Privacy policy
ALLE TRAVEL
PRIVACY POLICY
This Privacy Policy (“Policy”) sets forth how OÜ Travel Nerd, a company established and existing under the laws of the Republic of Estonia, reg. number 16388532 (“we”, “us”, “our”), processes personal data of:
Travellers, other Travel Services participants,
Guides, including Guides' employees and representatives,
website visitors,
our vendors, vendors' employees and other representatives,
inbounds.
This Policy is posted and is constantly available at https://alle.travel/en/pages/alle-privacy-policy. The Policy may be updated time to time, and you may access any version (see at the end the available versions). In the event of any major changes, we will let you know in advance.
Some technical terms used in this Policy are given without explanation. If you do not know a term, please contact us (see contact details in Section 6).
The Privacy Policy covers:
1. WHAT DATA WE COLLECT AND FOR WHAT PURPOSES 1
3. HOW WE TRANSFER DATA OUTSIDE OF THE EEA 7
5. THE SAFETY AND SECURITY OF DATA 9
1. WHAT DATA WE COLLECT AND FOR WHAT PURPOSES
We do not collect any special categories of personal data about you (i.e. details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. We also don't use your data for profiling and making automated decisions concerning you.
You are not obliged to provide your personal data to us. However, if we need personal data to enter and perform the contract with you and you do not provide this data, we may not be able to perform the contract we have or are entering into with you. Should this be the case we will notify you at the time.
For each scenario of processing, we have set out below, in a table format, a description of all the ways we plan to use your personal data, and which legal bases we rely on to do so.
When you use our Service to book tours and other events (Travel Services)
| What are the purposes | What data we collect | What is the legal basis | For how long we store data |
|
Providing the Service, including: • conclusion, performance and cancellation of contracts for the use of the Service, • the ability to register and manage an account, providing the functionality of the Service, • sending transactional messages within the framework of the Service functionality, • processing payments within the Service, refunds, • analysing, controlling and improving the user experience and quality of services provided using the Service, • support of the Service users, processing of complaints and claims, • ensuring the operability and security of the Service (prevention of fraud, as well as investigation of such cases). |
Travellers: • Full name • Contact details • Date of birth • Information about devices, information about the Service usage • Information about the history of orders and payments using the Service • Payment details • Other information contained in the chat with the Guide • Other information contained in supporting documents (certificates, etc.) • Other information required by the Guide to fulfill Travel Services (age, ID, etc.) • System IDs • Reviews Other Travel Services participants: • Full name • Other information required by the Guide to fulfill the Travel Services (age, ID, etc.) • Other information contained in supporting documents (certificates) |
Performance of the contract with you,
• Our legitimate interest to improve our Service in terms of user experience and security, prevent fraud on the Service |
• During the term of the contract, but in any case, not more than 1 year from the date of account deactivation (at your initiative or our initiative, if the account has been inactive for 3 years).
• Within 7 years from the account closure or 7 years from the year following the year in which the respective financial transactions were performed, whichever is shorter, for data processed for accounting/tax purposes. • Up to 1 year for the messages in chats with Travellers |
When you use our Service to provide Travel Services
| What are the purposes | What data we collect | What is the legal basis | For how long we store data |
| Providing the Service for Guides including: • conclusion, performance and cancellation of contracts for the use of the Service, • the ability to register and manage a profile, providing the functionality of the Service, • verification of the information provided by the Guide, • sending transactional messages, • processing payments, refunds, • analysing, controlling and improving the user experience and quality of services provided using the Service, • support of the Guides, handling of complaints and claims, • ensuring the operability and security of the Service (prevention of fraud, as well as investigation of such cases), • ensuring the Guide's services quality control and fulfilment of legal obligations, reviewing disputes and handling complaints, redirecting claims. |
• Full name
• Contact details • Date of birth • ID • Information about devices, information about the Service usage • Photo image • Travel Services information (event status, payment and booking details, event languages, etc.) • Details of means of payment • Other information contained in the chat with the Traveller • Other information contained in supporting documents (tour guide certificate, licences, etc.) • System IDs • Rating and reviews • Information on tax status • Other information in documents (certifications, statements, acts, invoices, etc.) with Guide |
• Performance of the contract with you,
• Our legitimate interest to improve our Service in terms of user experience and security, prevent fraud on the Service |
• During the term of the contract, but in any case, not more than 1 year from the date of account deactivation (at your initiative or our initiative, if the account has been inactive for 3 years).
• Within 7 years from the account closure or 7 years from the year following the year in which the respective financial transactions were performed, whichever is shorter, for data processed for accounting/tax purposes. • Up to 1 year for the messages in chats with Travellers |
When you are our vendor or an employee or other representative of our vendors
| What are the purposes | What data we collect | What is the legal basis | For how long we store data |
|
Vendor management, • including: • due diligence procedures, • conclusion, execution and cancellation of contracts, • ensuring communication and co-operation within the framework of the contracts, • accounting of counterparties and contracts, • payments fulfillment. |
Contractors:
• Full name, • Date of birth • Address • ID • Bank account details I • nformation on foreign language proficiency • Place of work, position and division • Contact details • Information on tax status • Services information (contract details, performance, payments, etc.) Representatives and other employees of vendors: • Full name • Place of work, position • Contact details • Services information (contract details, performance, payments, etc.) |
Our legitimate interest to freely conduct business by engaging with vendors and managing our vendor relationships | During the term of the contract and for 7 years after for tax/accounting and legal hold purposes |
When you contact us for inquiries
| What are the purposes | What data we collect | What is the legal basis | For how long we store data |
| Managing your inquiries and responding to them | • Full name • Contact details • Content of the inquiry |
Our legitimate interest to manage your inquiries and respond to you. | Up to 1 month after your inquiry has been closed, unless further required for legal claims. |
When you visit our websites, we also process your data with cookies and similar web analytics tools. For more information on how we use cookies and other web analytics tools see our Cookies policy available at https://alle.travel/en/pages/cookie-notice.
2. HOW WE SHARE YOUR DATA
We share your data only in limited cases with the following recipients:
affiliates and other companies of our group to efficiently perform our business activities,
SaaS, hosting service providers for the use of SaaS software and hosting our IT systems we use to provide our Service, including those presented in the table below,
Guides2 to fulfil the Travel Services you requested, to provide quality assurance of Services, to consider disputable situations and process complaints, redirect claims,
new business owner if we ever sell our business,
governmental agencies, courts if required by any law order,
professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.
The following list of third parties is provided for the sake of transparency and is non-exhaustive. The list may be changed without consent and notification. You can request further information by contacting us at contacts in Section 6.
| Purpose of personal data processing | Third party | Purpose of transfer |
| Provision of Service | Guides | Fulfillment of Travel Services promoted on the Service, ensuring quality assurance, review of disputable situations and processing of complaints, redirection of claims |
| Provision of Service | Digital Ocean (Germany) | Provision of hosting services for the Service |
| Provision of Service | Jivochat (Brazil) | Provision of chat bot on the website |
| Payment processing | Stripe (Ireland) | Provision of chat bot on the website |
| Digital marketing | • Yandex (Russia) • Google (Ireland) |
Provision of web analytics services |
3. HOW WE TRANSFER DATA OUTSIDE OF THE EEA
We do our best to keep your data inside the EEA area. With that, some processes require the transfer of your personal data in other countries, specifically with our affiliates.
The countries to which we transfer your data don't always have the same protections as your jurisdiction. We take reasonable measures to ensure your data is adequately protected when outside of the EEA, for example, we sign Standard Contractual Clauses (SCC) adopted by the European Commission with our affiliates and vendors in third countries, assess the risks of the international data transfers to adopt suitable safeguards, etc. To learn more contact us, as specified in Section 6 (Contacts).
4. WHAT ARE YOUR RIGHTS
Under the GDPR you have certain rights, which are briefly summarised below, in relation to any personal data about you which we hold:
Accessing data
You have the right to ask us to provide information on whether we process your data and how we do it. As well you can request a copy of your personal data we hold about you. In some cases, we may need to ask for additional information before we are able to disclose any data to you to protect the privacy of third parties.
Data portability
You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
Changing or updating data
You have the right to rectify data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Deleting data
You have the right to ask us to delete your data in certain circumstances. In some cases, we may be required to continue processing your data for other purposes even though you ask us to delete it. Should this be the case, we will provide you with further information.
Objecting, restricting processing
You have the right to request that we stop using all or some of your personal data, or that we limit (restrict) our use of their data. This includes objecting to use of personal data that is based on legitimate interests. If we process your personal data for direct marketing purposes, we will stop such processing without any exceptions after we receive such a request from you. But, in other cases we may continue to process data after such objection or request to the extent required or permitted by law.
Revoking consent
You have the right to withdraw your consent at any time after which we will stop any processing of your data for such purposes. Specifically, you can withdraw your consent to direct marketing by following the “unsubscribe” link or contacting us in accordance with Section 6 (Contacts) below.
Complaints
If you believe we have violated your rights you may lodge a complaint with the Data Protection Inspectorate via their website or other data protection authority in the country you reside in or work. You also have a right to the judicial remedy. Nevertheless, we kindly ask to contact us first to see if we can resolve your issue amicably.
You can also access, delete, and correct some of your personal data directly in your account settings.
If you would like to exercise the rights above, please contact us, as specified in Section 6 (Contacts).
5. THE SAFETY AND SECURITY OF DATA
No IT system or online service is 100% safe. But we do our best to ensure security of your personal data. We take technical, organisational, and administrative measures, including, where relevant, access management, encryption, logging, etc., to ensure that your personal data are protected from unauthorised or accidental access, deletion, modification, blocking, copying and dissemination.
Access to your account is authorised using your login (e-mail address) and password. You are responsible for keeping the credentials confidential. If you suspect any misuse or loss of, or unauthorised access to your data, you should let us know immediately.
We also have procedures in place to deal with any suspected data breach. We will notify you and any applicable authority of a suspected data breach where we are legally required to do so.
6.CONTACTS
If you have any questions regarding this Policy or how we process your personal data, please contact us:
by email: hi@alle.travel; or
by mail: Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145 (TRAVEL NERD OÜ)
Version 2.0
Last update: 6 June 2025