Travelspot services illustration

Introduction to the Privacy Policy

Thank you for using travelspot.com (“Website”) and for your interest in our products and services. The protection of your personal data is an important concern for us, and we are committed to protecting your online privacy.

This Privacy Policy (“Policy”) sets out how Travelspot LLC, with headquarters at Zagrebačka 1, 31000 Osijek, Republic of Croatia, registered under the no. Os Tt-18/7187-2 at the Commercial Court of Osijek, represented by the Management Board, consisted of Lea Buljubašić, Ivan Rimac, and Feđa Ivanšić (“Travelspot,” “We,” “Us,” “Our”) collects and processes your personal data when you use our Website. This Policy also tells you what your rights are in relation to the personal data you give to us.

This Policy is written in accordance with the rules of the Regulation (EU) 2016/679 (General Data Protection Regulation) hereinafter referred to as the “GDPR”.

Please read the following Privacy Policy carefully to understand what data we collect, how that data is used, stored, and the ways it can be shared by us. If you do not wish for your personal data to be used in the ways described in this Privacy Policy, then you should not access or use the Website, buy our products, and/or order our services (“Products&Services”).

1. Personal information we collect and process

For the purpose of this Privacy Policy, “Personal Information” or “Personal Data” means any information relating to an identified or identifiable natural person.

1.1 We collect and process the following types of data:

  • Personal data that you provide us with, e.g., when creating an account for our Products&Services, filling out the contact form for contacting our Customer Service, such as your email address, first name, last name, phone number, date of birth, billing information, credit card information, bank details for wire-transfer purposes, identification document type and details,

  • When you create an account on the Website, you will also be asked to set a username and a password in order to sign up for the Products&Services. This information will be used solely for the purpose of providing access to your user account,

  • Verification information, but only when that is necessary to verify your identity for KYC procedure for the safety and security of your accounts, such as an address, additional email address, passport, ID card or a picture of you holding a verification document,

  • When you voluntarily complete a customer survey or provide feedback on any of our message boards or via email.

  • Information we collect about you automatically (meta/communication data): IP address, location information, browser plug-in types and versions, browser type and version, log-in information, operating system, and platform. For more information, see our Cookie Policy.

3. How we use your personal data

3.1 We use the collected personal data to operate, maintain, enhance, and provide all features of the Products&Services, and also to give you the best possible experience when you access our Website and interact with us. That includes using your personal data for the following purposes:

  • Providing and improving our products&services portfolio: we use your information in order to provide you with the Products&Services ordered. We will use your information to process your application or account request, onboard you as a customer, manage and administer our Products&Services including your account with us, communicate with you regarding your account and orders placed. In order to improve our performance and your experience at our platform, we are tracking your behavior as a customer in the manner that we analyze what you order and what you prefer when choosing our Products&Services.

  • Protecting and security: We will ask for your information to verify your identity to help you in a situation such as lost account access, lost funds, or suspicion of a security threat.

  • Marketing: We will use your information to communicate with you and keep you up to date with our activities and those of third parties offering our Website that you may be interested in. Also, to make suggestions and recommendations to you about the Products&Services that may interest you. We will send you such information via email or other communication channels.

4. Sources of information

4.1 Information you provide us with: All data collected during the process of sending us requests with regard to our Products&Services, corresponding with us by phone, email, or other electronic means (i.e., web chatting systems), or in writing (i.e., via registered letters), as well as all other information you provide directly to us, including in conversations with our employees.

4.2 Information we collect about you when you visit our Website: Each time you visit our Website or use our services, we may automatically collect the information as stated in point 1.1.

5. How we share your personal data

5.1 We will ensure that your personal data is processed in a manner that is compatible with the purposes specified above. We share your personal data for operational, administrative, and management reasons - so we can provide accounting, management, and financial services via our subcontractor Barrage d.o.o., Zagrebačka 1, 31000 Osijek, Republic of Croatia, VAT ID: 63896222880. All parties are required to keep and use your personal data in accordance with this Policy.

5.2 If we disclose data to other persons and companies (contract processors, service providers, or third parties) within the scope of our processing, transfer it to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission.

5.3 We may share your personal data with third parties when it is necessary to involve a third-party service provider in order to facilitate, provide or extend our services, explicitly requested by you, required by a court order or any legal or regulatory requirement, in connection with the transfer or reorganization of a business, to enforce our corporate policies and in case we are defending a legal claim that requires the transfer of your personal information in order to defend such claim, to ensure the safety and security of our users, consumers and third parties and to protect our rights and property and the rights and property of our guests and third parties.

5.4 Third parties include organizations providing a service to us or acting as our agents, including, but not limited to, sub-contractors and suppliers who provide us with IT, payment and delivery services, email providers, and other service providers necessary for the improvement of our products and services. We may also transfer your personal data to potential buyers of our business and our professional advisers (such as lawyers, accountants, auditors, IT consultants, management consultants) located in and outside the EU and EEA. They will be required to satisfy our standards on data processing and security. When transferring data, the processing limitation principle is strictly respected with the transfer of the minimum amount of data needed to realize the requested service and with respect to all other relevant data protection principles.

6. How to opt-in or opt-out of direct marketing

6.1 We and selected third parties will use the information you provide on our Website for direct marketing purposes to deliver updates, newsletters, events, or other communications that may be of interest to you.

6.2 Your prior consent will be obtained before we send you direct marketing information. In any event, you will have the opportunity to unsubscribe in every communication sent or to withdraw your consent given before the first marketing interaction we make with you.

6.3 You may object to receiving direct marketing from us at any time by contacting us or selecting the unsubscribe option in our communication messages.

8. Retention of your personal data

8.1 We will not retain your personal data for longer than is necessary for our business purposes (providing you with Products&Services) or legal or regulatory requirements.

8.2 We will retain your personal data for as long as you have an account, contract, and/or for a period of time after you have closed your account and/or terminated a contract with us. In cases of retaining your personal data after our relationship ends, we will store your personal data in accordance with the applicable law.

8.3 In all situations, we will observe the principles of data minimization, data reduction and ensure the pseudonymization of personal data or restricted access, where necessary. We will continue to protect your personal data in accordance with the terms of this Policy after our business relationship is terminated.

9. Your rights

9.1 In accordance with current regulations under the GDPR, you have certain rights. The availability of these rights and how you can use them are set out below in more detail.

Request access to your personal data: You are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. If you wish to obtain a copy of the personal data that we hold about you, you will need to contact us. Before responding to your request, we may ask you to verify your identity and provide further details about your request in order to ensure if someone unauthorized is trying to reach your personal data. We will endeavor to respond within an appropriate timeframe and, in any event, within any timescales required under the applicable law.

Request erasure, rectification, or restriction of processing of your personal data: You are entitled to ask us to delete or rectify personal data in certain circumstances, including the withdrawal of your consent if we no longer need it in connection with your account or for other legitimate reasons. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims. If you wish to rectify, erase, or restrict the processing of your personal data, you will need to contact us. It is your responsibility to ensure that you submit true, accurate, and complete information to us and keep this information up to date.

Withdraw your consent: Any consent is provided freely. In such situations where the processing of your personal data is based on your prior explicit consent, you may withdraw your consent at any time by contacting us at gdpr@travelspot.com. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please be advised that we will not be able to provide you with our Products&Services without certain personal data.

Request to data portability: You can ask us to help you move some of your data to other companies. To help you with that, you have a right to request that we provide your information in an easily readable format to another company.

Request not to be subject to an automated decision: You may dispute any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.

Object to processing of your personal data: You have the right to object to our processing of your personal data in certain circumstances. For example, you have the right to object to our processing of your personal data when it is based on our legitimate interests (or those of a third party). You may challenge our reliance on legitimate interests. However, we may be entitled to continue processing your personal data based on our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your personal data for direct marketing purposes.

9.2 If you consider that the processing of personal data we are conducting is against the privacy protection regulations, please let us know in the same written way to the address or email address: gdpr@travelspot.com.

9.3 Intentional misuse of your rights under the GDPR will lead to costs incurring, which we will charge your account for. For example, when you intentionally set us more requests for reconsideration of your data processing (or other actions), knowing in advance that such requests are false, misleading, or set out in order to stall us or to overload our business.

10. Data security

10.1 We are committed to keeping your personal data safe. We apply physical, technical, and administrative measures such as encryption, restricted access measures, reviewing, auditing, and improving plans for the ongoing confidentiality, integrity, availability, and resilience of processing systems and services to protect your personal data that is under our control from unauthorized access, collection, use, disclosure, copying, modification or disposal. All the information we received from you is stored on secure servers, and our Website is hosted on servers in EU/EEA.

10.2 The Internet is generally not regarded as a secure environment, and information sent via the Internet may be accessed by unauthorized third parties, potentially leading to disclosures, changes in content, or technical failures. We are not responsible for the security of information you transmit to us over networks that we do not control, including the Internet and wireless networks.

10.3 Please be aware that you are responsible for keeping your account password, verification codes safe and secure. Do not share those with anyone. If there is unauthorized use or any other breach of security involving your information, you must notify us as soon as possible.

11. International transfers

11.1 We may transfer your personal information outside the EEA and EU to service providers and business partners (i.e., Data Processors) who are engaged on our behalf and provide us with technical, operational, and other services.

11.2 Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. We generally store all of the personal data that we collect about you in the European Economic Area.

11.3 A transfer of personal data to a third country or an international organization may take place where the Commission has decided that the third country, a territory, or one or more specified sectors within that third country, or the international organization in question ensures an adequate level of protection. Such a transfer shall not require any specific authorization. By using our products and services, you consent to your Personal Data being transferred to other countries, including countries that have differing levels of privacy and data protection laws than your country.

12. Use of this website by minors

The Products&Services are not directed at persons under the age of eighteen (18).

We will not provide you with our Products&Services if you are a minor.

If you are a parent or guardian and you are aware that your Children have provided us with Personal Data, you will need to contact us. If we discover that a person under the age of eighteen (18) has provided us with Personal Data, we will delete such information from our servers immediately and confirm such deletion.

13. Final provisions

Please revisit the Travelspot Website periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the site and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. If the Website is under construction, some parts of it might be missing. In that event, please contact us.

14. Contact details of data controller

Travelspot is primarily responsible to you for any questions, concerns, or complaints with regard to this Policy or our handling of your personal data.

You can contact us by email at gdpr@travelspot.com or write to us at:

Travelspot LLC
Zagrebačka 1,
31000 Osijek
Republic of Croatia,
GDPR

Background Element