About this policy
Along with our Terms of Service , this policy explains how we collect and handle your information across all of our websites, mobile apps and other services. We’ll review this policy from time to time to make sure it’s up-to-date. If we make changes, we’ll post the latest version here. When we make significant changes, we’ll let you know when you next access our services, or by other communications.
You’ll come across the term ‘personal data’ a lot in this policy. By that, we mean any information relating to you as an identifiable individual. For example, this includes information that may of itself identify you such as your name, contact details, trek itinerary, internet protocol (“IP”) address, cookie strings or device IDs, as well as information that may not on its own identify you, but which we store alongside such identifiers, such as how you are using our services or the country you are in when you do so.
Why and how do we use your personal data
We only use your information where you’ve given us your consent, where its necessary to deliver the services you’ve requested, where it’s necessary to exercise or comply with legal rights or obligations, or for normal business purposes of the kind set out in this policy.
When we need to do so to deliver our services or facilitate the performance of a contract you’ve entered – or are entering – into, such as making a booking with us or a Travel Supplier.
To improve or optimise our services and to otherwise protect or further our legitimate interests. This includes pretty serious reasons like fraud prevention and security but also fun ones like product enhancement so we can keep making Trekhunt even better for our travellers.
When we have your consent.
What personal data we collect
Everyone who uses our services will have bits and pieces of information about them collected, stored and processed. However, we don’t collect more information than we need.
We can’t help you plan and book your dream trip without information. So, when you use our services, we have to collect, keep and share some personal data and ask that you agree to that in line with this policy. We collect information in three ways:
1. You give it to us voluntarily
Information you choose to give us might include personal data needed for you to book travel for yourself and others. This ranges from the dates and destination you choose in a search, to the basic stuff for making a booking request with a Travel Supplier such as names and contact details. It can also include content like the reviews or photographs you upload to our services to share with other travellers. Most importantly, it’s always up to you whether or not you choose to give us this kind of information.
2. We generate or collect it automatically
We generate or collect some information from your computer or device automatically as you use our services. This includes stuff like your IP address, information about the device and browser you are using to access our services, the website URL you visited us from and the third party sites you visit when you click on links to exit the Trekhunt site. It also includes details of the bookings you have made via Trekhunt. We may also know your location from your mobile or your IP address. This helps us to improve your experience and make sure you receive the content that’s most relevant to you.
3. We receive it from third parties
Sometimes we’re given information about you from third parties, depending on how you choose to interact with us. For example, when you come to our website via a promotional partner, or when you log into your Trekhunt account using our social network login feature. And, if you’ve redirected to a Travel Supplier’s website or app to complete your booking, we might collect information from them about whether you went ahead with your trip and what you booked.
Our services are not intended for children under 16 years of age, and no one under the age of 16 should provide any information to, on or via our services. We don’t knowingly collect personal data from children under 16, and will delete any that we learn we have collected or received that was not provided by, or with express consent on behalf of, the child’s parent or legal guardian.
How long do we store your personal data
We only keep your data for as long as we need it, or are required to for legal reasons. We’ll then either delete it or anonymise it so it doesn’t identify you. We treat data differently depending on what it’s used for, but you can ask us to delete your personal data at any time.
We keep your personal data only for as long as we need to. This depends on why it was collected, or if we have a continuing legal basis to do so (such as to fulfil a contract between us, perform a service you requested or for our legitimate interests). Rest assured, if we no longer have a reason or legal requirement to process your personal data, we will delete it or store it in a way so that it no longer identifies you.
We have different retention policies for different types of personal data, taking into account:
- The purpose for collecting the personal data;
- How long it will take to fulfil that purpose; and
- Any specific reason or overriding legal obligation to retain the personal data for a specific amount of time.
Also, if you have an account with us, we will keep personal data such as your email address, name and other details so you can log in and access our services for as long as you have an account. We may keep other information indefinitely – such as site activity linked to an IP address – which we use to help us understand our travellers, improve our products and services and protect our business interests.
No matter how long the retention period, you can ask us to delete your personal data in certain circumstances.
When is your information shared with or collected by third parties?
We share your information only where you ask us to, where it’s a necessary part of doing business with you and providing you with the services, or where we need to for legal reasons. Companies you book with via Trekhunt (like tour operators or activity providers) will collect your data in line with their own policies. Sometimes companies that advertise via our services may also collect your information. Finally, companies that help us deliver our services will also collect and use your data on our behalf.
Sharing personal data with third parties who process it only under our instruction
We share information relating to our users with selected third parties who provide us with a variety of different services that support the delivery of our services (let’s call them “Third Party Processors”). These Third Party Processors range from providers of technical infrastructure to customer service and authentication tools. We require any Third Party Processor which handles information on our behalf to do so pursuant to contractual terms which require that the information is kept secure, is processed in accordance with applicable data protection laws, and used only as we have instructed and not for that Third Party Processor’s own purposes (unless you have explicitly consented to them doing so).
Third Party Processors may be located in, or process your information, outside of the country in which you are based. Where our use of a Third Party Processor involves the transfer of personal data from within Europe to a location outside of the European Economic Area, we will put in place appropriate measures to ensure that the personal data is adequately protected in that location, most often by applying European Commission-approved standard contractual clauses alongside robust security checks.
The types of Third Party Processors we may share elements of your personal data with include:
- payment processors engaged by us to securely store or handle payments information, such as credit or debit card details, required for facilitating bookings with Travel Suppliers – for example, when you provide us with your credit or debit card details we store these in a PCI-compliant data vault provided by an industry-leading third party payment processor;
- providers of email management and distribution tools – for example, if you sign up to receive Trekhunt newsletters or other marketing messages we will manage the delivery of these to you using a third party email distribution tool;
- providers of security and fraud prevention services – for example, we use these providers to identify automated software agents that might disrupt our services or to prevent misuse of our APIs;
- providers of data aggregation and analytics software services that enable us to effectively monitor and optimise the delivery of our services;
- providers of tracking tools that we use to monitor instances where you click on a link to a Travel Supplier’s website and redirect from the Trekhunt platform to that Travel Supplier’s;
- providers of software platforms that assist us in communicating or providing customer support services to you – for example, we manage and respond to any messages you send to us via our help centre using a third party communications management tool;
- providers of recruitment management services – for example, when you apply for a vacancy at Trekhunt we use a third party tool to manage and store any information relating to your application;
- providers of online cloud storage services and other essential IT support services; and
Sharing your information with third parties, or allowing them to collect it, for processing outside of our control
We will share personal data with third parties where you expressly authorise us to, such as where we run a promotion in conjunction with a partner and you instruct us to share your email address with that third party for the purpose of receiving promotional emails.
Certain information may also be collected from you by third parties such as advertisers, marketing networks and affiliates (see the How do we advertise? section below) using cookies and similar technologies. For example your IP address and events relating to your activity like searches you have carried out or pages you have viewed on Trekhunt may be collected and transmitted to these third parties to allow them to serve relevant advertising to you across the web. The information that is collected in this way will never include your name, contact details or other information that would enable you to be identified in the offline world. You can find out more about advertising in Trekhunt, including how you can opt out of certain types of advertising in the How do we advertise? section of this policy.
Disclosing information for legal and other reasons
We may disclose your information where necessary to enforce our Terms of Service or other agreements, or to a prospective or ultimate buyer if Trekhunt itself (or part of our business) is sold. We may also disclose your information if necessary to prevent, detect or prosecute illegal or suspected illegal activities, including fraud, or to prevent other damage or where necessary in response to legally binding requests, legal action against us, or to enforce our rights and claims.
How do we keep your personal data secure?
Safeguarding your privacy is embedded in our culture and we use a combination of industry-standard methods to protect it.
Keeping your personal data secure is our highest priority. We limit access to only those Trekhunt group employees who have to come into contact with your information to do their jobs and deliver our services.
Unfortunately, no website or app can guarantee complete security but we have created an organisation-wide security programme designed to keep your personal data as safe as possible. It uses a range of technical, organisational and administrative security measures and best-practice techniques, depending on the type of data being processed. For example, the computer systems we use to store your data have access limitations and in-cloud based servers that use industry-standard disc encryption. We use TLS and HTTPS encryption to protect your personal data when we transfer it across the internet. And we carry out security assessments on Third Party Processors who handle your data.
To make sure we maintain a culture of ‘Privacy by Design’, we provide thorough data protection and privacy training to all Trekhunt group employees. We develop our services with the goal of using the minimum amount of personal data possible, including through use of data minimisation techniques like anonymisation and pseudonymisation. Also, whenever we develop or update our services in ways that involve the collection or use of new forms of personal data, we conduct a privacy impact assessment to understand, and reduce, the likelihood of any unintended impact on you.
Where do we store your information?
We store the information we collect from you on secure servers in various locations, depending on where you are in the world when you access our site. Currently, we use servers that are located in Amsterdam, Ireland, Frankfurt, Hong Kong, Russia, Singapore, Tokyo and the UK. These servers are provided and/or supported by third parties acting under our instruction.
Sometimes the countries that your data is transferred to, or stored in, may have different, or less stringent, data protection and security standards than your own. However, subject to the local laws in these countries, we’ll provide the safeguards needed to protect your data regardless of location. We do this through a combination of appropriate technical, organisational and administrative security measures, and by putting in place the necessary legal contracts to backup these requirements. For example, we will only store European users’ personal data outside the European Economic Area where a European Commission-approved method of validating the transfer has been put in place.
How is your information used for advertising?
You’ll see various adverts when you use our services and might also see adverts about Trekhunt when you’re on other platforms. These adverts might come from us or from third parties and may be personalised to make them more relevant to you. The information used to personalise adverts you see may include your details of what you’ve searched for on Trekhunt, but will never include your name, contact details or other information that would enable you to be identified in the offline world.
We use a combination of cookies and other technologies such as pixels/web beacons and tracking codes (explained below) to collect information for use in line with the purposes set out in this policy.
What is a cookie?
Cookies on our website may be set by us, third parties we’re working with, or independent third parties (such as advertisers).
What are web beacons and pixels?
Web beacons or pixels are small, transparent image files inside a web page or email. We use them to understand how you interact with our services, or if you’ve redirected to a Travel Supplier’s website or app. We might use the pixel to confirm if you went on to book with them, and what you booked. We also use pixels to gather information such as whether you’ve opened an email, so that we can improve our communications to you.
What are tracking codes?
Tracking codes are snippets of code placed in the page to measure things like visits and interactions. We use tracking codes to find out more about how you interact with our services, the adverts you see and more generally, how you use us.
What are your choices and rights?
If you’ve got a Trekhunt account, you can access, edit, download or delete the key personal data associated with your profile at any time by going to your Profile. From here you can also manage your subscription and marketing preferences.
You also have rights in relation to the personal data we have about you, which we explain in more detail below. You can exercise these rights by getting in touch with us via firstname.lastname@example.org.
You have the right to ask us for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you have provided to us in a structured, machine readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to Trekhunt processing your data, this will not affect any processing which has already taken place at that time.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority at email@example.com
Who are we and how can you contact us?
Trekhunt is provided by Trekhunt International Limited, a company registered in Hungary.
Trekhunt International Limited is the Data Controller of any information collected from you by us.
Our company number is: 01-09-325896
Our registered office address is: Teve utca 7. 2/1, Budapest 1139, Hungary