1. Data Controller

Aexea d.o.o. („Aexea“, „we“, „us“, „our“) is the controller of your personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 (General Data Protection Regulation, „GDPR“) and the Croatian Act on the Implementation of the General Data Protection Regulation (Zakon o provedbi Opće uredbe o zaštiti podataka, OG 42/2018).

2. Scope of this Policy

This policy explains which personal data we collect when you visit www.aexea.hr, contact us by email, or submit a charter inquiry through the website; how we use that data; and what rights you have under applicable law.

3. Categories of Personal Data Processed

Data you provide through the inquiry form

• Full name
• Email address
• Phone number (optional)
• Requested charter dates (check-in, check-out)
• Number of guests
• Free-text message, including any information you choose to disclose

Data collected automatically when you visit the website

• IP address (truncated or pseudonymised where technically feasible)
• Date and time of the request
• Pages requested and HTTP status codes
• Browser type, user agent string and operating system
• Referrer URL

4. Purposes of Processing and Legal Basis

• Responding to charter inquiries and preparing charter offers — legal basis: Art. 6(1)(b) GDPR (pre-contractual measures taken at the request of the data subject).
• Concluding and performing a charter contract — legal basis: Art. 6(1)(b) GDPR (performance of a contract).
• Ongoing communication with charter clients and maintaining the client relationship — legal basis: Art. 6(1)(f) GDPR (legitimate interest in servicing our clients).
• Operational security of the website and abuse prevention — legal basis: Art. 6(1)(f) GDPR (legitimate interest in the integrity of our systems).
• Complying with statutory obligations under Croatian law (accounting, tax, maritime and port formalities) — legal basis: Art. 6(1)(c) GDPR.

5. Recipients and Third Parties

Your personal data may be shared with the following categories of recipients:

• Our email, hosting and IT service providers, acting as processors on our behalf on the basis of Art. 28 GDPR data-processing agreements.
• Our accountants and legal advisors, bound by professional confidentiality.
• Competent public authorities (tax, port, maritime, police), where we are legally obliged to disclose.

We do not sell personal data to third parties, and no decision concerning you is made solely by automated means, including profiling.

6. International Transfers

Personal data is primarily processed within the European Union and the European Economic Area. Where a processor is located outside the EU/EEA, we transfer personal data only on the basis of an adequacy decision of the European Commission or appropriate safeguards pursuant to Chapter V GDPR (in particular Standard Contractual Clauses under Art. 46(2)(c) GDPR).

7. Retention Periods

• Inquiry form data (where no contract is concluded): retained for up to 12 months after the last contact, then deleted or anonymised.
• Contract and invoicing data: retained for the periods prescribed by Croatian tax and accounting legislation, in particular 11 years from the end of the business year, in accordance with the Accounting Act (Zakon o računovodstvu).
• Server log data: retained for up to 14 days for security and troubleshooting purposes, unless a longer retention is necessary to investigate a specific security incident.

8. Cookies and Tracking

This website uses only technically necessary cookies required for the correct display of the page. We do not use analytics cookies, advertising cookies, social-media trackers, or any third-party profiling technologies.

Web fonts are loaded from the Google Fonts CDN. In this context, Google Ireland Ltd. may log the IP address of your device. If you prefer to avoid this, you can block external font loading in your browser settings.

9. Your Rights

Under the GDPR and the Croatian implementing act, you have the right to:

• Obtain confirmation of, and access to, the personal data we process about you (Art. 15 GDPR).
• Have inaccurate or incomplete data rectified (Art. 16 GDPR).
• Have your data erased where one of the grounds in Art. 17 GDPR applies („right to be forgotten“).
• Obtain restriction of processing (Art. 18 GDPR).
• Receive your data in a structured, commonly used and machine-readable format and have it transmitted to another controller (Art. 20 GDPR).
• Object, at any time, to processing that is based on our legitimate interest, including profiling (Art. 21 GDPR).
• Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing already carried out (Art. 7(3) GDPR).

To exercise any of these rights, write to office@aexea.hr. We will respond within one month of receiving the request (Art. 12(3) GDPR), with a possible extension of up to two further months where justified by the complexity or number of requests.

10. Right to Lodge a Complaint with the Supervisory Authority

Without prejudice to any other remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR (Art. 77 GDPR).

The competent supervisory authority in Croatia is:

11. Obligation to Provide Personal Data

Providing personal data through the inquiry form is voluntary. However, without the data marked as required (name, email, message) we cannot respond to your charter inquiry or prepare an offer.

12. Data Security

We implement appropriate technical and organisational measures under Art. 32 GDPR to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. All data transmission between your browser and our website is encrypted via TLS (HTTPS).

13. Changes to this Policy

We may update this Privacy Policy to reflect changes in our services, the applicable legal framework, or the state of the art. The current version is always published on this page. In the event of material changes, we will provide a notice on our website.

14. Contact for Data Protection Matters

For any questions regarding this Privacy Policy or the processing of your personal data, please contact us at office@aexea.hr.

Last updated: 19 April 2026