C-WAVE LEGAL
Privacy Policy
This Privacy Policy sets out how C-WAVE INTERNATIONAL d.o.o., acting as controller, collects, uses, stores, discloses and otherwise processes personal data in connection with its websites, inquiries, bookings, customer communication and related travel and yachting services.
Last Updated: 22.03.2026.
1. Controller Details
Controller: C-WAVE INTERNATIONAL d.o.o.
Registered Office: Ulica gardijskih brigada 52, HR-21217 Kaštel Stari, Croatia
OIB: 20817300177
MBS: 060502219
Registered with: Commercial Register of the Commercial Court in Split
General Contact: contact@cwi.hr
Telephone: +385 95 377 2947
Website: travel.cwi.hr
Privacy Contact: contact@cwi.hr
Registered Office: Ulica gardijskih brigada 52, HR-21217 Kaštel Stari, Croatia
OIB: 20817300177
MBS: 060502219
Registered with: Commercial Register of the Commercial Court in Split
General Contact: contact@cwi.hr
Telephone: +385 95 377 2947
Website: travel.cwi.hr
Privacy Contact: contact@cwi.hr
2. Applicable Legal Framework
This Policy is intended to reflect the requirements of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the applicable Croatian framework for the protection of personal data. The Croatian Personal Data Protection Agency (AZOP) is the competent supervisory authority in the Republic of Croatia.
This Policy should be read together with our Cookie Policy and any service-specific terms, booking terms or general terms and conditions published on our websites.
This Policy should be read together with our Cookie Policy and any service-specific terms, booking terms or general terms and conditions published on our websites.
3. GDPR Legal Table
The table below summarizes the principal GDPR provisions relevant to this Privacy Policy:
| GDPR Article | Subject | How It Relates to This Policy |
|---|---|---|
| Article 5 | Principles of processing | Personal data must be processed lawfully, fairly, transparently, for specified purposes, and limited to what is necessary. |
| Article 6 | Lawfulness of processing | Sets out the legal bases such as contract, legal obligation, legitimate interests and consent. |
| Articles 12–14 | Transparent information | Require controllers to inform individuals about identity, purposes, legal bases, recipients, retention and rights. |
| Article 15 | Right of access | Individuals may ask whether their data is processed and request access to it. |
| Article 16 | Right to rectification | Individuals may request correction of inaccurate or incomplete personal data. |
| Article 17 | Right to erasure | Individuals may request deletion in the cases provided by GDPR. |
| Article 18 | Right to restriction | Individuals may request restricted processing in certain situations. |
| Article 20 | Right to data portability | Applies where processing is based on consent or contract and carried out by automated means. |
| Article 21 | Right to object | Individuals may object to processing based on legitimate interests and have an absolute right to object to direct marketing. |
| Article 32 | Security of processing | Requires appropriate technical and organisational security measures. |
| Article 77 | Right to lodge a complaint | Individuals may lodge a complaint with a supervisory authority, including AZOP in Croatia. |
4. Scope of This Policy
This Privacy Policy applies to personal data collected through our websites, contact forms, charter and travel inquiry forms, booking-related communications, e-mail correspondence, telephone communication, customer support interactions and other business communications connected with our services.
5. Categories of Personal Data
Depending on the nature of your interaction with us, we may process:
- identification data, such as name and surname
- contact data, such as e-mail address and telephone number
- inquiry and booking data, such as destination, dates, travel preferences, guest numbers, vessel preferences, transfer requests and related service details
- communication data contained in e-mails, messages, inquiry forms and customer support exchanges
- invoicing or transaction-related data where relevant to booking administration or legal compliance
- technical and usage data, such as IP address, browser information, device data and cookie-related data
- any other data voluntarily provided by you in connection with an inquiry, service request or booking
- identification data, such as name and surname
- contact data, such as e-mail address and telephone number
- inquiry and booking data, such as destination, dates, travel preferences, guest numbers, vessel preferences, transfer requests and related service details
- communication data contained in e-mails, messages, inquiry forms and customer support exchanges
- invoicing or transaction-related data where relevant to booking administration or legal compliance
- technical and usage data, such as IP address, browser information, device data and cookie-related data
- any other data voluntarily provided by you in connection with an inquiry, service request or booking
6. Purposes of Processing
Personal data may be processed for the following purposes:
- responding to inquiries and requests for information
- preparing quotations, travel proposals, yacht offers and bespoke itineraries
- arranging, administering and supporting bookings and reservations
- communicating with customers regarding requested or contracted services
- meeting accounting, tax, consumer protection, tourism and other legal obligations
- protecting website functionality, integrity and security
- improving website performance, service quality and user experience
- carrying out analytics or marketing activities where lawfully permitted and, where required, based on valid consent
- responding to inquiries and requests for information
- preparing quotations, travel proposals, yacht offers and bespoke itineraries
- arranging, administering and supporting bookings and reservations
- communicating with customers regarding requested or contracted services
- meeting accounting, tax, consumer protection, tourism and other legal obligations
- protecting website functionality, integrity and security
- improving website performance, service quality and user experience
- carrying out analytics or marketing activities where lawfully permitted and, where required, based on valid consent
7. Legal Bases of Processing
In accordance with Article 6 GDPR, we may rely on one or more of the following legal bases:
| Legal Basis | GDPR Reference | Example |
|---|---|---|
| Performance of a contract / pre-contractual steps | Article 6(1)(b) | Handling inquiries, preparing offers, arranging reservations, servicing bookings. |
| Compliance with legal obligation | Article 6(1)(c) | Accounting, invoicing, complaint handling, legal record-keeping. |
| Legitimate interests | Article 6(1)(f) | Business communication, website security, fraud prevention, service improvement. |
| Consent | Article 6(1)(a) | Optional cookies, certain marketing communications, and other optional processing where required. |
8. Source of Personal Data
Personal data is typically collected directly from you when you contact us, complete an inquiry form, submit a booking request, communicate by e-mail or telephone, or otherwise interact with our websites and services.
Where necessary for arranging or delivering services, we may also receive relevant information from charter operators, travel suppliers, booking systems, payment providers or other legitimate business partners involved in your request or reservation.
Where necessary for arranging or delivering services, we may also receive relevant information from charter operators, travel suppliers, booking systems, payment providers or other legitimate business partners involved in your request or reservation.
9. Recipients of Personal Data
Where necessary and lawful, personal data may be disclosed to:
- charter operators, fleet managers, travel suppliers, accommodation providers, transfer providers and other service partners involved in the requested service
- IT, hosting, website maintenance, security and communications providers
- payment service providers, accounting providers, auditors, legal advisers and tax advisers
- public authorities, courts, regulators or other bodies where disclosure is required by law
- charter operators, fleet managers, travel suppliers, accommodation providers, transfer providers and other service partners involved in the requested service
- IT, hosting, website maintenance, security and communications providers
- payment service providers, accounting providers, auditors, legal advisers and tax advisers
- public authorities, courts, regulators or other bodies where disclosure is required by law
10. International Transfers
If personal data is transferred outside the European Economic Area, such transfers will be carried out only where permitted under applicable law and subject to appropriate safeguards where required.
11. Retention Periods
Personal data is retained only for as long as necessary for the purpose for which it was collected, including the performance of services, handling of inquiries, compliance with legal obligations, dispute resolution and the protection of legal claims and interests.
Specific retention periods may vary depending on the relevant legal, operational or contractual context.
Specific retention periods may vary depending on the relevant legal, operational or contractual context.
12. Data Subject Rights
Subject to the conditions and limitations provided by applicable law, you may have the right to:
- obtain confirmation as to whether personal data concerning you is being processed
- request access to personal data
- request rectification of inaccurate or incomplete data
- request erasure in the cases provided by law
- request restriction of processing
- object to processing based on legitimate interests
- withdraw consent at any time where processing is based on consent
- request data portability where the legal conditions are met
- lodge a complaint with a competent supervisory authority
- obtain confirmation as to whether personal data concerning you is being processed
- request access to personal data
- request rectification of inaccurate or incomplete data
- request erasure in the cases provided by law
- request restriction of processing
- object to processing based on legitimate interests
- withdraw consent at any time where processing is based on consent
- request data portability where the legal conditions are met
- lodge a complaint with a competent supervisory authority
13. Right to Lodge a Complaint
If you consider that the processing of your personal data infringes applicable law, you have the right to lodge a complaint with the competent supervisory authority.
Croatian Personal Data Protection Agency (AZOP)
Selska cesta 136, Zagreb, Croatia
E-mail: azop@azop.hr
Website: azop.hr
Croatian Personal Data Protection Agency (AZOP)
Selska cesta 136, Zagreb, Croatia
E-mail: azop@azop.hr
Website: azop.hr
14. Cookies and Tracking Technologies
Our websites may use cookies and similar technologies for technical, functional, analytical and marketing purposes. Detailed information regarding cookies, consent choices and related technologies is available in our Cookie Policy.
15. Security Measures
We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access, taking into account the nature of the processing and the risks involved.
16. Amendments to This Policy
We reserve the right to amend or update this Privacy Policy from time to time in order to reflect changes in law, supervisory guidance, technology, services or internal business practices. The current version will always be published on this page together with the latest revision date.
17. Contact
For any questions concerning this Privacy Policy or the processing of personal data, you may contact:
C-WAVE INTERNATIONAL d.o.o.
Ulica gardijskih brigada 52, HR-21217 Kaštel Stari, Croatia
E-mail: contact@cwi.hr
Telephone: +385 95 377 2947
Website: travel.cwi.hr
C-WAVE INTERNATIONAL d.o.o.
Ulica gardijskih brigada 52, HR-21217 Kaštel Stari, Croatia
E-mail: contact@cwi.hr
Telephone: +385 95 377 2947
Website: travel.cwi.hr
