Privacy policy

1. Controller

The controller responsible for processing personal data on this website is:

2. Hosting and technical provision

This website is hosted using Vercel. When you access the website, technically necessary information may be processed, including your IP address, date and time of access, content requested, browser and device information and technical log or error data.

This processing is necessary to provide the website securely and reliably. The legal basis is Article 6(1)(f) GDPR; our legitimate interest is the secure and functional operation of the website.

3. Booking requests and availability

When you submit a booking request, we process the information you provide to check availability, calculate the price, handle your request and communicate with you.

• First name and last name
• Email address and telephone number, where provided
• Requested arrival and departure dates
• Number of adults and children
• Optional message
• Price and stay information generated from your selected dates
• Processing and booking status

The legal basis is Article 6(1)(b) GDPR, as processing is necessary to handle your request and take pre-contractual steps at your request.

4. Payment authorisation and payment processing via Stripe and PayPal

If you continue with a booking request, you are redirected to a secure Stripe Checkout payment page. Stripe is used to process the payment authorisation and, if your booking is confirmed, the payment. PayPal may be selected as a payment method within this Stripe payment process.

The total amount is initially authorised or reserved on your chosen payment method. The amount is charged only after we confirm the booking request. If we decline your request, the authorisation is released. If a confirmed paid booking is cancelled, a refund may be processed in accordance with the cancellation conditions.

In connection with payment processing, Stripe and, where you choose PayPal, PayPal may process payment and transaction data, contact details, billing information, technical information and fraud-prevention information required to complete and secure the transaction. Payment details are entered on the Stripe-hosted payment page; our booking system stores payment references and processing statuses required to manage the booking, rather than full card or PayPal login details.

The legal basis for payment processing in connection with a requested or confirmed stay is Article 6(1)(b) GDPR. Additional security and fraud-prevention processing may be carried out by the payment providers in accordance with their own applicable privacy information and legal bases.

5. Storage and booking administration through Supabase

Supabase is used to store and manage booking requests, availability blocks and related booking and payment-processing information.

• Contact data from booking requests
• Travel dates, guest numbers and optional messages
• Price and stay information
• Booking, cancellation and refund status
• Stripe checkout and payment reference identifiers required for administration
• Delivery status of booking-related emails

Where this information relates to a specific booking request or stay, processing is based on Article 6(1)(b) GDPR.

6. Emails and contact

We use the contact details you provide to communicate about your booking request, payment authorisation, confirmation, rejection, cancellation or refund. Transactional emails are technically transmitted using Resend.

Where communication relates to a booking request or stay, processing is based on Article 6(1)(b) GDPR. General enquiries are processed on the basis of Article 6(1)(f) GDPR; our legitimate interest is responding to your enquiry.

7. Contact via WhatsApp

The website offers a link allowing you to send a message through WhatsApp. A connection to WhatsApp is established only when you actively click that link. Further processing after opening WhatsApp is governed by the relevant provider's privacy information.

8. Google Maps

An optional interactive Google Maps map is provided for location information. The map is not loaded automatically; a connection to Google is established only when you actively choose to display the map or open the external map link.

When activated, Google may process technical data such as IP address, browser and device information, date and time of access and interactions with the map. The legal basis for loading the interactive map after activation is your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

9. Cookies, analytics and marketing

At the current technical stage, this website does not use analytics or marketing tracking tools or optional marketing cookies. Technically necessary processing related to hosting, security, booking and payment functions remains unaffected.

10. Recipients and international processing

Personal data is not sold. It is shared only insofar as necessary for operating the website, handling bookings, processing payments, sending transactional emails, responding to contact requests or complying with legal obligations.

• Vercel – hosting and technical provision
• Supabase – booking, availability and administration storage
• Stripe – secure checkout, payment authorisation, payment and refund processing
• PayPal – payment processing where selected as payment method
• Resend – transactional email transmission
• WhatsApp – only where you actively use the external contact link
• Google Maps – only after active display or opening of the map

Some service providers may process data outside the European Union or European Economic Area. Where such a transfer takes place, it is carried out only in accordance with applicable requirements for international data transfers.

11. Retention and your rights

We retain personal data only for as long as required to handle your request, administer any resulting booking, payment, cancellation or refund and comply with statutory retention and evidence obligations.

Subject to statutory requirements, you have rights including access, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interests and the right to lodge a complaint with a competent supervisory authority. To exercise your rights, please contact holiday.beslic@gmail.com.

12. Changes to this privacy policy

We may update this privacy policy if the website, the services used or legal requirements change. Last updated: May 2026.