Privacy Policy

1. DATA CONTROLLER

The controller of personal data is:

Valera estate d.o.o.

Ul. Nenada Mataka 9, Zadar, Croatia

OIB / Personal Identification Number: 01078375406

E-mail: tina@valeraestate.com

Telephone: +385 91 333 5833

Website: https://rentebikezadar.com

For all questions related to the processing of personal data, the user may contact us at the following e-mail address: tina@valeraestate.com

2. PERSONAL DATA WE COLLECT

We collect only those personal data that are necessary for providing the bicycle rental service, communicating with users, charging for the service, protecting our property, and fulfilling our legal obligations. Depending on the method of communication and use of the service, we may collect the following categories of personal data:

2.1. Basic user data

When collecting a bicycle, we collect basic data necessary for providing the bicycle rental service:

• first and last name
• mobile phone number
• e-mail address

These data are necessary so that we can record the rental user, provide the service, contact the user in connection with the rental, and protect the rights and interests of both the service provider and the user.

2.2. Data on the use of the bicycle rental service

In connection with bicycle rental, we may process data relating to the use of the service, for example:

• date and time of bicycle collection
• date and time of bicycle return
• rental duration
• bicycle identification number
• location of bicycle collection and return
• data on any irregularities, damage, delays, or user reports

2.3. Bicycle location data

The web application does not use the location of the user’s device and does not track the user via their mobile device. Bicycles may be equipped with a GPS tracker that enables the location of the bicycle to be tracked. Bicycle location data are processed for the purpose of managing rentals, protecting property, locating the bicycle in the event of non-return, loss, theft, damage, or other misuse of the service. Data from the GPS tracker relate to the location of the bicycle, but in certain cases they may be linked to a specific rental and to the user who was using the bicycle at that time.

2.4. Payment data

If the rental service is charged, we may process data necessary for charging and recording payments, for example:

• payment amount
• date and time of payment
• payment method
• payment status
• invoice number or reference
• transaction identifier, where applicable

If payment is made through an external payment service provider, payment data may be processed by that provider in accordance with its own privacy rules.

2.5. Communication data

If a user contacts us by telephone, e-mail, or in another way, we may process the data contained in that communication, such as:

• first and last name
• e-mail address
• mobile phone number
• content of the inquiry, reservation, complaint, or other message
• data necessary to respond to the inquiry or resolve the user’s request

2.6. Data we do not collect

User registration is not required in order to use the web application. We do not collect user account data because user accounts are not provided. We do not use newsletters or marketing lists, and we do not process personal data for the purpose of sending promotional communications. The web application does not use the location of the user’s device.

3. PURPOSES AND LEGAL BASES OF PROCESSING

We process personal data only where there is an appropriate purpose and legal basis in accordance with applicable data protection regulations.

3.1. Reservation and organisation of bicycle rental

Purpose of processing:

We process personal data in order to receive a reservation, arrange the time of bicycle collection, confirm bicycle availability, and communicate with the user in connection with the rental.

Data that may be processed:

• first and last name
• mobile phone number
• e-mail address
• content of communication relating to the reservation

Legal basis:

The processing is necessary in order to take steps at the request of the user prior to entering into a rental agreement, or for the performance of the rental agreement.

3.2. Recording users when collecting a bicycle

Purpose of processing:

When a bicycle is collected, we process the user’s basic data for the purpose of recording the person to whom the bicycle has been handed over for use, properly performing the rental service, communicating with the user, and protecting the rights of the contracting parties.

Data that may be processed:

• first and last name
• mobile phone number
• e-mail address
• data on the bicycle collected
• time and place of bicycle collection

Legal basis:

The processing is necessary for the performance of the bicycle rental agreement.

3.3. Use and return of the bicycle

Purpose of processing:

We process rental data in order to record the rental duration, the places of bicycle collection and return, the proper calculation of the service fee, and to resolve any questions, complaints, delays, irregularities, or damage.

Data that may be processed:

• date and time of bicycle collection
• date and time of bicycle return
• rental duration
• bicycle identification number
• location of bicycle collection and return
• data on any irregularities or damage

Legal basis:

The processing is necessary for the performance of the bicycle rental agreement. In certain cases, the processing may also be based on the legitimate interest of the service provider, for example for the purpose of protecting property, proving that the service was performed, resolving disputes, or preventing misuse of the service.

3.4. GPS location of the bicycle

Purpose of processing:

The GPS tracker installed in the bicycle is used to track the location of the bicycle, manage bicycles, protect property, and locate the bicycle in the event of loss, theft, non-return, damage, or other misuse of the service. The web application does not use the location of the user’s device.

Data that may be processed:

• location of the bicycle
• time at which the location was recorded
• bicycle identification number
• data on the rental with which the bicycle may be linked

Legal basis:

The processing is based on the legitimate interest of the service provider in protecting property, ensuring the security of the rental system, and preventing misuse of the service. Where the processing of location data is necessary for the performance of the rental service itself, the legal basis may also be the performance of the contract.

3.5. Calculation and payment of the service

Purpose of processing:

We process data for the purpose of calculating the rental price, recording payments, issuing invoices, and keeping business records.

Data that may be processed:

• first and last name of the user, if required for the invoice or records
• payment amount
• date and time of payment
• payment method
• payment status
• invoice number or reference
• transaction identifier, where applicable

Legal basis:

The processing is necessary for the performance of the rental agreement. Certain data are also processed for the purpose of fulfilling legal obligations, in particular accounting, tax, and other statutory obligations.

3.6. Communication with users and customer support

Purpose of processing:

We process data in order to respond to user inquiries, receive reservations, resolve complaints, provide information about rentals, respond to user requests, or resolve possible difficulties related to the service.

Data that may be processed:

• first and last name
• e-mail address
• mobile phone number
• content of the inquiry, reservation, complaint, or other communication

Legal basis:

The processing is based on the performance of a contract or on taking steps prior to entering into a contract, where the communication relates to a bicycle reservation or rental. Where the communication relates to general inquiries, complaints, or the protection of rights and interests, the processing may be based on the legitimate interest of the service provider.

3.7. Protection of rights, property, and service security

Purpose of processing:

We may process certain data for the purpose of protecting bicycles, preventing misuse of the service, proving the collection and return of a bicycle, collecting any outstanding claims, resolving disputes, or acting upon requests from competent authorities.

Data that may be processed:

• basic user data
• rental data
• bicycle data
• bicycle location data
• communication with the user
• payment data, where applicable

Legal basis:

The processing is based on the legitimate interest of the service provider in protecting property, preventing misuse, proving legal claims, and ensuring the security of the service. In the event of a legal obligation or a request from a competent authority, the processing is based on compliance with a legal obligation.

3.8. Compliance with legal obligations

Purpose of processing:

We process certain personal data where this is necessary in order to comply with legal obligations, for example in connection with accounting, tax regulations, issuing and retaining invoices, and acting upon lawful requests from competent authorities.

Data that may be processed:

• data necessary for accounting and tax records
• payment data
• user data, where necessary for compliance with prescribed obligations

Legal basis:

The processing is necessary for compliance with the legal obligations of the controller.

4. TO WHOM WE MAY DISCLOSE PERSONAL DATA

We do not sell, rent, or disclose personal data to third parties for marketing purposes. We may share personal data only where this is necessary for providing the service, fulfilling legal obligations, or protecting our rights and interests. Personal data may be accessible to the following recipients:

• hosting service providers, if data are stored through an external provider of technical infrastructure
• providers of web application development, maintenance, and technical support services
• payment service providers, if payment is made through an external provider
• accounting service providers
• legal and business advisers, where necessary
• insurance companies, where applicable in the event of damage
• competent authorities, where required by law or where there is a lawful request

All processors that process personal data on our behalf are required to protect personal data in accordance with a contract and applicable data protection regulations.

5. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

Personal data are generally processed within the European Economic Area. We do not intend to transfer users’ personal data to third countries, i.e. outside the European Economic Area, or to international organisations. If the need for such a transfer arises in the future, this Privacy Policy will be updated in advance, and the transfer will be carried out only in accordance with applicable data protection regulations.

6. HOW LONG WE KEEP PERSONAL DATA

We retain personal data only for as long as necessary for the purposes for which they were collected, unless a longer retention period is prescribed by law or is necessary for the protection of our rights and legal interests. The indicative retention periods are as follows:

• reservation data and communication before the rental: for as long as necessary to organise the rental and resolve any inquiries
• basic user data collected when the bicycle is collected: during the rental period and thereafter for as long as necessary to prove the performance of the service, resolve complaints, collect claims, or protect legal interests
• bicycle rental data: during the user relationship and thereafter for as long as necessary to prove that the service was performed, resolve complaints, protect property, or exercise legal claims
• payment data and invoices: for the periods prescribed by accounting and tax regulations
• customer support and communication data: for as long as necessary to resolve inquiries, requests, or complaints
• bicycle location data: for as long as necessary to manage the service, protect property, and resolve any irregularities, unless longer retention is necessary for legal claims

After the expiry of the retention periods, personal data are deleted, anonymised, or otherwise no longer processed in a form that enables the identification of the user.

7. USER RIGHTS

The user has the rights prescribed by applicable data protection regulations. The user has the right to request:

• access to their personal data
• confirmation as to whether we process their personal data
• rectification of inaccurate or incomplete personal data
• erasure of personal data, where the conditions for this are met
• restriction of processing, where the conditions for this are met
• objection to the processing of personal data, where the processing is based on legitimate interest
• data portability, where applicable
• withdrawal of consent, if the processing is based on consent

To exercise their rights, the user may contact us at: tina@valeraestate.com

Before acting upon the request, we may request additional information necessary to verify the identity of the user. We will respond to the user’s request within the period prescribed by applicable regulations.

The user also has the right to lodge a complaint with the supervisory authority:

Croatian Personal Data Protection Agency
Selska cesta 136
10000 Zagreb
Croatia
Website: www.azop.hr

8. SECURITY OF PERSONAL DATA

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or unauthorised disclosure. Security measures may include:

• restricting access to personal data only to persons who need the data
• protecting business documentation and records
• using appropriate technical protection for the web application
• secure communication and data storage, where applicable
• regular maintenance and monitoring of the system

Despite the application of security measures, no system is completely immune to security risks. In the event of a personal data breach, we will act in accordance with applicable regulations.

9. COOKIES AND SIMILAR TECHNOLOGIES

The web application may use basic, strictly necessary cookies that are required for its proper functioning. Strictly necessary cookies are used, for example, for:

• enabling the basic operation of the web application
• ensuring the security and stability of the website
• remembering basic technical settings

If the web application uses only strictly necessary cookies, they may be used without the user’s separate consent. If analytical, marketing, or other non-essential cookies are introduced in the future, the user will be clearly informed, and such cookies will be used only where there is an appropriate legal basis, including the user’s consent where required.

10. MINORS

The bicycle rental service is intended for persons who can validly enter into a bicycle rental agreement in accordance with the Terms and Conditions of Use. If the use of the service is permitted for minors, the terms of use of the service, the age limit, and any need for the consent of a parent or guardian will be regulated by the Terms and Conditions of Use. We do not knowingly collect personal data of minors, unless this is necessary for providing the service in accordance with applicable regulations and the Terms and Conditions of Use.

11. AUTOMATED DECISION-MAKING

We do not make decisions based solely on automated processing of personal data that would produce legal effects concerning the user or similarly significantly affect the user.

12. CHANGES TO THIS PRIVACY POLICY

We may amend this Privacy Policy from time to time in order to align it with changes to the web application, the manner in which the service is provided, our business operations, or applicable regulations. The updated version of the Privacy Policy will be available in the web application or on the website. The date of the last update is stated at the beginning of this document.

13. CONTACT

For all questions, requests, or complaints related to the processing of personal data, you may contact us at:

Valera estate d.o.o.
Ul. Nenada Mataka 9
Zadar, Croatia
E-mail: tina@valeraestate.com
Telephone: +385 91 333 5833