Privacy policy




Magic Croatia Travel Agency is commited to protect clients’ personal data, in accordance to the best business practices and valid Croatian and European regulations, including General privacy policy based on Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th 2016. Main purpose of this Act is to provide interested parties with all the necessary information on how to process and protect personal information and the rights that clients have regarding its processing.
We are always trying to transparently inform our clients about what we need to know regarding their personal information and whether we will store it and for how long. That way they can decide for themselves for which purpose we can use their personal information.
If you want to delete personal information we stored please inform us by sending an e-mail.


This policy applies to all personal information collected and stored by Magic Croatia and its authorized partners.
A client is considered a person who has requested a service or a service offer from Magic Croatia Travel Agency.
Personal data is any data relating to an individual whose identity has been identified or can be identified (Article 4 of the General Data Protection Regulation).
Data processing means any procedure or set of procedures that are performed on personal data or on personal data sets (Article 4 of the General Data Protection Regulation).


The data is processed in accordance with applicable laws pertaining to personal data processing and in accordance with best business practices of data protection, i.e. we perform legal, fair and transparent processing.

Processing in accordance with the purpose of data collection
The collected data is processed only in accordance with the purpose for which the data was collected.

Limitation of the data amount
We collect and process only those data that are necessary to achieve the purpose of processing.

Data accuracy
A special attention is paid to the accuracy of the collected data. A client has at any time the right to inspect data and correct his/her data.

Limitation of processing data and its retention
The data is processed and stored only for as long as it is necessary to fulfill the purpose for which it is collected or as required by the applicable regulations.

Security of personal data
We attach the greatest possible attention to personal data security.


In accordance with the General Data Protection Regulation, the client has the following rights:

The right of access to data

A client is entitled to receive confirmation that we are processing his/her personal data and, if processed, he/she is entitled to receive the following information: information about the purpose of processing, the category of personal data we are processing, the recipients or categories of recipients of the data we are processing, the predicted period in which the data will be stored or criteria for determining that period, the right to request rectification, deletion and limitation of data processing, the right to file a complaint to the supervisory body, an automated decision-making system information such as profile design, protection measures if the data are transferred to a third country.

The right to correction and deletion
A client has the right to obtain correction of incorrect data.
A client has the right to obtain deletion of the data unless the data is necessary for the purpose for which they are collected or need to be kept in accordance with the applicable legal regulations.

The right to processing limitation
A client has the right to obtain a limitation of data processing, under the conditions defined in the General Data Protection Regulation.

The right to data portability
A client has the right to receive the information he has submitted in a structured, standard and machine-readable format, and to transfer them to another processing manager without restriction.

The right to objection
A client has at all times the right to object to the processing of personal data.
A client has at all times the right to direct marketing complaint, in which case the data will no longer be used for this purpose. 


We collect data about our clients in the following ways:

– Data collection via Agency’s website
On our website, when making orders or inquiries, we collect the data necessary for making contracts, travel documents, offers and communication with clients.
A client submits the data via the forms on the website.
A client may leave his/her personal data in person, or on behalf of a client, it can be done by another person.

– Data collection via e-mail
On request, a client submits the data necessary for the preparation of contracts, travel documents, offers, insurance contracts, reservation of accommodation and communication with the client.
A client may leave his or her personal data in person, or on behalf of a client, it can be done by another person.

– Data collection via telephone
On request, a client submits the data necessary for the preparation of contracts, travel documents, offers, insurance contracts, reservation of accommodation and communication with the client.
A client may leave his or her personal data in person, or on behalf of a client, it can be done by another person.

– Data collection via website
We have incorporated YouTube videos on our website, which are stored on and can be viewed directly from our website. All this is included in the “extended data protection” mode, i.e. there is no information about you as a user that will be transferred to YouTube if you do not click on the videos to reproduce them.

We also use Facebook Pixel that allows us to place ads based on audience interests (“Facebook Ads”) who visit the social network of Facebook or other websites.
By subscribing to our newsletter (with mandatory personal information: your name, family name, e-mail address), you will receive, in accordance with your consent in each individual case, personalized information about products, services or suggestions for participation in promotions such as competitions or product testing via e-mail.

When participating in prize games, surveys, or similar campaigns, we use the personal information you provide us for the campaign (mandatory personal information: name, last name, e-mail address, and you can enter the phone number and address as well). You can find more information about the purpose in the appropriate terms and conditions of the campaign.

Your data will be deleted after the final campaign processing (see terms and conditions of participation) unless it is in conflict with statutory retention obligations or statutory law.
If you have given your consent (Article 6, Item 1, Point a of the GDPR) to process your data, you may at any time withdraw your consent. Such withdrawal affects the processing of your personal data after you have given it.

 – Client’s consent
Consent means any voluntarily, in particular, informed and unambiguous expression of desires of a respondent who expressly or explicitly acknowledges the consent to the processing of personal data relating to him/her (Article 4 of the General Data Protection Regulation).
Consent unambiguously considers execution order on the website, sending a request via the website, sending personal information by e-mail based on queries and telephone transfer data based on queries by employees of Magic Croatia Travel Agency.
Without a client’s consent, we will never use any client’s personal information for any purpose that is required by the applicable regulations.


We only collect data that is necessary for the purpose of data collection and in accordance with applicable legal regulations.
The data we collect:
– name and surname,
– the date of birth of children in order to obtain a discount,
– phone number and e-mail address for contact,
– the address of the residence if it is necessary to make a travel or insurance contract,
– OIB (Personal Identification Number) for travel insurance purposes, if contracted by the client,
– location, sex, citizenship, passport number or other appropriate personal document where necessary to enforce legal obligations (e.g. when crossing the border).


We collect personal information for the following purposes:

For the execution of the contract or the preparation for the contract execution
We collect personal data in order to execute a service to a client or to make a service offer.

To inform clients about services and products
If the client has given us the consent, we can use the client’s data to let him/her get acquainted with our services and products that may be of interest.

For internal purposes
Client’s data is kept to protect the legitimate interests of the client or our legitimate interests, in accordance with applicable legal regulations. This may include, for example, customer data retention in order to respond in a best way to customer complaints, use client’s data to prevent, detect and prosecute misuse at the expense of clients or Magic Croatia Agency, ensure the safety of employees, clients, products and services of Magic Croatia Agency, creating services and offers which suit the needs and wishes of clients, ensuring a superior customer experience, personalized customer service, research and market analysis, optimization of sales channels, etc.
The legal basis for the processing of data for this purpose is the legitimate interest of Magic Croatia Agency, unless such interests are of greater interest or fundamental rights and freedoms which require the protection of client data and/or legal grounds for the protection of key interests of a client or other natural person. Exceptions are cases where the legal basis of the consent is concerned.

For the purpose of fulfilling the legal obligations
On the basis of a written request based on the current valid regulations, Magic Croatia is obliged to provide or allow access to certain personal data of the client to the relevant state bodies (e.g. courts, police, tourist inspections, etc.).
The legal basis for the processing of data for these purposes is the fulfillment of the legal obligations of the Magic Croatia Agency.


We disclose client’s personal data to third parties in the following cases:

For the purpose of executing a contract or preparing for contract execution with a client
We disclose the data to a third party when it is necessary to provide the customer with a contracted service or requested information. This includes, for example, sending client’s data to a hotel or carrier when it is needed to perform a service or make consent for the service.

When the client has given consent
We disclose the data to third parties if this is necessary for the purpose for which the client has given explicit consent.

When we engage subcontractors to perform certain jobs
If we engage the subcontractors as executives for the execution of certain jobs, in that case we disclose the personal data to the subcontractor. We use only subcontractors from EU countries and these subcontractors work exclusively by the order of Magic Croatia and under the contract of Magic Croatia, which provides data protection measures as if data was processed by Magic Croatia.


For the purpose of protecting personal data of our clients we use the best business practices in the field of tourism and information-communication technologies. We continually adjust our internal processes to achieve the optimal level of personal data protection. We use different organizational measures and technical means to protect the user’s data from unauthorized access, change, loss, theft or other misuse of data.


A client can realize his/her rights under the General Data Protection Regulation by submitting a request to the electronic mail address
If the client suspects a violation of his/her personal data, he/she may file a claim to the
The client can also file a claim to the Personal Data Protection Agency.


The Privacy Policy comes into force and begins to apply on the date of publication and is available on the website. The clients will be informed in a timely manner, including through publication on the website, about possible changes and amendments in the Privacy Policy. A client has the right to disclose personal data, deletion of data and the limitation of personal data processing no later than the date of application of the General Data Protection Regulation, i.e. May 25th 2018.

In Zadar, May 23rd 2018