.

We process personal data only where there is a valid legal basis under applicable data protection legislation.

Depending on the purpose of processing, the legal basis may include:

• Your consent
• Performance of a contract
• Taking steps at your request before entering into a contract
• Compliance with a legal obligation
• Protection of your vital interests
• Our legitimate interests, provided that such interests do not override your rights and freedoms

Where processing is based on consent, you have the right to withdraw your consent at any time.

Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.

The website hotelkaj.hr uses various tools for analytics, advertising, campaign measurement, customer relationship management, and website optimisation.

Used to analyse website traffic, visitor sources, user behaviour, and content performance.

Used to measure advertising effectiveness, track conversions, and display relevant advertisements.

Used to measure the effectiveness of Facebook and Instagram advertising campaigns, conduct remarketing activities, and display more relevant advertisements.

Used for managing contacts, forms, customer enquiries, and marketing communications.

Microsoft Clarity

Used to analyse user behaviour and user experience, including clicks, navigation patterns, page interactions, and technical issues encountered while using the website.

Cloudflare

Used for website security, content delivery optimisation, technical protection, and processing security identifiers necessary for the operation and protection of the website.

Microsoft Clarity may process technical information relating to website usage and may generate session recordings to help us understand how visitors interact with the website.

Where technically possible, information entered into forms should be masked or anonymised to avoid unnecessary processing of personal data.

Google Ads, Meta Ads and related marketing tools are used only with your consent to marketing cookies.

Google Analytics and Microsoft Clarity are used only with your consent to analytical cookies, except where processing is necessary for website security or essential website functionality.

HubSpot

We use HubSpot to manage contacts, forms, enquiries, customer relationships, and marketing communications.

When you complete a form on our website, subscribe to our newsletter, or contact us through available digital channels, your personal data may be stored within the HubSpot platform.

This may include:

• First and last name
• E-mail address
• Telephone number
• Contents of enquiries
• Information regarding your interest in specific services
• Communication history

We use this information to respond to enquiries, provide requested services, prepare offers, maintain communication records, and, where consent has been provided, send marketing communications.

Subject to your consent, we may use marketing cookies and similar technologies to measure advertising effectiveness and display more relevant advertisements on Google, Facebook, Instagram, and related advertising platforms.

This may include information regarding:

• Pages you visited
• Offers you viewed
• Whether you started or completed a reservation
• Which advertisement brought you to our website
• Whether you completed a specific action, such as submitting an enquiry, subscribing to a newsletter, or making a reservation

We do not sell your personal data to third parties.

Personal data may be shared only where necessary for the provision of our services, compliance with legal obligations, protection of our business operations, or the establishment, exercise, or defence of legal claims.

Your personal data may be shared with:

• IT service, hosting, and cybersecurity providers
• Website maintenance providers
• PHOBS, as our booking and property management system (PMS) provider
• MONRI WSPay, as our payment service provider
• Accounting and tax advisors
• Legal advisors
• Google, Meta, Microsoft Clarity, HubSpot, and other providers of digital tools, depending on your consent settings
• Providers of security and property protection services
• Competent public authorities where disclosure is required by law
• Other business partners where necessary for the provision of requested services

We enter into appropriate data processing agreements with our processors and require them to process personal data only in accordance with our instructions and with appropriate technical and organisational safeguards.

Certain service providers used by us, particularly digital platforms, analytical tools, and advertising systems, may process personal data outside the European Union (EU) or the European Economic Area (EEA).

Whenever such transfers occur, we take appropriate measures to ensure compliance with the GDPR, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy Decisions adopted by the European Commission
• Other legally recognised transfer safeguards

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law or necessary for the protection of our legal rights.

*Retention periods may be extended where required by applicable law or for the establishment, exercise or defence of legal claims.

Under the GDPR, you have the following rights:

• Right of access to your personal data
• Right to rectification of inaccurate or incomplete data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right not to be subject to a decision based solely on automated processing, including profiling, where such decision produces legal effects or similarly significant effects

To exercise any of your rights, please contact us at:

kaj@salveregina.hr

We will respond to your request without undue delay and, in any event, within one month of receipt.

This period may be extended by an additional two months where necessary due to the complexity or number of requests. If so, we will inform you accordingly.

If you believe that the processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP).

Our website and services are not intended for independent use by persons under the age of 16 without the appropriate consent of a parent or legal guardian.

Where children's personal data is processed in connection with accommodation services, guest registration, family reservations, prize competitions, or other services, such data is processed only to the extent necessary and lawful, with particular care and protection.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or destruction.

Such measures include:

• Restricted access to personal data
• Secure information systems
• Protection of communication channels and infrastructure
• Data backup procedures
• Internal data protection procedures
• Confidentiality obligations
• Contractual safeguards with processors and service providers

In the event of a personal data breach, we act in accordance with the GDPR and our internal procedures.

Where a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will also inform affected individuals unless an exemption under the GDPR applies.

We do not use personal data for automated decision-making that produces legal effects concerning you or similarly significantly affects you.

Certain analytical and marketing tools may be used for audience segmentation, campaign performance measurement, and the display of more relevant advertising, but only in accordance with your consent preferences and applicable legislation.

We may update this Privacy Policy from time to time to reflect changes in our services, technologies, legal obligations, or data processing practices.

The latest version will always be available on this website.

We encourage you to review this Privacy Policy periodically to stay informed about how we process and protect your personal data.

Cookies are small text files stored on your device when you visit a website.

Cookies enable the website to function properly, remember your preferences, measure website traffic, analyse user behaviour, improve user experience, and, subject to your consent, display more relevant advertising.

In addition to cookies, the website may use similar technologies such as pixels, tags, web beacons, and browser local storage.

Strictly necessary cookies are essential for the operation of the website, maintaining security, remembering your cookie preferences, and preventing abuse.

These cookies do not require your consent because they are necessary for the functioning of the website.

Analytical cookies help us understand how visitors use our website, which pages are visited most frequently, how users navigate through content, and where improvements can be made.

We use:

• Google Analytics
• Microsoft Clarity

These cookies are activated only with your consent.

Marketing cookies are used to measure advertising effectiveness, conduct remarketing activities, and display more relevant advertisements on Google, Facebook, Instagram, and related platforms.

We use:

• Google Ads
• Meta Ads / Meta Pixel

These cookies are activated only with your consent.

Functional cookies are used to enhance user experience and support website functionality, including forms, CRM integrations, and remembering certain preferences.

HubSpot cookies may be used for these purposes.

Based on the current website configuration, the following cookies may be used on hotelkaj.hr.

The actual list of cookies may vary depending on:

• Your consent preferences
• Website configuration
• Third-party services active at the time of your visit
• Updates implemented by third-party providers

When you first visit our website, you may choose which categories of cookies you wish to accept.

You can change your cookie preferences at any time through the:

• "Cookie Settings"
• "Manage Cookie Preferences"

links available on the website.

You may choose to:

• Accept all cookies
• Reject all non-essential cookies
• Customise cookie preferences by category

Changes to your settings apply from the moment they are made and do not affect processing that took place while a previous consent was valid.

Our website may contain content, services, or tools provided by third parties, including:

• Analytics services
• Advertising pixels
• Maps
• Video content
• Booking systems
• Payment systems

These third parties may place their own cookies and process certain technical information in accordance with their own privacy policies.

While we strive to ensure that third-party cookies are activated only in accordance with your consent preferences where required, we do not always have direct control over all third-party cookies.

If you have any questions regarding this Privacy Policy, Cookie Policy, or the processing of your personal data, please contact us at:

SALVE REGINA-MARIJA BISTRICA d.o.o.
Trpinjska ulica 9
10000 Zagreb
Croatia

E-mail: kaj@salveregina.hr

If you are not satisfied with our response or believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP).

 Last updated: 15 May 2026