1. E-BILET OÜ, a legal entity with its registered office at: Karu tn 14 - 8, Tallinn, 10120, Estonia ("Agency") acts as a data controller and as such complies with the applicable Personal Data Protection Act (PDPA), the EU General Data Protection Regulation ("GDPR") and the Electronic Communication Privacy Act ("ECPA"). The information below is presented to inform what personal data we may collect, for what purposes it may be processed and what cookies may be employed during your visit and use of https://e-bilet.eu/ ("Website").
3. If any questions related to processing, place of storage and use of the personal data arise, please contact the Customer Care Service or send your requests at the following postal address of the Agency: Karu tn 14 - 8, Tallinn, 10120, Estonia
4. What is personal data? Personal data means any data concerning an identified or identifiable natural person, regardless of the form or format in which such data exist (e.g. name, e-mail address, IP address or the feedback provided on the Website).
5. What type of personal data we collect and process. We receive and store any information entered on the Website, provided to the Customer Care Service and provided to the Agency in any other manner to the extent necessary to provide the services or to fulfill the contractual obligations, only. Furthermore, personal data might be automatically collected and processed when this Website is visited (e.g. using cookies). When the User visits the Web-site, we collect, store and process the following personal data: first name, patronymic name, last name, date of birth, gender, citizenship, mobile phone number, postal address and email address; data of the documents required for identification purposes (e.g., passport number and series, expiration date); payment card data (payment card number, expiration date, CVC/CVV-code, and the name of the cardholder); log files (IP address, browser, referring/exit pages and URLs, number of clicks and interaction with the Website, domain names, landing pages/content, pages/content viewed, device ID and device location); profile information (preferences, search history, booking history, travel plans); user content (feedback and comments that uploaded to the Website); User behavior (activity on the platform, login time and location, comments and uploads); any other information which the User may leave at their discretion on the Website. These personal data might be collected via cookies (see below). Also, we may request additional information which may include “sensitive” personal data (e.g., information which may allow to specify health conditions or religious belief) in order to provide the best service. Such information may be related to the preferences in seat in the vehicle or hotel, meals, or use of additional equipment when using the services. The User provides such “sensitive” information provided only at their discretion and upon explicit consent, and only if the provision of services would be impossible without such “sensitive” information. It may be required to transfer such sensitive personal data to third parties in compliance with mandatory legal provisions, even outside Europe, when we provide the services requested. We also offer the opportunity to the User to register and create an account using their existing social network profile (such as Google). In this case, the sign-in credentials (name and e-mail address) will be imported from the social network account. It should be noted that when this option is used, we may receive certain information via the respective social network, such as User’s name, age, location, preferences, occupation and other information from the public profile. We do not request all of this information, but it is automatically provided by the social network provider through the use of the "social sign-on" option. Nevertheless, we will only use the information required to create the account and will, upon receipt of any other information, delete the unnecessary data. After creating an account, the User has the option to add any information deemed necessary for booking.
6. Information about third parties (Buyers/Passengers/Customers) that we collect and process. If the User creates a booking of services and/or pays on behalf of or for the benefit of third parties, the Agency will collect and process the information about those third parties according to the same terms and conditions applied to the User’s personal data. By providing such information on third parties, the User confirms that such third party is aware of these terms and understands its consequences, as well as gives their unconditional and full consent to the collection and processing of their personal data in accordance with these terms, and agrees that access to such information is possible from the User’s My Account section.
7. Collection of data of underage persons. If the User is an underage person, such User shall not use this Website and shall leave it immediately. This Website shall not be used and is not intended to collect information on underage users and advertise information on services for children without the consent of their parents. The Agency shall process the personal data of underage persons only in cases when such information is provided by their parents or legal representatives and with the purpose to create a booking. If the Agency becomes aware of the use of the Website by an underage person and provision of their data personal data by them, or if parents or legal representatives request to delete the personal data, such information will be deleted within the reasonable term, and the Agency will take all possible efforts not to store and process the personal data of an underage person.
9. Google Analytics. We use Google Analytics, which is a web analytics tool that helps us to understand how visitors engage with our Website. Google Analytics collects the following information: browser, type of device, model of device, location, country, city, service provider, screen resolution (on mobile), time on site, language, operating system, visited pages on site. The information generated by the cookie about the use of the website (including the user's IP address) may be transmitted to and stored by Google on servers outside Europe (e.g. in the USA). Google uses the information to examine the Website usage, prepare reports on the activities and to offer other optional services. Google may supply this information to third parties if Google is legally required to, or if third parties process the information on Google's behalf. The Google Analytics cookies expire in 730 days (default value) and will be kept on the User’s device for that period of time, unless of course they are removed manually. The User can at any time disable collection of their data by Google Analytics, as described here - https://tools.google.com/dlpage/gaoptout/.
10. Social Media Plug-Ins. If the User interacts with social media plug-ins implemented into our Website or the User accesses content on our Website that contains a plug-in, the User’s device creates a direct connection with the servers of the respective social network. To our knowledge, the social network operators use their plug-ins to receive information on how the User uses our Website, such as the User’s operating system, browser, IP address, the content currently being retrieved, the previous content retrieved and the date/time of the visit. This allows the social network operator to create a profile of the user behavior and add this information to the User’s respective profile on the social network. Such profile will be linked to you if the User accesses the Website on the device, where the User is logged into the social network. Please, note that we do not have any specific information about the content of the data transmitted to or of its use by the third-party social media plug-in providers. The User can obtain this information directly from the specific social network operator and read their privacy policies for detailed information about the collection and transfer of personal data, rights of the User and procedures to achieve optimal privacy settings. In case the User is against such data transfer, we recommend logging out of the social network before using our platform.
11. How we use User’s data and data of third parties. We use the personal data of the User:
- to provide the services ordered by the User;
- to communicate with the User concerning the Services ordered and send Booking confirmation;
- to carry out, process and edit Booking;
- to provide support and customer service in the use of the Website and the Website services;
- to provide information on existing and future services and offers, subject to prior consent of the User;
- to improve the performance and quality of the Website;
- to give answers to requests and comments;
- to calculate bonuses if the User takes part in our loyalty programs;
- to encourage the User to participate in our surveys and provide feedback;
- to find out the services which may be of interest to the User;
- to notify the User of possible illegal or unlawful acts;
- to solve any issues which may arise under or in respect of the fulfillment of the conditions of the Terms of Service;
- for any other purposes required to fulfill our contractual obligations about which we will notify you prior to any processing.
If required, we will request the User’s consent before commencing any new data processing. Payment card data shall be used to confirm the payment for the Booking created by the User on the Website. Some services may not be provided if the provided personal data is not complete. Subject to the User’s consent, we will also process the User’s personal data (name, e-mail address) to send emails (newsletters) as well as push notifications regarding our services, special offers, and promotions. The Agency aims to provide the top-level service. Subject to the User’s consent, we may send the list of offers available on our Website and which may be of interest to a specific User and which may be related to the services selected by such User. If the User does not wish to receive such emails, they can unsubscribe from them.
12. Profiling. Subject to the User’s consent we may collect and analyze the user behavior data for profiling to provide the offers tailored to the User’s needs, preferences and interests. Offers may include inter alia discounts on services. Offers shall mean offers made by the Agency or our business partners. Profiling is a form of automated processing of the User’s personal data which envisages the use of personal data to evaluate the peculiarities of a specific User, in particular to analyze or predict aspects concerning economic situation, health, personal preferences, interests, reliability, behavior, location.
13. Legal basis for data processing. Our legal basis for personal data collection and processing as described above depends on the personal data concerned and the specific context when we collect and process it. However, we usually will process personal data only (i) when it is required for the provision of services or fulfillment of our contractual obligations, (ii) subject to the User’s consent to do so, or (iii) when such processing is in our legitimate interests and is not overridden by the User’s rights. In some cases, there may exist a legal obligation for us to collect the User’s personal data.
14. Data Storage. We store collected personal data if it is required for our legitimate needs (for example, to provide the requested service or to comply with applicable legal, tax or accounting requirements) and during the period of time established by the applicable legislation. When such legitimate need to process the User’s personal data disappears, we will either delete or anonymize such data or, if this is not possible (for example, because the personal data is stored in backup archives), then we will ensure secure storage of the User’s personal data and isolate it from any further processing until it becomes possible to delete it. In the case of consent-based data processing, personal data will be processed until such consent is withdrawn.
15. Data transfer. To the extent required for proper provision of the services chosen and booked by the User, and if the services cannot be provided without such transfer, we transfer the User’s personal data to third parties as indicated below. If required for the provision of the selected and booked services, the Agency may share the User’s personal data with different Operators, e.g. hotel, airline carrier, etc. which render the services booked. All services on this Website, offered by third parties, are marked as such. We do not provide the User’s email address to operators, unless it is required for the provision of the services, booked through the Agency. The operators may only use such data to render the booked (or similar) services to the User and other purposes, defined by the Operators. However, we recommend Users to familiarize themselves with the data protection policy of each operator that renders services booked on this Web-site. Such Operators may request additional information about the User, help with the booking of services, or answer the User’s requests, as long as it is necessary for the provision of their services. We have no control over the data protection policy of the Operators. In particular, the User hereby gives us the consent to transfer their email address and mobile phone number to airline carriers for the latter to contact the User in case of need. The User’s personal data may also be transferred to independent operators (service providers), who offer services and act on our behalf, as well as operators, who process payment card data, as well as business analytics specialists, customer service managers, marketing consultants, experts, who are in charge of prevention of payment fraud. If required for the proper performance of our Website, we may as well allow independent operators to use personal data on our behalf. Independent operators obtain access and collect information only within the scope required for their work. They are prohibited to share such data or use it for any other or their own purposes. They must, in the same manner as we, comply with the same data protection legislation. The User’s personal data may be shared with business partners, with whom we jointly offer products and services, or whose products and services we offer on our Website, subject to the User’s consent to such use. The User can see whether the requested services belong to a certain independent company. If the User accepts their services, we may share the User’s information with such business partners. We have no control over the data protection policy of such business partners. We also may share the User’s personal data with our affiliates, representatives, officers, agents, employees, or partners as far as it is required for the provision of ordered services.
16. Cross-border transfer of data. The User acknowledges and agrees that, if required for the provision of services, the Agency may transfer User’s personal data to recipients located outside of the Republic of Estonia and Europe. Thus, the User’s personal data may be available to affiliates of the Agency, data processors and service providers from countries that do not ensure the same level of data protection as provided for in the European Economic Area. The User’s personal data may be stored and processed on the servers owned/leased by the Agency, operators or independent contractors, which may be located in any country of the world (including but not limited to countries of the European Union or European Economic Area, the USA, Canada). Therefore, the Agency, where applicable, will take all reasonable measures required in relation to the recipients of the User’s personal data to ensure the appropriate level of protection as defined by the applicable data protection legislation, in particular through the application of the Standard Contractual Clauses issued by the European Commission or the decision of the European Commission which states that the country where the recipient of the transferred data is located provides an adequate level of data protection. The User acknowledges and agrees that based on the selected travel destination, the User’s personal data may be transferred to countries (Operators’ country of registration/operation, airports, etc.), where the required level of personal data protection cannot be ensured. Any cross-border transfer of data shall be limited to those data categories and recipients which are required to comply with these Terms of Service, and to provide the ordered services.
17. How do we protect personal data? We take all possible efforts to make the User’s visit to and use of our Website as safe as possible. Thus, to ensure data secrecy and data security we comply with Sec 25 PDPA as well as Art 32 et seq of GDPR and have implemented appropriate technical and organizational security measures to prevent possible loss, misuse, unauthorized access and disclosure, modification or destruction of personal data. Taking into consideration special aspects and threats in the media and on the Internet, the Agency cannot guarantee absolute protection of the User’s personal data but will take all measures at its disposal to protect the User’s personal data at the highest possible level. We comply with the requirements of applicable personal data protection legislation, requirements for payments processing (according to state-of-art market safety standards), and internal privacy policies on data protection.
18. User’s Rights. According to Sec 19 PDPA as well as Art 13 et seq GDPR, the User has the right to request access to personal data, rectification of personal data, deletion of personal data, restriction of personal data processing, data transfer, to object to the personal data processing (including objection to profiling); to withdraw consent to personal data processing, where applicable. The User shall contact us in all the above mentioned cases. If the User considers that their privacy rights have been violated, the User may file a complaint with an authority of the European Union country of their residence, place of work or of an alleged infringement. Contact information of these authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
20. CONTACT DETAILS. Registered office at: Karu tn 14 - 8, Tallinn, 10120, Estonia, registration number: 16499510, Tel: +372 6 88-81-58 (according to operators’ tariffs) Email: [email protected], Online chat
As We believe that You are the one who should decide what level of Our Customer Care Services You are about to utilize, under what conditions You will be catered for by Our Additional Services and ultimately for which of Our services You are willing to pay extra, We offer You several options to influence the scope and conditions of the provision of Our Customer Care Services and Additional Services, and ultimately the total price of Your Booking, by purchasing one of Our Service Packages.