- What types of personal data we collect and why we collect it.
- When and how we may share personal data with other organisations.
- The choices you have, including how to access, delete and update your personal data.
We are committed to protecting your personal information and recognise the vital importance of such protection. We want you to feel comfortable using our platform including our website located at www.tourboks.com, other tourboks.com branded websites owned and controlled by us, applications and other digital services (the “Site”).
As a company we make arrangements with third party service providers who provide travel and non-travel related services, products and information such as cruises, transportation, guides, sightseeing, activities amongst other things (the “Service Providers”).
2. What is personal data?
Personal data is defined by the GDPR as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. Personal data is any information about you, which will enable you to be identified.
3. Personal data we collect
On various occasions, including through forms on our website, we invite or request you to submit your contact details and other information about yourself or your organisation, or to send us emails which will, of course, also identify you.
We may also collect and process the following personal data from you:
- Contact details and identity information, including your name, address, date of birth, email address, telephone number, hotel details, social media account information, marital status, employment history, educational or professional background, passport number, job title and function, and other personal data relevant to the services we provide you.
- Financial data, including your bank account details and other data required for fraud prevention, and other related billing information. We do not collect or store any credit card information. All payments are made through a third party payment provider Adyen to ensure your personal and sensitive credit card information is securely stored. We have no access to any of your credit card information.
- Business information, which may include information such as corporate documents, share and shareholder information, articles of association, information about beneficial owners, provided in the course of the contractual or client relationship between you or your organisation and us or otherwise voluntarily provided by you or your organisation.
4. How we use this Information
Under the GDPR, we must always have a lawful basis for using your personal data. In each case, the purpose for which you are invited to give us information will be clear. We will not use your information for purposes that are not clear when you provide your details, and we will not disclose it to anyone other than to our Service Providers. We may disclose information in other very limited circumstances, for example, with your agreement or where we are legally obliged to do so.
We may use your personal data for the following purposes (unless otherwise specified):
- Account opening and customer services, where you request any support regarding your account, as instructed by you or your organisation.
- For the purpose of facilitating your participation in any tours.
- Administering and managing your account including processing payments using our payment service provider Adyen, accounting, auditing, and taking other steps linked to the performance of our business relationship.
- Promoting, tailoring and personalising our services for you or your organisation including analysing and improving our services and communications, also monitoring compliance with our policies and business practices. This may also include sending marketing publications and details of events.
- To prevent and detect security threats, frauds or other criminal or malicious activities to our communications and other systems.
- For insurance purposes.
- To allow you to participate in interactive features of our Site for example the forums, when you choose to do so.
- In order for you to travel or go on tours overseas, we may be required to disclose your personal data to government bodies or other authorities in the EU and in other countries, such as those responsible for immigration, border control, security and anti-terrorism. Even if it is not mandatory for us to provide information to such authorities, we may exercise our discretion to assist them where appropriate.
- For the purposes of recruitment.
- To conduct compliance checks in accordance with our legal obligations (for example anti-money laundering, financial and credit checks, fraud and crime prevention and detection) and to fulfil our regulatory and risk management obligations.
- For any other purposes related to and/or ancillary to any of the above or any other purposes for which your personal data was provided to us.
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you to send you information from us about events or special offers and promotions which we believe may be of interest to you (other than information that you have specifically requested).
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, taking into account legal, accounting and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.
The criteria we use to determine the appropriate period of retention for other data, will be considered balancing the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
5. If you do not want to receive information from us
We will always work to fully protect your rights and comply with our obligations under the GDPR and the and the European Directive 2002/58/EC also known as ‘the e-privacy Directive’, and you will always have the opportunity to opt-out of receiving our marketing. You can exercise this right at any time by contacting us. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails.
We will never share your name or contact details with third parties for marketing purposes unless we have your “opt-in” consent to share your details with a specific third party for them to send you marketing.
Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our other services.
We provide you with the ability to access and edit your personal data in your account by signing into your account. You may request deletion of your user account completely by contacting us (see point 12). Data and other content that you may have provided to us and that is not contained within your user account, such as posts that may appear within our forums, may continue to remain on our Site at our discretion even though your user account is deleted, so long as the storage and display of your content serve a necessary and objective business purpose. Where any of your content contains personally identifiable information for the purposes of GDPR, we will redact your content to anonymise such personally identifiable information so that your content no longer contains anything which may allow you to be identified (for example removing your name, username, location information etc.), or if this is not possible in the circumstances we will delete Your Content completely. Please see our Terms of Service.
6. Your rights
Under the GDPR, you have the following rights with respect to our use of your personal data:
- Right of access to the data we hold on you.
- Right to be forgotten. You have the right to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data has been unlawfully processed.
- Right to data portability. You have the right to request that your data is transferred to another data controller to use.
- Right to rectification if any of the data we hold on you is inaccurate or incomplete.
- Right to object to us using your personal data for a particular purpose.
- Right to complain. If you believe that your rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.
- Right to restrict processing and withdraw consent. Where you have consented to our collection of your data you may at any time withdraw your consent. To do so please follow the steps in point 5 above.
7. Who we share your data with
We may share your personal data with certain trusted third parties in accordance with our contractual arrangements in place, including:
- Our Service Providers;
- Our professional advisers and auditors;
- Our payment service provider;
- IT service providers.
- Third parties engaged in the course of the services we provide to you and with your prior consent;
- Credit providers, any relevant regulatory, governmental, or law enforcement authority as required by law or as agreed with you;
- Third parties involved in hosting or organising events or seminars.
Where necessary personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies, to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
8. Transfer of information abroad
We are incorporated as a private limited liability company under the laws of Denmark and subject to the laws and rules governing the Kingdom of Denmark and the European Union and the rules governing the members of the European Economic Area. However, we may operate through various local legal entities, which we add to or reorganise from time to time. When you provide information to any part of Tourboks you will in most cases be providing it to Tourboks as a whole, and should be aware that it may be accessed from countries whose laws provide various levels of protection for personal data, not always equivalent to the level of protection that may be provided in your own country over and above the applicable regulation applicable within the EU and the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws.
The transmission of any information via the internet is never completely secure, and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site, therefore any transmission is at your own risk.
As soon as we have received your information, we will take all reasonable steps to keep your personal data secure and to try to prevent any unauthorised access to it. All information you provide to us is stored on our secure servers.
All payments are made through a third party payment provider Adyen to ensure your personal and sensitive credit card information is securely stored. Our payment service provider is PCI compliant under PCI DSS certification.
Where you have a password to enable access certain parts of our Site, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.
10. Cookies and analytics
A cookie is a piece of data stored on a user's hard drive containing information about the user. The information below explains the cookies we use on our website and why we use them. We use two types of cookies on our Site: Tourboks cookies and Google Analytics cookies.
Tourboks cookies are used for user experience enhancements like promotion coupon code popups and to keep you logged into your account. For more information please contact us (see point 12 below).
We use Google Analytics, a web analytics service provided by Google, Inc. ("Google"), to monitor traffic. We use Google Analytics cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use the information to improve our website and enhance the experience of its visitors.
11. Links to other websites
Our Site contains links to other websites of interest and to of our principals, suppliers, advertisers and to our Service Providers, and selected other third parties for example Google Maps. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and review the privacy statement before submitting any personal information to these websites.
We may change this policy from time to time by updating this page without notice. You should therefore check this page from time to time to ensure that you are happy with any changes. If you have previously agreed to us using your personal information for any purposes, you may change your mind at any time by writing to or emailing us.
Version May 2018