Menu
Hotel Only
Flight Only
Package Holidays
GB - £ GBP - EN
Homepage GDPR Data Protection

GDPR Data Protection

OTP OÜ and Edwin Holidays LTD

1. Introduction
1.1.OTP OÜ and Edwin Holidays LTD are travel companies that, in their day-to-day operations, use personal data for the purpose of providing, arranging, organizing and intermediating various travel and tourism services. In our activities, we comply with the General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act (PDPA), our own Data Protection Strategy, and other established data protection rules. This Privacy Notice is intended for data subjects as defined in the GDPR and the PDPA, i.e., natural persons whose personal data are processed for the provision of a service.

1.2.We assume that you (Data Subjects) are aware that your personal data are processed and that you consider this important; therefore, we guarantee that OTP OÜ and Edwin Holidays LTD take compliance with the rules concerning the processing of your data very seriously. This Privacy Notice explains the principles and practices applied by OTP OÜ and Edwin Holidays LTD throughout the entire processing chain of personal data, from collection to use and deletion, and thereby focuses on the protection of personal data. The protection of personal data is an ongoing responsibility; therefore, we review the rules of this Privacy Notice from time to time, check compliance with the established requirements, and update its content when necessary.

2. Data Protection Officer (DPO)
2.1.OTP OÜ and Edwin Holidays LTD, with legal addresses at Harju maakond, Kesklinna linnaosa, Viru väljak 2, 3rd floor, Tallinn / Estonia and 55 Stoke Newington High Street, N16 8EL, London, UK, have appointed a specialist to ensure compliance with data protection requirements:
You can contact the DPO at: Harju maakond, Kesklinna linnaosa, Viru väljak 2, 3rd floor, Tallinn / Estonia and 55 Stoke Newington High Street, N16 8EL, London, UK

Edwin Holidays, with legal address 55 Stoke Newington High Street, N16 8EL, London, UK, has appointed a specialist to ensure compliance with data protection requirements:
You can contact the DPO at: 55 Stoke Newington High Street, N16 8EL, London, UK

3. Collection of data
3.1.OTP OÜ and Edwin Holidays LTD collect personal data primarily from their customers. As a rule, these are the data necessary for the provision of the travel and tourism services chosen by the customer and can be clarified within the framework of fulfilling a specific travel service, and may vary depending on the means of transport (e.g., bus, train, plane, ship) and the destination (domestic travel, travel within the EU and equivalent countries, travel outside the EU). In general, to be able to travel, first and last name, a photo travel/identity document identifying the person, a personal identification code (or, in the absence of this information, date of birth, gender and age), and contact details such as e-mail address, phone number and residential address are required. For travel outside the EU, depending on the laws and requirements of the destination country, the list of data may be longer (e.g., nationality, passport details, visa, vaccination, etc.). We use your personal data to perform the contract between us and to provide you with travel and tourism services. We do not sell or share your personal data with third parties, except where required by law or where we must share it for the performance of the service contract between you and us.

3.1.1. Processing of personal data during the provision and intermediation of accommodation services
If you purchase accommodation services, your data (your name, ID number and/or gender, date of birth, contact details) are necessary to fulfil the obligations imposed on accommodation establishments and to provide the service. The list of personal data may vary according to requirements set in different countries. For this purpose, it is necessary to know the data of the persons who will use the accommodation service and the time when accommodation is needed. In general, accommodation establishments are obliged to keep a register of guests containing data required by law and, if necessary, to disclose these data to law enforcement authorities.
Depending on the content of the service, due to the specific nature of accommodation services, we may need various types of personal data. For example, a person with reduced mobility may need certain mobility aids (wheelchair, elevator, etc.) or a person who is intolerant to certain substances may need special dietary information (if food is ordered in addition to the accommodation service).
If you purchase accommodation and medical rehabilitation services, we also need special categories of personal data related to the relevant medical rehabilitation. In this way, to the extent necessary to provide the specific medical rehabilitation service, we obtain information about the place and time of medical rehabilitation and the content of the medical rehabilitation. In any case, such data can be classified as special categories of data that you provide to us in order to receive the service.
During the sale of accommodation services and related services, if the best price is offered by a wholesaler (including aggregators and consolidators), we transfer your data to the wholesaler (including aggregators and consolidators), and the wholesaler then transfers the data to the specific provider of the accommodation service or related services.
We require accommodation service providers and wholesalers (including aggregators and consolidators) to process personal data in accordance with the GDPR. Each party involved in the provision of accommodation services may use personal data only for the performance of the contract. Upon the provision of accommodation services, OTP OÜ and Edwin Holidays LTD are not responsible for the processing of data provided on-site to the accommodation establishment.

3.1.2. Provision and intermediation of passenger transport services
To provide passenger transport services, we need your personal data such as your name, ID number, travel document details, e-mail address, phone number and service-related data. During the provision of passenger transport services, special categories of personal data may be disclosed (e.g., wheelchair needs for persons with reduced mobility, data of children and their accompanying persons). The law places the service provider under an obligation to transmit personal data to law enforcement authorities.
If you purchased passenger transport intermediation services from us, we generally transfer the collected data to the passenger transport service provider or to the agent of passenger transport service providers; they then transfer the data to the provider of the specific service.
During the provision of passenger transport services, OTP OÜ and Edwin Holidays LTD are not responsible for the processing of data provided directly to the carrier.
We require our service providers to process personal data in accordance with the GDPR. Each party involved in the provision of accommodation services may use personal data only for the performance of the contract.

3.1.3. Processing of personal data during the intermediation of package travel
If you purchase a package tour, your data (name, personal identification code and/or gender, date of birth, contact details) are necessary to comply with the requirements set by the tour operator and to provide the service. The list of personal data may vary according to requirements set in different countries. For this purpose, it is necessary to know the data of the persons who will use the travel service and the travel time.
Depending on the content of the service, due to the specific nature of passenger transport services or accommodation services, we may need various types of personal data. For example, a person with reduced mobility may need certain mobility aids (wheelchair, elevator, etc.) or a person who is intolerant to certain substances may need special dietary information (if food is ordered outside accommodation) such cases may arise.
Upon the sale of package travel and related services, we transfer your data to the tour operator and the tour operator transfers these data to the specific providers of passenger transport services or accommodation services or related services.
Upon the provision of passenger transport services, OTP OÜ and Edwin Holidays LTD are not responsible for the processing of data provided directly to the tour operator.
We require tour operators to process personal data in accordance with the GDPR. Each party involved in the provision of travel services may use personal data only for the performance of the contract.

3.1.4. Processing of personal data during the provision and intermediation of conference services
In the process of providing conference services, we process personal data primarily for the performance of the conference services contract, for example we register participants and issue invoices (name, personal identification code, date of birth, phone, e-mail, address), organize translation services, organize photographer and operator services (photos), organize and arrange video broadcasts, organize the preparation and distribution of souvenirs and publications (including name tags), organize catering (information on allergies and special diets, which constitute special categories of personal data). During the organization of cultural and leisure programmes, personal data necessary for organizing them (name, programme time, preferences related to various programmes), the organization of accommodation services (for accommodation services see clause 3.1.1) and the organization of transport between accommodation establishments and the conference venue (names of persons, transport time, accommodation location and conference location) are processed. The list of personal data may vary according to requirements set in different countries.
During the provision of conference services, OTP OÜ and Edwin Holidays LTD are not responsible for the processing of data provided directly to the service provider.
We require our service providers to process personal data in accordance with the GDPR. Each party involved in the provision of conference services may use personal data only for the performance of the contract.

3.1.5. Processing of personal data during the provision and intermediation of guide, guide/interpreter and tour manager services
To provide guide, guide/interpreter and tour manager services, we need your personal data such as your name, ID number, time of service provision, language pair and the places you will visit. During the provision of tour manager services, special categories of personal data may be disclosed (e.g., wheelchair needs for persons with reduced mobility, data of children and their accompanying persons). Depending on the destination and the country of destination, it may be necessary to transfer your personal data, where required, to the relevant authorities of the destination or destination country.
If you purchased intermediation services for guide, guide/interpreter and tour manager services from us, we generally transfer the data to the wholesaler of guide, guide/interpreter and tour manager services (including aggregators and consolidators), and this wholesaler transfers the data to the provider of the specific service.
We require our service providers to process personal data in accordance with the GDPR. Each person involved in the provision of guide, guide/interpreter and tour manager services may use personal data only for the performance of the contract.

3.1.6. Provision and intermediation of visa application services
To provide visa application services, we need your personal data such as your name, ID number, details of your valid travel document, your destination country, the preferred validity period of the visa, your reason for visiting the destination country and other mandatory data requested by the country you wish to visit.
We require our service providers to process personal data in accordance with the GDPR. Each party involved in the provision of the service may use personal data only for the performance of the contract.

3.1.7. Intermediation of travel-related insurance services
To provide travel-related insurance intermediation services, we need personal data such as your name, ID number, place of residence, e-mail address and phone number. During the performance of the relevant contract, we may also learn information about personal data disclosed due to your or your family members’ illnesses (insured event, trip interruption insurance), accidents and medical expenses and other unforeseen insured events.
We transfer personal data to the insurer, who must process personal data in accordance with the GDPR.

3.1.8. Provision or intermediation of vehicle rental services
To provide or intermediate vehicle rental services, we need personal data such as your name, ID number, place of residence, contact details, and, to the extent necessary, details of a document proving your right to use a vehicle of the relevant category, credit card information, etc. During the performance of the contract, we may learn information such as your preferences in selecting various vehicles, names of persons travelling in the vehicle, travel times and routes. We would like to point out that items forgotten in the vehicle may also contain information related to you and, in this context, OTP OÜ and Edwin Holidays LTD are not responsible for the use of these data.
In the case of provision or intermediation of a vehicle rental service, we transfer the personal data provided to the provider of the specific vehicle rental service and require the service provider to comply with the GDPR when processing personal data. OTP OÜ and Edwin Holidays LTD are not responsible for the processing of data provided on-site to the provider of the vehicle rental service.
If you purchased the intermediation service of vehicle rental from us, we generally transfer the data necessary for booking the service to the agent of the rental service and they transfer the collected data to the provider of the specific service.

3.1.9. Processing of personal data during the provision and intermediation of credit
In order to be able to provide you with credit and intermediation services, we need the following personal data: first and last name, personal identification code, place of residence, contact details, personal identity document number, workplace information. The granting and intermediation of credit are preceded by an assessment of your creditworthiness and payment behaviour. In this process, we need details and information about your income and expenses and information about how well you have fulfilled your obligations to date. We may also need other data to assess your creditworthiness; in such a case, we request these data additionally (e.g., if it does not appear in the income account statement, etc.). Your creditworthiness may be assessed automatically. If you do not allow this, you may request that the decision be reviewed by an authorized employee of OTP OÜ and Edwin Holidays LTD. If you report your expenses in the form of an account statement, we may also learn personal data characterizing your habits. The processing of such data is limited to viewing and storage only, unless its content provides information about your ability to pay. If you send your account statement as a general statement rather than a grouped summary, we ensure the confidentiality of possible information related to your private life described in the account statement.
If you use a credit intermediation service, we send the relevant data to our credit partner, who is a joint controller with regard to your personal data. In the case of intermediation of the service, we require the actual provider of the service to process personal data in accordance with the GDPR. Each party involved in the provision of the service may use personal data only for the performance of the contract.

3.1.10. Processing of personal data in the case of loyalty cards
Loyalty cards are a customer discount system established by OTP OÜ and Edwin Holidays LTD that enables loyal customers to use various travel services at discounted prices, free of charge or more easily compared to persons who do not have these cards. For the issuance and use of the cards, we request various personal data from you. First of all, we need your personal data such as your name, personal identification code, place of residence, phone number and e-mail address. When you use the card, in accordance with the terms of use of the relevant card, we may collect data about your travels and your travel habits where you have earned certain discounts (bonus points). The added value of the cards is the discounts provided at our partners. When you shop at our partners, your data are collected and processed by our partners in connection with these purchases. By presenting the discount card to one of our partners, we would like to emphasize that you provide your identity data to the relevant business and that this business is the controller responsible for processing the personal data in question. We collect these data primarily for the purpose of determining your purchasing habits, offering you products and services that we think may interest you, and offering you discounts at our partner businesses where you can make purchases. Your personal data are also used for various statistical purposes, in particular to determine sales rates and product and service return rates. In this way, we can decide with which partner it is worth cooperating. All personal data collected as described above are stored and processed by a joint controller or an authorized processor that provides us with the relevant information technology solution. We require joint controllers and authorized processors to process personal data in accordance with the GDPR. Each party involved in the provision of the service may use personal data only for the performance of the contract.

3.1.11. Sending the best travel offers and reminders
We send the best travel offers and reminders (e.g., follow-up sales, greetings, invitations and other similar offers) by e-mail only to a pre-approved e-mail address, with your consent. You can withdraw this consent at any time by clicking the Unsubscribe link in the footer or by writing to [email protected] and [email protected]

In addition, when you make your first purchase from us, when you receive our loyal customer card, or when your employer appoints you as the authorized person of your company, we send you informative e-mail messages. These messages are for confirmation purposes so that you know you have subscribed to us. Regarding other informational letters, we also send you notifications about bonus points and the expiry of your loyal customer card validity period.
In connection with the provision of the service, when you shop from us or request an offer for a service, we have the right to send you a feedback e-mail. We send feedback e-mails only for the purpose of identifying disruptions in the service and providing the best service. In case of natural disaster or emergency, we may contact you to learn whether you are safe and to see whether we can assist you.

3.2.Our online environments www.onlinetourismpartner.com and www.booking2cyprus.com, various social media channels (Facebook, Instagram, Twitter) and many other similar environments automatically collect certain information and record it in log files. This information may include the IP address from which your computer or other device is connected to the Internet, the region or general location, the type of browser used, the operating system and other usage information. OTP OÜ and Edwin Holidays LTD use this information to make their online environments better, simpler and more user-friendly. We may also use your IP address to diagnose problems on OTP OÜ and Edwin Holidays LTD’s server and to administer the website, analyze trends, track site visitors and gather demographic information more comprehensively to better understand the preferences of visitors to our online environments. Our online environments use cookies.

3.3.If you have agreed to receive newsletters and advertisements or if you participate in prize draws of other campaigns organized or intermediated by us, we ask for your name and contact details. We use this information to send you information about the services and products we offer and other topics that may interest you. Our newsletters may occasionally include links to other online environments. OTP OÜ and Edwin Holidays LTD are not responsible for the content or privacy policies of these environments. If you no longer wish to receive the newsletter or direct messages, you can unsubscribe by clicking the cancellation or unsubscribe link at the end of any newsletter and/or advertisement or by writing to [email protected] and [email protected]

3.4.If you wish to place an order via our online environment, we need your contact details such as your name, ID number, date of birth, travel document information, e-mail address, phone number and, in some cases, your residential address. This information is required only to contact you regarding your order and for the performance of the contract concluded or to be concluded with you. We share your personal data with businesses that are directly related to providing the service to you. We do not share your personal data with anyone else. When placing an order, we also request information related to payment for the order, such as your credit card number or bank payment information. For this purpose, we use a secure online connection to protect your personal data.

4. Data retention period and method
4.1.Data collected about you through your purchases are stored by OTP OÜ and Edwin Holidays LTD for the period required by law and until the expiry date of claims, after which the personal data are deleted. The data are stored in a single database or multiple databases managed by a third party located in the European Union or in a country included in the European Economic Area. These third parties cannot access the data and do not use your personal data for any purpose other than storage and backup.

5. Duration and method of use of your personal data by OTP OÜ and Edwin Holidays LTD
5.1.Your personal data are primarily used to provide you with services with your consent.

5.2.Your personal data are also used to update the online environment according to your preferences, interests and needs, to better learn your requests and preferences, and to improve the quality of service delivery in OTP OÜ and Edwin Holidays LTD’s online environments.

5.3.If you have agreed to receive newsletters, special advertisements, direct messages, etc. from us, we send you the information you requested. You may cancel such e-mail messages (see clause 3.3).

5.4.Your personal data are shared with service providers whose services are indispensable for the performance of the concluded contracts and the provision of services.

5.5.In addition, we may share your personal data if needs arise as a result of investigating criminal offences, complying with judicial requests, meeting your vital needs, or an action related to sale, purchase, merger, restructuring, financing, liquidation, dissolution or similar commercial activities. In such cases, we take all necessary measures to adequately protect your personal data.

5.6.After collecting the information necessary to participate in prize draws and other similar events, the contact details obtained are used to contact you in case of winning. If the prize is provided by another contractual partner, your contact details are sent to that partner so that the partner can contact the winner. As a rule, a prerequisite for participation in such a prize game is that you allow your contact details to be used for other purposes; therefore, we kindly ask you to read the terms and conditions of the prize game carefully before agreeing to participate.

6. Transfer of personal data outside the EU / UK or equivalent regions
6.1.OTP OÜ and Edwin Holidays LTD are located in the Republic of Estonia, one of the European Union member states. The personal data we collect are mainly processed in the Republic of Estonia and at the legal addresses of third parties. Where, for the performance of the contract, it is necessary to transfer data outside the European Union or equivalent regions during the provision of a service, Article 45 of the GDPR requires that the level of protection guaranteed for personal data be at least equal to that within the EU. We inform you that our company has no other legal means outside the contract to provide such a guarantee; that is, we can obtain confirmation about the adequacy of the relevant level of protection from the businesses with whom we can contract and negotiate contractual terms, but we cannot oblige these businesses to guarantee the relevant level of protection themselves; therefore, we cannot in any way guarantee the adequacy of such measures or compliance with the GDPR.

6.2.However, if we cannot reach an agreement with the relevant service provider regarding the compliance of the level of personal data protection with the requirements of the GDPR, we inform you that the level of personal data protection in the relevant destination country is not at the same level as the GDPR and that we cannot in any way guarantee a high level of protection of personal data with respect to the destination country. Nevertheless, if you still wish to receive the service at this destination, by purchasing the travel you confirm that you allow us to transfer your personal data to this destination country.

6.3.We never send to a service provider outside the EU more personal data than the minimum level required to confirm the service, or more than the data you would have had to provide to them if you had ordered the same service directly from them, i.e., if you had not used our services.

7. Rights of the data subject
7.1.This Privacy Notice has been prepared to inform you about what information OTP OÜ and Edwin Holidays LTD collect about you and how this information is used. If you have questions about your personal data, please contact us by e-mail at [email protected] and [email protected]

7.2.
If you wish to know whether OTP OÜ and Edwin Holidays LTD process your personal data or if you wish to access your personal data, please contact us by sending an e-mail to [email protected]

For more information about the rights of the data subject, see here.

8. Security of your data
8.1.We use physical, technical and administrative safeguards to protect the personal data you enter into our online environment and information that can be used for identification. We regularly update and test our protection technologies. Our online networks are protected by firewalls and intrusion detection software. Access to your personal data is provided only to employees who need these data in order to provide you with the agreed service or on another legal basis.

8.2.We take sufficient measures to protect your personal data and our activities are subject to relevant information security legislation, but we would like to note that no website or database is completely secure or protected against hacking. Protect yourself and help us prevent cybercrime by keeping and storing your passwords very carefully. No spyware is used in our online environment. If you suspect that your account has been hacked, contact us immediately.

8.3.OTP OÜ and Edwin Holidays LTD train their staff to reach a higher level of awareness about the importance and necessity of personal data protection. Our determination in this matter is also reflected in internal rules containing data protection provisions.

9. Amendment and revision of the Privacy Notice
9.1.Like every organisation, OTP OÜ and Edwin Holidays LTD change over time, which means that this Privacy Notice may need to be changed and revised at some point in the future. Therefore, we reserve the right to amend and revise this Privacy Notice at any time without notifying you. We publish changes on OTP OÜ and Edwin Holidays LTD’s Privacy Notice website. We may notify you by e-mail about significant changes to the Privacy Notice, but the safest option is to regularly visit the Privacy Notice website to read the updated and current terms and conditions (https://www.onlinetourismpartner.com
; and https://www.booking2cyprus.com).

10. Employee Privacy Notice
10.1.The Employee Privacy Notice is a separate document provided specifically to the staff of OTP OÜ and Edwin Holidays LTD.

11. Questions, complaints
11.1.If there is a change in your personal data, please inform us. If you have any other questions regarding your personal data, contact us. We will respond to you within the time period stipulated by law. At the same time, please note that we may request more detailed information from you to identify you before answering your questions. In order to ensure that the contracts constituting the basis for the processing of personal data sufficiently secure the rights of data subjects, we reserve the right, during or after the performance of the legal relationship between the parties (among other matters, in connection with data processing), to request notarization or equivalent certification of a document confirming the data subject’s right of representation, which is submitted and drawn up outside our travel agency. We must ensure that the data subject has consented to the submission of the information and that the information is transferred only to the correct person or organisation. In most cases, we correct or delete the inaccuracies you identify. In some cases, where permitted or required by law, we may refuse your request in whole or in part.
World
Please wait...
World
Please wait... Preparing results.

Use of Cookies

This site uses cookies to improve the user experience. By using our website, you agree and consent to the use of cookies in accordance with the terms of use of our privacy policy. You can access our current policies from the links below. Privacy Policy, Cookie Policy, GDPR Data Protection, Terms & Conditions
Reject Accept