Privacy Policy

Your privacy matters. Learn how we collect, use, and protect your information.

Effective Date: October 16, 2025

About This Policy

Welcome to CityBest. We operate a platform connecting users with verified local service providers across Croatian and European cities. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at citybest.hr and citybest.eu (collectively, the "Platform").

By using CityBest, you agree to the terms of this Privacy Policy. We comply with the General Data Protection Regulation (GDPR), Croatian data protection laws, and other applicable privacy regulations.

Who We Are

CityBest is a digital marketplace platform operated by:

Data Controller: Hyperlink, obrt za računalno programiranje vl. Rudolf Rukavina

Location: Croatia

Contact: privacy@citybest.hr

Data Protection Officer: Rudolf Rukavina

Information We Collect

We collect different types of information to provide and improve our services:

1. Information You Provide Directly

  • Contact Information: When you contact service providers via phone, WhatsApp, or email
  • Communication Data: Messages and interactions with service providers
  • Booking Details: Service type, location, date/time preferences (when using integrated booking)
  • Account Data: If you create an account (name, email, password)

2. Information Collected Automatically

  • Usage Analytics: Pages viewed, services searched, time spent, click events (phone/WhatsApp/email clicks)
  • Device Information: Browser type, operating system, device model, screen resolution
  • Location Data: Approximate location via IP address (for local service recommendations)
  • Language Preferences: Browser language settings for content localization
  • Referral Sources: How you found our Platform (search engines, direct links, etc.)

3. Third-Party Services & Tracking

  • Firebase: Custom analytics for service/city performance tracking, real-time data synchronization
  • Vercel Analytics: Performance monitoring and page speed tracking
  • Google Authentication: If you sign in to our admin portal (for service providers)
  • Map Services: Location-based features for service area visualization

4. Real-Time Tracking (Driver Location)

For certain services (e.g., taxi), we offer optional real-time location tracking:

  • Driver Location: GPS coordinates shared voluntarily by service providers
  • Vehicle Information: Vehicle type and identification
  • Purpose: To help customers see driver proximity and estimated arrival time
  • Consent: Drivers opt-in to share location; customers opt-in to view location
  • Retention: Location data is temporary and not stored long-term

How We Use Your Information

🔗 Platform Operations

Connecting you with verified service providers, displaying service availability, facilitating communication via phone/WhatsApp/email.

📊 Analytics & Improvement

Tracking platform performance, understanding which services and cities are most popular, identifying technical issues, optimizing user experience.

🎯 Personalization

Showing relevant services based on your location and language preferences, remembering your previous searches.

🛡️ Security & Fraud Prevention

Detecting suspicious activity, preventing abuse of our platform, ensuring service quality and safety.

⚖️ Legal Compliance

Meeting legal obligations, responding to lawful requests from authorities, enforcing our terms of service.

How We Share Your Information

We do not sell your personal data. We may share information in these limited circumstances:

Service Providers

When you initiate contact (phone/WhatsApp/email), we connect you with the listed service provider. They receive the information you choose to share.

Third-Party Services

Firebase (analytics, authentication), Vercel (hosting, analytics), map providers (location services). These partners process data on our behalf under strict contractual obligations.

Legal Requirements

If required by law, court order, or government regulation, we may disclose information to authorities.

Business Transfers

If CityBest is acquired or merges with another company, your information may be transferred as part of that transaction.

Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Essential Cookies

Required for platform functionality

  • • Session management
  • • Security features
  • • Language preferences

Analytics Cookies

Help us understand usage patterns

  • • Page view tracking
  • • Click tracking
  • • Performance monitoring

You can control cookies through your browser settings, but disabling certain cookies may affect platform functionality.

How We Protect Your Data

We implement industry-standard security measures:

🔐

HTTPS Encryption

All data transmitted via secure SSL/TLS encryption

🛡️

Firebase Security

Firestore security rules and authentication protocols

👥

Access Control

Limited employee access on need-to-know basis

Data Retention

We retain your information for different periods based on data type:

  • Analytics Data: Aggregated for up to 2 years
  • Account Data: Until you delete your account or request deletion
  • Real-Time Location: Temporary, cleared when session ends
  • Legal Requirements: As long as required by applicable law

Your Privacy Rights (GDPR)

Under GDPR and Croatian law, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete personal information

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances

Right to Restrict Processing

Limit how we use your data in specific situations

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing for direct marketing or legitimate interests

Right to Withdraw Consent

Withdraw consent for data processing at any time

Right to Lodge a Complaint

File a complaint with the Croatian Data Protection Authority (AZOP)

International Data Transfers

Some of our service providers (Firebase, Vercel) may store data on servers outside the European Economic Area (EEA). When we transfer data internationally:

  • • We ensure adequate safeguards are in place (Standard Contractual Clauses)
  • • Data is encrypted during transmission and at rest
  • • Service providers comply with GDPR requirements
  • • You maintain all your GDPR rights regardless of data location

Children's Privacy

CityBest is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@citybest.hr and we will delete it.

Contact Us & Exercise Your Rights

To exercise any of your privacy rights or if you have questions about this policy:

📧
👤
Data Protection Officer:Rudolf Rukavina
Response Time:We will respond to your request within 30 days as required by GDPR
🏛️
Supervisory Authority:Croatian Data Protection Authority (Agencija za zaštitu osobnih podataka - AZOP)azop.hr

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other operational needs. When we make material changes, we will:

  • • Post the updated policy on this page
  • • Update the "Effective Date" at the top
  • • Notify active users via email (if we have your email address)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Last Updated: October 16, 2025

Version: 1.0