Privacy Policy

1. Data Controller

The data controller is Roko Nautika d.o.o., trading as Maro Charter, headquartered at Ribarska 1a, 51000 Rijeka, Croatia (OIB: 39838966704). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website marocharter.com or contact us directly.

We are compliant with Regulation (EU) 2016/679 (GDPR) and the Croatian Act on the Implementation of the General Data Protection Regulation (OG 42/2018).

2. Data We Collect

We only collect personal data when you voluntarily provide it to us. This may include:

• Name and contact details (email address, phone number, nationality)
• Charter details — preferred dates, route preferences, and number of guests
• Boating license and VHF certificate numbers (mandatory for bareboat charter under Croatian law)
• Passport or ID card details of all guests (mandatory for the crew list under the Maritime Code)
• Payment details — securely processed through third-party providers; we do not store card details

3. How We Use Your Data

We use your personal data for the following purposes:

• Processing your inquiry and issuing booking confirmation and charter agreement
• Preparing the mandatory crew list in accordance with the Croatian Maritime Code
• Communicating about your booking, documentation, itinerary, and departure
• Responding to questions, complaints, or information requests
• Fulfilling obligations under Croatian maritime, tax, and accounting regulations
• Sending newsletters or offers — only with your explicit consent

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

We process your personal data on the following legal bases (Art. 6 GDPR):

• Art. 6(1)(b) — Contractual necessity: processing your booking and fulfilling the charter agreement
• Art. 6(1)(c) — Legal obligation: crew list and license verification under the Croatian Maritime Code
• Art. 6(1)(f) — Legitimate interest: responding to inquiries and improving our services
• Art. 6(1)(a) — Consent: for newsletters or marketing communications, which you may withdraw at any time

5. Data Retention

Booking records and associated personal data are retained for seven (7) years in accordance with the Accounting Act (OG 78/15 and amendments). Inquiries that do not result in a booking are deleted within twelve (12) months. Newsletter subscriber data is deleted immediately upon withdrawal of consent.

6. Data Sharing

We share your data with third parties only when necessary:

• Payment processors — for secure handling of financial transactions
• Email service providers — for booking confirmations and operational communications
• Croatian port authorities, harbor master's offices, and the Ministry of the Sea — under the Maritime Code
• Our skippers and operational crew — solely for the execution of your charter

All processors are bound by data processing agreements and must process your data in compliance with the GDPR.

7. Your Rights

Under the GDPR, you have the following rights, which you may exercise at no cost:

• Right of access (Art. 15) — receiving a copy of the personal data we hold about you
• Right to rectification (Art. 16) — correcting inaccurate or incomplete data
• Right to erasure (Art. 17) — requesting deletion of data that is no longer necessary
• Right to restriction of processing (Art. 18) — limiting processing in certain circumstances
• Right to data portability (Art. 20) — receiving your data in a structured, machine-readable format
• Right to object (Art. 21) — to processing based on legitimate interest or for direct marketing

To exercise any of these rights, contact us at info@marocharter.com. We will respond within 30 days. You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb — www.azop.hr.

8. Cookies

We use only essential cookies: a session cookie for remembering your language preference and a security cookie (CSRF token) for form protection. These cookies are deleted when you close your browser. We do not use advertising, analytics, or tracking cookies. If this changes, we will update this policy and request your consent.

9. Security

We apply appropriate technical and organizational measures — including TLS encryption (HTTPS), access controls, and regular security reviews — to protect your personal data from unauthorized access, loss, or disclosure. No internet transmission is completely secure; we recommend contacting us through secure channels.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable regulations. The revision date at the top of this page indicates when the policy was last updated. We will notify you of significant changes via a notice on our website.

11. Contact

For any questions about this Privacy Policy or your personal data, please contact us: