GDPR Compliance
Your data protection rights under the General Data Protection Regulation.
Last updated: January 2024
Blazing Axle d.o.o. is committed to protecting personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page outlines how we comply with GDPR requirements and explains your rights as a data subject.
Data Controller
Blazing Axle d.o.o. acts as the data controller for personal information collected through our website and services. Our registered details are:
Blazing Axle d.o.o.
Vukovarska ulica 47
21000 Split, Croatia
OIB: 45871236924
Email: [email protected]
Your Rights Under GDPR
The GDPR provides you with specific rights regarding your personal data. We are committed to honoring these rights:
Right of Access (Article 15)
You have the right to obtain confirmation as to whether we process your personal data and, if so, access to that data along with information about how we use it. We will provide a copy of your personal data free of charge upon request.
Right to Rectification (Article 16)
You may request correction of inaccurate personal data or completion of incomplete data we hold about you. We aim to rectify data within 30 days of receiving a valid request.
Right to Erasure (Article 17)
Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, including when the data is no longer necessary for its original purpose, when you withdraw consent, or when processing was unlawful.
Right to Restrict Processing (Article 18)
You may request that we restrict processing of your personal data while we verify its accuracy, when processing is unlawful but you oppose erasure, when we no longer need the data but you require it for legal claims, or when you have objected to processing pending verification of our legitimate grounds.
Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format where technically feasible. This applies to data you provided to us and that we process based on consent or contract performance.
Right to Object (Article 21)
You may object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing for that purpose immediately.
Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects on you. We do not currently engage in such automated decision-making.
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected]. Include sufficient information to verify your identity and specify which right you wish to exercise. We will respond within one month, though this may be extended by two months for complex requests.
There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse to act on the request.
Lawful Bases for Processing
We process personal data under the following lawful bases as defined by GDPR Article 6:
- Contract (Article 6(1)(b)): Processing necessary to perform our booking services and fulfill our contractual obligations to you
- Consent (Article 6(1)(a)): Where you have explicitly agreed to processing, such as marketing communications
- Legitimate Interests (Article 6(1)(f)): Processing necessary for our business operations, including service improvement and fraud prevention, balanced against your rights
- Legal Obligation (Article 6(1)(c)): Processing necessary to comply with tax, financial, and other regulatory requirements
Data Processing Activities
Our main data processing activities include:
- Managing booking inquiries and reservations
- Processing payments through secure third-party providers
- Communicating with guests before, during, and after stays
- Analyzing website usage to improve our services
- Sending marketing communications to those who have opted in
- Maintaining records for legal and tax compliance
Data Protection Measures
We implement appropriate technical and organizational measures to ensure security appropriate to the risk, including:
- Encryption of data in transit using TLS/SSL protocols
- Access controls limiting data access to authorized personnel
- Regular security assessments and updates
- Staff training on data protection obligations
- Secure disposal of data when no longer needed
International Data Transfers
As a company based in Croatia (EU member state), we primarily process data within the European Economic Area. When data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
Data Breach Notification
In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where feasible. If the breach is likely to result in high risk to you, we will also notify you directly unless appropriate protective measures render the data unintelligible or other exceptions apply.
Supervisory Authority
The supervisory authority for data protection in Croatia is:
Agencija za zaštitu osobnih podataka (AZOP)
Croatian Personal Data Protection Agency
Selska cesta 136
10000 Zagreb, Croatia
Website: azop.hr
You have the right to lodge a complaint with AZOP or with a supervisory authority in your EU member state of residence or place of work if you believe your data protection rights have been violated.
Data Protection Contact
For all data protection inquiries, including exercising your GDPR rights:
Email: [email protected]
Subject line: GDPR Request
We aim to respond to all inquiries within the statutory timeframes and are committed to working with you to address any concerns about our data practices.
Updates to This Information
This GDPR compliance information may be updated periodically. Material changes will be communicated through our website. We recommend reviewing this page occasionally to stay informed about how we protect your data.