Last updated: 2026-07-04
The short version: we collect the details you send us so we can answer your inquiry and run your booking. We don’t sell data, we don’t send marketing you didn’t ask for, and card numbers never touch our systems.
Who is responsible for your data
Dubrovnik Buggy Adventures d.o.o., Bosanka 26, 20000 Dubrovnik, Croatia, is the data controller under the EU General Data Protection Regulation (GDPR). For any privacy request, email [email protected].
What we collect
- Inquiry form: your name, email address, phone number (optional), preferred safari, number of buggies, date, time slot and message. We use this to answer you and prepare a quote — nothing else.
- Booking details: the safari booked, departure date and time slot, number of buggies, the name on the booking and the payment status. We use this to run your ride and to issue an invoice.
- Payment data: we never see or store card numbers. Payments are handled entirely by Stripe; we receive only a confirmation that payment succeeded.
Who processes data on our behalf
- Stripe processes card payments. Your card details go directly to Stripe and are governed by Stripe’s own privacy terms.
- Mailgun (EU region) delivers our email — inquiry notifications and booking confirmations are processed on servers in the EU.
- Cloudflare hosts this website and serves it through its content delivery network, which means it sees standard connection logs such as IP addresses.
- Google reCAPTCHA — bot protection on the inquiry and booking forms; Google receives interaction signals and your IP address to score the request (Google privacy policy).
Analytics and cookies
The site uses Google Analytics 4, Google Tag Manager and Google Ads conversion tracking. These tools are cookie-based; they help us understand which pages work and which adverts led to bookings. We also use Ahrefs Analytics, which is cookieless and stores no personal identifiers.
How long we keep your data
- Inquiries: 24 months from your last message, then deleted — long enough that “we rode with you last summer, same safari again?” still works.
- Booking and invoice data: 11 years, because Croatian accounting law requires it. We can’t shorten this even if you ask us to.
Your rights
Under the GDPR you can ask us at any time to:
- access the data we hold about you,
- correct anything inaccurate,
- erase your data (except what accounting law obliges us to keep),
- export it in a portable format.
Email [email protected] and we’ll respond within 30 days. If you believe we’ve handled your data unlawfully, you can complain to AZOP, the Croatian data-protection authority, at azop.hr.
Changes to this policy
If we change how we handle data — a new processor, a new tool — we’ll update this page and the date at the top. Related pages: terms & conditions and cancellation policy.
- +385 91 600 1201
- [email protected]
- WhatsApp us
- Bosanka 26, 20000 Dubrovnik, Croatia