Back to Home

Privacy Policy

Last updated: 28. January 2026.

1. Introduction

SAN ANDREAS d.o.o. za računarstvo i usluge, turistička agencija ("San Andreas d.o.o.", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our websites or use our services.

Data Controller:

  • Legal Name: SAN ANDREAS d.o.o. za računarstvo i usluge, turistička agencija
  • Address: Ulica branitelja domovinskog rata 2/E, 22000 Šibenik, Croatia
  • OIB (Tax ID): 70326470335
  • Email: [email protected]

We process personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Croatian data protection laws.

2. Information We Collect

2.1 Information You Provide

We may collect personal information that you voluntarily provide when you:

  • Make a purchase on our website
  • Create an account
  • Contact us via email or contact forms
  • Subscribe to newsletters or updates
  • Request a quote for our services

This information may include:

  • Name and contact information (email address, phone number)
  • Billing and payment information
  • Vehicle license plate numbers (for photo search functionality)
  • Any other information you choose to provide

2.2 Information Collected Automatically

When you visit our websites, we may automatically collect certain information, including:

  • IP address
  • Browser type and version
  • Operating system
  • Referring URLs
  • Pages viewed and time spent on pages
  • Device information

2.3 License Plate Recognition Data

Our Photos with Andreas service uses automatic license plate recognition (ALPR) technology to help customers find photographs of their vehicles. License plate data is:

  • Used solely for the purpose of matching customers with their photographs
  • Stored securely and not shared with third parties
  • Deleted upon request (see Section 7: Your Rights)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide our services: Processing orders, delivering digital photographs, providing customer support
  • To improve our services: Analyzing usage patterns to enhance user experience
  • To communicate with you: Responding to inquiries, sending order confirmations, providing service updates
  • To comply with legal obligations: Meeting tax, accounting, and regulatory requirements
  • To protect our interests: Preventing fraud, enforcing our terms, protecting our legal rights

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to fulfill our contractual obligations to you (e.g., processing purchases)
  • Legitimate interests: Processing necessary for our legitimate business interests (e.g., improving services, preventing fraud)
  • Legal obligation: Processing required to comply with applicable laws
  • Consent: Processing based on your explicit consent (e.g., analytics cookies, marketing communications)

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites function properly and provide information to website owners.

5.2 Cookies We Use

We use the following types of cookies:

Cookie Type Purpose Duration
Essential Cookies Required for website functionality (session management, security, shopping cart) Session / 1 year
Analytics Cookies Google Analytics - helps us understand how visitors use our website Up to 2 years
User Experience Cookies Microsoft Clarity - records user interactions to improve website usability Up to 1 year

5.3 Third-Party Analytics Services

Google Analytics: We use Google Analytics to analyze website traffic and usage patterns. Google Analytics collects information such as how often users visit our site, what pages they visit, and what other sites they used prior to coming to our site. We use this information to improve our website and services. Google Analytics collects only the IP address assigned to you on the date you visit our site, rather than your name or other identifying information.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Microsoft Clarity: We use Microsoft Clarity to understand how users interact with our website through session recordings and heatmaps. This helps us identify usability issues and improve the user experience. Clarity does not collect personal data that can identify individuals.

Learn more about Microsoft's privacy practices.

5.4 Your Cookie Choices

When you first visit our website, you will be presented with a cookie consent banner. You can choose to accept or decline non-essential cookies. If you decline, analytics and user experience tracking will not be activated.

You can also control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Please note that disabling cookies may affect the functionality of our website.

Note: Logged-in users are not tracked by analytics services, and the cookie consent banner is not displayed to authenticated users.

6. Data Sharing and Disclosure

We may share your personal information in the following circumstances:

  • Service providers: Third-party companies that perform services on our behalf (payment processing, hosting, email delivery)
  • Legal requirements: When required by law, court order, or governmental authority
  • Business transfers: In connection with a merger, acquisition, or sale of assets
  • Protection of rights: To protect our rights, privacy, safety, or property

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6.1 Payment Processing

Payment transactions are processed by Stripe, Inc. When you make a purchase, your payment information is transmitted directly to Stripe's secure servers. We do not store credit card numbers or CVV codes on our systems. Please review Stripe's Privacy Policy for information about how they handle your payment data.

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access: You can request a copy of the personal data we hold about you
  • Right to rectification: You can request correction of inaccurate or incomplete data
  • Right to erasure: You can request deletion of your personal data ("right to be forgotten")
  • Right to restriction: You can request restriction of processing in certain circumstances
  • Right to data portability: You can request your data in a structured, machine-readable format
  • Right to object: You can object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: You can withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) if you believe your data protection rights have been violated.

8. Data Retention

We retain personal data for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations (e.g., tax records must be retained for 11 years under Croatian law)
  • Resolve disputes and enforce our agreements

Photographs and associated metadata are retained for a period of 2 years from the date of capture, after which they may be archived or deleted.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for data transmission
  • Secure storage with access controls
  • Regular security assessments
  • Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including by our service providers (e.g., cloud hosting, analytics services). When such transfers occur, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this Privacy Policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

SAN ANDREAS d.o.o.

SAN ANDREAS d.o.o. za računarstvo i usluge, turistička agencija

Ulica branitelja domovinskog rata 2/E

22000 Šibenik, Croatia

OIB: 70326470335

Email: [email protected]

Croatian Personal Data Protection Agency (AZOP)

Selska cesta 136, 10000 Zagreb, Croatia

Website: azop.hr