Welcome to du-way.com, the official site of DUWAY, obrt za autotaksi prevoz, where we prioritize providing exceptional tour services in Dubrovnik and safeguarding the privacy and security of our users’ data.

Contact Information

Company Name: DUWAY, obrt za autotaksi prevoz

Address: Od Gaja 62, 20 000 Dubrovnik, Croatia

Email: info@du-way.com Phone: +385 99 407 7863

Responsible Person: Mirsad Čustović

Data Protection Officer Agency: The Croatian Personal Data Protection Agency (AZOP) Website: https://azop.hr/naslovna-english/

Legal Basis for Data Processing We process personal data under the following legal bases:

• User Consent: When users voluntarily provide personal data via contact forms or accept cookies.
• Contractual Necessity: When processing data is required for booking confirmations or service provisions.
• Legitimate Interest: When we analyze user behavior to improve services while respecting user rights and freedoms.

Data Collection and Purpose We collect personal information such as contact details and preferences to facilitate your bookings, enhance our services, and personalize your experience. For booking purposes, we use a contact form where guests provide the following details:

• First name
• Last name
• Phone number
• Email

Additionally, we may collect:

• IP address and device information for security and analytics.
• Browser type and interaction data through cookies for service improvement.

Use of Third-Party Services We use third-party services strictly for analytics and marketing purposes:

• Google Analytics: To track user interactions and website performance.
• Google Meta Pixel: To optimize marketing campaigns and measure engagement.

Automated Decision-Making and Profiling We do not engage in automated decision-making that significantly affects users. However, we may analyze anonymized data trends to improve service offerings and marketing efforts.

Cookies and Tracking Technologies Our website employs cookies for essential functionality, performance improvement, analytics, and personalized marketing. Users can manage their preferences through our cookie-consent platform. Categories of cookies used include:

• Essential Cookies: Necessary for website functionality.
• Performance Cookies: Used to analyze and improve site performance.
• Marketing Cookies: Used for personalized ads and remarketing.

Users can opt out of non-essential cookies at any time via their browser settings or through our cookie management platform.

Third-Party Recipients Data may be shared with:

• Marketing agencies for targeted campaigns.
• Cloud storage providers for data management.
• Analytics platforms under strict privacy standards.

We do not sell or share personal data with third parties for direct financial gain.

International Data Transfers We ensure data transferred outside the EU/EEA is protected by implementing:

• Standard contractual clauses approved by the European Commission.
• Privacy Shield framework compliance when applicable.

User Rights Users have the right to:

• Access: Request copies of their data.
• Rectification: Correct any inaccurate or incomplete data.
• Erasure: Request deletion of their data unless retention is legally required.
• Restriction: Limit data processing under specific conditions.
• Objection: Opt out of certain data processing activities.
• Data Portability: Request a transfer of their data in a commonly used format.

To exercise these rights, users may contact us at info@du-way.com with a clear description of their request.

Data Security We implement robust security measures, including:

• Encryption: Ensuring data is stored and transmitted securely.
• Access Controls: Limiting access to authorized personnel only.
• Regular Audits: Conducting security assessments to identify vulnerabilities.

Data Retention Periods Personal data is retained only as long as necessary for the purposes for which it was collected, in compliance with GDPR requirements:

• Booking-related data: Retained for up to 2 years to handle service inquiries and disputes.
• Marketing data: This is Retained until the user withdraws consent.
• Analytics data: Retained in anonymized form for service improvement.

Data Breach Response Plan In case of a data breach, we follow a structured response plan:

1. Identification: Detect and assess the scope of the breach.
2. Containment: Secure affected systems to prevent further exposure.
3. Notification: Notify affected individuals and relevant authorities within 48 hours.
4. Mitigation: Take corrective actions to minimize the impact and prevent recurrence.

Children’s Privacy We do not knowingly collect information from those under 18 years old without parental consent. If we become aware of such data collection, we will take immediate action to delete it.

Opt-Out and Withdrawal of Consent Users can withdraw consent for:

• Marketing communications via unsubscribe links in emails.
• Cookies via browser settings or our consent management platform.

Feedback Mechanism We encourage user feedback, specifically on our privacy policy, to continuously improve. Feedback can be provided through our contact email or a dedicated section on our website.

Updates and Communication Significant updates to the policy will be communicated through our website and via email. Users may need to acknowledge these updates or renew their consent based on the nature of the changes.

Regular Reviews and Updates We commit to periodic reviews and updates of our privacy policy to reflect changes in legal requirements, technological advancements, and our business practices.

Engagement with Users Actively seeking and incorporating user feedback is essential for maintaining the relevance and effectiveness of our privacy policy.

By using our services, you acknowledge and agree to the terms outlined in this Privacy Policy.