Royal Comfort Ride Royal Comfort Ride
ENHRDEFRES

Legal pages

Home Cookie Policy Terms and Conditions Privacy Policy

Page sections

Scope Data controller Categories of personal data Purposes of processing and legal bases Recipients and processors International transfers Retention periods Security of processing Your rights (data subject rights) Supervisory authority Automated decision-making and profiling Children Cookies and similar technologies Changes to this Privacy Policy Contact
Contact
Legal Privacy

Privacy Policy

This Privacy Policy describes how Royal Comfort Ride (“we”, “us”, “our”) processes personal data when you use our website, request quotes, communicate with us or book private transport and related services. It is designed to comply with Regulation (EU) 2016/679 (“GDPR”), Croatian implementation acts and applicable ePrivacy rules.

Effective date: March 22, 2026 Personal data GDPR

Scope

This policy applies to personal data processed in connection with royalcomfortride.com and related subpages (including city and language variants), our booking flows, email and WhatsApp communications, and the delivery of transport services we arrange or perform. It does not govern third-party websites linked from our site; their own privacy notices apply.

Data controller

The controller of your personal data is the business operating under the name Royal Comfort Ride, with contact address:

Vukovarska ul. 24, 20000 Dubrovnik, Croatia

Email: info@royalcomfortride.com

Where we act as a processor on behalf of another organisation, that relationship will be governed by a separate agreement; this policy applies where we determine the purposes and means of processing as a controller.

Categories of personal data

Depending on how you interact with us, we may process:

  • Identity and contact data: name, email address, telephone number, WhatsApp identifier, country of residence (if provided).
  • Booking and trip data: pickup and drop-off addresses or places, dates and times, route preferences, flight or vessel numbers (if provided), number of passengers, luggage description, vehicle category, special assistance needs, child seat or booster requirements, notes you add to a booking or form.
  • Payment-related data: payment status and limited transaction references as required to confirm payment; card data is typically processed directly by payment providers—we do not store full card numbers on our servers unless a specific integration explicitly requires it and is disclosed to you.
  • Communication content: messages you send by email, WhatsApp, web forms or other channels.
  • Technical and usage data: IP address, browser type, device type, approximate location derived from IP, pages viewed, referral source, date/time of access, and similar logs needed for security and improvement of the site.
  • Cookies and similar technologies: as described in our Cookie Policy.

We generally do not ask for special categories of data (e.g. health) unless you voluntarily provide information necessary for assistance (e.g. mobility needs). Please share only what is necessary.

Purposes of processing and legal bases

We process personal data only where we have a valid legal basis under GDPR. In summary:

  • Performance of a contract or steps prior to contract (Art. 6(1)(b) GDPR): handling enquiries, preparing quotes, confirming bookings, providing transport or coordinating partners, customer support, invoicing where applicable.
  • Legal obligation (Art. 6(1)(c)): accounting, tax and regulatory record-keeping, responding to lawful requests from authorities.
  • Legitimate interests (Art. 6(1)(f)): operating and securing our website, fraud prevention, quality control, limited analytics to improve services, enforcing our Terms and Conditions, and direct enquiries relating to your existing bookings.
  • Consent (Art. 6(1)(a)): where required—for example non-essential cookies, certain marketing messages, or optional services clearly presented as consent-based. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Providing booking-related data is often necessary to conclude or perform a contract; if you do not provide essential information, we may be unable to process your request or complete the service.

Recipients and processors

We may disclose personal data to:

  • Drivers and transport partners who need trip details to perform the service.
  • IT and hosting providers that store data or operate infrastructure.
  • Communication and productivity tools (e.g. email, messaging) used to respond to you.
  • Payment service providers for processing payments you authorise.
  • Maps, routing and security providers (e.g. map APIs, optional bot protection such as Google reCAPTCHA where enabled).
  • Professional advisers (lawyers, accountants) where bound by confidentiality.
  • Authorities when required by law or to protect rights, safety and security.

We use data processing agreements or equivalent terms with processors where required by law. We do not sell your personal data.

International transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer personal data to countries outside the EEA/UK that are not subject to an adequacy decision, we will ensure appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or other mechanisms permitted by GDPR, unless a specific derogation applies.

Retention periods

We retain personal data only as long as necessary for the purposes above, including:

  • Booking and contract records: typically for the duration of the service plus a period necessary for support, disputes and legal claims (often several years, depending on type of data and legal requirements).
  • Accounting and tax records: as required by Croatian and EU law (often up to 11 years for certain documents).
  • Marketing: until you opt out or withdraw consent, or we cease the activity.
  • Server and security logs: for a limited period needed for security monitoring and troubleshooting.
  • Complaints and legal proceedings: as long as needed to resolve the matter and defend legal rights.

When retention ends, we delete or anonymise data where possible.

Security of processing

We implement appropriate technical and organisational measures—such as access restrictions, secure connections (HTTPS) where supported, vendor diligence and staff awareness—to protect personal data against unauthorised access, alteration, disclosure or destruction. No method of transmission over the Internet is completely secure; we encourage you not to send unnecessary sensitive information via unsecured channels.

In the event of a personal data breach likely to affect your rights, we will comply with GDPR obligations to notify the supervisory authority and, where required, affected individuals.

Your rights (data subject rights)

Subject to conditions and exceptions in applicable law, you may have the following data subject rights under the GDPR:

  • Access your personal data and obtain certain information about processing.
  • Rectification of inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) where applicable.
  • Restriction of processing in certain situations.
  • Data portability for data you provided, where processing is based on consent or contract and carried out by automated means.
  • Object to processing based on legitimate interests, including profiling (if any).
  • Withdraw consent at any time, without affecting lawfulness of processing before withdrawal.
  • Lodge a complaint with a supervisory authority (see below).

To exercise your rights, contact us at info@royalcomfortride.com. We may need to verify your identity before responding. We will answer within one month, extendable where permitted by law.

Supervisory authority

If you believe processing infringes the GDPR, you have the right to lodge a complaint with a supervisory authority—in Croatia, the Croatian Personal Data Protection Agency (AZOP): azop.hr. You may also contact the authority in your country of habitual residence or place of work.

Automated decision-making and profiling

We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you. Price estimates on our website may be calculated by rules you can review (distance, vehicle type, etc.); these are tools to assist you and do not replace individual confirmation of booking terms.

Children

Our services are not directed at children under 16 (or the age of digital consent in your country) without parental involvement. If you believe we have collected data from a child without appropriate authority, please contact us and we will take steps to delete it.

Cookies and similar technologies

We use cookies and similar technologies as explained in our Cookie Policy. You can manage non-essential cookies via your browser settings and any consent tools we provide.

Changes to this Privacy Policy

We may update this policy to reflect legal, technical or organisational changes. The current version is always published on this page with the effective date. For material changes, we may provide additional notice (e.g. a banner or email) where appropriate.

Contact

For any questions about this Privacy Policy or the processing of your personal data:

Email: info@royalcomfortride.com
Postal address: Royal Comfort Ride, Vukovarska ul. 24, 20000 Dubrovnik, Croatia

This policy is provided for transparency and compliance purposes. It does not constitute legal advice; for specific legal questions you may consult an independent adviser.