← Back to Booking 268BUGGIES Home

Privacy Policy

Privacy Policy Effective date: June 7, 2026 Last updated: June 7, 2026 268 Buggies Ltd ("268BUGGIES," "we," "us," or "our") operates adventure tour and rental services in Antigua and Barbuda and uses FleetMate Booking to accept online reservation requests. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit our website, submit a booking request, pay a deposit, communicate with us, or participate in our tours. This policy is designed to meet notice requirements under applicable privacy laws, including the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and other laws that may apply based on where you live. It does not constitute legal advice. 1. Who We Are (Data Controller) Data controller: 268 Buggies Ltd Operating brands: 268BUGGIES, Antigua Trailz, Salty Dogs Adventures Country: Antigua and Barbuda Privacy contact: privacy@268buggies.com General contact: info@268buggies.com | +1-268-725-2669 Data protection contact: Joel Ellis, Owner/Admin, jahtek.media@gmail.com 2. Scope This policy applies to personal information we process about: - Website visitors and online booking guests - Tour participants and rental customers - Individuals who contact us by email, phone, or messaging apps - Individuals who submit privacy, cookie, or do-not-sell/opt-out requests This policy does not apply to third-party websites we link to (including Wix-hosted pages outside our FleetMate booking flow), payment processors' own privacy practices, or platforms such as Viator/Checkfront when they act as independent controllers for bookings made directly on their platforms. 3. Categories of Personal Information We Collect Depending on your interaction with us, we may collect: Identifiers and contact information - Name, email address, phone number, reservation number Booking and transaction information - Tour or product selected, date, time, guest counts (including children), pickup location, hotel/accommodation, transportation requests, promo codes, special notes, deposit and payment status, reservation history Payment information - Payment amounts, transaction references, and payment status. Card numbers are processed by Stripe; we do not store full card numbers on our servers. Location and travel-related information - Resort, pickup point, hotel name, or other location details you provide for transportation or tour logistics Communications - Emails, messages, and support correspondence related to your booking or tour Device and usage information (where permitted) - Browser type, device type, page views, session identifiers, approximate country/state, referral source, button clicks, and form submission events on our booking pages and connected analytics Identity and safety information (primarily at check-in, not via the online booking form) - Driver's license details, government ID information, nationality, age/date of birth, ID images, and related safety waiver information collected in person to operate tours safely and meet insurance or legal requirements Sensitive personal information (where applicable) - Government ID and driver's license data collected at check-in may be considered sensitive under some laws. We use this information only for safety, legal compliance, fraud prevention, and tour operations—not for marketing or profiling. 4. Sources of Information We collect information from: - You, when you submit forms, book online, pay deposits, email us, or check in for a tour - Automated technologies on our booking website (cookies/local storage and first-party analytics where you consent or where permitted) - Service providers such as Stripe (payments), Google Cloud/Firebase (hosting), email delivery providers, and booking/integration partners - OTAs or partners (e.g., Viator, Checkfront) when a booking is created or updated through those channels 5. Why We Use Personal Information (Purposes) We use personal information to: - Process and manage reservation requests and confirmed bookings - Communicate booking confirmations, payment instructions, reminders, and operational updates - Arrange transportation, safety briefings, and tour logistics - Process deposits and payments through our payment processor - Verify eligibility to drive or participate, including age and license checks at check-in - Provide customer support and respond to inquiries - Maintain records required for operations, accounting, tax, disputes, insurance, and legal compliance - Improve website reliability, security, and booking experience using aggregated analytics where permitted - Honor privacy choices, including cookie preferences and do-not-sell/opt-out requests - Detect, prevent, and address fraud, abuse, or safety incidents 6. Legal Bases for Processing (GDPR/UK GDPR) Where GDPR or UK GDPR applies, we rely on one or more of the following legal bases: - Contract: processing necessary to respond to your reservation request, manage your booking, and deliver the tour or rental you requested - Legal obligation: processing required by applicable law, tax, accounting, or safety rules - Legitimate interests: securing our website, preventing fraud, improving services, and managing business operations, balanced against your rights (you may object where applicable) - Consent: non-essential cookies/analytics where required, and certain optional communications where we ask for consent You are not required to consent to non-essential analytics to complete a booking. Essential booking processing is based on contract and legal obligation, not on consent to analytics. 7. How We Share Personal Information We do not sell your personal information for money. We do not share personal information for cross-context behavioral advertising. We disclose personal information only as needed to: - Payment processing (Stripe) - Cloud hosting, database, and application infrastructure (Google Cloud / Firebase) - Email delivery and communications tools used to send booking confirmations - Booking, channel, or integration partners when you book through or via those channels - Professional advisers (lawyers, accountants, insurers) under confidentiality obligations - Law enforcement or regulators when required by law or to protect rights, safety, and security A current list of key service providers is maintained in our Cookie & Analytics Notice and California Privacy Notice documents in Web Booking Settings. 8. International Data Transfers We are based in Antigua and Barbuda. If you access our services from outside Antigua, your information may be processed in Antigua, the United States (including Google Cloud and Stripe infrastructure), or other countries where our service providers operate. Where required, we implement appropriate safeguards for international transfers, such as standard contractual clauses or equivalent mechanisms offered by our service providers, and we limit transfers to what is necessary to operate bookings and payments. 9. Data Retention We retain personal information only as long as reasonably necessary for the purposes described above, including: - Active booking and guest records: through the tour/rental period and a reasonable period afterward for support, disputes, and operational follow-up - Financial and reservation records: as required for accounting, tax, and audit purposes (often up to 7 years where required by law) - Marketing or optional communications: until you opt out or we no longer need the data - ID/check-in records collected in person: up to 3 years after the tour date unless a longer period is required for insurance, litigation, or legal compliance - Privacy preference and opt-out records: retained to honor your choices and demonstrate compliance - Analytics records: aggregated where possible; raw session-level analytics are minimized and not kept longer than necessary for operational reporting When retention ends, we delete or anonymize information where feasible. We may retain limited information longer when required by law or to establish, exercise, or defend legal claims. 10. Security We use administrative, technical, and organizational measures appropriate to the nature of the data, including access controls, encryption in transit (HTTPS/TLS), encrypted storage for sensitive credentials where applicable, role-based staff access, and monitoring of cloud infrastructure. No method of transmission or storage is 100% secure. 11. Your Privacy Rights Your rights depend on where you live. We will not discriminate against you for exercising applicable privacy rights. California residents (CCPA/CPRA) may have the right to: - Know the categories and specific pieces of personal information collected, used, disclosed, and retained - Delete personal information, subject to legal exceptions - Correct inaccurate personal information - Opt out of sale or sharing (we do not sell; use our Do Not Sell or Share page to record opt-out preferences) - Limit use and disclosure of sensitive personal information to permitted purposes - Receive notice at collection and a copy of this policy EEA/UK residents (GDPR) may have the right to: - Access, rectify, erase, restrict, or object to certain processing - Data portability where applicable - Withdraw consent where processing is consent-based (without affecting prior lawful processing) - Lodge a complaint with a supervisory authority Other jurisdictions may provide similar rights. To exercise rights, see our Data Rights Request Instructions document or email privacy@268buggies.com. We may need to verify your identity before fulfilling a request. Authorized agents may submit requests on your behalf where permitted by law with proof of authorization. Response timing: we aim to respond within 45 days for California requests and within one month for GDPR requests, with permitted extensions for complex requests. 12. Global Privacy Control (GPC) If your browser sends a recognized Global Privacy Control (GPC) signal, our booking website treats it as a valid opt-out of sale/sharing for that browser session and records the preference where technically feasible. 13. Children's Privacy Our online booking form is intended for adults making reservations. Children may participate in tours when accompanied by a responsible adult and subject to product age rules. We do not knowingly collect personal information online from children under 13 without appropriate parental involvement. If you believe we collected a child's information improperly online, contact privacy@268buggies.com. 14. In-Person ID Collection Government IDs and driver's licenses are generally collected at check-in for safety and legal compliance, not through the online booking form. Do not email full ID numbers or ID images unless we specifically request a secure method. 15. Changes to This Policy We may update this policy from time to time. The effective date at the top will change when we do. Material changes will be posted on our booking site and, where appropriate, referenced in booking communications. 16. Contact Us Privacy requests: privacy@268buggies.com General support: info@268buggies.com | +1-268-725-2669 Mail: 268 Buggies Ltd, Jennings, Antigua and Barbuda
Privacy Policy Cookie Notice California Notice Data Rights Do Not Sell or Share