Privacy Policy

Effective date: 1 June 2026

1. Data Controller

BeachBook d.o.o., Njegoลกeva 12, 85340 Herceg Novi, Montenegro. Email: privacy@beach.eyetrick.ru

2. Data We Collect

  • Booking data: full name, email address, phone number.
  • Payment data: transaction ID and masked card details provided by our payment processor. We do not store full card numbers.
  • Technical data: IP address, browser type, device type, pages visited, time spent on site (via server logs and analytics).
  • Communication data: content of messages sent via our contact form or support email.

3. Purpose and Legal Basis

PurposeLegal basis
Processing your booking and paymentPerformance of a contract (Art. 6(1)(b) GDPR)
Sending booking confirmation and QR ticketPerformance of a contract
Fiscal/tax reporting obligationsLegal obligation (Art. 6(1)(c) GDPR)
Fraud prevention and securityLegitimate interests (Art. 6(1)(f) GDPR)
Marketing emails (optional)Consent (Art. 6(1)(a) GDPR)

4. Data Sharing

We share your data with:

  • Beach operators โ€” to fulfil your reservation (name, booking details, QR code).
  • Payment processors (NestPay / Asseco SEE, Payoneer) โ€” to process your payment securely.
  • Email service provider โ€” to deliver booking confirmations.
  • Montenegrin tax authority (PU) โ€” as required by fiscalisation law.

We do not sell personal data to third parties.

5. Data Retention

Booking and fiscal records are retained for 7 years as required by Montenegrin accounting law. Technical logs are retained for 90 days. Marketing consent data is retained until withdrawal.

6. Your Rights

Under applicable data protection law (Montenegrin Law on Personal Data Protection and GDPR where applicable), you have the right to: access, rectify, erase, restrict processing of, and port your personal data, as well as the right to object to processing and to withdraw consent. To exercise these rights, email privacy@beach.eyetrick.ru.

7. Cookies

We use strictly necessary session cookies for authentication and CSRF protection. We do not use third-party tracking cookies without your consent.

8. Security

All data is transmitted over HTTPS (TLS 1.2+). Payment card data is handled exclusively by PCI-DSS certified payment processors. We implement industry-standard security measures including encrypted storage and access controls.