Personal data protection

Information on personal data protection

Vrilo doo, Postira hereby provides you with information on the processing of your personal data and on your rights based on the applicable regulations on personal data protection.

This Information contains changes in relation to the Privacy Policy which regulated the protection of your personal data by Vrilo doo These changes are motivated by the entry into force of Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: the General Regulation – GDPR).
This Information applies in all cases of processing of your personal data by Vrilo doo as the Processing Manager, unless for special cases of processing the use of other Information, Privacy Policy or similar documents, regardless of their name, which take precedence over this Information. or supplement it (eg cases of data processing specific to individual facilities within the company Vrilo doo ).



Vrilo doo for hotel and tourism, Postra , Porat 39 , is the manager of the processing of your personal data in terms of the General Regulation (GDPR).
Regarding the processing of your personal data, you can contact us through our Personal Data Protection Officer, as follows:



We inform you about the purposes and legal bases of the processing of your data in point 1 of this Information.



You can get acquainted with the categories of recipients of your personal data in point 2 of this Information.



You can read more about the storage period of your data in point 3 of this Information.



We remind you of your rights in point 4 of this Information.



You can read about automated processing, including profile creation, in point 5 of this Information.


We collect, store and process your personal data in other permitted ways for the following purposes.



  • When booking accommodation and other services, we collect your personal data so that we can enter into a contract for accommodation and other services, especially so that they can contact you (eg phone / mobile number, email address), or unequivocally connect the reservation with you and other guests who they travel with you (eg name, date of birth, number of guests, date of arrival, date of departure).

Without this information, we cannot enter into a contract for accommodation and other services.

Exceptionally, when making a reservation made on the websites of our partners, we collect in addition to the above data and other data that the partner determines as mandatory and without which the contract cannot be concluded.



  • During your registration in the facility (check-in) we collect and process your personal data in order to comply with our legal obligations under the regulations on the manner of keeping the list and registration of tourists.

According to currently valid regulations, we are obliged to collect the following data: surname and name, place, country and date of birth, citizenship, type and number of identity document, residence and address, date and time of arrival or departure from the facility, gender, note ( basis for exemption from payment of sojourn tax, ie for reduction of payment of sojourn tax).

We may not provide you with accommodation without this information.


Reservation and registration

  • When booking and registering (check-in), you can also provide us with additional information with which we will personalize the service we provide and additionally arrange contractual relations on accommodation and other services.

For these purposes, we collect and process information that is marked as optional/optional on our websites and the websites of partners advertising our facilities, such as flight number, accommodation preferences (eg smoking room), vegetarian menu, allergies, bed preferences. , pillows, etc.

Without this information, accommodation and other services will be provided, but the accommodation and services provided will not necessarily have additional qualities and content that depend on this information.


Safety-technical measures

  • During your stay in our facility, we apply security measures (eg video surveillance in public areas of the facility that can record you, key cards that can show your location, etc.) to protect you and your property, other guests and their property, our employees and our assets.

Safety and technical measures that exist in any of our facilities cannot be excluded from application at the request of an individual guest.


Advertising and satisfaction testing

  • We collect and process your data so that we can contact you for promotional (marketing) purposes or for the purpose of surveying satisfaction with our services (surveys, etc.), in accordance with your consent.
  • Advertising, for example, means sending special and personalized offers and services (eg in the form of a newsletter).


Prize game

  • When you participate in our prize games, we collect information, in accordance with your consent, which rules of each prize game are provided as a prerequisite for participation and which are necessary for the exercise of your contractual rights and our contractual obligations in case of your victory in the game.


Statistical analyzes for internal need

  • We process your personal data for statistical purposes in order to collect information about our business and our services. The data is processed in a way that does not allow your identification (so-called depersonalized data).


Legitimate interest

The General Regulation (GDPR) provides for our right (legitimate interest) to process your personal data for the purposes of direct advertising (marketing) and the creation of profiles related to such advertising, to the extent that it is not contrary to your interests, freedoms and rights.

However, in order to ensure more complete protection of your personal data, rights and interests, we will endeavor to request your explicit consent for such processing before the processing of your personal data for the purpose of direct promotion (marketing).



We forward your personal data that we are obliged to collect when registering a guest ( check-in ) in the electronic form to the eVisitor system, in accordance with the regulations on the manner of keeping the list and registering tourists.

We pass on your personal data to our contractual processors who allow us to use computer programs for service management, and who have access to this data only to the extent necessary for the proper functioning of the program and other processors who allow us to provide catering and tourism services. We also forward your data to other Processing Managers if this is necessary for the provision of accommodation services or other services (eg if you have booked a tourist transfer service provided by our contractual partner in addition to the accommodation service).

We disclose your personal data, ie make them available to third parties in other cases as well, but only when we are obliged to do so under the General Regulation (GDPR), for example at the request of a competent judicial or administrative body.



We store your personal information:

  • for the duration prescribed by applicable regulations, if this data is collected solely for the purpose of fulfilling our legal obligations:
    – for example, data from the guest book we are obliged to keep at least 2 years from the end of the calendar year in which the guest stayed in our facility. 10 years in eVistor;
    – in addition, according to the regulations in the field of accounting, we are obliged to keep the issued invoices for 11 years, and thus the personal data contained in them.
  • for the duration required for the expiration of the statutory limitation period (three or five years) and the additional reasonable time required for any request sent to a judicial or administrative body to be delivered to us, if this information was obtained exclusively in connection with contracts we have concluded with you we negotiated (eg data from reservation requests/requests and booking confirmations, data related to membership in loyalty programs, participation in prize games, etc.);
  • until you withdraw your consent if we also process the data processing on your consent;
  • 10 years if the processing is based on our legitimate interests;
  • 6 months (recordings – video surveillance).



Users of our services have the following rights under the General Regulation (GDPR):



You can ask us at any time to confirm whether your personal data is being processed and if they are being processed, you have the right to request access to that data and information listed in Article 15 of the General Regulation (GDPR).

Upon your request for exercising the right of access, we will provide you with data and information in electronic form (e-mail), unless you have specified an e-mail address in your request or you have explicitly requested delivery by mail.


It is your right to obtain from us without delay the correction of inaccurate and incomplete personal data.


If you believe that we have collected or otherwise processed your data contrary to the General Regulation (GDPR), you have the right to ask us to delete such data. If the request is justified, the data will be deleted without undue delay.

You may also obtain the right to delete if your personal data is no longer necessary for the purposes for which they were collected or otherwise processed if you have withdrawn your consent to the processing, if you have objected to the processing necessary for our legitimate interests or if the data must be deleted to comply with a legal obligation

If there are reasons that prevent or restrict us from complying with your request, we will notify you in response to the request.


It is your right to ask us to restrict the processing of your personal data if you dispute the accuracy of this data (for a period that allows the controller to verify the accuracy of personal data) if the processing is illegal and you object to the deletion of data if you object to the processing of your data. and if we no longer need the information, but you need it to set, exercise or defend legal claims.


It is your right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to pass them on to another controller if the processing of this data is based on consent or contract and is carried out automatically.


If we process your data on the basis of your consent, you may withdraw that consent at any time without affecting the lawfulness of the processing based on that consent.


Your rights are exercised free of charge, and only exceptionally with the payment of an administrative fee.
We will inform you of the administrative cost we are entitled to charge under the General Regulation (GDPR) before it is incurred, provided that the preconditions for its collection are met.


It is your right at any time, based on your special situation, to object to the processing of personal data that we carry out on the basis of our legitimate interests, which includes the right to object to the creation of a profile associated with those legitimate interests.

If you believe that the processing of your personal data in any way violates the General Regulation (GDPR), please contact us through our Personal Data Protection Officer at the e-mail address: or at the postal address: Porat 39, 21410 Postira ( Croatia), n / r Personal Data Protection Officer.

It is your right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the General Regulation (GDPR) in any way. You can lodge a complaint, for example, with a supervisory authority in the EU Member State where you have your usual residence or where you work or in the Republic of Croatia (Personal Data Protection Agency).

*** *** The processing manager shall provide the respondent with information on the actions taken on request without undue delay and in any case within one month of receiving the request. This period may be extended by an additional two months, as appropriate, taking into account the complexity and number of applications. The controller shall inform the respondent of any such extension within one month of receipt of the request, together with the reasons for the delay. If the processing manager does not act upon the respondent’s request, the processing manager shall without delay and no later than one month from the receipt of the request inform the respondent of the reasons why he did not act and the possibility of filing a complaint with the supervisory body.



We use your data (name and surname, email address and language) in order to personalize services and promotional (marketing) materials and adapt them to you. We personalize services and materials through the creation of profiles (eg so-called segmentation) that help us better understand your interests. Creating a profile does not limit you in any way in the choice of services we provide.

We apply automated decision-making in such a way that, depending on the created profile or data that you have provided us with a computer program without human participation, it delivers you an offer and/or promotional (marketing material). The described automated decision making does not limit you in any way in the choice of services we provide.

Explore our accommodations

We want to provide you with the best catering offer on Brač, because Brač is an island we love, a heritage that we preserve and a home where you are welcome.

Hotel Vrilo is ideal for all who like to live their vacation in the life of a picturesque Mediterranean town.

from €38/per person

Each of the 15 modern and comfortable apartments has a capacity for 4 people.

from €46/per night

In a carefully renovated old building, in an ambience of special beauty, we offer 2 apartments for 4 and 3 people.

from €80/per night

Do you have questions about accommodation?

We are at your disposal for all questions regarding accommodation. We will be very happy to answer them.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.