Privacy Policy

Please read this Privacy Policy carefully before using the website, and other online features including, but not limited to, emails, newsletters, and text messages (the "Services") operated by Sidetrip OÜ ("us", "we", or "our").

This Privacy Policy describes how we may collect, secure, process, and disclose your information.
This Privacy Policy may be updated from time to time. Please check it regularly to review any updates we may make.

1. Personal information we collect

There are three general categories of personal information that we collect.

Account information
When you register with the Services, we require personal information, including your first name, surname, and email address.

Purchase and payment information
If you purchase a tour via the Services, we may collect and process information regarding the transaction, which may include: records of purchases and prices, records of booking details, bank account information, invoice records, payment records, billing information, contact information, and payment transaction details.

Automatically collected information
We automatically collect basic usage data and device information when you use the Services. This information is collected whether or not you have created an account or logged in. Such information may include: information about how you use the Services, IP address, access times, hardware/software information, device information, unique identifiers, cookie data, and the pages that referred you to the Services.

2. Other information we collect

Community content
You may voluntarily contribute Community Content to the Services, such as: reviews of tours, images of tours, and other similar content.

We are not responsible for any personal information that you may volunteer about yourself in these public areas of the Services. To request removal of your personal information from publicly posted areas, please refer to the section *"Your Rights"* of this Privacy Policy.

If you communicate with us, we collect information regarding your communication and any information you choose to volunteer in those communications.

We are not responsible for any personal information you may volunteer about yourself in these communications. To request removal of your personal information from communications, please refer to the section *"Your Rights"* of this Privacy Policy.

We collect information regarding your usage of the Services, including, but not limited to, the features you use, the pages you visit, and the searches you make within the Services.

3. How we process personal information

We may process personal information for the following purposes: providing the Services to you, communicating with you, marketing our Services, managing our IT systems, conducting investigations where necessary, compliance with applicable law, and improving our Services.

Providing the Services
We process the information collected in order to operate, improve, develop, and provide the Services, including processing payment information for purchases made on the Services, conveying information you publicly volunteer via the Services to other users, communicating with you, providing customer support, customising your user experience, monitoring and correcting errors in the Services, and enforcing our Terms and Conditions and this Privacy Policy.

Communications regarding your purchases
If you choose to purchase a product or indicate your intention to purchase a product via the Services, then we may send you communications regarding that purchase and/or product. These communications may include, but are not limited to: transaction status updates, alerts regarding transaction errors, reminders to complete transactions, reminders of scheduled tour/experience dates of the purchased product if applicable, and requests to review the product.

Direct marketing communications
With your prior consent, we may process your personal information to communicate to you information regarding the Services that may be of interest to you. We may send information regarding promotions, product offers, new features and Services, and other marketing information that may be of interest to you.

Even if you have provided prior consent, you may opt out of some or all of these direct marketing communications at any time via your profile page, the Services, or by following the directions included in our emails to you.

Improving our Services
We use the information we collect to improve the Services. This includes: operating and maintaining our computing platforms and software, ensuring the integrity and security of data and computing platforms, analysing audience and user engagement, testing and monitoring new features, and analysing purchasing activity.

Financial and business management
We may use personal information collected from you in the course of our general business and financial management, including: planning and reporting, personnel development, sales, accounting, finance, and compliance with legal requirements.

4. Lawful bases for processing data

We process your data in accordance with one or more of the following legal bases:

Consent: We may process your information when we have asked for and you have given clear voluntary consent to process your personal data for the specific purpose for which we have asked.
Contract: We may process your information when it is necessary for a contract between you and us.
Legal obligation: We may process your information when it is necessary for us to comply with the law.
Legitimate interests: We may process your information when it is necessary for our legitimate interests in operating or promoting our business, unless this interest is overridden by your interests or fundamental rights and freedoms.

5. Personal information we share

We do not share your personal information with marketers.
We do not allow advertising companies to collect data through the Services.

Third-party data processors
We may share your information with third-party companies to: provide customer support, perform computing-related services such as, without limitation, maintenance services, computing platform services, monitoring of the integrity, performance, and security of the Services, and improvement of the Services, to process communications, including email, SMS, and mobile notification services, to process and monitor payment transactions, and to analyse how the Services are used.

These third parties may have access to your personal information to the extent required to perform these tasks. We maintain a data-processing agreement with all third-party data processors with which we share your personal information. These data processors are obligated to protect the confidentiality and security of this personal information and to process the data in accordance with applicable law, consistent with this Privacy Policy.

Other situations
We may make personal information available to third parties in these limited circumstances: (1) with your express consent, (2) when we, in good faith, believe it is required by law, (3) when we, in good faith, believe it is necessary to protect our rights or property, or (4) to any successor or purchaser in a merger, acquisition, liquidation, dissolution, or sale of assets. Your consent will not be required for disclosure in these cases, but we will attempt to notify you, to the extent required by law.

6. Cookies, beacons, and similar technologies

We use technologies such as cookies (small files stored on your browser), web beacons, and unique device identifiers to identify your computer or device so that we can personalise your user experience and monitor your usage of our Services.

We may use web beacons or similar technologies when sending you emails to determine whether the email has been opened and which links you click. We collect this information to ensure delivery and to monitor and measure the effectiveness of our communications.

You may block cookies or other tracking technologies via your browser, email client, or other technologies, but certain personalised features of the Services may be degraded or become unavailable.

7. Children

We do not knowingly contact or collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us so we can promptly obtain parental consent or remove the information. Persons under the age of 18 are not permitted to make purchases from us.

8. Security

We take our commitment to safeguard your information seriously. We employ strong safeguards, both technical and organisational, to protect against unauthorised access, unlawful destruction or alteration, and unauthorised disclosure of your information.

In certain cases, such as with payment information, we encrypt data transmission using Secure Sockets Layer (SSL) technology. However, no security or encryption method can be guaranteed to protect information from hackers or human error. Such transmissions are sent at your own risk. You are responsible for ensuring that any personal information that you send to us is sent securely.

9. Data retention

We take every reasonable step to ensure that your personal information is only retained for as long as it is needed.

10. Your rights

If you are a resident of the EU, the GDPR provides you with certain rights regarding your personal information. If you wish to exercise these rights, send your request via the contact options described in the section "Contacting Us" in this Privacy Policy. Note that we may ask to verify your identity before we can begin processing your request.

Access and portability
You may have the right to receive personal information you have provided in a structured, commonly used, and machine readable format or to have this personal information transmitted directly to another third party.

Where you are unable to update inaccurate or incomplete personal information concerning you via the Services, you have the right to ask us to correct this information on your behalf.

We take all reasonable steps to ensure that your personal information is only kept for as long as it is needed. You have the right, under certain circumstances, to request that we erase your personal information that we have collected.

We may retain, in certain circumstances, some of your personal information if we are relying on our legitimate interests as our basis for processing this information, and this personal information is necessary to fulfill our legitimate interest. Examples include, but are not limited to: payment information required for legal and tax purposes, transaction details regarding products purchased required for bookkeeping, and records used in monitoring and preventing fraud and abuse.

Community content you have volunteered may also be retained and remain public on the Services. However, at your request, we will disassociate this content from your personal information (i.e. "anonymise" the content).

Restriction of processing
In certain circumstances, you have the right to request that we restrict the processing of your personal information. You may request that we limit the processing of your personal information if a) you contest the accuracy of the information and we are verifying the accuracy of the information, b) the information has been unlawfully processed and you oppose erasure, c) we no longer need the personal data but you need us to keep it in order to establish, exercise, or defend a legal claim, or d) you have objected to us processing your data and we are considering whether our legitimate grounds override your own.

Objection to processing
You have the right to ask us to stop the processing of your personal information for the purpose of direct marketing at any time.

Where we are processing your data based on our legitimate interests, you may, in some circumstances, request that we stop processing your personal information, except in cases where we have compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or where the processing is for the establishment, exercise, or defense of legal claims.

11. Contacting us

If you have any questions or concerns about our Privacy Policy, please contact us either via email at or postal mail to Sidetrip OÜ, Viru 6, Tallinn 10140, Estonia.

This Privacy Policy was last updated on December 21, 2020.