SeaCras

Public App Legal

SeaCras App Privacy Policy

This Privacy Policy explains how Sea Cras d.o.o. processes personal data in connection with the public SeaCras App available at water.seacras.com. It is separate from the privacy policy for the corporate website because the public app has its own audience, consent settings, and public-use context.

Servicewater.seacras.com
ControllerSea Cras d.o.o.
Last UpdatedMarch 25, 2026
Privacy Contactinfo@seacras.com

1. Controller, Scope, and Privacy Contact

The controller for the personal data described in this Privacy Policy is Sea Cras d.o.o., Avenija Dubrovnik 15, 10000 Zagreb, Croatia, VAT ID HR70844303390.

SeaCras can be contacted for privacy matters at info@seacras.com. For the purposes of Canadian and Quebec transparency requirements, this address is also the contact point for the person responsible for SeaCras privacy practices relating to the public app. If SeaCras appoints a dedicated Data Protection Officer or other statutory privacy contact for these services, this notice will be updated.

This Policy applies to the public SeaCras App and associated public app pages served from water.seacras.com. It does not apply to the separate corporate website or to private client deployments, partner portals, dashboards, or contracted services governed by separate agreements or notices.

2. Data We Process

Depending on how you use the public app, SeaCras may process:

  • Technical and device data: IP address, browser type, device type, operating system, app page requests, date and time of access, error events, and security logs.
  • App interaction data: public views opened, map layers or filters selected, general app interaction events, and consent preferences associated with your session.
  • Referral and public campaign context: QR-linked identifiers, destination references, or general partner or location context when you access the app through a public partner activation, campaign, or landing path.
  • Support or inquiry data: any personal data you choose to provide if you contact SeaCras regarding the public app.
  • Optional analytics data: aggregate or pseudonymous usage analytics collected through Google Analytics 4, but only where the public app has obtained any consent required by law.
  • Compliance and preference records: records needed to demonstrate consent, respect opt-out preferences, respond to rights requests, and comply with legal obligations, including the first-party cookie_consent_v2 record stored in your browser.
Public app distinction: SeaCras designs the public app around informational use. It is not intended to collect more personal data than is reasonably necessary for operation, security, consent management, partner reporting in aggregated form, and app improvement.

3. Where the Data Comes From

SeaCras may obtain app-related personal data:

  • directly from your interaction with the public app, including technical requests, app pages opened, and cookie or analytics preferences;
  • from public campaign or partner-routing context, such as a QR or destination-specific route into the app;
  • from your direct communications with SeaCras if you send feedback or support requests;
  • from infrastructure, hosting, security, or analytics providers acting on SeaCras instructions.

4. Purposes, Legal Bases, and Legitimate Interests

Purpose Examples Legal Basis
Deliver the public app Serve app pages, public indicators, destination views, and public content requested by the user. Legitimate interests in operating the public app and, where applicable, taking steps at the user's request.
Maintain security and stability Prevent abuse, detect errors, troubleshoot incidents, and maintain audit or security logs. Legitimate interests in securing the app and related infrastructure.
Measure and improve app performance Understand aggregated feature use, destination reach, route effectiveness, and app performance through Google Analytics 4 where enabled. Consent where required by law.
Respond to support or business inquiries Answer app-related questions, support public deployments, or respond to partner or visitor feedback. Legitimate interests, contract-related necessity, or steps prior to entering into a contract.
Comply with law and defend claims Handle rights requests, comply with legal obligations, and protect SeaCras's legal position. Legal obligation and legitimate interests.

Legitimate interests SeaCras relies on

Where SeaCras relies on legitimate interests for the public app, those interests generally include providing a stable and secure public experience, supporting SeaCras partner activations, understanding public engagement at an aggregate level, preventing abuse, and protecting SeaCras systems and legal interests.

5. When Data Is Required

Public app browsing usually does not require you to submit direct identifiers such as your name or email address. However, certain technical data is necessarily processed to deliver the public app and maintain security.

If you choose to contact SeaCras or use an optional feature that requests information, the requested information may be necessary for SeaCras to respond or provide that feature. If you do not provide it, SeaCras may be unable to respond effectively or enable the optional feature.

6. Sharing, Processors, and Partner Contexts

SeaCras may share personal data with:

  • hosting, infrastructure, IT, security, communication, and analytics providers acting on SeaCras instructions;
  • professional advisers or authorities where necessary for legal, regulatory, or claim-related reasons;
  • a potential acquirer or restructuring counterparty in connection with a corporate transaction.

Where the public app is launched in a partner or destination context, SeaCras may provide partners with aggregated, non-identifying operational reporting. SeaCras does not intend to disclose visitor-level personal data to a partner for that partner's independent marketing or profiling use unless SeaCras tells you clearly in context or disclosure is required by law.

SeaCras does not operate the public app as a data broker. If SeaCras later carries out an activity through the public app that is treated as a sale, sharing, targeted advertising, or similar regulated activity under applicable law, SeaCras will update this notice and provide the required notice and controls.

7. International Transfers

Some service providers may process data outside the European Economic Area, the United Kingdom, or your home jurisdiction. When they do, SeaCras will use appropriate safeguards required by applicable law, such as adequacy decisions, standard contractual clauses, or another lawful transfer mechanism together with supplementary measures where appropriate.

8. Retention

SeaCras retains personal data only for as long as necessary. In general:

  • security and technical logs are retained for a limited period appropriate to operations, troubleshooting, and legal compliance;
  • app interaction and consent records are retained for as long as necessary to operate the public app, measure performance lawfully, and demonstrate compliance;
  • support or inquiry records are kept for the period needed to respond and for reasonable follow-up and legal recordkeeping where necessary;
  • analytics retention depends on the chosen settings, applicable law, and provider configuration.

9. Automated Decision-Making, Location, and Profiling

SeaCras does not currently use public app personal data to make decisions based solely on automated processing that produce legal effects or similarly significant effects about individuals.

Public app measurement may involve app interaction analytics, route attribution, or aggregated assessment of usage patterns. SeaCras does not use those public app processes to make materially significant individualized decisions about users.

If a particular app experience uses a technology that allows you to be identified, located, or profiled within the meaning of applicable law, or asks you to enable location or another device feature, SeaCras will provide an in-context explanation and any controls required by law before that feature is activated.

10. Your Rights

Depending on your location and the law that applies, you may have rights of access, correction, deletion, restriction, objection, portability, and withdrawal of consent.

EEA and UK

If the GDPR, UK GDPR, or similar European data protection law applies, you may have the right to request access, rectification, erasure, restriction, objection, portability, and withdrawal of consent, and to lodge a complaint with a competent supervisory authority.

United States state privacy laws

Depending on your state of residence and whether SeaCras is subject to the relevant law, you may have rights to know or access, correct inaccuracies, delete, obtain a portable copy of data, and opt out of targeted advertising, sale, sharing, certain profiling, or certain sensitive-data processing. If SeaCras engages in processing that triggers recognition of opt-out preference signals such as Global Privacy Control, SeaCras will honor those signals where required by law.

Canada and Quebec

If Canadian private-sector privacy law applies, including PIPEDA or Quebec's private-sector privacy law, you may request access to and correction of personal information and may challenge SeaCras compliance with applicable privacy requirements. If Quebec law applies, this notice is intended to function as a clear and simple confidentiality policy for information collected through technological means.

How to exercise rights

To exercise your rights, contact info@seacras.com. SeaCras may need to verify your identity. If applicable U.S. state law gives you a right to appeal a rights-request decision, you may ask SeaCras to reconsider the decision by replying to the decision notice or by writing to the same privacy contact.

11. Cookies and Similar Technologies

The public app uses cookies and similar technologies for operation, consent management, security, and, where enabled, optional analytics. Please see the separate SeaCras App Cookie Policy for further detail.

12. Security

SeaCras uses technical and organizational measures designed to protect personal data in the public app environment. These measures are calibrated to the context, the sensitivity of the data, and the risks involved. No online service can guarantee absolute security.

13. Children

The public app is designed for a general audience and is not specifically directed to children. SeaCras does not knowingly collect personal data from children through the public app.

14. Changes

SeaCras may update this Privacy Policy to reflect legal, technical, or operational changes. The current version will be published on this page with the updated revision date. Where required by law, SeaCras will provide additional notice of material changes.

15. Contact, Complaints, and Appeals

Privacy questions or requests relating to the public SeaCras App may be sent to info@seacras.com or by mail to Sea Cras d.o.o., Avenija Dubrovnik 15, 10000 Zagreb, Croatia.

You may also lodge a complaint with AZOP, with another competent supervisory authority, with the UK Information Commissioner's Office where relevant, or with the Office of the Privacy Commissioner of Canada or Commission d'acces a l'information du Quebec where applicable.