Last updated: April 2026
GoSouth Adventures (“we”, “us”, “our”) operates the website gosouthcr.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, make a booking, or communicate with us.
This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable international data protection standards.

SECCIÓN 2 — Who we are
1. Who we are
The data controller responsible for your personal information is:
GoSouth Adventures Playas del Coco, Guanacaste, Costa Rica Website: gosouthcr.com Email: info@gosouthcr.com WhatsApp: +506 8387-1441

SECCIÓN 3 — What data we collect
2. What personal data we collect
Category
Data collected
How
Identity data
First name, last name
Booking form, contact form
Contact data
Email, phone, WhatsApp
Booking form, contact form
Booking data
Tour, group size, dates, hotel, special requests, dietary preferences
WooCommerce checkout
Payment data
Transaction confirmation, order ID only. We do NOT store card numbers.
WooCommerce + BAC gateway
Technical data
IP address, browser, device, pages visited
Cookies, Google Analytics
Communication data
Email and WhatsApp message content
Direct communication
We do not collect sensitive personal data unless you voluntarily share it in connection with a special request.

SECCIÓN 4 — Legal basis
3. Why we collect your data
Purpose
Legal basis
Process and confirm your booking
Performance of a contract
Process payment securely
Performance of a contract
Coordinate hotel pickup and logistics
Performance of a contract
Respond to inquiries
Legitimate interests
Send booking confirmations
Performance of a contract
Improve our website
Legitimate interests
Send marketing communications
Consent
Comply with legal obligations
Legal obligation

SECCIÓN 5 — Cookies
4. Cookies and tracking technologies
Our website uses cookies to improve your experience and analyze how our site is used.
Cookie type
Purpose
Can you opt out?
Strictly necessary
Required for the website and WooCommerce cart to function
No
Functional
Remember your preferences
Yes
Analytics
Google Analytics — anonymized traffic data
Yes
Marketing
Meta Pixel, Google Ads — only active with consent
Yes
You can manage or withdraw cookie consent at any time through our cookie banner or by adjusting your browser settings.

SECCIÓN 6 — WooCommerce & Payments
5. WooCommerce and payment processing
Our booking system is powered by WooCommerce (Automattic Inc.). Payments are processed through BAC Credomatic’s secure encrypted gateway. GoSouth Adventures does not store, access, or process your credit card details. Payment data is handled exclusively by the payment processor under PCI-DSS compliance.
For WooCommerce’s privacy policy: automattic.com/privacy

SECCIÓN 7 — Data sharing
6. Who we share your data with
We do not sell your personal data.
Third party
Purpose
Location
BAC Credomatic
Payment processing
Costa Rica
WooCommerce / Automattic
Booking platform
USA (SCCs apply)
Google Analytics
Website analytics
USA (SCCs apply)
Hotel partners
Pickup coordination
Costa Rica
Legal authorities
Legal obligation
As required

SECCIÓN 8 — Data retention
7. How long we keep your data
Data type
Retention period
Booking and transaction records
7 years
Customer communications
3 years after last interaction
Marketing consent records
Until withdrawal + 1 year
Analytics data
26 months
Cookie data
Session: deleted on browser close. Persistent: up to 2 years.

SECCIÓN 9 — Your rights
8. Your rights under GDPR
Right
What it means
Access
Request a copy of your personal data
Rectification
Ask us to correct inaccurate data
Erasure
Request deletion of your data
Restriction
Limit how we process your data
Portability
Receive your data in machine-readable format
Objection
Object to processing for marketing or legitimate interests
Withdraw consent
Withdraw marketing or cookie consent at any time
To exercise any of these rights, contact us at info@gosouthcr.com. We will respond within 30 days.

SECCIÓN 10 — Security
9. Data security
We implement SSL/TLS encryption (HTTPS), PCI-DSS compliant payment infrastructure, and restrict access to personal data to authorized staff only.

SECCIÓN 11 — Children
10. Children’s privacy
Our services are not directed at children under 16. We do not knowingly collect data from children under 16 without parental consent. Contact info@gosouthcr.com to request deletion of any child’s data.

SECCIÓN 12 — Updates & Contact
11. Changes to this policy
We may update this policy periodically. The “Last updated” date at the top reflects the most recent version. Significant changes will be communicated by email or site banner.
12. Contact us
GoSouth Adventures Email: info@gosouthcr.com WhatsApp: +506 8387-1441 gosouthcr.com