This Privacy Policy explains how Adnan Smlatić s.p. (registration number: 9762884000) collects, uses, and protects your personal data when you use tilaa.app.
1. Data Controller:
1.1 Adnan Smlatić s.p., registered in Slovenia (registration number: 9762884000), is the data controller responsible for your personal data.
1.2 Contact us at: [email protected] for any privacy-related questions.
2. What Data We Collect:
2.1 Account Information: When you create an account, we collect your name, email address, and encrypted password.
2.2 Search Data: Your travel searches, preferences, and saved trips to provide personalized recommendations.
2.3 Technical Data: IP address, browser type, device information, and usage patterns through cookies and similar technologies.
2.4 Location Data: With your consent, we may collect location data to provide location-based search results.
3. Legal Basis for Processing:
3.1 Contract Performance: To provide our search services and maintain your account.
3.2 Legitimate Interest: To improve our services, prevent fraud, and ensure website security.
3.3 Consent: For marketing communications, location tracking, and non-essential cookies.
4. How We Use Your Data:
4.1 Provide and improve our travel search services.
4.2 Personalize your experience and save your preferences.
4.3 Communicate with you about your account and our services.
4.4 Analyze website usage to improve functionality.
4.5 Ensure website security and prevent fraud.
5. Data Sharing:
5.1 We do not sell your personal data to third parties.
5.2 We may share data with:
5.2.1 Travel providers when you click through to their websites (governed by their privacy policies).
5.2.2 Service providers who help us operate our website (hosting, analytics, customer support).
5.2.3 Legal authorities when required by law or to protect our rights.
6. Cookies and Analytics:
6.1 We use essential cookies for website functionality.
6.2 With your consent, we use Google Analytics to understand website usage patterns.
6.3 You can manage cookie preferences through your browser settings.
7. Data Retention:
7.1 Account data: Retained while your account is active and for 3 years after account deletion.
7.2 Search data: Retained for 2 years to improve our services.
7.3 Analytics data: Anonymized and retained for statistical purposes.
8. Your Rights Under GDPR:
8.1 Access: Request a copy of your personal data.
8.2 Rectification: Correct inaccurate personal data.
8.3 Erasure: Request deletion of your personal data.
8.4 Portability: Receive your data in a structured, machine-readable format.
8.5 Restriction: Limit how we process your data.
8.6 Objection: Object to processing based on legitimate interest.
8.7 Withdraw Consent: Withdraw consent for consent-based processing.
9. Data Security:
9.1 We implement appropriate technical and organizational measures to protect your data.
9.2 Data is encrypted in transit and at rest.
9.3 Access to personal data is restricted to authorized personnel only.
10. International Transfers:
10.1 Your data is primarily stored and processed within the European Union.
10.2 Some service providers may be located outside the EU, but we ensure adequate protection through appropriate safeguards.
11. Children's Privacy:
11.1 Our services are not intended for children under 16 years of age.
11.2 We do not knowingly collect personal data from children under 16.
12. Changes to This Policy:
12.1 We may update this privacy policy from time to time.
12.2 We will notify you of significant changes via email or website notice.
13. Contact Information:
13.1 For privacy-related questions or to exercise your rights, contact us at: [email protected]
13.2 You have the right to lodge a complaint with the Slovenian data protection authority (IP-RS) if you believe we have violated your privacy rights.
Last updated: 21.06.2025