Privacy & Travel Data Protection

At Tallinn Curated Experiences, we understand that travel involves trust. This policy outlines how we collect, use, and protect your personal information while creating unforgettable Estonian journeys for you.

Last Updated: November 2025

1. Introduction & Our Travel Philosophy

Tallinn Curated Experiences ("we", "our", or "us") creates specialized tourism experiences in Estonia. This Privacy Policy explains how we handle your personal information when you book our experiences, visit our website, or interact with our services.

As a boutique travel curator, we believe in respectful, sustainable tourism that honors both our guests' privacy and Estonia's cultural heritage. We comply with the General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act, and other applicable data protection laws.

Travel Ethos: We collect only essential information needed to create exceptional travel experiences while respecting your privacy throughout your journey with us.

2. Information We Collect

We collect information necessary to design, coordinate, and deliver your personalized Estonian travel experience:

Booking & Travel Information

  • Personal Details: Full name, date of birth, nationality, passport information (for bookings)
  • Contact Information: Email address, phone number, home address
  • Travel Preferences: Dietary requirements, mobility needs, interests, special occasions
  • Travel Party Details: Information about fellow travelers in your group
  • Emergency Contact: Emergency contact information for safety purposes

Experience-Specific Information

Depending on your chosen experience, we may collect:

  • Wellness Data: Health information relevant to physical activities (hiking, sauna rituals)
  • Business Information: For corporate/innovation tours: company details, professional interests
  • Digital Nomad Information: Work preferences, tech requirements, networking interests
  • Cultural Interests: Specific cultural, historical, or artistic interests for personalized curation

Financial Information

  • Payment details (processed securely through third-party providers)
  • Billing address and invoice information
  • Travel insurance details (if provided by you)

Sensitive Information Note: We only collect sensitive information (health, dietary requirements) when essential for your safety and experience quality. This information is handled with extra care and only shared with relevant experience providers when necessary for your wellbeing.

3. How We Use Your Information

We use your information exclusively to create and deliver exceptional travel experiences:

Purpose Legal Basis Travel Context
Experience design and personalization Performance of contract Creating your bespoke Estonian journey
Booking arrangements and reservations Performance of contract Securing accommodations, activities, transport
Health and safety management Legitimate interest & vital interests Ensuring safe participation in activities
Cultural experience customization Performance of contract Matching experiences to your interests
Communication during your journey Performance of contract Coordination, updates, support during travel
Billing and payment processing Performance of contract Financial transactions for services
Experience feedback and improvement Legitimate interest Enhancing future travel experiences
Legal and regulatory compliance Legal obligation Tourism regulations, tax requirements
Marketing (with consent) Consent Sharing new experiences, offers, Estonia updates

4. Information Sharing with Experience Partners

To deliver your curated experience, we collaborate with trusted local partners:

Essential Service Providers

  • Accommodation Providers: Hotels, guesthouses, boutique stays (necessary information for check-in)
  • Activity Guides: Local experts, historians, nature guides, wellness practitioners
  • Transport Providers: Drivers, boat operators, transport companies
  • Restaurants & Chefs: For dietary requirements and special dining experiences
  • Cultural Institutions: Museums, galleries, historical sites (for special access)

Information Shared with Partners

We share only essential information:

  • Name and contact details for reservations
  • Dietary requirements for meal providers
  • Mobility/health information for activity safety
  • Special occasion information for celebrations
  • Cultural interests for personalized guiding

Legal and Safety Disclosures

We may disclose information when necessary:

  • Emergency Services: In case of health or safety emergencies
  • Government Authorities: When required by Estonian or international law
  • Insurance Providers: For claims or assistance requests

Partner Selection: We carefully select all experience partners based on their commitment to quality, sustainability, and data protection. All partners are required to handle your information responsibly and only for the specific service they provide.

5. Data Security During Travel

We implement appropriate measures to protect your information throughout your journey:

Technical Security Measures

  • Secure booking platform with encryption
  • Protected document storage for travel documents
  • Secure communication channels
  • Regular security assessments

Operational Security Practices

  • Limited access to sensitive information within our team
  • Secure handling of physical documents (itineraries, reservations)
  • Training for all staff and partners on data protection
  • Secure deletion of unnecessary information after travel completion

Travel-Specific Security

  • Discreet handling of VIP or celebrity traveler information
  • Secure transfer of sensitive documents during travel
  • Emergency protocols for data protection during incidents
  • Partner vetting for security standards

6. Your Rights as a Traveler

Under GDPR and applicable data protection laws, you have the following rights:

  • Right to Access: Request copies of your personal information
  • Right to Rectification: Request correction of inaccurate information
  • Right to Erasure: Request deletion of your information under certain conditions
  • Right to Restrict Processing: Request limitation of how we use your information
  • Right to Data Portability: Receive your travel information in a structured format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw marketing consent at any time
  • Right to Travel Information: Request details about how your information is used for your experience

Travel Record Considerations: Certain travel information may be retained for legal or safety reasons (insurance, regulatory requirements). We will inform you of any such requirements when responding to your requests.

7. International Data Transfers

As a travel company serving international guests, your information may be transferred:

Within the European Union

  • All primary data processing occurs within EU/EEA countries
  • Our local Estonian partners operate under EU data protection standards
  • Secure EU-based cloud services for document storage

To Your Home Country

  • Travel documents may be emailed to your home country
  • Billing information processed through international payment systems
  • Communication during trip planning from your location

Third-Country Transfers

If necessary for your specific experience, we may transfer data with appropriate safeguards:

  • EU-approved standard contractual clauses
  • Explicit consent for specific transfers
  • Adequacy decisions for destination countries

8. Data Retention for Travel Experiences

We retain information based on operational needs and legal requirements:

Retention Periods

  • Active Bookings: Retained throughout planning and travel execution
  • Post-Travel Records: 7 years (Estonian business record requirements)
  • Financial Records: 7 years (tax and accounting requirements)
  • Marketing Information: Until consent withdrawal or 3 years of inactivity
  • Emergency Information: Deleted after travel completion (unless incident occurred)
  • Feedback & Testimonials: Retained with consent for marketing purposes

Travel Memory Preservation

  • Photo/Video Consent: Separate consent obtained for any promotional use
  • Experience Stories: Only shared with explicit permission
  • Personal Travel Diaries: Created only at guest request

Travel Legacy: Many of our guests cherish their travel memories. With your permission, we may retain certain non-sensitive information to help you remember your Estonian journey or plan future visits.

Contact Our Travel Privacy Team

For privacy inquiries, data requests, or travel-specific concerns:

Tallinn Curated Experiences

Puuvilla tn 32, 10314 Tallinn, Estonia

Experience Curator: Bonita Leiman

Phone: +372 5550 6400

Email: privacy@tallinncurated.ee

Data Protection Contact: dataprotection@tallinncurated.ee

We respond to all travel privacy inquiries within 48 hours during business days.