Privacy Policy

1. Data Controller

The controller responsible for processing your personal data is:

• Company: MALA MARA d.o.o.
• OIB: 73513268101
• MBS: 060344976
• Address: Dubrovnik, Croatia
• Email: info@malamara-dubrovnik.com
• Phone: +385 95 199 5578
• Website: malamara-dubrovnik.com

2. What Data We Collect

We collect the following personal data when you interact with our website or book an experience:

• Identity information: Full name
• Contact information: Email address, phone number
• Booking details: Selected experience, date, time, number of guests, and any special requests
• Payment information: Processed securely by Stripe — we do not store your card details on our servers
• Communication records: Messages you send us via email, contact form, or WhatsApp
• Technical data: IP address, browser type, device information, and pages visited (collected via cookies and analytics)

3. Why We Collect Your Data

We use your personal data for the following purposes:

• Process bookings: To confirm and manage your reservation, collect payment, and coordinate your experience
• Send confirmations: To provide booking confirmations, reminders, and important updates about your trip
• Respond to inquiries: To answer your questions and handle any complaints
• Improve our service: To understand how our website is used and make it better for future visitors
• Legal compliance: To meet our obligations under Croatian tax and business law

We will never sell your personal data to third parties or use it for purposes other than those described here.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:

• Contract performance: Processing necessary to fulfil your booking and provide the service you purchased (Article 6(1)(b))
• Legitimate interest: Processing necessary for our legitimate business interests, such as improving our website and preventing fraud (Article 6(1)(f))
• Consent: Where you have given explicit consent, such as opting in to marketing communications or accepting non-essential cookies (Article 6(1)(a))
• Legal obligation: Processing required to comply with Croatian tax and accounting laws (Article 6(1)(c))

5. Third-Party Services

We share your data with the following trusted third-party services, only to the extent necessary:

• Stripe — Processes payments securely. Stripe is PCI DSS compliant. Stripe Privacy Policy
• Google Workspace — Used for email communication (Gmail) and internal operations. Google Privacy Policy
• Google Analytics — Helps us understand how visitors use our website. Data is anonymised where possible. Google Privacy Policy

All third-party processors are bound by data processing agreements and comply with GDPR requirements.

6. Data Retention

• Booking and transaction data: Retained for 5 years from the date of the transaction, as required by Croatian tax and accounting regulations.
• Contact form inquiries: Retained for up to 2 years unless the inquiry leads to a booking (in which case the booking retention period applies).
• Marketing consent records: Retained until you withdraw your consent.
• Analytics data: Retained for 14 months (Google Analytics default).

After the retention period expires, your data is securely deleted or anonymised.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Ask us to correct inaccurate or incomplete data.
• Right to erasure: Request deletion of your data (subject to legal retention requirements).
• Right to data portability: Receive your data in a structured, commonly used format.
• Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
• Right to object: Object to processing based on legitimate interest or for direct marketing purposes.
• Right to withdraw consent: Withdraw consent at any time where processing is based on your consent.

To exercise any of these rights, email us at info@malamara-dubrovnik.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) at azop.hr.

8. Cookies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device. We use them to make the site work, to analyse traffic, and to measure the performance of our marketing.

When you first visit our site we ask for your consent through a cookie banner. You can change your preferences at any time, or revoke consent through this page.

Essential cookies (always active)

These are required for the site to function — booking sessions, payment processing (Stripe), security tokens, language preferences. They cannot be disabled.

• Session cookies — booking flow and Stripe checkout
• CSRF tokens — security against cross-site requests
• Cookie consent state — remembers your choice (mm_consent_v1)

Analytics cookies (optional)

Set only with your consent. Help us understand which pages perform well and where users get stuck.

• Google Analytics 4 (_ga, _ga_*) — anonymised usage stats. Retention: 14 months.
• Microsoft Clarity (_clck, _clsk) — heatmaps and session recordings, anonymised. Retention: 12 months.

Marketing cookies (optional)

Set only with your consent. Used to measure ad performance and avoid showing the same ad repeatedly.

• Google Ads conversion tracking (_gcl_*) — measures which ads led to bookings. Retention: 90 days.
• Google Tag Manager — container for the above tags.

Google Consent Mode v2

We use Google Consent Mode v2. If you refuse analytics or marketing cookies, no Google cookies are set on your device, but anonymised pings may still be sent to Google to support privacy-preserving conversion modeling. No personal information is shared.

Withdraw consent

You can withdraw or change your consent at any time by clicking Manage Cookies here or in the footer. Your browser also lets you delete cookies through its settings.

9. Data Protection Contact

For any questions or concerns about how we handle your personal data, or to exercise your rights, please contact us:

• Email: info@malamara-dubrovnik.com
• Phone: +385 95 199 5578
• Address: MALA MARA d.o.o., Dubrovnik, Croatia

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this page periodically. Continued use of our website and services after changes are posted constitutes your acceptance of the updated policy.