PERSONAL DATA PROCESSING IN GO TRAVEL: PRIVACY NOTICE

  1. INTRODUCTION
    • Due to the field of operation, our company can be considered a travel company employing personal data in its daily business activities for the provision, arrangement, organisation and mediation of various travel and tourism services. Our activities are based on the General Data Protection Regulation (GDPR), Personal Data Protection Act (PDPA) and other rules regarding data protection. The present privacy notice (hereinafter the privacy notice) is mainly meant for data subjects in the GDPR and PDPA regulations, i.e. natural persons whose personal data is processed.
    • We understand if you as data subjects are aware of and care for the processing of your personal data, that is why we ensure that we treat the compliance of the processing of your data with the set regulations with all seriousness. The privacy notice describes the principles and practices followed in our company regarding the full chain of personal data processing starting from data collection and use up to the deletion focussing on the personal data protection. As personal data protection is a constant responsibility, we regularly review the privacy notice rules, check its compliance with the set requirements and update its content, if necessary.
  2. DATA PROTECTION OFFICER (DPO)
    • In our company AS Go Travel, registration number 10113159 located at 37 Toompuiestee in Tallinn, the following person has been named as the data protection officer:

Ingrid Kä0
Toompuiestee 37, Tallinn
+372 631 0110
juhatus@gotravel.ee

  1. DATA COLLECTION
    • Our company collects personal data mainly from its customers who are natural persons. These generally include data needed for the provision of the travel and tourism services selected by the customer. The precise data collected depend on the specific travel service and they may vary due to the means of transport (bus, train, airplane, ship) as well as the destination (domestic journey, within the EU and states equated with the EU member states, travelling outside the EU countries). The requirements vary across the states and service providers and therefore also the volume of data needed for the service provision may vary.

The usual data required for travelling are as follows: the first and last name, a travel document/ID for the verification of identity, sex and age, but also contact details such as the e-mail address, phone number and place of residence. When travelling outside the EU, there may be requirements for additional information depending on the particular destination (including the nationality, passport details, visa, vaccination records etc). We use your personal data in order to perform the contract and provide you with travel and tourism services. We do not sell or share personal data with third parties, except in cases required by law or it is necessary for the performance of our mutual contract.

  • PERSONAL DATA PROCESSING IN THE PROVISION AND MEDIATION OF ACCOMMODATION SERVICES

When you purchase accommodation services, your data (name, sex, national identification number and/or date of birth) are needed to meet the requirements set for accommodation companies and the service provision. The list of required personal data may vary by country due to the imposed requirements. In order to ensure the provision of accommodation service, we need to have the data of the people who will use the accommodation service and the time when they will need the accommodation. In general, the accommodation service providers are required to maintain a registration record on the accommodated people which includes the data required by law and which will be passed on to the law enforcement authorities.

Depending on the content of the service, we may also need various types of personal data concerning the specifications of the accommodation service. It may include, for instance, the availability of mobility aids in case of particular physical disabilities (wheelchair, lift etc) or information regarding the intolerance of certain substances or special diets (in case accommodation and catering service are booked).

In case you purchase accommodation and rehabilitation therapy service, we will also require specific personal data related to the given rehabilitation. Thus we will learn about the time, place and content of the rehabilitation in as much as it is necessary for the provision of the particular rehabilitation service. In any event, it means particular personal data that you will provide us yourself to receive the given service.

In case of the sale of the accommodation and related services with the best price provided by wholesalers, we will transfer your data to the wholesaler of the services who, in turn, will transfer the data to the particular provider of the accommodation or related service.

We require that the accommodation service provider as well as the wholesalers process personal data in compliance with GDPR. Every person involved in the accommodation service provision can use the personal data only for the performance of the contract.

  • PERSONAL DATA PROCESSING IN THE PROVISION AND MEDIATION OF CONFERENCE SERVICE

Upon the provision of conference services, we process personal data primarily for the performance of conference service contract, for instance, when we register participants and issue invoices (name, ID code, telephone, e-mail, job title, the company name), arrange interpretation service, book photographers and cameramen (photos), organise and edit video transmissions, arrange the preparation and allocation of memorabilia and publications (incl. name tags), book catering (information on food intolerance and special diets constitute a special type of personal data). We also process the personal data required for the organisation of cultural and leisure programme (name, time of the event, a person’s preferences), organise accommodation (see section 3.1.1) and the transportation between the accommodation and conference venue (people’s names, time of the transportation, the accommodation and conference venue).

We require that the service providers process personal data in compliance with GDPR. Every person involved in the conference service provision can use the personal data only for the performance of the contract.

 

  • PERSONAL DATA PROCESSING IN THE PROVISION AND MEDIATION OF TOUR GUIDE, GUIDE-INTERPRETER AND TOUR LEADER SERVICES

For the provision of tour guide, guide-interpreter and tour leader services, we require your personal data such as the name, ID code, the time of the service provision, languages for the interpretation and the visited destinations. While providing the tour leader services, we may also get information about specific personal data (e.g. on the use of a wheelchair in case of a physical disability, but in case of children also on the travels of the people accompanying children). Depending on the place and country of destination, it may also be required to transfer your personal data to the respective institution beforehand, if required.

When you have purchased from us the mediation of tour guide, guide-interpreter and tour leader services, we usually transfer the data to the wholesaler of tour guide, guide-interpreter and tour leader services who, in turn, will transfer the data to the specific service provider.

We require that the service providers process personal data in compliance with GDPR. Every person involved in the tour guide, guide-interpreter and tour leader service provision can use the personal data only for the performance of the contract.

 

  • THE PROVISION AND MEDIATION OF PASSENGER TRANSPORTATION SERVICES

For the provision of passenger transportation services, we require your personal data such as the name, ID code, travel document data, contact details and information related with the service. While providing the passenger transportation service, we may acquire information about specific personal data (e.g. on the use of a wheelchair in case of a physical disability, but in case of children also on the travels of the people accompanying children). Pursuant to regulatory obligations, the service provider may be required to transfer the personal data to law enforcement authorities.

We require that the service providers process personal data in compliance with GDPR. Every person providing the passenger transportation service and people employed in the provision of passenger transportation service can use the personal data only for the performance of the contract.

 

  • THE PROVISION AND MEDIATION OF VISA SERVICE

For the provision of visa services, we require your personal data such as the name, ID code, the data of your valid travel document, the destination country, the required term of validity of the visa, the reason for visiting the destination country and other data required by the country you wish to visit.

We require that the service providers process personal data in compliance with GDPR. Every person providing the visa service can use the personal data only for the performance of the contract.

 

  • THE MEDIATION OF TRAVEL INSURANCE SERVICE

For the provision of the mediation of travel insurance service, we require your personal data such as the name, ID code, place of residence, contact information etc. Upon performing the respective contract, we may also acquire information on your family member falling ill (primarily in case of travel cancellation insurance), accident and medical costs, but also other personal data that will come to our knowledge due to unforeseen insurance events.

We generally transfer the given personal data to the insurer and we require that the given personal data be processed in compliance with GDPR.

 

  • THE PROVISION OR MEDIATION OF TRANSPORT VEHICLE RENTAL SERVICE

For the provision of the mediation of transport vehicle rental service, we require your personal data such as the name, ID code, place of residence, contact information, the data of the document certifying the right to drive vehicles of the given category, credit card data etc. Upon performing the respective contract, we may also acquire information on your preferences in selecting the car, people driving the car, the times and routes of the journeys. We would like to stress that also the objects you leave behind in the car may include personal data about you.

In case of the mediation of transport vehicle rental service, we transfer the given personal data to the provider of the particular transportation vehicle rental service and we require that the given personal data be processed in compliance with GDPR.

 

  • THE COLLECTION AND PROCESSING OF DATA ON AS GO TRAVEL WEBSITES AND NEWSLETTER LISTS
    • Our internet websites ee, osturalli.gotravel.ee, tourest.gotravel.ee, loterii.gotravel.ee, incoming.gotravel.ee, events.gotravel.ee and other similar environments collect certain information automatically and store it in log files. The given information may include the IP address, the region or general location where your computer or device is connected to the internet, the user’s browser type, operation system and other data related to the use, including the history of website visits.

We use the given information in order to make our internet site better, easier and user-friendlier. We may also use your IP address to diagnose problems in our server or to manage the website, analyse trends, monitor the visitor activities on the website and to collect more extensive demographic information allowing us to determine the website users’ preferences. The websites also use the cookie system. In the present and following sections we have described the most general online data processing principles, for further information please click here.

  • When you have requested or agreed to receive our newsletters and advertising or you participate in prize draws or other campaigns organised or mediated by us, we ask your name and contact details. We use the given information to send you news and other similar information regarding our company and services provided by us that might interest you. We will not contact you more than 10 times in a month. Our newsletter may sometimes include links to other internet sites. Our company bears no responsibility for the content or privacy policy of the given sites. If you no longer wish to receive our newsletter, you can end your subscription to such letters by clicking on the link at the bottom of each newsletter. We may also use your e-mail address for showing you targeted advertisements in other channels, but only if the given channels have been included in the list of cooperation partners on this page.
  • When you wish to make an order or receive a quote through our website, we will need your personal data such as your name, telephone number and e-mail address and in some cases also the passengers’ date of birth, preferred time of travel and other data. The given information is needed in order to receive more precise information and to contact you for further data regarding your order and the performance of the contract signed or to be signed with you. We only share your personal data with companies directly related to the provision of service to you. At the time of making the order, we may also ask for information regarding the form of payment, for instance, the credit card number or bank transfer details. In the given process, we use a secure online connection to protect your personal data.

 

  1. HOW LONG AND HOW OUR COMPANY STORES YOUR DATA
    • The information collected about you through your purchases will be stored by our company until the due date of the submission of any claims provided by law. In case the data subject wishes to be forgotten, we will delete his data to the extent not regulated by legislation, in other words, only the data required by law will be stored. The data will be stored in one or several databases maintained by a third party located in the Republic of Estonia. The given third party has no access to the data and will not use your personal data for any other purpose except for storage and backup.

 

  1. WHEN AND HOW OUR COMPANY USES YOUR DATA
    • Your personal data will primarily be used for providing you with the agreed services.
    • Your personal data will also be used for updating our website pursuant to your preferences, interests and needs in order to learn about your wishes and preferences and to improve the service provision of our website.
    • If you have agreed to receive our newsletters, particular advertising, direct mail etc, we will send you the respective information. You can refuse to receive such e-mails at any time by using the link at the footer of the letter.
    • Your personal data will be shared with service providers whose service is strictly necessary for the performance of contracts and the provision of services.
    • Similarly, we may share your personal data should it be necessary for criminal investigation, fulfilment of a judicial claim, meeting your vital needs or regarding the sale, purchase, merger, reorganisation, revitalisation, liquidation or other similar act related to a company. In such cases we assure that we take all the necessary measures to keep your personal data adequately protected.
    • The information collected for prize draws and other similar undertakings will be used for contacting you in case you win. In case the prize is awarded by another cooperation partner, your personal data will be transferred to them for contacting the winner. As a rule, the pre-requisite for the participation in such prize competitions is your agreement to the use of your personal data also for other purposes, therefore we ask you to read the prize competition terms and conditions carefully before your participation.

 

  1. THE FLOW OF PERSONAL DATA OUTSIDE THE EU OR EQUIVALENT AREAS
    • We are located in the Republic of Estonia which is one of the member states of the European Union. The personal data that we collect are primarily processed in Estonia. In case we need to transfer the data outside the European Union or equivalent areas for the performance of the contract while providing the service, we have to ensure the level of personal data protection outside the EU at least on the same level as it is within the EU pursuant to Article 45 of GDPR. We hereby announce that our company has no other legal means for providing such a guarantee than contractual means, i.e. we can acquire a confirmation regarding the provision of adequate protection from companies that we sign contracts and negotiate the respective terms with and we can oblige them to guarantee such protection, however, we cannot in any way assure the sufficiency of such measures and the respective compliance with GDPR requirements.
    • In case we cannot reach an agreement with the service provider regarding the compliance of personal data protection with GDPR requirements, we will warn you that the data protection in the respective destination country is not at the same high level as required by GDPR and we explain that we have no means to assure the high level of personal data protection in such a destination country. In case you still wish to purchase the service regardless of the warning, we will ask you to sign a special agreement to send your personal data to the given destination country.

 

  1. THE RIGHTS OF THE DATA SUBJECT
    • The aim of the privacy notice is to provide information on the kind of information our company collects about you and how it is used. If you have any questions, please contact us via e-mail turundus@gotravel.ee or directly the data protection officer whose contact details are given below.
    • If you wish to know if our company processes your personal data, get access to your personal data, learn about your personal data, correct or delete your personal data or restrict the processing of your data, withdraw your consent or object to the processing of your data, please contact us via e-mail turundus@gotravel.ee or directly the data protection officer whose contact details are given below.
    • You have the right to transfer your data. We allow you to acquire your personal data in a machine-readable form or to transfer them directly to another service provider. In this case, however, we cannot ensure that the other service provider is able to receive your personal data. The right of data transfer is restricted by the structured data submitted by you in the commonly used format and machine-readable form; the right applies only to the data that we use for performing the contract signed with you or in accordance you’re your consent. Upon exercising the given right, we must consider also the third parties’ right for privacy.

For the use of the right of data transfer, please contact us via e-mail turundus@gotravel.ee or directly the data protection officer whose contact details are given below.

 

  1. YOUR DATA SECURITY
    • For the protection of personal data and the information that you enter on our website allowing personal identification, we use physical, technical and administrative security measures. We regularly update and test the applied security technology. Our internet networks are protected by firewalls and intrusion detection software. The access to your personal data is restricted to only those employees who need the given information for providing the agreed service or on other legal grounds.
    • We take reasonable measures to protect your personal data and our activities are subject to relevant valid information security legislation, however, it is important to note that no website or database is entirely safe or so-called hacker-proof. Please protect yourself and help us to prevent computer crimes by storing and protecting your passwords very carefully. Our website does not use spyware. In case you suspect that your account has been hacked, immediately contact the respective specialist.
    • In addition to the measures mentioned above, we train our employees to increase their awareness of the importance and necessity of the protection of personal data. Our commitment is reflected also in the internal regulation directly related to the employees that include also provisions on data protection.

 

  1. CHANGING AND COMPLEMENTING PRIVACY DATA
    • As every other organisation, also our company changes in time and space and therefore we may need to change and complement the privacy data in the future. For the given reason, we hereby announce that we have the right to change and complement the content of privacy data at any time without prior notice. We will publish the possible changes on the same privacy data page. We may inform you, for instance, via e-mail on the main changes in the terms of privacy data, however, it is safer if you visit the privacy data webpage with sufficient frequency in order to know the updated and valid terms.

 

  1. THE PRIVACY DATA OF EMPLOYEES
    • The privacy data of employees are drawn up in a separate document that is made available only to employees.

 

  1. QUESTIONS, COMPLAINTS
    • In case your personal data have changed or you have additional questions regarding the processing of personal data, please contact us. We will reply within the term prescribed by law. Then again, please be prepared that in connection with personal data protection, we may ask further information to establish your identity before we answer any questions. We must be sure that the information is given only to the correct person. We mostly correct or delete any inaccuracy that you have detected. In some cases, we can also partially or completely refuse your request if allowed or required by law.
    • In case you find that your personal data processing has breached the privacy data or it is conducted in a negligent manner, you can always contact our data protection officer:

Ingrid Kä0
Toompuiestee 37, Tallinn
+372 631 0110
juhatus@gotravel.ee

  • Similarly, you can always turn to the Estonian Data Protection Inspectorate or court for the protection of your privacy rights and personal data. The Data Protection Inspectorate is a state authority that can also be consulted for information or assistance regarding all personal data protection issues.