We are committed to protecting and respecting your privacy in compliance with the GDPR and fair transparent use of data.
This policy sets out the basis by which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data, and how we’ll treat it.
Scanbalt Experience OÜ, registration number 11430896, located in Pikk 7, 10123 Tallinn, Estonia, referred to as Scanbalt Experience within this document.
Scanbalt Experience is a travel undertaking that uses personal data in its day-to-day operations for the purpose of provision, arrangement, organisation and mediation of various travel and tourism services. In our activities, we follow the General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act (PDPA), our own Data Protection Strategy and other established data protection rules. This Privacy Notice is aimed at the data subject specified in the GDPR and in the PDPA, i.e. at natural persons whose personal data are processed for provision of the service.
We presume that you (Data Subjects) are aware of and care about the processing of your personal data and therefore we herewith assure you that Scanbalt Experience takes adherence to the rules established with regard to processing your data very seriously. The Privacy Notice describes the principles and practice used by Scanbalt Experience regarding the entire chain of processing personal data from the collection and use to deletion, thereby focusing on the protection of personal data. The protection of personal data is an ongoing responsibility and therefore we revise the rules of the Privacy Notice from time to time, check its compliance with the established requirements and, where necessary, update its contents.
Data Protection Officer (DPO)
Scanbalt Experience has appointed the following person to ensure compliance with data protection requirements:
First name and surname: Kristofer Anderssonn
The DPO is available at: Kolugnsvägen 72, 74141 Knivsta, Sweden
What is personal data?
Personal data is the information that identifies you, such as names, addresses, e-mail addresses, telephone numbers, passport, insurance details, demographic information (region/country from), interests, taste or preference information, and the like, when voluntarily submitted by a visitor.
Information we may collect from you
Personal information has the meaning given under your local data protection law, and, where the GDPR applies, the meaning of personal data given under the GDPR. Personal information generally means information which relates to a living individual who can be identified from that information, or from that information and other information in a person’s possession, including any expression of opinion, whether true or not, and whether recorded in material form or not, about an identified or reasonably identifiable individual, and any indication of intention in respect of an individual.
Generally, the type of personal information we collect about you is the information that is needed to facilitate your travel arrangements and bookings and to arrange travel related services and/or products on your behalf.
We therefore typically process the following types of personal information about you:
- contact information (such as name, residential/mailing address, telephone number, email address);
- payment account information (credit/debit card details, including card type, card number, security number and expiry date);
- passport details;
- information about your dietary requirements and health issues (if any); and
- other details relevant to your travel arrangements or required by the relevant travel service providers (e.g. airlines and accommodation or tour providers).
When you make contact with us for other purposes, we may also collect personal information about you in relation to those purposes. For example, we may collect your personal information, so we can contact you about a competition you have entered (e.g. if you win) or to respond to an enquiry or feedback you have sent to us. We also collect information that is required for use in the business activities of Scanbalt Experience and our related entities, including for example, financial details necessary to process various transactions, video surveillance footage used for security purposes, and other relevant personal information you may elect to provide to us.
Time and manner of keeping data
Data collected on you via your purchases are kept by Scanbalt Experience as long as required by law and until the date of expiry of claims, after which the personal data are deleted. The data are kept in a single database or in multiple databases administered by a third party located in the European Union or in a contracting state of the European Economic Area. These third parties do not have access to the data and they do not use your personal data for any other purpose besides retention and backup.
Transfer of personal data outside the EU or equivalent regions
Scanbalt Experience is located in the Republic of Estonia, which is a member state of the European Union. The personal data that we collect are processed mainly in the Republic of Estonia as well as at the legal addresses of third parties. If data need to be transferred outside the European Union or equivalent territories during the provision of a service for the purpose of performance of the contract, Article 45 of the GDPR demands that the level of protection guaranteed to the personal data be at least the same as in the territory of the EU. This is to inform you that our company does not have any other legal means besides contractual ones to give such a guarantee, which means that we are able to obtain confirmations regarding the sufficiency of the respective level of protection from those businesses with whom it is possible to conclude contracts and negotiate contract terms and conditions as well as to obligate such businesses to guarantee the respective level of protection themselves, but we are not in any way able to guarantee the sufficiency or GDPR compliance of such measure.
However, if we cannot reach an agreement with the respective service provider regarding the compliance of the level of protection of personal data with the requirements of the GDPR, we warn you that the level of protection of personal data in the respective country of destination is not at the same good level as that of the GDPR and explain that we do not have any means to in any way guarantee the high level of protection of personal data regarding the country of destination. If you still wish to receive a service at such destination, you certify by purchasing the trip that we are allowed to transfer your personal data to such country of destination.
We never send to a service provider outside the EU more personal data than required at very minimum to approve the service or more than you would be required to submit to them if you ordered the same service directly from them, i.e. without using our services.
IP addresses and cookies
We may collect information about your computer including, where available, your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is aggregate data about our users’ browsing actions and patterns and doesn’t identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that’s transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern
- To store information about your preferences, allowing us to customise our site according to your individual interest
- To speed up your searches
- To recognise you when you return to our site
- The table below explains the types of cookies we use and why.
Cookie type purpose:
- Performance cookies; Google Analytics – These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
- Functionality cookies – These cookies are used to remember the choices visitors have made including for example, remembering that a visitor has previously entered information in an online form.
- Targeting/advertising cookies – These cookies are usually set by a third party to ensure a visitor gets shown a random, varied list of travel offers on each page they visit.
Uses made of the information
We may use information held about you in the following ways:
- To provide you with information, products or services that you request from us or which we feel may interest you, where you’ve consented to be contacted for such purposes
- To carry out our obligations arising from any contracts entered between you and us
- To allow you to participate in interactive features of our service, when you choose to do so
- To notify you about changes to our service
- To notify you of offers and services from our partners that match interests or requirements you’ve registered with us.
If you’re an existing customer, we’ll only contact you by electronic means (email) with information about goods and services like those which were the subject of a previous sale to you.
If you’re a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you’ve consented to this.
If you don’t want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form by which we collect your data.
Disclosure of your information
We will never sell or give the personal information that you voluntarily provide us to any third party, other than to: (a) affiliated entities of Scanbalt Experience (b) service providers who provide support services to us with respect to the site, (c) business partners as described below, and (d) purchasers of all or a part of the Scanbalt Experience business provided that such third party agrees to abide by the privacy policies stated in this statement. It is used solely by us, our agents, affiliates, services providers and business partners to respond to your requests and to better serve you.
You have the right to ask us not to process your personal data for marketing purposes. We’ll inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org
If you do not wish to receive information about Scanbalt Experience’s activities, products and/or services or offers of other relevant third parties, please update your personal data or by email at email@example.com or using the unsubscribe button at the end of each newsletter sent to you. You have the right to know what data Scanbalt Experience holds about you, and will be provided on request to firstname.lastname@example.org in a .txt or pdf format. You have the right to rectify incorrect information that Scanbalt Experience holds about you, which you can request at email@example.com. You have the “right to be forgotten” and your data will deleted upon request to firstname.lastname@example.org.
Access to information
The Act gives you the right to access personal information held about you. Your right of access can be exercised in accordance with the Act.
Links to other websites
Our site may, from time to time, contain links to and from the websites of our partners, affiliates, plus other third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we don’t accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
For any questions, comments and requests please contact us.
Tallinn, 24 May 2018