top of page
ZOI LOGO ZLATNI_edited.png

PRIVACY POLICY

Restaurant ZOI

Teraca d.o.o. | March 2026

 

1. Identity of the Data Controller

The data controller responsible for the processing of your personal data is:

 

Teraca d.o.o.

Medvedgradska 56, Zagreb, Croatia

OIB: 09971512170

Website: zoi.hr

Email: info@zoi.hr

 

The Company operates the fine dining restaurant ZOI located in Split, Croatia. Any reference to 'ZOI', 'we', 'us', or 'our' in this policy refers to Teraca d.o.o. as the legal entity.

2. Scope of This Policy

This Privacy Policy applies to personal data collected through:

  • the ZOI website (zoi.hr);

  • online reservation systems (including Zenchef);

  • email and other direct communications with us;

  • in-person data collection at the restaurant (e.g., guest books, event bookings).

 

This policy does not apply to third-party websites that may be linked from our website. We recommend reviewing the privacy policies of any third-party sites you visit.

3. Personal Data We Collect

We collect only the personal data that is necessary for the purposes described in this policy. This may include:

  • Identification data: name and surname;

  • Contact data: email address, telephone number;

  • Reservation data: date, time, number of guests, special requests or dietary requirements;

  • Technical data: IP address, browser type, device identifiers, and website usage data collected via cookies and analytics tools;

  • Communication data: the content of messages or inquiries you send us.

 

We do not collect sensitive categories of personal data (as defined in Article 9 GDPR) unless you voluntarily disclose such information (e.g., allergy or dietary information provided for a reservation). Where you do so, we process it solely to fulfil your request and with your explicit consent.

4. Lawful Bases for Processing

We process your personal data only where we have a lawful basis to do so. The applicable bases are:

 

4.1 Consent (Article 6(1)(a) GDPR)

Where you have given us clear consent to process your data for a specific purpose, such as subscribing to our newsletter or accepting non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

 

4.2 Contract Performance (Article 6(1)(b) GDPR)

Where processing is necessary to fulfil a reservation or other service you have requested, or to take pre-contractual steps at your request (e.g., responding to an event inquiry).

 

4.3 Legal Obligation (Article 6(1)(c) GDPR)

Where processing is necessary for compliance with a legal obligation applicable to us, including Croatian and EU law requirements on accounting, taxation, and employment.

 

4.4 Legitimate Interests (Article 6(1)(f) GDPR)

Where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your fundamental rights and freedoms. Our legitimate interests include: improving and securing our website, preventing fraud, analysing aggregate website usage, and maintaining records for the management of the business.

5. Purposes of Processing

We process your personal data for the following specific purposes:

  • Managing table reservations and guest communications;

  • Responding to inquiries, feedback, or complaints;

  • Sending newsletters or promotional communications (where you have subscribed and consented);

  • Technical administration, security, and improvement of our website;

  • Anonymous statistical analysis of website traffic and user behaviour;

  • Compliance with legal and regulatory obligations.

 

We will not use your personal data for any purpose incompatible with those stated above without first obtaining your consent or establishing a new lawful basis.

6. Use of Cookies

Our website uses cookies. Cookies are small text files placed on your device that help us provide core functionality and improve your experience.

 

6.1 Types of Cookies We Use

  • Strictly necessary cookies: Required for the website to function. These cannot be disabled.

  • Analytics cookies: Used to collect anonymous statistical data about how visitors use our site (e.g., pages viewed, session duration). These are only placed after you provide consent.

  • Third-party cookies: We may use third-party analytics services (such as Google Analytics). Data collected is aggregated and anonymised where possible.

 

6.2 Cookie Consent

Non-essential cookies (analytics, third-party) are placed only after you give explicit consent via our cookie banner. You may withdraw or change your consent preferences at any time by clicking the cookie settings link in the website footer.

 

6.3 Managing Cookies

You can also manage or delete cookies at any time through your browser settings. Note that disabling certain cookies may affect the functionality of our website. Instructions for managing cookies are available in your browser's help documentation.

7. Sharing of Personal Data

We do not sell your personal data. We may share your personal data with the following categories of recipients, only to the extent necessary:

  • Service providers and data processors: Third-party companies that process data on our behalf under a written Data Processing Agreement (DPA), such as our reservation system provider (Zenchef), website hosting provider, and email delivery services.

  • Legal authorities: Where required by law, court order, or regulatory obligation.

  • Professional advisers: Accountants, lawyers, or auditors, where necessary and subject to professional confidentiality obligations.

 

All third-party processors are contractually bound to process your data only on our instructions and in accordance with GDPR requirements.

8. International Data Transfers

Where we use third-party services that transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision. For example, Google Analytics data may be processed in the United States under applicable safeguard mechanisms.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

  • Reservation data: 2 years from the date of reservation;

  • Marketing communications (newsletter subscribers): Until you unsubscribe or withdraw consent;

  • Website analytics data: Up to 26 months (anonymised after 14 months where technically possible);

  • Accounting and tax records: 11 years, as required by Croatian law;

  • Correspondence and inquiry data: 2 years from the date of last communication.

 

After the applicable retention period, data is securely deleted or anonymised.

10. Your Rights Under GDPR

As a data subject, you have the following rights under the General Data Protection Regulation (EU) 2016/679:

  • Right of access (Article 15): You have the right to obtain confirmation of whether we process your personal data and to receive a copy of it.

  • Right to rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.

  • Right to erasure (Article 17): You have the right to request deletion of your personal data in certain circumstances ('right to be forgotten').

  • Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your data in certain circumstances.

  • Right to data portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.

  • Right to object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately.

  • Right to withdraw consent (Article 7(3)): Where processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing.

 

To exercise any of these rights, please contact us at:

info@zoi.hr

We will respond to your request within 30 days. We may need to verify your identity before processing a request.

11. Right to Lodge a Complaint

If you believe that we have processed your personal data in violation of applicable data protection law, you have the right to lodge a complaint with the Croatian Data Protection Authority (AZOP):

 

Agencija za zaštitu osobnih podataka (AZOP)

Selska cesta 136, 10000 Zagreb, Croatia

Tel: +385 1 4609 000

Email: azop@azop.hr

Website: www.azop.hr

 

You also have the right to lodge a complaint with the supervisory authority of your EU member state of habitual residence or place of work.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include secure server environments, access controls, and regular security reviews.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, notify you directly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The current version will always be available on our website at zoi.hr. Where changes are material, we will notify you by a prominent notice on our website or, where appropriate, by direct communication.

This policy was last updated in March 2026.

14. Contact

For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact us:

 

Teraca d.o.o. — Restaurant ZOI

Medvedgradska 56, Zagreb, Croatia

Email: info@zoi.hr

Website: zoi.hr

bottom of page