Last Updated: 08.09.2022.
The Company acts as the data controller of your Personal Data.
By using this Site, you signify your acceptance of this Policy. If you do not agree to this Policy, please do not use our Site. Your continued use of the Site following the posting of changes to this Policy will be deemed as your acceptance of those changes.
In case you disclose any Personal Data regarding any third person (e.g. your employee, management board member, co-worker, contracting party, etc.) to us, you are obliged to refer them to this Policy.
What information does the Company collect?
We collect Personal Data and Anonymous Data, as described below.
We may collect Personal Data from you, such as:
- first and last name;
- e-mail and mailing addresses;
- phone number;
- date of birth.
Please note that the data items in the sections above are only considered personal data when concerning a natural person (meaning, an individual human being). These data items are not considered personal data when concerning a legal person or entity.
If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply.
Some information is collected automatically by our servers:
- Our servers (which may be hosted by a third-party service provider) collect information from you, including your browser type, operating system, Internet Protocol ("IP") address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.
- As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider ("ISP"), referring/exit pages, operating system, date/time stamp, and clickstream data.
- We retain information on your behalfs, such as transactional data and other session data linked to your account.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
Your data is required among others to set up and manage an account for you on the Site. In this case, you conclude a (free) user agreement with us, on the basis of which we collect this data (Art. 6 para. 1 lit. b GDPR).
In order to conclude the agreement and purchase the services on the Site, you must provide us with this data. However, you have no obligation to enter into the agreement and thus provide the data.
In some cases, the User might purchase a Travel Service with other people or make a reservation on someone else’s behalf. In both those scenarios, you will provide their details as part of the booking of the Travel Service. You acknowledge and agree that it’s your responsibility to ensure that the person or people you have provided personal data about are aware that you’ve done so and that they have understood and accepted how we use their information (as described in this Policy).
How does the Company use the information it collects?
In general, Personal Data you submit is necessary for making a comfortable and safe service for clients. Also, we use your Personal Data in the following ways:
- facilitate the creation of and secure account on a network;
- provide improved administration of Site and services and display personalised content on our Site (Art. 6 para. 1 lit. f GDPR);
- improve the quality of experience when interacting with the Site and services;
- identify, prevent, and report potentially suspicious, fraudulent, or illegal activities;
- send administrative e-mail notifications, such as account activity, transaction processing, security or support, and maintenance advisories;
- send a welcome email to verify ownership of the e-mail address provided when the account was created.
The Company does not sell user and/or Anonymous Data to any third party.
When registering on our Platform, offer a Travel Service or book a Travel Service (as defined in our General Terms and Conditions) using our Site, we collect the data required to provide our Services. This usually includes the following information:
- First and last name,
- billing address,
- email address,
- telephone number,
- number of participants,
- date and time.
[Depending on the booked Travel Service, it may also be necessary for us to collect additional data, such as the age of the participants, transportation details, etc.] The processing that takes place in connection with this is based on Art. 6 para. 1 lit. b GDPR.
If a Travel Service is purchased through the Site, we will collect the following data:
- information on the Travel Service purchased using the Site;
- bank account information (bank account number and first and last name of the account owner) of the account used to conclude the transaction.
The payment made by credit card will be processed by Stripe Payments Europe, Limited (Stripe). Stripe will forward the data provided during your payment to the respective banks or financial institutions for the purpose of processing the payment. In the case of payments by credit card, we only receive the information that payment has or has not been made. We, therefore, have no data on your credit card.
Depending on the Travel Service and the Guide, the details we share can include your name, contact and payment details, the names of the people accompanying you and any other information or preferences you specified when you made your booking of Travel Service.
In case you need to contact our customer support, our support personnel will handle your contact information and the contents of your communication. Please do not share any sensitive data in your communication with our customer support. You can contact our customer support through various means. Depending on the means of communication you choose, we’ll process the following contact details: - Your IP address (chat support) - Phone number (phone support, SMS support) - Email (email support) - User ID of an instant messaging app (QR code, support through an instant messaging app). We keep a record of the contents of the support tickets to make sure that you receive quality service and to develop our products and services. If you contact us by calling our support number, please note that we also record phone calls for the same purposes. The processing of your personal data in connection with your communication with our customer service is based on the service agreement between you and the Company as well as our legitimate interest to follow up on the quality of our customer service, to verify the actions taken based on your request and to develop our service in the future.
How does the Company share my Personal Data?
It may be necessary to disclose your information to comply with any law, court orders, or government request, defend against claims, investigate or bring legal action against illegal or suspected illegal activities, enforce our Terms, or protect the rights, safety, and security of the Company, our users, or the public.
We may share your Personal Data with third-party service providers to provide you with the services that we offer you through our Site. These third-party service providers are required not to use your Personal Data other than to provide the services requested by you.
To the extent necessary, we will transfer your data to the Guide or any third party providing the Travel Service or facilitating the provision of the Travel Service. Transfer to a third country outside the EEA is necessary in the case of Travel Services provided in such jurisdictions and such transfer is based on Art. 49 para. 2 lit. b, c GDPR.
We can make bookings for Travel Services via partner sites, and in this case, we transfer the data required to make the booking to the partner. The primary reason we share your data is to supply the Guide with the relevant information to complete your Travel Service and fulfil the obligations under the agreement for Travel Service.
In order to support the use of our services through the Site, your information (which may include personal data) may be shared with members of the Travel Nerd’s corporate group. We rely on our legitimate interest and that of the Company’s group companies’ to receive and share personal data as described herein.
We may share some or all of your Personal Data in connection with or during the negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset.
The Site may contain links to other third-party websites which are regulated by their own privacy policies. The Company is not responsible for the privacy policies of these third-party websites even if they were accessed using the links from our site.
How long do we store your personal data?
We keep the data you have provided to us on your user account for the whole period of your customer relationship and as long as it is necessary with regard to the purposes of the processing described above.
How do we transfer collected information internationally?
We may transfer the collected information we obtain from you to recipients in countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information.
To the extent necessary, we will transfer your data to the Guide or any third party providing the Travel Service or facilitating the provision of Travel Service. Transfer to a third country outside the EEA is necessary in the case of Travel Services provided in such jurisdictions and such transfer is based on Art. 49 para. 2 lit. b, c GDPR. All data transfers outside the EEA are made under the General Terms and Conditions which include necessary data protection provisions.
What legal rights do you have in relation to your information?
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
You also have the right to lodge a complaint with a Data Protection Authority (“DPA”) if you think that your Personal Data is being processed incorrectly or your rights have been violated by the Company. The Estonian Data Protection Inspectorate is available at http://www.aki.ee/en.
The rights listed in this Section regarding the processing of their personal data are not absolute rights. In certain cases, the rights of other data subjects or legal rights of Travel Nerd may restrict the rights of the User.
NO FEE IS USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent if one of the other legal bases is applicable.
How can you send requests regarding your information?
Unless you have made a corresponding request, we will retain your information for as long as your account has not been closed or as needed to provide you access to your account.
If you wish to close your account, the account may be terminated by the user in settings inside his personal account. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms.
Where do we store your Personal Data?
What security precautions does the Company take to protect me?
We take the protection of your personal information seriously. We use industry-standard data encryption technology and have implemented restrictions related to the storage of and the ability to access your personal information. However, despite all of our efforts, please note that no transmission over the Internet or method of electronic storage can not be guaranteed to be 100% secure.