Come and meet us at Allt för sjön in March!

Privacy policy

1. Data Controllers

The data controllers responsible for the processing of personal data are:

Chilla Sailing AB
Sweden

and

Chilla Sailing d.o.o
Croatia

Together referred to as “Chilla Sailing”, “we”, “our”, or “us”.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Croatian and Swedish data protection legislation.

If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us:

Email: booking@chillasailing.com

2. Personal Data We Collect

We collect personal data when you:

  • Book a charter trip
  • Register as a guest or crew member
  • Subscribe to newsletters
  • Contact us via phone, email or website
  • Use our website or digital services

The personal data collected may include:

  • Identification Data
  • Full name
  • Date of birth
  • Nationality
  • Passport or ID number
  • Place of birth

Contact Data

  • Address
  • Email address
  • Telephone number

Charter and Travel Information

  • Charter booking details
  • Travel dates
  • Vessel information
  • Port of embarkation and disembarkation
  • Crew list information
  • Skipper license details
  • VHF license number (if applicable)

Additional Information

When necessary for the trip:

  • Dietary requirements
  • Health or safety information relevant to the charter
  • Emergency contact details

Website Data

When visiting our website we may collect:

  • IP address
  • Device information
  • Browser information
  • Website interaction data
  • Cookie identifiers

3. Purpose of Processing Personal Data

Your personal data is processed for the following purposes:

Charter Administration

  • Managing bookings and reservations
  • Preparing charter agreements
  • Managing customer communication
  • Organising travel arrangements

Maritime Legal Requirements

For yacht charter operations in Croatia we may be required to register guests and crew members with:

  • Croatian Port Authorities
  • Harbour Master Offices
  • Croatian Ministry of the Sea, Transport and Infrastructure
  • eCrew / maritime registration systems

These authorities require certain personal data (such as passport details and nationality) to comply with maritime safety regulations.

Customer Service

  • Providing information regarding your trip
  • Managing requests and support

Payments and Accounting

  • Processing payments
  • Accounting and financial compliance

Safety and Security

  • Ensuring safety onboard vessels
  • Managing emergencies

Marketing and Communication

If you consent, we may send:

  • Newsletters
  • Travel offers
  • Promotions related to sailing trips

You may unsubscribe at any time.

Website Analytics

With your consent to cookies, we may process data to:

  • Analyse website usage
  • Improve our services
  • Improve marketing performance

4. Legal Basis for Processing

We process personal data based on the following legal grounds under Article 6 of the GDPR.

Contractual Necessity – Article 6(1)(b)

Personal data is required to fulfil the charter agreement and provide the requested services.

Legal Obligation – Article 6(1)(c)

We are required to provide certain personal data to maritime authorities and comply with legal obligations such as:

  • Croatian maritime law
  • Passenger registration requirements
  • Accounting regulations

Consent – Article 6(1)(a)

Used when processing personal data for:

  • Newsletters
  • Marketing communication
  • Non-essential cookies

Legitimate Interest – Article 6(1)(f)

We may process certain personal data to:

  • Improve services
  • Manage customer relationships
  • Prevent fraud
  • Ensure operational security

5. Data Sharing

Personal data may be shared with the following parties when necessary to provide our services:

Maritime Authorities

  • Croatian Port Authorities
  • Harbour Master Offices
  • Maritime Safety Authorities

Travel and Service Partners

  • Charter operators
  • Marinas
  • Transport providers
  • Hotels
  • Local service providers

Technical Service Providers

  • Booking systems
  • Payment processors
  • IT providers
  • Website analytics providers

All partners processing personal data do so under data processing agreements and comply with GDPR requirements.

6. Transfers Outside the EU/EEA

In some cases, personal data may be processed outside the European Union (EU) or the European Economic Area (EEA).

This may occur when working with:

  • international travel providers
  • website analytics platforms
  • cloud service providers

When transferring personal data outside the EU/EEA, we ensure appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Contractual necessity for the travel service

7. Storage of Personal Data

Personal data is stored only as long as necessary for the purposes described in this Privacy Policy.

Typical storage periods include:

  • Booking and customer data: up to 2 years after the last completed trip
  • Accounting records: according to legal bookkeeping requirements
  • Marketing subscriptions: until you withdraw consent

Data may be stored longer if required by law or to resolve legal claims.

8. Cookies

Our website uses cookies to improve functionality and analyse website performance.

Cookies may be used for:

  • website analytics
  • remembering user preferences
  • marketing and advertising

Users can manage or withdraw consent for cookies at any time through the cookie settings on the website.

Details about cookies used are available in our Cookie Policy.

9. Security of Personal Data

We implement appropriate technical and organisational measures to protect personal data against:

  • unauthorized access
  • loss or destruction
  • misuse
  • alteration

Security measures include encrypted systems, access control, and secure data storage.

10. Your Rights Under GDPR

Under the GDPR you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of personal data
  • Restrict processing
  • Object to certain processing activities
  • Request data portability
  • Withdraw consent at any time

Requests can be submitted by contacting:

booking@chillasailing.com

We will respond to requests within one month.

11. Complaints

If you believe that your personal data has been processed incorrectly, you have the right to file a complaint with a data protection authority.

For Sweden:
Swedish Authority for Privacy Protection (IMY)
https://www.imy.se

For Croatia:
Croatian Personal Data Protection Agency (AZOP)
https://azop.hr

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.