Privacy Policy

1. Data Controller

The data controller is Roko Nautika d.o.o., trading as Maro Charter, with registered office at Ribarska 1a, 51000 Rijeka, Croatia (OIB: 39838966704). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website at marocharter.com or contact us directly.

We comply with Regulation (EU) 2016/679 (GDPR) and the Croatian Act on Implementation of the General Data Protection Regulation (NN 42/2018).

2. Data We Collect

We collect personal data only when you voluntarily provide it. This may include:

• Name and contact details (email address, phone number, nationality)
• Charter details such as desired dates, route preferences, and group size
• Sailing licence numbers and VHF certificate details (required for bareboat charter by Croatian law)
• Passport or ID details for all guests (required for the mandatory crew list under Croatian Maritime Law)
• Payment information — processed securely through third-party providers; we do not store card data

3. How We Use Your Data

We use your personal data for the following purposes:

• Processing your charter enquiry and issuing a booking confirmation and charter contract
• Preparing the mandatory crew list (popis posade) required by Croatian Maritime Law
• Communicating with you about your reservation, itinerary, documents, and departure
• Responding to questions, complaints, or requests for information
• Complying with Croatian maritime, tax, and accounting regulations
• Sending you news or offers — only if you have given explicit consent

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

We process your personal data on the following legal bases (Art. 6 GDPR):

• Art. 6(1)(b) — Contractual necessity: to process your booking and fulfil the charter agreement
• Art. 6(1)(c) — Legal obligation: crew list and licence verification required by Croatian Maritime Law
• Art. 6(1)(f) — Legitimate interest: responding to enquiries and improving our services
• Art. 6(1)(a) — Consent: for newsletters or marketing communications, which you may withdraw at any time

5. Data Retention

Booking records and related personal data are retained for seven (7) years in accordance with the Croatian Accounting Act (Zakon o računovodstvu, NN 78/15 and amendments). Enquiries that do not result in a booking are deleted within twelve (12) months. Newsletter subscriber data is deleted promptly upon withdrawal of consent.

6. Data Sharing

We share your data with third parties only where strictly necessary:

• Payment processors — for secure handling of financial transactions
• Email service providers — for booking confirmations and operational communication
• Croatian port authorities, harbour masters, and the Ministry of the Sea — where required by Croatian Maritime Law
• Our skippers and operational crew — strictly to execute your booked charter

All processors are bound by data processing agreements and must handle your data in accordance with GDPR.

7. Your Rights

Under GDPR you have the following rights, exercisable free of charge:

• Right of access (Art. 15) — to receive a copy of the personal data we hold about you
• Right to rectification (Art. 16) — to correct inaccurate or incomplete data
• Right to erasure (Art. 17) — to request deletion where data is no longer necessary
• Right to restriction (Art. 18) — to limit processing in certain circumstances
• Right to data portability (Art. 20) — to receive your data in a structured, machine-readable format
• Right to object (Art. 21) — to processing based on legitimate interest or for direct marketing

To exercise any of these rights, contact us at info@marocharter.com. We will respond within 30 days. You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb — www.azop.hr.

8. Cookies

We use only strictly necessary cookies: a session cookie to maintain your language preference and a security cookie (CSRF token) to protect form submissions. These cookies are deleted when you close your browser. We do not use advertising, tracking, or analytics cookies. If this changes, we will update this policy and obtain your consent.

9. Security

We implement appropriate technical and organisational measures — including TLS encryption (HTTPS), access controls, and regular security reviews — to protect your personal data against unauthorised access, loss, or disclosure. No internet transmission is entirely risk-free; we encourage you to contact us securely.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. The revision date at the top of this page shows when it was last updated. Material changes will be communicated via a notice on our website.

11. Contact

For any questions about this Privacy Policy or your personal data, contact us: