Last updated: June 15, 2025
This Privacy Policy describes how personal data are collected, used, and disclosed by OtoTrak d.o.o., Žlibina 18, 51262 Kraljevica, OIB: 44754487909 entered into the Court Registry of the Commercial Court in Rijeka under registry number 040372098 ("OtoTrak", "We", "Us" or "Our") when using services offered on this website hosted at the domain https://365.tours and its subdomains, as well as all connected offerings (collectively "Platform") and provides information on privacy rights and how to exercise them ("Privacy Notice").
Unless expressly provided in this Privacy Notice, terms used herein have the meaning given to them in the "REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC" ("General Data Protection Regulation" or "GDPR").
Terms used herein that are defined in the Terms and Conditions for access to and use of the Platform have the meaning given to them therein.
OtoTrak is the data controller in relation to processing of personal data of the users of its services offered on the Platform (searching and booking sport, leisure and related activities of particular provider and presentation and publishing of offers for booking of these activities by the service providers) and visitors to the Platform, as We are the ones who determine the purposes and means of the processing of your personal data in this regard, all in accordance with applicable provisions of GDPR and Croatian Act on Implementation of GDPR (OG 42/2018).
For the purpose of registration/creating an account of the users we collect and process the following personal data:
(collectively "Registration data users")
For the purpose of registration/creating an account of the services providers we collect and process the following personal data:
(collectively "Registration data services providers")
We use the Registration data for the purpose of registration of an account and any subsequent log ins to your account on the Platform as well as for the purpose of using of our services of booking sport, leisure and related activities of particular provider and publishing offers for booking of these activities on the Platform.
You may also use our services of booking sport, leisure and related activities of particular provider as a guest, i.e., without registration of an account. In this case, for the purpose of providing said services we will collect and process your following personal data: first name and last name, email address and country.
You can also log in to use our services on the Platform through the following third-party social media services:
If you decide to register through a third-party social media service, We may collect personal data that is already associated with your third-party social media service's account, such as your email address used for log in to your social media user's account. Also, your name, language preference, your profile picture. When logging in through those third-party social media service, particular social media service you use will inform you about additional data it shares with us/gives us access to.
You may also have the option of sharing additional information with Us through your third-party social media service's account. If You choose to provide such information and personal data, during registration or otherwise, you are giving us permission to use, share, and store it in a manner consistent with this Privacy Policy.
We use your email address when you contact us/our customer service support in order to respond to your inquiry or request sent to us as well as for sending news and information (promotional and marketing materials, i.e., newsletters), when you have given us your consent for processing for this purpose. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
We may also process your Registration data for the purpose of the establishment, exercise, or defence of legal claims. Also, in order to comply with legal obligations of the data controller, we may process your Registration data if necessary to act in accordance with the law or a court order.
When you access to or use our Platform and services We offer there, we automatically collect certain data from your browser through so called cookies or similar technologies. A Cookie is a small file that the Platform sends to the user's browser, which then stores it on your computer. Cookies allow us to see what pages you have visited, to determine how often certain pages are visited and to determine which parts of the Platform are the most popular. This helps us to improve our Platform and provide better and personalized services and ensure the security of our Platform.
The information that we may collect through cookies or similar technology are:
To learn more about our use of cookies and how you can change your settings to delete or refuse cookies, please check our cookies policy here.
When you access the Platform and services We offer there by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
We may also collect information that your browser sends whenever you visit our Platform or when you access the Platform by or through a mobile device.
If We intend to use any of your personal data for a new purpose, not covered by this Privacy Notice, then We will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent for such new processing.
We share your Registration data and other your above personal data collected from you through registration and use of services on our Platform with the following recipients/categories of recipients:
All personal data that We collect, and process are generally stored within the European Economic Area ("EEA"). However, given that we use a cloud computing service for storage of the collected data, which operates globally but is headquartered in the USA, the data we collect may be transferred to the USA. When this is the case, the processor will ensure that this transfer complies with applicable laws and legislation. For more information, please see the respective privacy policy on the following link: https://privacy.microsoft.com/en-US/data-privacy-notice. In case that we would be required to share your personal data with an entity located outside of the EEA or to countries that are not recognized by the European Commission as countries providing adequate level of protection of personal data, we will, as required by applicable law, ensure that data subject's rights are adequately protected by appropriate safeguards, as envisaged in Art. 46 of the GDPR. These safeguards may include (i) entering into European Commission approved standard contractual clauses to protect your personal data; and (ii) entering into binding corporate rules (and you have a right to ask us for a copy of these clauses or rules by contacting us as set out below). Where permitted by the law, in relation to transfers, we may rely on derogations from Art. 49 of the GDPR, such as your explicit consent. We shall notify you in timely manner about any such transfers outside EEA and safeguards/derogations put in place to protect your personal data.
We will retain your personal data in a form that allows for identification only for as long as is necessary for the purposes set out in this Privacy Policy for which the data were collected or, where applicable where you have withdrawn your consent for processing.
After the personal data is no longer necessary for the purpose for which the same were collected or where applicable, when you have withdrawn your consent for processing, we will destroy or anonymize those personal data, so that they are no longer in a form which permits identification of data subjects, except if:
When using our services of booking sport, leisure and related activities of particular provider either through your registered account or as guest, we use third-party services for processing of your payment. Namely, Stripe.
We will not collect or store your payment card details. That information is provided directly to the provider of these services. Collection and processing of your personal data by the subject provider is governed by their privacy policy, which can be viewed at https://stripe.com/en-hr/privacy. However, these providers adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
You may exercise the above your rights by contacting Us at support@365.tours. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, We will try our best to respond to you as soon as possible.
If you will consider that processing of your personal data from our end infringes your rights, you have the right to lodge a complaint with the competent data protection supervisory authority. Contact details for the Croatian data protection supervisory authority are as follows:
Our Platform may contain links to other websites that are not operated by Us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
We conduct regular audits of personal data processing. Because of this as well as because of possible changes in the law and the changing nature of technology, this Privacy Notice may periodically change. We therefore encourage you to check from time to time all changes and updates to this Privacy Notice, which will be published at this website.
This Privacy Notice was last updated on June 15, 2025.
If you have any questions about this Privacy Policy, you can contact us: