Privacy Policy

About Us and This Policy

Sileo Resorts d.o.o., with registered office at Ulica kneza Branimira 41/1, Zagreb, Croatia, OIB: 42460248495, operates the website at the domain san-canzian.com as the data controller. This policy explains in a simple and understandable way how we collect, use and protect your personal data when you visit our website or when you contact us.

What personal information do we collect?

During your use of our website, we may collect different types of data, depending on how you communicate with us and how you use the website:

Website browsing data – when you visit san-canzian.com, we automatically record technical information such as the browser type, language, time of visit and the pages you viewed. We collect this data through Google Analytics 4. With your consent, we also use HotJar and Microsoft Clarity, which record anonymous browsing sessions to understand how users use our site - which elements they click on, how they move their mouse, and which parts of the site they browse. In HotJar and Microsoft Clarity reports, the data that users enter is completely anonymized. At the server machine level, the IP address is also recorded, but not visible in Google Analytics 4, HotJar or Microsoft Clarity systems.

Personal data that you provide about yourself - when you fill out a contact form, subscribe to our newsletter, or contact us, you may provide us with your first name, last name, email address, and phone number. Before we store it, with your explicit consent, and forward it to third parties, we encrypt this data using the SHA-256 algorithm for additional security and readability. When stored in HubSpot CRM, this data is recorded in its original readable form, which is necessary for the functionality of the feedback.

Booking data - when you create a booking enquiry or make a booking through our site, your data is processed through our specialised booking system Phobs. This system communicates with the website via a secure, encrypted API and records the information required for your booking: name and surname, contact details, dates of stay, number of people, special requests, credit card details and other details relevant to the booking. Phobs records and automatically processes this data solely for the purposes of processing, confirming and managing offers or your reservation.

Telephone call data - if you call us, our Aircall system may record your number and basic call information.

How do we use your data?

We process your personal data based on various legal grounds and always for clearly defined purposes:

Communication and service providing - when you contact us via a contact form or by phone, we use your data to respond to enquiries, solve requests and provide you with the requested information about our products and services. This processing is based on your request prior to entering a contract or on our legitimate interest in maintaining business communication.

Reservation processing - we use the data you entered during the booking process exclusively to process, confirm and manage your reservation. This includes sending you a reservation confirmation, arrival reminders, communication about any changes and service providing during your stay. This processing is based on the execution of the reservation contract between you and San Canzian i.e. Sileo Resorts d.o.o.

Special categories of data: health data - if you willingly provide us with information about your special health or dietary needs, disabilities, food allergies or other medical information relevant to your stay during your reservation or communication with us, we process this sensitive data with special care and solely based on your explicit consent. We only use it to provide you with a safe and enjoyable stay. This data is only accessible to a limited number of authorized employees who need to know it to provide a specific service; it is stored separately from other data with additional security measures, and it is deleted after your stay, unless you ask us to keep it for future visits.

Newsletter and marketing communication - if you have signed up for our newsletter during the booking process or through a special contact form, we will send you news about our products, special offers and useful content. For this communication, we always ask for your explicit consent, which you can withdraw at any time by clicking on the unsubscribe link in each message.

Website analysis and improvement - we use browsing data to understand how visitors use our site, which pages are most popular and where we can improve the user experience. This analysis helps us optimize the content and functionality of the site. For advanced analytics, we always ask for your consent.

Personalized advertising - only with your explicit consent, we may use your encrypted contact information (email and phone converted into hash values) to display more relevant ads on Google and Meta platforms. This means that you may see our ads when you use these platforms, but only if you have explicitly allowed it. We never share your actual contact information with advertising platforms - they only receive encrypted versions.

Customer Relationship Management - we record all interactions with you in our HubSpot CRM system so that we can provide a better and more personalized service. This includes a history of your inquiries, purchases, and preferences, which allows our team to provide you with more relevant help the next time you contact us.

Telephone Support - when you call us, the Aircall system records basic call information (phone number, time, duration) so that we can monitor the quality of our customer support and return missed calls if necessary.

Security and Fraud Prevention - we may use your information to protect our site and users from malicious activity, fraud, or unauthorized access. This includes monitoring unusual usage patterns and preventing automated attacks. In such scenarios, our staff may contact you to verify your authenticity.

Legal Obligations - In certain situations, we must process your information due to legal obligations, such as tax regulations, accounting standards, or court orders. In these cases, we retain the information for as long as the law requires.

Statistics and reports - we create aggregated, pseudo-anonymized and anonymized reports about the use of our services that cannot be linked to you as an individual. We use this data as cumulative statistics for business analysis and planning.

It is important to note that we never use your data for automated decision-making that could significantly affect you, nor for profiling without your knowledge and consent.

Tracking technologies and advertising

On our site we use cookies and similar technologies through Google Tag Manager. This includes Google Analytics 4 for analytics, HotJar and Microsoft Clarity for analysing user behaviour, and Google Ads and Meta Ads tracking pixels for advertising.

All these technologies are in accordance with Google Consent Mode v2 and are compliant with the General Data Protection Regulation (GDPR), which means that we ask for your consent before activating any tracking functions. You can choose whether you want to allow only necessary cookies or granularly also those for analytics and marketing. HotJar and Microsoft Clarity are activated only with your explicit consent for analytical cookies and are used exclusively to understand behavioural patterns when using the website, without identifying you as an individual.

Changing consent settings - you can withdraw your consent to cookies at any time through the cookie settings on our site. The new settings will apply from the moment of the change and affect future data collection. Changing your consent does not retroactively affect data that was already collected while your consent was active - this data will continue to be processed according to the settings that were in effect at the time of collection.

For more information about cookies, see our Cookie Policy

Sharing data with third parties

Your data is stored in the following systems:

→ HubSpot - our CRM system for contact management

→ Phobs - booking system for processing reservations

→ Google services - for analytics and advertising (with consent only)

→ HotJar - for user experience analysis (with consent only)

→ Microsoft Clarity - for user experience analysis (with consent only)

→ Meta platforms - for advertising (with consent only)

→ Aircall - for phone call management

→ CloudFlare - a content distribution network that speeds up page loading. The CDN may temporarily machine-process technical data such as your IP address for the sole purpose of delivering content.

We never sell your personal data. We only share it with our business partners who help us provide services, and always under strict data protection agreements.

Your rights

Under the General Data Protection Regulation (GDPR), you have the right to:

→ Request access to the data we hold about you

→ Correct inaccurate data

→ Request removal of your data

→ Restrict processing of your data

→ Transfer your data to another service provider

→ Withdraw consent at any time

→ Object to processing of your data

To exercise any of these rights, please contact our Data Protection Officer at [email protected] .

Child Protection

Our site is not intended for persons under the age of 16. We do not knowingly collect data from children. If you become aware that a child has shared their data with us, please contact us immediately so that we can remove it.

Data Security

We implement technical and organizational measures to protect your data from unauthorized access, loss or misuse. This includes encryption of sensitive data, secure servers and limited access to authorized personnel only. Health and other sensitive data are stored with additional levels of protection and only the minimum number of employees who absolutely need it to provide the service have access to them.

How long do we keep your data?

We keep your data only for as long as necessary for the purposes for which it was collected:

→ Browsing data: 26 months

→ Contact data: while you are actively using our services or until you withdraw your consent

→ Call data: according to legal deadlines

Policy changes

We may update this policy from time to time. We will post any changes on this page with the new effective date. We recommend that you periodically review this page.

Contact and complaints

For any questions about the protection or processing your data, please contact our Data Protection Officer:

E-mail: [email protected]

Mailing address: Sileo Resorts d.o.o., with a registered office at Ulica kneza Branimira 41/1, Zagreb, Croatia

If you are not satisfied with our response, you have the right to file a complaint with the Croatian Personal Data Protection Agency at the website azop.hr.

Cookie Policy

What are cookies?

Cookies are small text files that a website saves on your device when you visit it. For example, they allow the site to remember your preferences over time, so you don't have to re-enter them each time you return to the site.

Use of cookies

On san-canzian.com we use cookies for various purposes, which are grouped into the following categories:

Essential cookies

These cookies are essential for the basic functionality of the site. They allow you to move around the site and use basic features. Without them, the site cannot function properly. We do not ask for consent for these cookies because they are necessary to provide the service you have requested.

Examples: a cookie to remember your consent.

Analytical cookies

They help us understand how visitors use our site - which pages are the most popular, how they navigate the site and where they encounter difficulties. All information they collect is aggregated and anonymous and is used only with your consent.

We use:

→ Google Analytics 4 - to track traffic statistics

→ HotJar - to record anonymous sessions and analyze user behavior

→ Microsoft Clarity - to record anonymous sessions and analyze user behavior

Marketing cookies

These cookies track your activity on the Internet and allow us to show you the ads more relevant to you. They also allow us to limit the number of times you see the same ad and measure the effectiveness of our campaigns; they are used with your consent only.

We use:

→ Google Ads - to display ads on the Google network

→ Meta Pixel - to display ads on Facebook and Instagram platforms

Cookie management

We control all our cookies through Google Consent Mode v2, which respects your choices. When you first visit the site, you will be presented with a consent banner where you can:

• Accept all cookies

• Accept only essential cookies

• Adjust settings by category

Change settings - you can change your settings at any time by clicking "Cookie settings" at the footer of the page. The new setting is applied immediately and applies to future cookies but it does not affect data already collected while consent was active.

Third-party cookies

Our site may contain elements from other websites (e.g. videos, maps, social networks) that may also set their own cookies. We do not control third-party cookies and changes may be made by these platforms without our knowledge.

List of cookies

This list shows the cookies that may be used on our site. The actual cookies depend on your consent settings and the functionalities you use.

Necessary cookies

These cookies do not require consent as they are essential for the operation of the site.

NameProviderPurposeDurationType
CookieConsentsan-canzian.comStores your cookie consent choice12 monthsHTTP
PHPSESSIDsan-canzian.comMaintains user session during visitSessionHTTP
__cf_bmhubspot.comCloudflare bot management – security30 minutesHTTP

Analytics cookies

These are activated only with your consent and help us understand how the site is used.

NameProviderPurposeDurationType
_gagoogle-analytics.comDistinguishes unique users2 yearsHTTP
ga*google-analytics.comGoogle Analytics 4 - maintains session state2 yearsHTTP
_gidgoogle-analytics.comDistinguishes users24 hoursHTTP
_gat_UA-*google-analytics.comLimits request frequency1 minuteHTTP
_clckclarity.msMicrosoft Clarity - Unique User ID1 yearHTTP
_clskclarity.msAssociates multiple page views into a session1 dayHTTP
CLIDclarity.msMicrosoft Clarity User ID1 yearHTTP
MUIDbing.comMicrosoft Unique User ID1 yearHTTP
SMclarity.msSession synchronization between tabsSessionHTTP
MRbat.bing.comIndicates whether the user is new or returning7 daysHTTP
SRM_Bbing.comMicrosoft Bing marketing1 yearHTTP

Marketing cookies

These enable the display of more relevant ads. They are activated with your consent only.

NameProviderPurposeDurationType
_gcl_augoogle.comGoogle Ads - Conversion Tracking3 monthsHTTP
_gcl_awgoogle.comGoogle Ads - Linking Clicks to Conversions3 monthsHTTP
_gcl_dcgoogle.comDoubleClick/Campaign Manager Conversions3 monthsHTTP
gac*google.comGoogle Ads Campaigns3 monthsHTTP
IDEdoubleclick.netGoogle DoubleClick - Ad Targeting 1 yearHTTP
test_cookiedoubleclick.netChecks if browser supports cookies15 minutesHTTP
_fbpfacebook.comFacebook Pixel - Tracking and Targeting3 monthsHTTP
Frfacebook.comFacebook - Showing Relevant Ads3 monthsHTTP
_fbcfacebook.comFacebook - Conversion Tracking2 yearsHTTP
Actfacebook.comFacebook - Indicates Active UserSessionHTTP
c_userfacebook.comFacebook - Logged-in User ID1 yearHTTP
datrfacebook.comFacebook - Security Cookie2 yearsHTTP
sbfacebook.comFacebook - Browser Security2 yearsHTTP
wdfacebook.comFacebook - Browser Window Dimensions1 weekHTTP
xsfacebook.comFacebook - session count3 monthsHTTP

Functional cookies

These improve user experience by remembering your preferences.

NameProviderPurposeDurationType
__hsschubspot.comHubSpot - pageview counter30 minutesHTTP
__hssrchubspot.comHubSpot - indicates a new sessionSessionHTTP
__hstchubspot.comHubSpot - visitor tracking13 monthsHTTP

hubspotutk hubspot.com HubSpot - unique visitor ID 13 months HTTP

messagesUtk hubspot.com HubSpot - chat functionality 13 months HTTP

This list represents all cookies that may appear when using our site. The exact list of active cookies depends on your consent settings. Third-party cookies may change without notice according to the policies of their providers. "Session" duration means that the cookie is deleted when you close your browser. Some cookies may have additional variants with different names depending on the configuration.

Management through the browser

Regardless of the cookie policy and the selection options through the website itself, you can change your browser settings to refuse cookies or to warn you before saving them. The procedure varies depending on the browser:

→ Chrome

→ Firefox

→ Safari

→ Edge

Please note that blocking all cookies may affect the functionality of our site.

Contact

For questions about our use of cookies, please contact us at:

Email: [email protected].

Postal address: Sileo Resorts d.o.o., with headquarters Ulica kneza Branimira 41/1, Zagreb, Croatia

For more information on data protection, see our Privacy Policy.