Please wait
Cookie settings
These cookies are necessary for the functioning of our website and cannot be deactivated. This applies, for example, to cookies that ensure that the configuration related to the user of the site (selected language, currency, acceptance of cookies, wish list, shopping cart, etc.) is maintained in all sessions. In addition, these cookies or similar technologies contribute to the safe and correct use of our services. You can set your web browser to block these cookies, in which case the website will not work properly and online shopping will not be possible.

You can edit and / or update or delete your cookie settings each time visit our site. Read more about the Cookie Policy.

They allow to record visits and traffic sources to measure and improve site performance. This website uses cookies from the following services:

  • Google Analytics

They allow to track users through websites and display targeted ads. This website uses cookies from the following services:

  • Facebook Pixel
Save changes Accept all cookies
English English
Hrvatski Hrvatski
English English
Italiano Italiano
Slovenski Slovenski
Deutsch Deutsch
Log in

Privacy Policy

Privacy Policy

Introduction

Your privacy is important to us. This document describes how Play Digital d.o.o. collects, uses and protects personal data as part of providing the Apartmanica service - accommodation management software - through the web application, websites generated in Apartmanica and mobile applications for iOS and Android.

Our principles are simple:

  • we collect only the data we actually need;
  • we keep it only for as long as we truly need it;
  • we do not sell personal data;
  • we clearly separate our role when providing the application to you from our role when technically forwarding guest data to the eVisitor system on your behalf.

This Policy has been prepared in accordance with the General Data Protection Regulation (GDPR) and the laws of the Republic of Croatia.

Who we are

The data controller is:

Play Digital d.o.o.
Zagrebačka 6A, 52000 Pazin, Croatia
OIB: 53367690460
MBS: 04863585, Commercial Court in Pazin

For any questions, requests or complaints related to the processing of personal data, please contact us at privacy@apartmanica.com.

Our role - when we are the controller and when we are the processor

Apartmanica is a business tool. The Apartmanica administration interface and mobile application are used by accommodation providers. End guests may use public forms technically generated by Apartmanica, such as the online guest check-in form before arrival.

We have different roles in two cases:

  • We are the data controller when you use Apartmanica as an accommodation provider and when we process your personal data.
  • We are the data processor when you enter data about your guests into Apartmanica. In that case, you are the data controller, while we technically enable guest registration in the eVisitor system. We do not use guest data for marketing, profiling, guest behaviour analytics or other independent business purposes.

For accommodation websites created through Apartmanica, the data controller for the personal data of visitors and guests is generally the accommodation provider or the owner of the accommodation facility. In that case, Play Digital d.o.o. provides the technical platform and may act as a data processor, except for processing activities carried out for its own purposes, such as system security, maintenance and basic technical logs.

What data we collect

Data about the application user (accommodation provider)

When registering and using Apartmanica, we collect:

  • first name, last name, e-mail address, phone number and interface language;
  • password, which is stored only in encrypted form;
  • optionally: Google account identifier for signing in with Google.

For a legal entity or accommodation provider, we additionally collect:

  • company name, OIB, VAT ID, address, contact details and website;
  • access data for the eVisitor system, which is stored in encrypted form and used exclusively to call the eVisitor service on your behalf.

Data about guests entered by the accommodation provider

When the accommodation provider enters a reservation or guest into Apartmanica, the system processes the following guest data, for the purpose of the legally required registration in the eVisitor system:

  • first name, last name, date of birth, gender;
  • citizenship, place and country of birth;
  • residential address, place and country of residence;
  • type and number of identification document (identity card or passport);
  • check-in and check-out date and time;
  • tourist tax payment category.

Only for the reservation holder (not for all guests), the accommodation provider may also enter:

  • e-mail address, phone number and language;
  • if necessary: address, OIB and company name for invoice issuance.

This data of the reservation holder is used by the accommodation provider for communication with the guest and for invoice issuance. It is not sent to eVisitor. Play Digital d.o.o. processes it as a data processor, according to the instructions of the accommodation provider, for the operation of the system, communication, support and security.

Online guest check-in

Apartmanica allows guests to enter their data before arrival via online check-in. This data is processed for the purposes of the accommodation provider and used to register the guest in eVisitor upon arrival, and the same data is used to check the guest out of eVisitor upon departure. After the guest has been checked out, the guest’s personal data in the active Apartmanica database is anonymised, while data from backups is deleted according to the internal retention cycle. After anonymisation, only non-identifying statistical records remain.

Data within communication (Inbox)

Apartmanica integrates an inbox for communication with guests. Within this function, the content of messages, subjects, attached files, sender and recipient e-mail addresses and delivery metadata are processed.

The Inbox may also include a machine translation function for individual messages. Translation is not performed automatically, but only when the user explicitly selects the option to translate a specific message. In that case, the content of the selected message is forwarded to the service provider OpenAI for generating the translation, and the translated text is returned to the Apartmanica interface.

OpenAI does not use content submitted through the API to train its models, unless the API user explicitly enables such data sharing. The message content is forwarded only within the scope of the specific message for which the user requested translation. If the user does not want the content of a particular message to be forwarded to OpenAI, they should not use the translation function for that message.

Data about visitors to our websites

When you visit apartmanica.com or websites we have generated for our users, we automatically record:

  • IP address (shortened/anonymised where the tools allow this);
  • device and browser type, operating system, language;
  • pages visited and access time;
  • source of arrival.

More about cookies is provided in a separate section below.

Why we process this data

We process personal data for the following purposes:

  • providing the Apartmanica service and fulfilling the user relationship;
  • fulfilling the legal obligation to register guests in the eVisitor system;
  • communicating with you and providing technical support;
  • machine translation of individual Inbox messages when the user explicitly selects this function;
  • sending newsletters and notifications about new features (only with your consent);
  • sending push notifications in the mobile application (only with the permission of the operating system);
  • troubleshooting and improving the application;
  • ensuring system security;
  • measuring website usage (only with your cookie consent).

The legal bases for processing are the performance of a contract, legal obligation, your consent and our legitimate interest (security, troubleshooting, support), depending on the individual purpose.

Guest registration in the eVisitor system

The eVisitor system is the central electronic system for tourist check-in and check-out in the Republic of Croatia, managed by the Croatian National Tourist Board. Accommodation providers are legally required to register every guest in this system.

Apartmanica allows the accommodation provider to enter guest data once and automatically forward it to eVisitor. We process this data solely for the purpose of technically forwarding it to eVisitor - we do not use it for marketing, analytics or other purposes.

The data controller for guest data under the GDPR is the accommodation provider managing the accommodation facility; Play Digital d.o.o. acts as the data processor that technically carries out the registration.

The rules for retaining data within the eVisitor system itself are determined by the Croatian National Tourist Board and are not under our control. In our database, we anonymise guest data after the guest has been checked out of eVisitor.

Mobile application

The Apartmanica mobile application (iOS / Android) is a client interface for the same service. The user account is created exclusively through the web application at https://apartmanica.com/register; it is not possible to create a new account in the mobile application. The user account is the same as the one used in the web application.

When using the mobile application, the following data is additionally processed:

  • Push notification token (Firebase Cloud Messaging) - so that we can send you notifications about new reservations, messages and other events in the system.
  • Technical crash reports (Firebase Crashlytics) – used for troubleshooting. Reports may contain technical installation identifiers, device model, operating system version, application version and crash trace, but not the content of reservations, guest data or message content.
  • Scanning a guest identification document via the Scandit SDK - processing takes place exclusively on your device. The document image does not leave the device and is not stored by us or by Scandit. Only the read text fields confirmed by the accommodation provider are forwarded to the server (first name, last name, date of birth, gender, citizenship, document number).

The mobile application may allow the accommodation provider to contact the guest by phone call, WhatsApp or Viber, using the phone number entered with the reservation. Such an action opens an external application or initiates a phone call only when the accommodation provider selects it. Apartmanica does not send messages or make calls automatically. Further processing of data in external applications, such as WhatsApp, Viber or the phone application, depends on the privacy policies of those applications and the device settings.

Device permissions

The mobile application requires the following permissions:

Camera – for scanning the machine-readable zone (MRZ) of the guest’s passport or identity card. The document image is not transferred to our servers and is not stored permanently in the application.

Photo library / device gallery – used only when the accommodation provider selects an existing photo or scan of a document. The application processes only the selected file. The application does not browse the device gallery or automatically process photos that the user has not selected. The document image is not transferred to our servers and is not stored permanently in the mobile application. Only the text data confirmed by the accommodation provider before saving or registering the guest is sent to the server.

Push notifications – for notifications about new reservations and messages in the system.

Internet access – required for the application to work.

You can revoke any permission at any time in your device settings. Revoking a particular permission may limit the availability of the related application function.

Deleting a user account

To request deletion of your user account, send an e-mail to privacy@apartmanica.com from the address registered in Apartmanica. Upon receiving the request, we deactivate the account and delete or anonymise the personal data associated with it no later than six (6) months from receipt of the request, except for data that we are legally required to retain for a longer period (e.g. accounting documents).

Who we share data with

To provide individual parts of the service, we cooperate with carefully selected providers who have contractually regulated confidentiality obligations with us and act in accordance with the GDPR:

Provider Location Purpose
DigitalOcean Headquarters in the USA; data centre in Frankfurt, Germany Hosting of the application, databases and files
Mailgun (Sinch Email) EU servers Sending and receiving e-mail, delivery of system and transactional messages
MailerLite Ireland / Lithuania Sending newsletters (only with consent)
Google - Firebase Cloud Messaging USA Push notifications in the mobile application
Google - Firebase Crashlytics USA Technical crash reports for troubleshooting
Google - OAuth sign-in USA User sign-in via Google account (at the user’s choice)
Google Analytics 4 USA Measuring website usage (only with consent)
Meta Platforms Ireland / USA Marketing pixel on the website (only with consent)
OpenAI USA / EU, with applicable contractual and legal transfer mechanisms Machine translation of individual Inbox messages at the user’s request
Scandit Switzerland SDK for reading identification documents; processing exclusively on the device, data is not transferred to Scandit
Croatian National Tourist Board - eVisitor Croatia Legal registration and deregistration of tourists


The list of sub-processors is updated as needed. We do not share personal data with third parties for purposes not described in this Policy, except where required by law or a competent authority.

Transfers outside the European Economic Area (EEA)

Some of the providers listed above have their headquarters outside the EEA. Although our infrastructure at DigitalOcean is physically located in a data centre in Frankfurt, the company itself is registered in the USA, which legally makes this relationship a transfer outside the EEA.

We carry out data transfers to such countries on the basis of:

  • the EU–US Data Privacy Framework (DPF) for certified US providers, where applicable;
  • the Standard Contractual Clauses of the European Commission and other contractual mechanisms for providers and processing activities for which the DPF does not apply or is not sufficient;
  • the adequacy decision for countries for which the European Commission has issued such a decision, for example Switzerland.

How long we keep data

We keep personal data only for as long as necessary to fulfil the purpose for which it was collected, or for as long as required by applicable regulations:

Data category Retention period
Data about an active user account for the duration of the user relationship
Guest data in our database anonymised after the guest has been checked out of eVisitor
Communication content (Inbox) 24 months after the conversation is closed
Requests for machine translation of Inbox messages not stored separately in Apartmanica outside the communication content itself in the Inbox; the translation service provider may temporarily process them according to its policies and contractual terms
Access logs and security logs 12 months
Technical crash reports (Crashlytics) 90 days
Data after termination of service use 30-day grace period, then permanent deletion from active systems
Data after a request for account deletion no more than 6 months from receipt of the request
Accounting documents 11 years (Accounting Act)


The retention period for data within the eVisitor system itself is determined by the Croatian National Tourist Board and is not under our control.

If a user requests account deletion, the account deletion period stated in this section applies. Certain categories of data may be retained for longer only if there is a legal obligation, a legitimate security reason or a technical need related to backups.

Security

We implement reasonable technical and organisational security measures, including:

  • data transfer via a secure HTTPS connection;
  • storage of passwords only in encrypted form, using industry standards;
  • storage of access data for the eVisitor system in encrypted form in the database;
  • strict data isolation - each accommodation provider has access only to their own data;
  • regular system updates and security upgrades;
  • limiting data access only to authorised persons and according to the principle of least privilege.

Despite all measures, no system for transmitting or storing data via the internet is absolutely secure. In the event of a personal data breach that could result in a high risk to your rights and freedoms, we will notify you in accordance with the GDPR and report the breach to the Croatian Personal Data Protection Agency.

Cookies

On the apartmanica.com website and on websites we have generated for our users, we use:

  • necessary cookies - required for the website to function (session, login, security);
  • analytics cookies - Google Analytics 4;
  • marketing cookies - Meta Pixel.

We place analytics and marketing cookies only after your explicit consent, through a consent management tool (Google Consent Mode v2). Until then, these cookies are not placed.

You can change your consent at any time by clicking the “Cookie settings” link in the website footer or by deleting cookies in your browser settings.

The mobile application does not use the described analytics or marketing cookies. The marketing and analytics tools described in the cookies section apply to websites and are activated only with the user’s consent.

Marketing communication

If you have explicitly checked the box for receiving marketing notifications (opt-in), we may send you information about new features and tips for using Apartmanica. We use the MailerLite platform for sending these messages.

You can withdraw your consent to receive notifications at any time - by clicking the “unsubscribe” link in the footer of each message or by sending a request to privacy@apartmanica.com.

Your rights

As a data subject, in accordance with the GDPR, you have the following rights:

  • the right of access to your personal data and information about processing;
  • the right to rectification of inaccurate or incomplete data;
  • the right to erasure (“right to be forgotten”), where there is no legal basis for further retention;
  • the right to restriction of processing in legally prescribed cases;
  • the right to data portability in a structured, machine-readable format;
  • the right to object to processing based on our legitimate interests or for marketing purposes;
  • the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • the right to lodge a complaint with the supervisory authority - the Croatian Personal Data Protection Agency (AZOP), Ulica Metela Ožegovića 16, 10000 Zagreb, e-mail: azop@azop.hr, web: https://azop.hr.

You can submit a request to exercise any of your rights to privacy@apartmanica.com. We will respond to your request without undue delay and no later than within 30 days of receiving the request. In more complex cases, this period may be extended by an additional two months, of which we will inform you separately.

Automated decision-making

We do not carry out automated decision-making, including profiling, that produces legal effects or similarly significantly affects data subjects.

Changes to this Policy

We may amend this Policy from time to time - for example due to changes in regulations, the introduction of new features or changes in service providers. We will notify you of significant changes through the application or by e-mail to the address associated with your account at least 15 days before the changes take effect.

The currently valid version is always available at https://apartmanica.com/privacy-policy

Contact

For any questions related to this Policy or the processing of your personal data:

Play Digital d.o.o.
Zagrebačka 6A, 52000 Pazin
E-mail: privacy@apartmanica.com

Last updated: 28 April 2026.

Are you ready for more direct bookings?

Try Apartmanica free for 7 days – no obligation and no credit card required.

Try for free Request a quote

Legal data

Play Digital d.o.o.
Zagrebačka 6A, 52000 Pazin

OIB: 53367690460
VAT ID: HR53367690460
Trgovački sud u Pazinu.
04863585
Share capital: 60.000,00 kn
Administration: Augustin Ravnić, Tomislav Čubrić, Danijel Marić

Bank accounts
Erste banka d.d. / Jadranski trg 3A, 51000 Rijeka / IBAN: HR1624020061500162940

Helpdesk
info@apartmanica.com
+385 52 751 190

Working hours:

Mon – Fri, From 9 AM To 3 PM

Cart

Your cart is empty

Click on the button below, return to the webshop and add the products to the cart.