Menu
Hotel Only
Flight Only
Package Holidays
GB - £ GBP - EN
Homepage GDPR Data Protection

GDPR Data Protection

OTP OÜ

1. Introduction

1.1. OTP OÜ are travel companies that, in their day-to-dayrnoperations, use personal data for the purpose of providing, arranging,rnorganising and intermediating various travel and tourism services. In ourrnactivities, we comply with the General Data Protection Regulation (GDPR), thernEstonian Personal Data Protection Act (PDPA), our own Data Protection Strategy,rnand other established data protection rules. This Privacy Notice is intendedrnfor data subjects as defined in the GDPR and the PDPA, i.e., natural personsrnwhose personal data are processed for the provision of a service.

1.2. We assume that you (Data Subjects) are aware that yourrnpersonal data are processed and that you consider this important; therefore, wernguarantee that OTP OÜ takes compliancernwith the rules concerning the processing of your data very seriously. ThisrnPrivacy Notice explains the principles and practices applied by OTP OÜ throughout the entire processing chain ofrnpersonal data, from collection to use and deletion, and thereby focuses on thernprotection of personal data. The protection of personal data is an ongoingrnresponsibility; therefore, we review the rules of this Privacy Notice from timernto time, check compliance with the established requirements, and update itsrncontent when necessary.


2. Data Protection Officer (DPO)

2.1. OTP OÜ, with legal addresses at Harju maakond,rnKesklinna linnaosa, Viru väljak 2, 3rd floor, Tallinn, has appointed a specialist tornensure compliance with data protection requirements:

You can contact the DPO at Harju maakond, Kesklinnarnlinnaosa, Viru väljak 2, 3rd floor, Tallinn, Estonia.

E-mail: [email protected];[email protected]

E-mail: [email protected]

; [email protected]

 

3. Collection of data

3.1. OTP OÜ collect personal data primarily from their customers. As a rule, these are the datarnnecessary for the provision of the travel and tourism services chosen by therncustomer and can be clarified within the framework of fulfilling a specificrntravel service and may vary depending on the means of transport (e.g., bus,rntrain, plane, ship) and the destination (domestic travel, travel within the EUrnand equivalent countries, and travel outside the EU). In general, to be able to travel, a first and last name; a photo travel/identity document identifying the person; arnpersonal identification code (or, in the absence of this information, date ofrnbirth, gender and age); and contact details such as e-mail address, phonernnumber and residential address are required. For travel outside the EU,rndepending on the laws and requirements of the destination country, the list ofrndata may be longer (e.g., nationality, passport details, visa, vaccination,rnetc.). We use your personal data to perform the contract between us and tornprovide you with travel and tourism services. We do not sell or share yourrnpersonal data with third parties, except where required by law or where we mustrnshare it for the performance of the service contract between you and us.

3.1.1. Processing of personal data during the provision andrnintermediation of accommodation services

If you purchase accommodation services, your data (yourrnname, ID number and/or gender, date of birth, and contact details) are necessary tornfulfil the obligations imposed on accommodation establishments and to providernthe service. The list of personal data may vary according to requirements setrnin different countries. For this purpose, it is necessary to know the data ofrnthe persons who will use the accommodation service and the time whenrnaccommodation is needed. In general, accommodation establishments are obligedrnto keep a register of guests containing data required by law and, if necessary,rnto disclose these data to law enforcement authorities.

Depending on the content of the service, due to the specificrnnature of accommodation services, we may need various types of personal data.rnFor example, a person with reduced mobility may need certain mobility aidsrn(wheelchair, elevator, etc.), or a person who is intolerant to certainrnsubstances may need special dietary information (if food is ordered in additionrnto the accommodation service).

If you purchase accommodation and medical rehabilitationrnservices, we also need special categories of personal data related to thernrelevant medical rehabilitation. In this way, to the extent necessary tornprovide the specific medical rehabilitation service, we obtain informationrnabout the place and time of medical rehabilitation and the content of thernmedical rehabilitation. In any case, such data can be classified as specialrncategories of data that you provide to us in order to receive the service.

During the sale of accommodation services and relatedrnservices, if the best price is offered by a wholesaler (including aggregatorsrnand consolidators), we transfer your data to the wholesaler (includingrnaggregators and consolidators), and the wholesaler then transfers the data tornthe specific provider of the accommodation service or related services.

We require accommodation service providers and wholesalersrn(including aggregators and consolidators) to process personal data inrnaccordance with the GDPR. Each party involved in the provision of accommodationrnservices may use personal data only for the performance of the contract. Uponrnthe provision of accommodation services, OTP OÜ are not responsible for the processing of datarnprovided on-site to the accommodation establishment.

3.1.2. Provision and intermediation of passenger transportrnservices

To provide passenger transport services, we need yourrnpersonal data such as your name, ID number, travel document details, e-mailrnaddress, phone number and service-related data. During the provision ofrnpassenger transport services, special categories of personal data may berndisclosed (e.g., wheelchair needs for persons with reduced mobility and data ofrnchildren and their accompanying persons). The law places the service providerrnunder an obligation to transmit personal data to law enforcement authorities.

If you purchased passenger transport intermediation servicesrnfrom us, we generally transfer the collected data to the passenger transportrnservice provider or to the agent of passenger transport service providers; theyrnthen transfer the data to the provider of the specific service.

During the provision of passenger transport services, OTP OÜrnis not responsible for the processing of data provided directly to the carrier.

We require our service providers to process personal data inrnaccordance with the GDPR. Each party involved in the provision of accommodationrnservices may use personal data only for the performance of the contract.

3.1.3. Processing of personal data during the intermediationrnof package travel

If you purchase a package tour, your data (name, personalrnidentification code and/or gender, date of birth, and contact details) arernnecessary to comply with the requirements set by the tour operator and tornprovide the service. The list of personal data may vary according tornrequirements set in different countries. For this purpose, it is necessary tornknow the data of the persons who will use the travel service and the travelrntime.

Depending on the content of the service, due to the specificrnnature of passenger transport services or accommodation services, we may needrnvarious types of personal data. For example, a person with reduced mobility mayrnneed certain mobility aids (wheelchair, elevator, etc.), or a person who isrnintolerant to certain substances may need special dietary information (if foodrnis ordered outside accommodation). Such cases may arise.

Upon the sale of package travel and related services, werntransfer your data to the tour operator, and the tour operator transfers thisrndata to the specific providers of passenger transport services or accommodationrnservices or related services.

Upon the provision of passenger transport services, OTP OÜ isrnnot responsible for the processing of data provided directly to the tourrnoperator.

We require tour operators to process personal data inrnaccordance with the GDPR. Each party involved in the provision of travelrnservices may use personal data only for the performance of the contract.

3.1.4. Processing of personal data during the provision andrnintermediation of conference services

In the process of providing conference services, we processrnpersonal data primarily for the performance of the conference servicesrncontract; for example, we register participants and issue invoices (name,rnpersonal identification code, date of birth, phone, e-mail, and address); organise translation services; organise photographer and operator services (photos);rnorganise and arrange video broadcasts; organise the preparation andrndistribution of souvenirs and publications (including name tags); and organiserncatering (information on allergies and special diets, which constitute specialrncategories of personal data). During the organisation of cultural and leisurernprogrammes, personal data necessary for organising them (name, programme time,rnpreferences related to various programmes), the organisation of accommodationrnservices (for accommodation services see clause 3.1.1) and the organisation ofrntransport between accommodation establishments and the conference venue (namesrnof persons, transport time, accommodation location and conference location) arernprocessed. The list of personal data may vary according to requirements set inrndifferent countries.

During the provision of conference services, OTP OÜ is not responsible for the processing of datarnprovided directly to the service provider.

We require our service providers to process personal data inrnaccordance with the GDPR. Each party involved in the provision of conferencernservices may use personal data only for the performance of the contract.

3.1.5. Processing of personal data during the provision andrnintermediation of guide, guide/interpreter and tour manager services

To provide guide, guide/interpreter and tour managerrnservices, we need your personal data, such as your name, ID number, time ofrnservice provision, language pair and the places you will visit. During thernprovision of tour manager services, special categories of personal data may berndisclosed (e.g., wheelchair needs for persons with reduced mobility and data ofrnchildren and their accompanying persons). Depending on the destination and therncountry of destination, it may be necessary to transfer your personal data,rnwhere required, to the relevant authorities of the destination or destinationrncountry.

If you purchased intermediation services for guide,rnguide/interpreter and tour manager services from us, we generally transfer therndata to the wholesaler of guide, guide/interpreter and tour manager servicesrn(including aggregators and consolidators), and this wholesaler transfers therndata to the provider of the specific service.

We require our service providers to process personal data inrnaccordance with the GDPR. Each person involved in the provision of guide,rnguide/interpreter and tour manager services may use personal data only for thernperformance of the contract.

3.1.6. Provision and intermediation of visa applicationrnservices

To provide visa application services, we need your personalrndata such as your name, ID number, details of your valid travel document, yourrndestination country, the preferred validity period of the visa, your reason forrnvisiting the destination country and other mandatory data requested by therncountry you wish to visit.

We require our service providers to process personal data inrnaccordance with the GDPR. Each party involved in the provision of the servicernmay use personal data only for the performance of the contract.

3.1.7. Intermediation of travel-related insurance services

To provide travel-related insurance intermediation services,rnwe need personal data such as your name, ID number, place of residence, e-mailrnaddress and phone number. During the performance of the relevant contract, wernmay also learn information about personal data disclosed due to your or yourrnfamily members’ illnesses (insured event, trip interruption insurance),rnaccidents and medical expenses and other unforeseen insured events.

We transfer personal data to the insurer, who must processrnpersonal data in accordance with the GDPR.

3.1.8. Provision or intermediation of vehicle rentalrnservices

To provide intermediate vehicle rental services, we needrnpersonal data such as your name, ID number, place of residence, contactrndetails, and, to the extent necessary, details of a document proving your rightrnto use a vehicle of the relevant category, credit card information, etc. Duringrnthe performance of the contract, we may learn information such as yourrnpreferences in selecting various vehicles, names of persons travelling in thernvehicle, travel times and routes. We would like to point out that itemsrnforgotten in the vehicle may also contain information related to you, and, inrnthis context, OTP OÜ is not responsiblernfor the use of these data.

In the case of provision or intermediation of a vehiclernrental service, we transfer the personal data provided to the provider of thernspecific vehicle rental service and require the service provider to comply withrnthe GDPR when processing personal data. OTP OÜ is not responsible for the processing of datarnprovided on-site to the provider of the vehicle rental service.

If you purchased the intermediation service of vehiclernrental from us, we generally transfer the data necessary for booking thernservice to the agent of the rental service, and they transfer the collected datarnto the provider of the specific service.

3.1.9. Processing of personal data during the provision andrnintermediation of credit

In order to be able to provide you with credit andrnintermediation services, we need the following personal data: first and lastrnname, personal identification code, place of residence, contact details,rnpersonal identity document number, and workplace information. The granting andrnintermediation of credit are preceded by an assessment of your creditworthinessrnand payment behaviour. In this process, we need details and information aboutrnyour income and expenses and information about how well you have fulfilled yourrnobligations to date. We may also need other data to assess yourrncreditworthiness; in such a case, we request these data additionally (e.g., ifrnit does not appear in the income account statement, etc.). Yourrncreditworthiness may be assessed automatically. If you do not allow this, yournmay request that the decision be reviewed by an authorised employee of OTP OÜ.rnIf you report your expenses in the form of an account statement, we may alsornlearn personal data characterising your habits. The processing of such data isrnlimited to viewing and storage only, unless its content provides informationrnabout your ability to pay. If you send your account statement as a generalrnstatement rather than a grouped summary, we ensure the confidentiality ofrnpossible information related to your private life described in the accountrnstatement.

If you use a credit intermediation service, we send thernrelevant data to our credit partner, who is a joint controller with regard tornyour personal data. In the case of intermediation of the service, we requirernthe actual provider of the service to process personal data in accordance withrnthe GDPR. Each party involved in the provision of the service may use personalrndata only for the performance of the contract.

3.1.10. Processing of personal data in the case of loyaltyrncards

Loyalty cards are a customer discount system established byrnOTP OÜ that enables loyal customers tornuse various travel services at discounted prices, free of charge or more easilyrncompared to persons who do not have these cards. For the issuance and use ofrnthe cards, we request various personal data from you. First of all, we needrnyour personal data such as your name, personal identification code, place ofrnresidence, phone number and e-mail address. When you use the card, inrnaccordance with the terms of use of the relevant card, we may collect datarnabout your travels and your travel habits where you have earned certainrndiscounts (bonus points). The added value of the cards is the discountsrnprovided at our partners. When you shop at our partners, your data arerncollected and processed by our partners in connection with these purchases. Byrnpresenting the discount card to one of our partners, we would like to emphasisernthat you provide your identity data to the relevant business and that thisrnbusiness is the controller responsible for processing the personal data inrnquestion. We collect these data primarily for the purpose of determining yourrnpurchasing habits, offering you products and services that we think mayrninterest you, and offering you discounts at our partner businesses where yourncan make purchases. Your personal data are also used for various statisticalrnpurposes, in particular to determine sales rates and product and service returnrnrates. In this way, we can decide with which partner it is worth cooperating.rnAll personal data collected as described above is stored and processed by arnjoint controller or an authorised processor that provides us with the relevantrninformation technology solution. We require joint controllers and authorisedrnprocessors to process personal data in accordance with the GDPR. Each partyrninvolved in the provision of the service may use personal data only for thernperformance of the contract.

3.1.11. Sending the best travel offers and reminders

We send the best travel offers and reminders (e.g.,rnfollow-up sales, greetings, invitations and other similar offers) by e-mailrnonly to a pre-approved e-mail address, with your consent. You can withdraw thisrnconsent at any time by clicking the Unsubscribe link in the footer or byrnwriting to [email protected] and [email protected]

In addition, when you make your first purchase from us, whenrnyou receive our loyal customer card, or when your employer appoints you as thernauthorised person of your company, we send you informative e-mail messages.rnThese messages are for confirmation purposes so that you know you havernsubscribed to us. Regarding other informational letters, we also send yournnotifications about bonus points and the expiry of your loyal customer cardrnvalidity period.

In connection with the provision of the service, when yournshop from us or request an offer for a service, we have the right to send you arnfeedback e-mail. We send feedback e-mails only for the purpose of identifyingrndisruptions in the service and providing the best service. In case of naturalrndisaster or emergency, we may contact you to learn whether you are safe and tornsee whether we can assist you.

3.2. Our online environmentsrnwww.onlinetourismpartner.com and www.booking2cyprus.com, various socialrnmedia channels (Facebook, Instagram, and Twitter) and many other similarrnenvironments automatically collect certain information and record it in logrnfiles. This information may include the IP address from which your computer orrnother device is connected to the Internet, the region or general location, therntype of browser used, the operating system and other usage information. OTP OÜ uses this information to make their onlinernenvironments better, simpler and more user-friendly. We may also use your IPrnaddress to diagnose problems on OTP OÜ's server and to administer the website,rnanalyse trends, track site visitors and gather demographic information morerncomprehensively to better understand the preferences of visitors to our onlinernenvironments. Our online environments use cookies.

3.3. If you have agreed to receive newsletters andrnadvertisements or if you participate in prize draws of other campaignsrnorganised or intermediated by us, we ask for your name and contact details. Wernuse this information to send you information about the services and products wernoffer and other topics that may interest you. Our newsletters may occasionallyrninclude links to other online environments. OTP OÜ are not responsible for the content or privacyrnpolicies of these environments. If you no longer wish to receive the newsletterrnor direct messages, you can unsubscribe by clicking the cancellation orrnunsubscribe link at the end of any newsletter and/or advertisement or byrnwriting to [email protected] and [email protected].

3.4. If you wish to place an order via our onlinernenvironment, we need your contact details such as your name, ID number, date ofrnbirth, travel document information, e-mail address, phone number and, in somerncases, your residential address. This information is required only to contactrnyou regarding your order and for the performance of the contract concluded orrnto be concluded with you. We share your personal data with businesses that arerndirectly related to providing the service to you. We do not share your personalrndata with anyone else. When placing an order, we also request informationrnrelated to payment for the order, such as your credit card number or bankrnpayment information. For this purpose, we use a secure online connection tornprotect your personal data.


4. Data retention period and method

4.1. Data collected about you through your purchases arernstored by OTP OÜ for the period requiredrnby law and until the expiry date of claims, after which the personal data arerndeleted. The data are stored in a single database or multiple databases managedrnby a third party located in the European Union or in a country included in thernEuropean Economic Area. These third parties cannot access the data and do notrnuse your personal data for any purpose other than storage and backup.


5. Duration and method of use of your personal data by OTPrnOÜ

5.1. Your personal data are primarily used to provide yournwith services with your consent.

5.2. Your personal data are also used to update the onlinernenvironment according to your preferences, interests and needs; to better learnrnyour requests and preferences; and to improve the quality of service deliveryrnin OTP OÜ's online environments.

5.3. If you have agreed to receive newsletters, specialrnadvertisements, direct messages, etc. from us, we send you the information yournrequested. You may cancel such e-mail messages (see clause 3.3).

5.4. Your personal data are shared with service providersrnwhose services are indispensable for the performance of the concluded contractsrnand the provision of services.

5.5. In addition, we may share your personal data if needsrnarise as a result of investigating criminal offences, complying with judicialrnrequests, meeting your vital needs, or an action related to sale, purchase,rnmerger, restructuring, financing, liquidation, dissolution or similarrncommercial activities. In such cases, we take all necessary measures tornadequately protect your personal data.

5.6. After collecting the information necessary tornparticipate in prize draws and other similar events, the contact detailsrnobtained are used to contact you in case of winning. If the prize is providedrnby another contractual partner, your contact details are sent to that partnerrnso that the partner can contact the winner. As a rule, a prerequisite forrnparticipation in such a prize game is that you allow your contact details to bernused for other purposes; therefore, we kindly ask you to read the terms and conditionsrnof the prize game carefully before agreeing to participate.


6. Transfer of personal data outside the EU / UK orrnequivalent regions

6.1. OTP OÜ is located in the Republic of Estonia, one of thernEuropean Union member states. The personal data we collect are mainly processedrnin the Republic of Estonia and at the legal addresses of third parties. Where,rnfor the performance of the contract, it is necessary to transfer data outsidernthe European Union or equivalent regions during the provision of a service,rnArticle 45 of the GDPR requires that the level of protection guaranteed forrnpersonal data be at least equal to that within the EU. We inform you that ourrncompany has no other legal means outside the contract to provide such arnguarantee; that is, we can obtain confirmation about the adequacy of thernrelevant level of protection from the businesses with whom we can contract andrnnegotiate contractual terms, but we cannot oblige these businesses to guaranteernthe relevant level of protection themselves; therefore, we cannot in any wayrnguarantee the adequacy of such measures or compliance with the GDPR.

6.2. However, if we cannot reach an agreement with thernrelevant service provider regarding the compliance of the level of personalrndata protection with the requirements of the GDPR, we inform you that the levelrnof personal data protection in the relevant destination country is not at thernsame level as the GDPR and that we cannot in any way guarantee a high level ofrnprotection of personal data with respect to the destination country.rnNevertheless, if you still wish to receive the service at this destination, byrnpurchasing the travel you confirm that you allow us to transfer your personalrndata to this destination country.

6.3.We never send to a service provider outside the EU morernpersonal data than the minimum level required to confirm the service, or morernthan the data you would have had to provide to them if you had ordered the samernservice directly from them, i.e., if you had not used our services.

 

7. Rights of the data subject

7.1. This Privacy Notice has been prepared to inform yournabout what information OTP OÜ collectsrnabout you and how this information is used. If you have questions about yourrnpersonal data, please contact us by e-mail [email protected] and [email protected]

7.2. If you wish to know whether OTP OÜ processes your personal data or if you wish tornaccess your personal data, please contact us by sending an e-mail [email protected]

and [email protected]

For more information about the rights of the data subject,rnsee here.


8. Security of your data

8.1. We use physical, technical and administrative safeguardsrnto protect the personal data you enter into our online environment andrninformation that can be used for identification. We regularly update and testrnour protection technologies. Our online networks are protected by firewalls andrnintrusion detection software. Access to your personal data is provided only tornemployees who need these data in order to provide you with the agreed servicernor on another legal basis.

8.2. We take sufficient measures to protect your personalrndata, and our activities are subject to relevant information securityrnlegislation, but we would like to note that no website or database isrncompletely secure or protected against hacking. Protect yourself and help usrnprevent cybercrime by keeping and storing your passwords very carefully. Nornspyware is used in our online environment. If you suspect that your account hasrnbeen hacked, contact us immediately.

8.3. OTP OÜ trains their staff to reach a higher level of awareness about the importance andrnnecessity of personal data protection. Our determination in this matter is alsornreflected in internal rules containing data protection provisions.


9. Amendment and revision of the Privacy Notice

9.1. Like every organisation, OTP OÜ changes over time, which means that thisrnPrivacy Notice may need to be changed and revised at some point in the future.rnTherefore, we reserve the right to amend and revise this Privacy Notice at anyrntime without notifying you. We publish changes on OTP OÜ's Privacy Noticernwebsite. We may notify you by e-mail about significant changes to the PrivacyrnNotice, but the safest option is to regularly visit the Privacy Notice websiternto read the updated and current terms and conditions (https://www.onlinetourismpartner.com).

(and https://www.booking2cyprus.com Cyprus.com).


10. Employee Privacy Notice

10.1. The Employee Privacy Notice is a separate documentrnprovided specifically to the staff of OTP OÜ


11. Questions, complaints

11.1. If there is a change in your personal data, pleaserninform us. If you have any other questions regarding your personal data,rncontact us. We will respond to you within the time period stipulated by law. Atrnthe same time, please note that we may request more detailed information fromrnyou to identify you before answering your questions. In order to ensure thatrnthe contracts constituting the basis for the processing of personal datarnsufficiently secure the rights of data subjects, we reserve the right, duringrnor after the performance of the legal relationship between the parties (amongrnother matters, in connection with data processing), to request notarisation orrnequivalent certification of a document confirming the data subject’s right ofrnrepresentation, which is submitted and drawn up outside our travel agency. Wernmust ensure that the data subject has consented to the submission of therninformation and that the information is transferred only to the correct personrnor organisation. In most cases, we correct or delete the inaccuracies yournidentify. In some cases, where permitted or required by law, we may refuse yourrnrequest in whole or in part.

rnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrnrn

 

World
Please wait...
World
Please wait... Preparing results.

Use of Cookies

This site uses cookies to improve the user experience. By using our website, you agree and consent to the use of cookies in accordance with the terms of use of our privacy policy. You can access our current policies from the links below. Privacy Policy, Cookie Policy, GDPR Data Protection, Terms & Conditions
Reject Accept