Privacy Policy

Mil Travel d.o.o. ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website mil-travel.hr (the "Website") and use our services, in accordance with the General Data Protection Regulation (GDPR - EU 2016/679) and Croatian data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Mil Travel d.o.o.
Croatia
Email: info@mil-travel.hr
Phone: +385 99 374 3474

If you have any questions about how we handle your personal data or wish to exercise your rights, please contact us using the details above.

2. What Personal Data We Collect

We collect and process the following categories of personal data:

a) Data you provide directly

Full name
Email address
Phone number
Pickup and drop-off locations
Travel date and time
Vehicle and passenger preferences
Luggage information
Any additional details you provide in the booking form

b) Data collected automatically (only with your consent)

IP address
Browser type and version
Operating system
Pages visited and time spent
Referral source
Device information

Important: Automatically collected data through analytics tools is only gathered if you have given your explicit consent through our cookie consent banner.

3. How We Use Your Data

We process your personal data for the following purposes:

Purpose	Legal Basis (GDPR Art. 6)
Processing your booking inquiry	Legitimate interest / Pre-contractual measures (Art. 6(1)(b))
Providing our transfer services	Performance of a contract (Art. 6(1)(b))
Responding to your inquiries	Legitimate interest (Art. 6(1)(f))
Website analytics and improvement	Consent (Art. 6(1)(a))
Legal compliance and record keeping	Legal obligation (Art. 6(1)(c))

4. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. We do not set any non-essential cookies without your explicit consent.

a) Strictly Necessary

These are essential for the website to function. They do not require consent and cannot be disabled. Currently, our website does not set any cookies by default.

b) Analytics Cookies (Consent Required)

When you consent, we may use Google Analytics (via Google Tag Manager) to understand how visitors use our website. These cookies collect anonymized data about page views, session duration, and traffic sources. You can withdraw consent at any time.

c) Marketing Cookies (Consent Required)

These cookies are used to deliver relevant advertisements and track the effectiveness of marketing campaigns. They are only set if you explicitly consent.

Managing Your Cookie Preferences

You can change your cookie preferences at any time by clicking the link in our website footer, or by clearing your browser's local storage.

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal data to third parties. We may share your data with:

Service providers: Our chauffeurs and drivers who need your travel details to provide the service
Email service providers: For processing and delivering booking confirmations
Analytics providers: Google Analytics (only with your consent) - data is processed within the EU/EEA where possible
Legal authorities: When required by law or legal proceedings

All third-party providers are contractually bound to process your data only on our instructions and in compliance with GDPR.

6. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If any data is transferred outside the EEA (for example, through Google Analytics), we ensure appropriate safeguards are in place, such as:

EU Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Binding corporate rules of the data processor

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Booking inquiries: Up to 2 years after the last contact, unless a contract is formed
Contractual data: For the duration of the contract plus the legally required retention period (up to 10 years for tax/accounting records under Croatian law)
Analytics data: Anonymized and retained for up to 14 months
Consent records: Retained for as long as the consent is valid plus 3 years

After the retention period, data is securely deleted or fully anonymized.

8. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of AccessYou can request a copy of the personal data we hold about you.

Right to RectificationYou can request correction of inaccurate or incomplete data.

Right to ErasureYou can request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.

Right to RestrictionYou can request that we restrict processing of your data in certain circumstances.

Right to Data PortabilityYou can request your data in a structured, commonly used, machine-readable format.

Right to ObjectYou can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw ConsentWhere processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@mil-travel.hr. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

HTTPS/TLS encryption for all data in transit
Restricted access to personal data on a need-to-know basis
Regular security reviews of our website and processes
Secure hosting within the EU

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us immediately.

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

11. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Croatian Data Protection Authority:

Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136, 10000 Zagreb, Croatia
Website: azop.hr
Email: azop@azop.hr

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, re-request your cookie consent.

We encourage you to review this page periodically for the latest information on our privacy practices.