Loading…
Loading…
DRAFT — lawyer review required
This page captures Tuur’s intended policy in plain language to brief a lawyer. It has not been reviewed by counsel and must not be relied upon as legal advice. [TODO: review] tags mark questions for counsel.
What personal data Tuur collects, why we collect it, and how we keep it safe.
The data controller for Tuur isTODO: legal trading entity + postal address — same as Impressum. For privacy questions: privacy@tuur.guide.
We are not currently obliged to appoint a Data Protection Officer under GDPR Art. 37.TODO: confirm DPO requirement based on processing volume and special-category data
From guides: name, email, city, country, bio, languages spoken, profile photo, tour listings, billing details, login activity, support correspondence.
From travellers: the name and email they put on an enquiry form, the message they send, and any reply correspondence. We don’t require travellers to create accounts.
From all visitors: request logs (IP, user-agent, path) for security and basic analytics; cookie identifiers as described in our Cookie Policy.
We share data with the following processors, each under a Data Processing Addendum:
We don’t sell personal data and we don’t share it with advertisers.
Some processors host data outside the EU/EEA (notably Stripe and any US-based email provider). For those transfers we rely on the EU-US Data Privacy Framework where the processor is certified, or on Standard Contractual Clauses (Module 2).TODO: confirm each processor’s adequacy mechanism and update if Privacy Framework status changes
Specific retention periods are listed in our data retention schedule.
Under GDPR you can:
To exercise these rights, email privacy@tuur.guide.
We don’t make any decisions about you that produce legal or similarly significant effects on a purely automated basis.
The service is not intended for under-16s and we don’t knowingly collect their data.
We’ll announce material changes in advance by email and at the top of this page.