Dear Sir, Madam,

We would like to inform you of a personal data breach affecting the reservation management system we use. First and foremost, the most important point: your payment card data has not been affected.

What happened?
An unauthorized third party gained access to part of this system. Based on our findings to date, the data that may have been affected includes information related to your reservation: your name, email address, postal address, and reservation details (reservation number, stay dates, and property name). According to the current investigation, the database itself has not been compromised, and the system remains secure for continued use. Your reservation remains valid, and you do not need to make any changes regarding it.

What does this mean for you?
Because this information may have been accessed by a third party, there is a risk that someone may attempt to contact you while falsely claiming to represent our property or one of our partners. Such attempts have already been reported. Their objective is typically to persuade you to authorize a payment, transfer money, or disclose your payment card details.

How to recognize a scam
Such messages may be sent by email, WhatsApp, or similar communication channels. To appear credible, they often include genuine information about your reservation (your name, reservation number, and stay dates). They frequently claim that your reservation will be cancelled within 24 hours unless you immediately make a payment or confirm your details, and they direct you to a link where you are asked to enter your card information. This is not how we communicate with our guests.

What we ask you to do
- Do not open links contained in such messages.
- Do not enter your card details or make any payments based on such messages.
- Do not reply to the message or share your personal information with anyone.
- If you are unsure whether a message is genuine, do not use the contact details provided in that message. Instead, contact us directly using our official contact details (gdpr@skiper.hr) or the information contained in your original reservation confirmation, and we will be happy to verify it for you.

Please also note that we never request payment or confirmation of card details via a link contained in a message.

If you have already acted on such a message
If you have already entered your payment card details or made a payment in response to such a message, please contact your bank or card issuer immediately, report the fraud, request a chargeback or refund where applicable, and ask about any additional protective measures they can offer. The sooner you act, the easier it is to prevent further harm.

What we have done
As soon as we became aware of the breach, we worked with the reservation system provider to immediately restrict unauthorized access and further secure the system. External cybersecurity specialists have been engaged to investigate the circumstances and scope of the incident, and additional security measures are being implemented to prevent a recurrence. We are also monitoring the fraudulent activities described above and will keep you informed of any important developments.

If you have any questions regarding this notification, please contact us at: gdpr@skiper.hr.
We sincerely regret any inconvenience this may cause and thank you for your understanding.

Sincerely,
Skiper Resort