Turneo: Privacy Policy

PRIVACY POLICY

A) INTRODUCTION
Turneo Ltd (referred to as "Turneo", "we", "us"or "our" in this Privacy Policy) is a company incorporated and registered in England and Wales with company number 13986503 whose registered office is at 71-75 Shelton Street, London, WC2H 9JQ, UK. In this Privacy Policy, references to 'you' or 'your' is to you as an individual. 

The protection of personal data is important to us, and we process personal data exclusively in accordance with applicable data protection requirements including (but not limited to) primary General Data Protection Regulation („GDPR“), UK General DataProtection Regulation (UK GDPR), and other applicable provisions of the law. 

We act as an intermediary in relation to the facilitating, creating and managing of bookings of travel services - including tours, attractions and other touristic experiences (“Experiences”), and in those circumstances, we process Data Subject Identity Data, Contact Information Data and Financial Data.  

We are the owners of the websites turneo.com and turneo.travel (“Website”), through which we provide our services. If you visit our Website, we can process your Analytics Information Data, only if you accept such processing. This Privacy Policy contains our rules regarding the protection and management of your personal data (“Policy”).  With this Policy, we inform you about how we collect personal data, what personal data we collect, why we process it, how we use it, how we store it, with whom we share it and why.

B) DATA CONTROLLER
Data controller of your personal data is:
Turneo Ltd
71-75 Shelton Street,
WC2H 9JQ
London
United Kingdom
CRN: 13986503

C) CONTACT INFO
In case of any questions regarding the rules, feel free to contact us at the following number/e-mail:
Phone: +385 92 4212 795
Email: info@turneo.com

D) INFORMATION ON THE PROCESSING OF PERSONAL DATA

Data subjects in terms of these Rules are: Customers, Suppliers, Partners and Visitors  to our Website.

The Personal data we can process are:

·      Identity Data which can include: name and surname

·      Contact Information Data which can include: email address and phone number,

·      Financial Data needed to make payment which can include bank account information and payment information,

·      Analytics Information, namely information from your Web browser (such as browser type and browser language) and details of your visits to our Website , including traffic data, location data and logs, page views, length of visit and Website navigation paths as well as information about your computer and internet connection, including your IP address and how you interact with our Product.  

Processing of certain personal data is necessary in order for us to be able to provide our services, i.e. in order to carry out our business activity.

The processing of personal data can also be based on the consent of the Data Subject. In that case, the Data Subject has the right to withdraw his consent at any time for personal data which was obtained through his voluntary consent. Withdrawal of consent does not affect the legality of data which was processed before the withdrawal. Data subjects are informed about the possibility of consent withdrawal before they give it. The data controller is obliged to prove at any time that certain personal data was obtained on the basis of consent.

D1) CUSTOMERS

If you are a Customer using Turneo services to book Experiences, we can process your Identity Data, Contract Information Data and Financial Data (“Consumer data”).

In that case we will process your personal data for the purpose of providing service, payment processing, resolving service issues and ensuring the quality of the service/product.

The legal basis for the subject processing of customers' personal data is the execution of contract between you and Turneo (as the personal data controller), and for the purpose of accomplishing our legitimate interests in the performance of our activities, except in case when interests or fundamental rights and freedoms of customers/end users that require the protection of personal data prevail over our legitimate interests.

In our legitimate interests of providing the best services to you and improving and growing our business we will process data for the purpose of:

- improving our application programming interface (“API”) and our services;
- keeping our Website and systems safe and secure; and
- defending against or exercise legal claims and investigate complaints.

We will delete obtained personal data obtained when the purpose for which they were obtained is fulfilled.

With the exception of the above, we will process personal data of the customers in order to comply with legal obligations established by applicable law, primarily data related to financial regulations, and all in accordance with the legal framework, and we will keep such personal data as long as required by applicable law.

D2) SUPPLIERS

If you are a Turneo’s Supplier, we may process your data that we need to perform the contract, namely Identity Data, Contact Data and Financial Data. In doing so, we can also process data about the Supplier's employee who communicates on behalf of the Supplier, namely: first and last name, e-mail, phone/mobile number.

We will process the Supplier's personal data for the purpose of the contractual relationship with the Suppliers.

The legal basis for the subject processing of the Supplier's personal data is the execution of the contract between the Supplier and Turneo (as the personal data controller), and in order to achieve our legitimate interests in the performance of our activities, except when these interests are stronger than the interests or fundamental rights and freedoms of suppliers/employees of suppliers that require protection of personal data.

In our legitimate interests of providing the best services to you and improving and growing our business we will process data for the purpose of:

- improving our API and our services;

- keeping our Website and systems safe and secure; and

- defending against or exercise legal claims and investigate complaints.

We will delete obtained personal data obtained when the purpose for which they were obtained is fulfilled.

With the exception of the above, we will process personal data of the Supplier in order to comply with legal obligations established by applicable law, primarily data related to financial regulations, and all in accordance with the legal framework, and we will keep such personal data as long as required by applicable law.

D3) PARTNERS

If you are a Turneo’s Partner, we may process your data that we need to perform the contract, namely Identity data, Contact data and Financial data. In doing so, we can also process data about the Partner's employee who communicates on behalf of the Partner, namely: first and last name, e-mail, phone/mobile number.

We will process the Partner's personal data for the purpose of the contractual relationship with the Partner.

The legal basis for the subject processing of the Partner's personal data is the execution of the contract between the Partner and Turneo (as the personal data controller), and in order to achieve our legitimate interests in the performance of our activities, except when these interests are stronger than the interests or fundamental rights and freedoms of suppliers/employees of Partner that require protection of personal data.

In our legitimate interests of providing the best services to you and improving and growing our business we will process data for the purpose of:

- improving our API and our services;

- keeping our Website and systems safe and secure; and

- defending against or exercise legal claims and investigate complaints.

We will delete obtained personal data obtained when the purpose for which they were obtained is fulfilled.

With the exception of the above, we will process personal data of the Partner in order to comply with legal obligations established by applicable law, primarily data related to financial regulations, and all in accordance with the legal framework, and we will keep such personal data as long as required by applicable law.

WHO WE SHARE THIS INFORMATION WITH

For the purposes set out in Article D1 of our Policy, we will share/forward Customer data with the following categories of third parties (based on the contract containing provisions on the protection of your personal data), some of whom we appoint to provide services, including:

- our Suppliers who provide the Experience booked by a Customer using Turneo services;

- our Partners who has Customers who are visitors to their website, apps, tools or physical premises, based on your written consent;

- our service providers who provide IT, system administration services and IT service providers we use to host or maintain our Website and digital services;

- our accountant for the purpose of fulfilling financial obligations;

- our analytics providers that assist us in the improvement and optimization of our Website and service.

We will provide your Identity Data and Contact Information Data to Supplier of Experiences (e.g. tours and activities providers) as part of the service that we offer. The Supplier will process your personal data as an independent data controller. The Supplier will use the Customer data only for the purposes of providing to the applicable Customer the Experience booked by the Customer, and to the extent and duration required to perform that service. Supplier will adopt and adhere to a Policy consistent with applicable laws, rules, regulations and guidelines and this Policy, employ reasonable industry standard physical, technical and administrative measures to protect the Customer data and shall ensure that any collection, use and disclosure of Customer data obtained by Supplier complies with all applicable laws, regulations and privacy policies.

Customers personal data (name, surname and contact information) can be shared with a Partner for marketing purposes, if the Customer gives his written consent to a particular Partner. In that case, the Partner will process your personal data as independent data controller. Partner will adopt and adhere to a Policy consistent with applicable laws, rules, regulations and guidelines and this Policy, employ reasonable industry standard physical, technical and administrative measures to protect the Customer data and shall ensure that any collection, use and disclosure of Customer data obtained by Partner complies with all applicable laws, regulations and privacy policies.

E) INTERNATIONAL TRANSFERS

Many of our external third parties (including tours and activities Suppliers) are based outside the UK, so their processing of your personal data will necessarily involve a transfer outside the UK.


We will transfer your personal data outside the UK, only if such transfer is not prohibited or restricted by law.

The transfer of personal data to a third country, area, or one or more specific sectors within that third country, or to an international organization that the Commission has assessed as meeting the appropriate level of personal data protection is based on the Commission's decision on the adequacy of protection and is not subject to an additional request for transfer the same.

In the absence of the aforementioned decision, Turneo will implement appropriate protective measures for the transfer of personal data and additionally provide the data subject with legally relevant court protection.

In that case, the legitimate basis for the data transfer will be corporate rules, standard clauses on data protection adopted by the Commission in the procedure foreseen for this purpose, i.e. concluded written contracts on the transfer of personal data based on standard contractual clauses of the Commission or on other prescribed basis in accordance with the General Regulation on data protection.

F) DATA SECURITY

We have established appropriate technical and security measures to prevent accidental loss, use or unauthorized access, modification or disclosure of your personal data. We control physical access to our information system and business premises. Furthermore, we limit access to your personal data in such a way that it is only available to authorized employees who process your personal data as part of their job obligations. They will process your personal data exclusively according to instructions, legal obligations and are subject to the obligation of confidentiality.

G) COOKIES

Cookies are small text files that are sent to your device when you visit a website. The cookies are then sent back to the original website each time you visit the site or another website that recognizes that cookie. Cookies serve as a website’s memory, allowing that website to remember your device when you visit the site again. This allows the website to recognize your computer the next time you visit us, in order to offer you a personalized experience when you navigate through it.

If are a Visitor to our Website, you should know that we use (i) Technical cookies that are necessary for the functioning of our website (do not store any information that could identify you) and (ii) Analytical cookies that you can refuse to accept, without any consequences.

We cannot exclude the use of Technical cookies and we do not need your consent to use them. You can set your browser to block these cookies or send a warning about them, but in this case some parts of the site will not work. It should be noted that our Website functions optimally only if the use of cookies is enabled.

If you accept Analytical cookies we will process information from your Web browser (such as browser type and browser language) and details of your visits to our Website, including traffic data, location data and logs, page views, length of visit and Website navigation paths as well as information about your computer and internet connection, including your IP address and how you interact with our Website.

Our website may link to external sites not controlled by us. Please note that we have no control over the content and practices of these sites and cannot accept responsibility for their privacy policies.

You are generally free to refuse our request to process your personal data, with the understanding that we may not be able to provide you with some of the desired services in that case.

H) YOUR RIGHTS

As data subjects you have rights stipulated by the applicable regulations, which including:

1)  Right of access;

2)  Right to correction and erasure;

3)  Right to restriction of processing;

4)  Right to data portability;

5)  Right to object;

6)  Right to withdraw consent.

All of the above rights can be exercised by submitting a written request to Turneo’s contact information, and we will respond within 30 days.

If you believe that your personal data is being processed unjustifiable and the processing of your personal data is not in accordance with legal regulations, you can file a complaint directly with the Information Commissioner's Office (ICO).

It is important to us that the personal data we keep about you is accurate and valid. Please notify us if your personal information changes during your relationship with Turneo.

I) AMENDMENT OF RULES AND ENTRY INTO FORCE

Turneo reserves the right to amend these Policy.

These Rules come into force and apply from the date of application of the UK General Data Protection regulation.