Privacy
4 Wheels Adventures – Privacy Policy
Last updated: 1 July 2025
1. Introduction
Your privacy matters to 4 Wheels Adventures d.o.o. ("4WA", "we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit www.4wheeladventures.com.hr (the "Website") or use our off‑road tours, rentals, gift vouchers, or related services (collectively, the "Services").
We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and Croatian data‑protection legislation.
By accessing the Website or booking our Services you acknowledge that you have read and understood this Policy.
2. What Data We Collect
Depending on how you interact with us, we may collect the following categories of personal data:
Category | Examples |
Identification data | First and last name, date of birth |
Contact details | E‑mail address, postal address, phone number |
Booking details | Tour date, group size, payment reference, voucher codes |
Demographic data | Nationality, language preference |
Marketing preferences | Newsletter opt‑in/opt‑out status |
Technical data | IP address, browser type, device identifiers, cookies |
Other information you provide | Feedback, photo uploads, social‑media tags |
We do not knowingly collect data from minors under 18 without parental consent.
3. How We Collect Your Data
- Online forms & checkout pages (reservations, contact forms, gift‑voucher purchases)
- Newsletter sign‑ups and promotional campaigns
- Direct communication (e‑mails, phone calls, social‑media messages)
- Cookies and analytics tools when you browse the Website
All data are provided voluntarily; however, certain information is necessary to complete a booking.
If you decline to supply mandatory fields, we may be unable to deliver the requested Service.
4. Why We Use Your Data (Purposes & Legal Bases)
Purpose | Legal basis (Art. 6 GDPR) |
Processing reservations, payments, and issuing invoices | Contract – Art. 6 (1)(b) |
Communicating pre‑tour instructions, safety notices, and itinerary changes | Contract – Art. 6 (1)(b) |
Sending newsletters, promotions, or surveys | Consent – Art. 6 (1)(a) |
Internal analytics and service improvement | Legitimate interest – Art. 6 (1)(f) |
Responding to enquiries or complaints | Legitimate interest – Art. 6 (1)(f) |
Fulfilling legal obligations (e.g. tax, accounting) | Legal obligation – Art. 6 (1)(c) |
You can withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
5. How We Share Your Data
We never sell or rent your personal data. We may share it only with:
1. Service providers – payment processors, IT‑hosting companies, marketing‑e‑mail platforms, all bound by confidentiality agreements.
2. Professional advisers – accountants, lawyers, auditors, to the extent required.
3. Public authorities – where mandated by law or to protect our rights, property, or safety.
All third parties are vetted and required to process data only on our instructions.
6. International Transfers
Your data are stored on servers located in the European Economic Area (EEA).
If we transfer data outside the EEA, we will ensure adequate safeguards (e.g. EU Standard Contractual Clauses) are in place.
7. Data Retention
- Booking records and invoices: 11 years (mandatory under Croatian accounting rules).
- Marketing‑e‑mail lists: until you unsubscribe or your e‑mail address bounces.
- Basic contact records: 3 years after your last interaction, unless needed for legal claims.
We delete or anonymise data once the retention period expires.
8. Security Measures
- Secure Socket Layer (SSL) encryption on all Website forms
- Role‑based access control – staff access limited on a need‑to‑know basis
- Regular software updates, firewalls, and malware scanning
- Encrypted off‑site backups
If a personal‑data breach occurs, we will notify the Croatian Data Protection Agency (AZOP) and affected individuals within 72 hours, as required by GDPR Art. 33–34.
9. Your Rights
Under the GDPR you have the right to:
1. Request access to your personal data (Art. 15)
2. Request rectification of inaccurate or incomplete data (Art. 16)
3. Request erasure (“right to be forgotten”) in certain circumstances (Art. 17)
4. Request restriction of processing (Art. 18)
5. Object to processing based on legitimate interests or direct marketing (Art. 21)
6. Request data portability in a structured, machine‑readable format (Art. 20)
7. Withdraw consent at any time where processing is based on consent (Art. 7)
To exercise any of these rights, contact us using the details below.
We will respond within one month (extendable by two months for complex requests).
You also have the right to lodge a complaint with AZOP (www.azop.hr) if you believe your data are being processed in breach of GDPR.
10. Cookies & Tracking Technologies
We use:
- Essential cookies – necessary for the booking engine and user‑session security (cannot be disabled).
- Analytics cookies (Google Analytics 4) – collect aggregated, anonymous statistics; loaded only after you click “Accept”.
- Marketing cookies – used for remarketing via Meta Ads; loaded only with explicit consent.
You can manage or delete cookies in your browser settings at any time.
11. Children’s Privacy
Our Services are not directed to children under 12, and we do not knowingly process their data without parental consent.
If you believe a minor has provided us data without permission, please contact us so we can delete it.
12. Changes to This Policy
We may update this Policy from time to time. Any changes will be posted on this page with a revised “Last updated” date. Significant changes will be announced via e‑mail where feasible.
Thank you for trusting 4 Wheels Adventures. We take your privacy seriously—see you off‑road, safely and securely!
