Skip to content
MaestralSpeedboat Charter

Legal

Privacy Policy

Last updated: May 2026

How we collect, use, and protect your personal data under EU GDPR. Placeholder — to be finalised with a privacy specialist.

1. Who we are (data controller)

Maestral Speedboat Charter, operating as [legal entity to be filled], based in Split, Croatia. Contact: hello@splitspeedboat.com. We are the data controller for personal data collected via this website.

2. What data we collect

When you submit an inquiry: your name, email, phone (optional), preferred date, group size, selected service, and your message. When you browse: anonymised analytics data (page views, country, device type) via Plausible Analytics and Google Analytics 4 — only after you accept analytics cookies. We do not collect cookies or analytics until you give explicit consent.

3. Why we use it

Inquiry data: to reply to your inquiry and (if you book) to operate your charter. Legal basis: contract performance (GDPR Art. 6.1.b). Analytics data: to understand which content is useful and improve the site. Legal basis: your consent (GDPR Art. 6.1.a).

4. Who we share it with

Service providers we use: Resend (email delivery, US/EU), Vercel (hosting, EU/US), Sanity (content management, EU), Plausible Analytics (EU), Google Analytics 4 (US, with EU-US Data Privacy Framework certification). All processors handle data under standard contractual clauses or equivalent. We never sell or share your data with third-party marketers.

5. Retention

Inquiry emails: 24 months from last interaction, then deleted. Analytics data: 14 months (GA4 default), Plausible aggregates only (no individual retention). You may request deletion at any time.

6. Your rights (GDPR)

Access (Art. 15) — get a copy of your data. Rectification (Art. 16) — correct errors. Erasure (Art. 17) — be forgotten. Restriction (Art. 18). Portability (Art. 20). Object (Art. 21). Withdraw consent at any time. Contact hello@splitspeedboat.com to exercise. You may also lodge a complaint with the Croatian data protection authority (AZOP) at azop.hr.

7. Security

We use TLS 1.3 for all transit, encrypted storage, and minimum-access principles. We do not store payment data — Stripe handles all card information directly under PCI-DSS Level 1.

8. Changes

We may update this policy. Material changes are announced via website banner at least 30 days before taking effect.

Questions about this document?

Reach out at hello@splitspeedboat.com or via WhatsApp. We'll reply within 1 hour during season hours.

Send a message →