Effective date: 1 January 2025 Last updated: 15 April 2026
Blue Cave Tours Dubrovnik (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website, book a tour, or communicate with us. We operate in full compliance with the EU General Data Protection Regulation (GDPR) and applicable Croatian data-protection law.
By using our website or services, you agree to the practices described below. If you have questions, please visit our contact page.
1. Data Controller
The data controller responsible for your personal data is:
Blue Cave Tours Dubrovnik Dubrovnik, Croatia Email: privacy@bluecavetoursdubrovnik.com
2. What Personal Data We Collect
We collect different categories of personal data depending on how you interact with us:
Booking and Reservation Data
When you book a tour — whether a Blue Cave tour, a private tour, or a group tour — we collect:
- Full name
- Email address
- Phone number
- Number of passengers
- Preferred tour date and time
- Special requirements or accessibility needs
- Payment information (card number, expiry, CVV — processed securely by our payment provider; we do not store full card details)
Contact and Communication Data
When you reach out via our contact page or email, we collect:
- Name and email address
- Message content
- Any attachments you send
Website Usage and Cookie Data
When you browse our website, we automatically collect:
- IP address (anonymised where possible)
- Browser type and version
- Device type and operating system
- Pages visited, time on site, and referral source
- Cookie identifiers and similar tracking technologies
Third-Party Platform Data
If you book through a third-party platform (such as GetYourGuide, Viator, or TripAdvisor), we receive the booking details those platforms share with us in order to fulfil your reservation.
3. How We Use Your Data
We process your personal data for the following purposes, each with a lawful basis under Article 6 of the GDPR:
| Purpose | Lawful Basis |
|---|---|
| Confirming and managing your tour booking | Performance of a contract |
| Sending booking confirmations and tour details | Performance of a contract |
| Processing payments | Performance of a contract |
| Responding to enquiries via our contact page | Legitimate interest |
| Sending promotional emails about our tours and services (only with consent) | Consent |
| Improving our website and user experience | Legitimate interest |
| Complying with legal and tax obligations | Legal obligation |
| Preventing fraud and ensuring website security | Legitimate interest |
You can withdraw consent for marketing emails at any time by clicking the “unsubscribe” link in any email or by contacting us.
4. Cookies and Tracking Technologies
What Are Cookies
Cookies are small text files stored on your device when you visit our website. They help us understand how visitors use our site and improve your browsing experience.
Types of Cookies We Use
Strictly Necessary Cookies These are essential for the website to function and cannot be switched off. They include session cookies and security cookies.
Analytics Cookies
We use Google Analytics to understand how visitors interact with our website — which pages are most popular, how visitors navigate between pages, and where they arrive from. These cookies collect anonymised, aggregated data. Google Analytics uses cookies such as _ga and _gid.
Marketing Cookies With your consent, we may use cookies from advertising platforms (such as Google Ads or Meta) to show you relevant advertisements about our boat tours and yacht charters after you leave our site.
Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling strictly necessary cookies may affect website functionality.
You can also manage your cookie preferences through the cookie banner displayed when you first visit our site.
5. Third-Party Sharing
We share your personal data only when necessary and only with the following categories of third parties:
- Payment processors — to securely process your tour payments (e.g., Stripe). They act as independent data controllers for payment data.
- Booking platforms — GetYourGuide, Viator, and TripAdvisor, when your booking originates from these platforms. Each has its own privacy policy.
- Email service providers — to send booking confirmations and, where you have consented, marketing communications.
- Analytics providers — Google Analytics, to help us understand website traffic (data is anonymised).
- Hosting and IT providers — to maintain and secure our website infrastructure.
We do not sell your personal data to any third party. We do not transfer your data outside the European Economic Area (EEA) unless adequate safeguards are in place (such as EU Standard Contractual Clauses).
6. Your Rights Under the GDPR
As a data subject, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) — request that we delete your personal data when it is no longer necessary for the purpose it was collected.
- Right to restriction — ask us to restrict processing of your data in certain circumstances.
- Right to data portability — receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Right to object — object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint — file a complaint with the Croatian Personal Data Protection Agency (AZOP) or your local EU supervisory authority.
7. How to Exercise Your Rights
To exercise any of the rights listed above, including requesting access to or deletion of your personal data, please contact us:
- Email: privacy@bluecavetoursdubrovnik.com
- Contact form: Contact us
We will respond to your request within 30 days. We may ask you to verify your identity before processing your request. If your request is complex, we will inform you of any extension (up to an additional 60 days as permitted by the GDPR).
To request data deletion specifically, email us with the subject line “Data Deletion Request” and include the name and email address associated with your booking.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
| Data Category | Retention Period |
|---|---|
| Booking and payment records | 5 years (tax and legal obligations) |
| Contact enquiries | 2 years from last communication |
| Marketing consent records | Until consent is withdrawn, plus 1 year for compliance records |
| Cookie and analytics data | 26 months (Google Analytics default) |
| Website server logs | 12 months |
After the retention period expires, we securely delete or anonymise your data.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- SSL/TLS encryption for all data transmitted between your browser and our website
- Secure payment processing through PCI DSS-compliant providers
- Access controls limiting employee access to personal data on a need-to-know basis
- Regular security reviews of our website and systems
While we take every reasonable precaution, no method of transmission over the internet is completely secure. If you believe your data has been compromised, please contact us immediately.
10. Children’s Privacy
Our tours and services are not directed at children under 16. We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have collected data from a child under 16, please contact us so we can delete it promptly.
11. Links to Other Websites
Our website may contain links to external sites, including our reviews page linking to TripAdvisor and Google, as well as third-party booking platforms. We are not responsible for the privacy practices of external websites. We encourage you to read the privacy policies of any site you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will post a notice on our website. The “Last updated” date at the top of this page reflects the most recent revision.
We recommend reviewing this policy periodically, especially before making a booking.
13. Contact Us
For any privacy-related questions, concerns, or requests, please reach out to us:
- Email: privacy@bluecavetoursdubrovnik.com
- Contact form: bluecavetoursdubrovnik.com/contact
- General information: About us
You may also wish to review our terms and conditions and cancellation policy for additional information about how we handle bookings and refunds.