Explore Mostar
Adventures
Book

Last updated 28 April 2026

Privacy Policy

This privacy policy explains how Moj Avanturistički Turizam d.o.o. (trading as Explore Mostar Adventures, "we", "us") collects, uses, and protects your personal data when you use this website or book our services.

Who we are

Moj Avanturistički Turizam d.o.o.
Rade Bitange 12, 88104 Mostar, Bosnia and Herzegovina
JIB: 4227625590000 · VAT: 227625590000
Licensed by the Federal Ministry of Tourism FBiH
Email: [email protected] · WhatsApp: +387 61 209 388

What data we collect

  • Booking data: name, email, phone, country, hotel address, special requests, payment confirmation (no card numbers — handled by Monri)
  • Communication: any WhatsApp, email, or phone correspondence with us
  • Website analytics: anonymized page views via Google Analytics 4 (with consent)
  • Cookies: session cookies (essential), GA cookies (consented)

Why we use your data

  • Process and confirm your booking
  • Send you trip details, pickup info, and post-trip follow-up
  • Issue invoices and meet legal accounting requirements
  • Improve our services based on aggregated, anonymized analytics
  • Respond to your inquiries

Legal basis: contract performance (booking processing), legitimate interest (service improvement, communication), and consent (analytics).

Who we share data with

Only when necessary to fulfill your booking:

  • Monri — payment processor (PCI-DSS Level 1 certified)
  • Drivers and guides — your name, pickup info, and language preference for the day of your trip
  • Accounting service — for legal financial records (Bosnian tax law)
  • Email service provider (Brevo) — for booking confirmations

We do not sell, rent, or share your data with third-party marketing partners.

How long we keep your data

  • Booking records: 7 years (Bosnian accounting law requirement)
  • Marketing email subscriptions: until you unsubscribe
  • WhatsApp/email correspondence: 3 years
  • Analytics: 14 months (GA4 default)

Your rights (GDPR)

If you're an EU/UK/EEA resident or otherwise covered by GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data ("right to be forgotten") — subject to legal retention requirements
  • Object to certain processing
  • Receive your data in a portable format
  • Withdraw consent for analytics at any time

To exercise any right, email [email protected] with the subject "GDPR request". We respond within 30 days.

Cookies

We use:

  • Essential cookies: session and security — always active, cannot be disabled
  • Analytics cookies (Google Analytics 4): only with consent. You can decline at the cookie banner or change preferences anytime.

We do not use advertising or tracking cookies.

Security

Your data is stored on EU-based servers (Cloudflare and Monri infrastructure) with industry-standard encryption (TLS 1.3 in transit, AES-256 at rest). We follow PCI-DSS guidelines for payment data via Monri.

Changes to this policy

We may update this policy occasionally to reflect changes in our practices or law. The "Last updated" date at the top reflects the latest version. Material changes will be communicated via email to active customers.

Contact us

Questions about this privacy policy or your data:
Email: [email protected]
WhatsApp: +387 61 209 388
Mail: Moj Avanturistički Turizam d.o.o., Rade Bitange 12, 88104 Mostar, Bosnia and Herzegovina

Supervisory authority

If you believe we have not handled your data properly, you may file a complaint with the Bosnia and Herzegovina Personal Data Protection Agency (Agencija za zaštitu ličnih podataka u BiH).