Privacy Policy

Privacy Policy for Bistro Mario

Effective Date: July 10, 2025

At Bistro Mario, accessible from https://bistromario.hr, your privacy is of utmost importance to us. This Privacy Policy outlines the types of information we collect, how we use it, and the steps we take to protect your personal data, in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for our users in the European Union.

Who we are

Our website address is: https://bistromario.hr. Bistro Mario is a restaurant providing dining services, reservations, and event hosting.

Information We Collect and How We Use It

We only collect personal data that is necessary for the purposes outlined in this policy.

1. Comments

Data Collected: When visitors leave comments on our site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string.
Purpose: This information is collected to help us detect and prevent spam, maintain the security of our website, and allow for legitimate discussion.
Gravatar Service: An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/.
Visibility: After approval of your comment, your profile picture (if linked via Gravatar) is visible to the public in the context of your comment.
Legal Basis (GDPR): Our legitimate interest in preventing spam and fostering a secure and interactive website environment.

2. Media (Images)

Recommendation: If you upload images to the website (e.g., as part of a user profile or comment, if enabled), you should avoid uploading images with embedded location data (EXIF GPS) included.
Risk: Visitors to the website can download and extract any location data from images on the website.
Our Practice: Bistro Mario generally does not encourage or require users to upload media that would contain personal data directly on the website.

3. Contact Forms

Data Collected: When you use our contact form on the “Kontakt” page, we collect your Name, Surname, Email Address, the subject of your inquiry (“Tema razgovora”), and your message (“Komentar/Pitanja”). We also utilize Google reCAPTCHA.
Purpose: This information is collected to enable us to respond to your inquiries, reservation requests, event bookings, or any other questions you may have.
Retention: We retain contact form submissions for a period necessary to address your inquiry and for a reasonable time thereafter for our records, typically up to 12 months, unless a longer retention period is required by law or for a specific contractual relationship.
Legal Basis (GDPR): Our legitimate interest in communicating with our website visitors and providing customer service. For reservation requests, the legal basis is the performance of a contract or steps prior to entering into a contract.

4. Cookies

Our website uses cookies and other related technologies (like scripts and web beacons) to ensure proper functioning, enhance user experience, and for marketing purposes. This section provides an overview; for detailed information, please refer to our dedicated Cookie Policy.

What are Cookies? A cookie is a small simple file that is sent along with pages of this website and stored by your browser on the hard drive of your computer or another device.
What are Scripts? A script is a piece of program code that is used to make our website function properly and interactively.
What is a Web Beacon? A web beacon (or a pixel tag) is a small, invisible piece of text or image on a website used to monitor traffic.
Types of Cookies Used:
- Technical or Functional Cookies: These cookies ensure that certain parts of the website work properly and that your user preferences remain known. They enable basic functions like remembering items in a shopping cart (if applicable) or preventing repeated information entry. We may place these cookies without your consent as they are strictly necessary for the website’s operation.
  - Examples: Elementor, WordPress, Polylang, Miscellaneous.
- Statistics/Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. This helps us improve our website’s performance and content.
  - Examples: Sourcebuster JS.
- Marketing/Tracking Cookies: These cookies are used to create user profiles to display advertising or to track the user on this website or across several websites for similar marketing purposes.
  - Examples: Facebook, potentially others linked to social media or advertising.
- Social Media Cookies: Our website includes content from Instagram and Facebook (via embedded content and direct links). These platforms may place cookies to enable their features (e.g., “like” or “share” buttons) and might store and process certain information for personalized advertising.
  - Please read the privacy statements of these social networks (Instagram, Facebook) to understand what they do with your data processed using their cookies. The data retrieved is anonymized as much as possible.
Cookie Consent: When you visit our website for the first time, you are presented with a pop-up banner explaining our use of cookies. By clicking on “Spremi postavke” (Save settings), you consent to us using the categories of cookies and plug-ins you selected. You have the option to manage your consent settings at any time via the cookie consent banner.
Enabling/Disabling and Deleting Cookies: You can manage or delete cookies using your internet browser settings. However, please note that disabling all cookies may affect the proper functioning of our website. For more details on managing cookies, refer to your browser’s Help section.
Legal Basis (GDPR): Our legal basis for processing data via essential functional cookies is our legitimate interest in providing a functional website. For non-essential cookies (statistics, marketing, social media), our legal basis is your consent.

5. Embedded Content from Other Websites

Nature of Content: Pages on this site may include embedded content (e.g., videos from YouTube, images, articles, etc.).
Behavior of Embedded Content: Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website directly.
Third-Party Data Collection: These external websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Our Responsibility: We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party websites you visit.
Legal Basis (GDPR): Our legitimate interest in providing rich, informative content to our users.

6. Third-Party Links (Glovo, Wolt, Social Media)

Nature of Links: Our website includes links to third-party services such as Facebook, Instagram, Glovo (https://glovoapp.com/hr/en/rijeka/bistro-mario-rjk/), and Wolt (https://wolt.com/hr/hrv/marinici-viskovo/restaurant/bistro-mario).
External Websites: When you click on these links, you will be directed to external websites or applications operated by these third parties.
Data Handling by Third Parties: These third parties operate independently and have their own privacy policies. We are not responsible for the privacy practices or the content of these external sites. We encourage you to review the privacy policies of any third-party websites or services you visit.
Legal Basis (GDPR): Our legitimate interest in connecting users to our social media presence and third-party delivery services.

7. Google Maps

Data Collected: Our website uses Google Maps to provide location services and directions. When you view our embedded map, Google may collect data about your interaction with the map.
Purpose: To help users locate Bistro Mario and plan their visits.
Privacy Information: For information on how Google processes data, please refer to Google’s Privacy Policy.
Legal Basis (GDPR): Our legitimate interest in providing useful location information to our website visitors.

8. Google reCAPTCHA

Data Collected: Our contact form utilizes Google reCAPTCHA to prevent spam and automated submissions. This service collects certain information about your interaction with the website to distinguish between humans and bots.
Purpose: To protect our forms and website from abuse.
Privacy Information: For information on how Google processes data through reCAPTCHA, please refer to Google’s Privacy Policy.
Legal Basis (GDPR): Our legitimate interest in maintaining the security and integrity of our website and preventing spam.

Who we share your data with

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties except as described below:

Password Resets: If you request a password reset, your IP address will be included in the reset email. This is a standard security measure.
Automated Spam Detection: Visitor comments and contact form submissions may be checked through an automated spam detection service (e.g., Akismet, Google reCAPTCHA). This service helps us protect our website from malicious content.
Service Providers: We may share your data with trusted third-party service providers who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential and comply with data protection regulations. This might include web hosting providers, email service providers, or analytics providers. We only share the minimum data necessary for them to perform their services.
Legal Requirements: We may disclose your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.

How long we retain your data

Comments: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
Contact Form Submissions: We retain contact form submissions for a period necessary to address your inquiry and for a reasonable time thereafter for our records, typically up to 12 months, unless a longer retention period is required by law or for a specific contractual relationship.
Registered Users (if any): For users that register on our website (if user registration is enabled), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. This data is retained as long as the user account is active, or until the user requests deletion.

What rights you have over your data

Under GDPR, you have the following rights regarding your personal data:

Right to Know: You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
Right of Access: You have the right to access your personal data that is known to us. You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
Right to Rectification: You have the right to request to supplement, correct, have deleted or blocked your personal data whenever you wish, if it is inaccurate or incomplete.
Right to Erasure (Right to be Forgotten): You have the right to request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain conditions (e.g., if you contest the accuracy of the data).
Right to Object to Processing: You may object to the processing of your data, unless there are justified grounds for processing that override your interests, rights, and freedoms.
Right to Data Portability: You have the right to request all your personal data from the controller and transfer it in its entirety to another controller, in a structured, commonly used, and machine-readable format.
Right to Withdraw Consent: If we rely on your consent to process your data, you have the right to revoke that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the contact details provided below. We will respond to your request in accordance with applicable data protection laws. If you have a complaint about how we handle your data, we would like to hear from you, but you also have the right to submit a complaint to the supervisory authority (the Croatian Data Protection Agency – Agencija za zaštitu osobnih podataka).

Where your data is sent

Your data may be processed in various locations depending on our service providers. For users in the European Union, we strive to ensure that any transfer of personal data outside the EU/EEA is done in compliance with GDPR, for example, by using Standard Contractual Clauses or ensuring the recipient country has an adequate level of data protection.

Visitor comments and contact form submissions may be checked through automated spam detection services, which may involve data transfer to the service provider. Data associated with Google Maps and Google reCAPTCHA may also be processed by Google in locations outside the EU/EEA, subject to Google’s privacy policies and compliance mechanisms.

Security Measures

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include SSL encryption for data transmission and regular security audits.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by posting the new Privacy Policy on this page with a revised “Effective Date.” You are advised to review this Privacy Policy periodically for any changes.

Contact Us

For questions and/or comments about our Privacy Policy or if you wish to exercise your data protection rights, please contact us using the following details:

Marija i Ivan J.d.o.o. Donji Jugi 15 51216 Viškovo Croatia

Website: https://bistromario.hr Email: bistromario.web@gmail.com Phone: (+385) 51 882 435 or (+385) 99 845 4084

Here is our cookie policy if you are interested: https://bistromario.hr/cookie-policy-eu/