Open Nav
SOLUTIONSFor SuppliersAgenciesResellers
Contact

Aventir engine fetures

ToursActivitiesBusiness services
Stories

Aventir engine fetures

Our teamPartnersOTA integrations
Contact
HomeSolutionsIndustriesAbout usContact

Privacy policy

Last Updated: 25 November 2025

1. Introduction

Aventir Engine d.o.o. (referred to as “Aventir Engine”, “Aventir”, “we”, “us” or “our” in this Privacy Policy) is a company incorporated and registered in Croatia with company number [Company Registration Number] whose registered office is at [Company Address], Croatia. In this Privacy Policy, references to ‘you’ or ‘your’ is to you as an individual.

The protection of personal data is important to us, and we process personal data exclusively in accordance with applicable data protection requirements including (but not limited to) the General Data Protection Regulation (“GDPR”) and other applicable provisions of Croatian and EU law.

We act as an intermediary in relation to facilitating, creating and managing bookings of travel services – including tours, activities, attractions and other touristic experiences (“Offers”), and in those circumstances, we process Identity Data, Contact Information Data and Financial Data.

We are the owners of the website aventir.io (“Website”) and the Aventir Engine platform (“Platform”), through which we provide our services. If you visit our Website or use our Platform, we can process your Analytics Information Data, only if you accept such processing. This Privacy Policy contains our rules regarding the protection and management of your personal data (“Policy”). With this Policy, we inform you about how we collect personal data, what personal data we collect, why we process it, how we use it, how we store it, with whom we share it and why.

2. Data Controller

Data controller of your personal data is:

Aventir Engine d.o.o.
Selo-Varoš 85A, 52100, Premantura, Hrvatska
Croatia
Company Registration Number: 130160354

3. Contact Information

In case of any questions regarding this Policy, feel free to contact us:

Email: info@aventir.io
Website: aventir.io

4. Information on the Processing of Personal Data

Data subjects in terms of this Policy are: Customers, Suppliers, Partners (Resellers and Agencies) and Visitors to our Website and Platform.

Personal Data We Process

The personal data we can process includes:

  • Identity Data which can include: name and surname
  • Contact Information Data which can include: email address and phone number
  • Financial Data needed to make payments which can include: bank account information, payment card information and transaction history
  • Analytics Information namely information from your web browser (such as browser type and browser language) and details of your visits to our Website and Platform, including traffic data, location data and logs, page views, length of visit and navigation paths as well as information about your computer and internet connection, including your IP address and how you interact with our services

Processing of certain personal data is necessary in order for us to be able to provide our services, i.e. in order to carry out our business activity.

The processing of personal data can also be based on the consent of the Data Subject. In that case, the Data Subject has the right to withdraw consent at any time for personal data which was obtained through voluntary consent. Withdrawal of consent does not affect the legality of data which was processed before the withdrawal. Data subjects are informed about the possibility of consent withdrawal before they give it. The data controller is obliged to prove at any time that certain personal data was obtained on the basis of consent.

4.1 Customers

If you are a Customer using Aventir Engine services to book Offers, we can process your Identity Data, Contact Information Data and Financial Data (“Customer Data”).

In that case we will process your personal data for the purpose of providing service, payment processing, resolving service issues and ensuring the quality of the service/product.

Legal Basis: The legal basis for processing customers’ personal data is:

  • Performance of contract between you and Aventir Engine (as the personal data controller)
  • Our legitimate interests in the performance of our activities, except when interests or fundamental rights and freedoms of customers that require the protection of personal data prevail over our legitimate interests

Legitimate Interests: In our legitimate interests of providing the best services to you and improving and growing our business, we will process data for the purpose of:

  • Improving our Platform, API and our services
  • Keeping our Website, Platform and systems safe and secure
  • Defending against or exercising legal claims and investigating complaints
  • Fraud prevention and security monitoring

Data Retention: We will delete obtained personal data when the purpose for which they were obtained is fulfilled. With the exception of the above, we will process personal data of customers in order to comply with legal obligations established by applicable law, primarily data related to financial regulations, and we will keep such personal data as long as required by applicable law (typically seven years for financial records).

4.2 Suppliers

If you are an Aventir Engine Supplier, we may process data that we need to perform the contract, namely Identity Data, Contact Information Data and Financial Data. In doing so, we can also process data about the Supplier’s employee who communicates on behalf of the Supplier, namely: first and last name, email, phone/mobile number.

We will process the Supplier’s personal data for the purpose of the contractual relationship with the Suppliers.

Legal Basis: The legal basis for processing Suppliers’ personal data is:

  • Performance of contract between the Supplier and Aventir Engine (as the personal data controller)
  • Our legitimate interests in the performance of our activities, except when these interests are weaker than the interests or fundamental rights and freedoms of Suppliers/employees of Suppliers that require protection of personal data

Legitimate Interests: In our legitimate interests of providing the best services to you and improving and growing our business, we will process data for the purpose of:

  • Improving our Platform, API and our services
  • Keeping our Website, Platform and systems safe and secure
  • Defending against or exercising legal claims and investigating complaints
  • Fraud prevention and security monitoring

Data Retention: We will delete obtained personal data when the purpose for which they were obtained is fulfilled. With the exception of the above, we will process personal data of Suppliers in order to comply with legal obligations established by applicable law, primarily data related to financial regulations, and we will keep such personal data as long as required by applicable law (typically seven years for financial records).

4.3 Partners (Resellers and Agencies)

If you are an Aventir Engine Partner (Reseller or Agency), we may process data that we need to perform the contract, namely Identity Data, Contact Information Data and Financial Data. In doing so, we can also process data about the Partner’s employee who communicates on behalf of the Partner, namely: first and last name, email, phone/mobile number.

We will process the Partner’s personal data for the purpose of the contractual relationship with the Partner.

Legal Basis: The legal basis for processing Partners’ personal data is:

  • Performance of contract between the Partner and Aventir Engine (as the personal data controller)
  • Our legitimate interests in the performance of our activities, except when these interests are weaker than the interests or fundamental rights and freedoms of Partners/employees of Partners that require protection of personal data

Legitimate Interests: In our legitimate interests of providing the best services to you and improving and growing our business, we will process data for the purpose of:

  • Improving our Platform, API and our services
  • Keeping our Website, Platform and systems safe and secure
  • Defending against or exercising legal claims and investigating complaints
  • Fraud prevention and security monitoring

Data Retention: We will delete obtained personal data when the purpose for which they were obtained is fulfilled. With the exception of the above, we will process personal data of Partners in order to comply with legal obligations established by applicable law, primarily data related to financial regulations, and we will keep such personal data as long as required by applicable law (typically seven years for financial records).

4.4 Website and Platform Visitors

If you are a Visitor to our Website or Platform, we can process your Analytics Information Data only if you accept such processing through cookie consent.

Legal Basis: Your consent, which you can withdraw at any time.

Purpose: We process Analytics Information to:

  • Understand how visitors use our Website and Platform
  • Improve user experience and functionality
  • Optimize our services and content
  • Analyze traffic patterns and user behavior

Data Retention: Analytics data is typically retained for twenty-six (26) months (Google Analytics default setting) or until you withdraw consent.

5. Who We Share Your Information With

For the purposes set out in this Policy, we will share/forward personal data with the following categories of third parties (based on contracts containing provisions on the protection of your personal data), some of whom we appoint to provide services:

Sharing with Service Providers

We share data with:

  • Suppliers who provide the Offers booked by a Customer using Aventir Engine services
  • Partners (Resellers and Agencies) who facilitate bookings on behalf of Customers
  • Payment processors (including Stripe and AventirPay partners) for payment processing
  • IT service providers we use to host or maintain our Website, Platform and digital services
  • Accountants and financial advisors for the purpose of fulfilling financial obligations
  • Analytics providers (Google Analytics, Google Tag Manager) that assist us in the improvement and optimization of our Website and services
  • Advertising platforms Meta, Google Ads, LinkedIn Ads and Redit Ads for marketing and advertising purposes

Sharing Customer Data with Suppliers

We will provide your Identity Data and Contact Information Data to Suppliers of Offers (e.g. tours and activities providers) as part of the service that we offer. The Supplier will process your personal data as an independent data controller. The Supplier will use Customer data only for the purposes of providing to the applicable Customer the Offer booked by the Customer, and to the extent and duration required to perform that service. Suppliers are contractually required to adopt and adhere to a privacy policy consistent with applicable laws, rules, regulations and guidelines and this Policy, employ reasonable industry standard physical, technical and administrative measures to protect Customer data and ensure that any collection, use and disclosure of Customer data complies with all applicable laws, regulations and privacy policies.

Sharing Customer Data with Partners

Customer personal data (name, surname and contact information) can be shared with a Partner for marketing purposes, if the Customer gives written consent to a particular Partner. In that case, the Partner will process your personal data as an independent data controller. Partners are contractually required to adopt and adhere to a privacy policy consistent with applicable laws, employ reasonable industry standard physical, technical and administrative measures to protect Customer data and ensure that any collection, use and disclosure of Customer data complies with all applicable laws, regulations and privacy policies.

Legal Obligations

We may disclose your personal data:

  • To comply with legal obligations, court orders or government requests
  • To enforce our Terms & Conditions and protect our rights
  • To prevent fraud, security incidents or illegal activities
  • To protect the safety and rights of our users and the public

Business Transfers

If Aventir Engine is involved in a merger, acquisition, sale of assets or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change.

6. International Transfers

Many of our external third parties (including Suppliers and service providers) may be based outside Croatia and the European Economic Area (EEA), so their processing of your personal data may involve a transfer outside the EEA.

We will transfer your personal data outside the EEA only if such transfer is not prohibited or restricted by law.

Safeguards for International Transfers:

The transfer of personal data to a third country or international organization that the European Commission has assessed as meeting the appropriate level of personal data protection is based on the Commission’s adequacy decision.

In the absence of an adequacy decision, Aventir Engine will implement appropriate protective measures for the transfer of personal data including:

  • Standard Contractual Clauses adopted by the European Commission
  • Binding corporate rules
  • Other legally recognized transfer mechanisms under GDPR

We ensure that all international data transfers comply with GDPR requirements and provide appropriate safeguards for your personal data.

7. Data Security

We have established appropriate technical and organizational security measures to prevent accidental loss, use or unauthorized access, modification or disclosure of your personal data, including:

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Physical access controls to our information systems and business premises
  • Limited access to your personal data – only available to authorized employees who process your personal data as part of their job obligations
  • Employee training on data protection and confidentiality obligations
  • Regular security assessments and monitoring
  • Secure data backup and recovery procedures

Our employees will process your personal data exclusively according to instructions, legal obligations and are subject to the obligation of confidentiality.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

8. Cookies and Tracking Technologies

What Are Cookies

Cookies are small text files that are sent to your device when you visit a website. The cookies are then sent back to the original website each time you visit the site or another website that recognizes that cookie. Cookies serve as a website’s memory, allowing that website to remember your device when you visit the site again. This allows the website to recognize your computer the next time you visit us, in order to offer you a personalized experience when you navigate through it.

Types of Cookies We Use

If you are a Visitor to our Website or Platform, you should know that we use:

1. Technical Cookies (Essential) – These cookies are necessary for the functioning of our Website and Platform and do not store any information that could identify you. We cannot exclude the use of Technical cookies and we do not need your consent to use them. You can set your browser to block these cookies or send a warning about them, but in this case some parts of the site will not work. It should be noted that our Website and Platform function optimally only if the use of cookies is enabled.

2. Analytical Cookies (Optional) – You can refuse to accept these cookies without any consequences. If you accept Analytical cookies we will process information from your web browser (such as browser type and browser language) and details of your visits to our Website and Platform, including traffic data, location data and logs, page views, length of visit and navigation paths as well as information about your computer and internet connection, including your IP address and how you interact with our Website and Platform.

Third-Party Tracking Technologies

We use the following third-party tracking technologies:

Google Analytics

  • Purpose: To analyze Platform traffic and user behavior
  • Privacy Policy: https://policies.google.com/privacy
  • Opt-out: https://tools.google.com/dlpage/gaoptout

Google Tag Manager

  • Purpose: To manage tracking codes and analytics tags
  • Privacy Policy: https://policies.google.com/privacy

Meta Pixel

  • Purpose: To measure advertising effectiveness and deliver targeted ads on Facebook and Instagram
  • Privacy Policy: https://www.facebook.com/privacy/policy
  • Opt-out: Manage your ad preferences in your Facebook settings
Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

  • View and delete cookies
  • Block third-party cookies
  • Block all cookies
  • Receive notifications when cookies are set

Browser Cookie Settings:

  • Chrome: Settings > Privacy and security > Cookies and other site data
  • Firefox: Settings > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Cookies and website data
  • Edge: Settings > Cookies and site permissions

Please note that blocking or deleting cookies may affect Website and Platform functionality and your user experience.

Third-Party Websites

Our Website and Platform may link to external sites not controlled by us. Please note that we have no control over the content and practices of these sites and cannot accept responsibility for their privacy policies. We encourage you to review the privacy policies of any third-party websites you visit.

9. Your Rights

As data subjects you have rights stipulated by GDPR and applicable regulations, including:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

9.2 Right to Rectification and Erasure

You have the right to request correction of inaccurate or incomplete personal data and, in certain circumstances, to request deletion of your personal data (also known as the “right to be forgotten”).

9.3 Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

9.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

9.5 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

9.6 Right to Withdraw Consent

Where we process your personal data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9.7 Exercising Your Rights

All of the above rights can be exercised by submitting a written request to info@aventir.io, and we will respond within thirty (30) days.

You may need to verify your identity before we can process your request. We may decline requests that are manifestly unfounded, excessive, or would compromise the privacy of others.

9.8 Right to Lodge a Complaint

If you believe that your personal data is being processed unjustifiably and the processing of your personal data is not in accordance with legal regulations, you can file a complaint directly with the Croatian Data Protection Authority.

Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka – AZOP):

  • Address: Selska cesta 136, 10000 Zagreb, Croatia
  • Phone: +385 1 4609 000
  • Email: azop@azop.hr
  • Website: https://azop.hr

9.9 Data Accuracy

It is important to us that the personal data we keep about you is accurate and valid. Please notify us at info@aventir.io if your personal information changes during your relationship with Aventir Engine.

10. Marketing Communications

Opting In

With your consent, we may send you marketing communications about our services, features, promotions and updates.

Opting Out

You can opt out of marketing communications at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us at info@aventir.io

Please note that even if you opt out of marketing communications, we will still send you transactional and service-related messages (booking confirmations, payment receipts, important account updates).

11. Children’s Privacy

The Platform is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information as soon as possible.

If you believe we have collected information from a child under 16, please contact us at info@aventir.io.

12. Amendment of Policy and Entry Into Force

Aventir Engine reserves the right to amend this Policy. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this Privacy Policy
  • Notify you via email or through a prominent notice on the Platform
  • Request your consent where required by law

We encourage you to review this Policy periodically to stay informed about how we protect your information.

These Rules come into force and apply from 25 November 2025.

13. General Provisions

You are generally free to refuse our request to process your personal data, with the understanding that we may not be able to provide you with some of the desired services in that case.

By using the Aventir Engine Website and Platform, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use and disclosure of your information as described herein.

For questions or concerns regarding this Privacy Policy, please contact us at info@aventir.io