Privacy Policy

Privacy Policy

Data Controller and Contact Information

The data controller of the user’s personal data is:

Trippy Experience S.R.L.S.

VAT No. 02750980746

Piazza Caduti in guerra, 28

Ceglie Messapica (BR)

For any clarifications or suggestions regarding data protection or if the user wishes to exercise their rights, all contact information can be found in the “Contact” section of our homepage. Note: Any data processing by providers of activities offering their services on the Trippy Experience platform is subject to their respective privacy policies. The activity providers act independently as data controllers.

2. Object of Data Protection

The object of data protection is personal data, i.e., all information related to an identified or identifiable natural person. Personal data will also be referred to simply as data.

3. Automated Data Collection

When accessing our website, the user’s device automatically transmits data for technical reasons. The following data are stored separately from others that the user may transmit to us:

• URL of the accessed page
• Network connection latency
• Date and time

We save these data for the following purposes:

• For load balancing, i.e., to distribute access to our website across different devices and offer the fastest possible loading times;
• To ensure the security of our IT systems, i.e., to defend against specific attacks on our systems and recognize attack patterns;
• To ensure the proper functioning of our IT systems, e.g., when errors occur that we can only rectify by saving the IP address;
• To enable legal prosecution, danger prevention, or legal action in case of specific indications of crimes.

The user’s IP address will be saved for a period of only 30 days. In this case, processing will be carried out to ensure security in accordance with Art. 32 of the GDPR, as well as based on our legitimate interest in protecting ourselves from misuse of our service (Art. 6(1)(f) GDPR).

4. Trippy Experience Account

4.1. Registration

• Surname/Name
• Email address
• Password

Alternatively, the user can sign up with their Facebook, Google, or Apple account. In this case, we will receive the following personal data from Facebook, Google, or Apple to create a user account:

• Name
• Email address
• Authentication token

The user’s registration data are necessary to set up and manage a user account. In this case, the user will conclude an agreement (free of charge) with us, based on which we will collect such data (Art. 6(1)(b) GDPR). To conclude the agreement, the user must provide us with these data. However, they are neither contractually nor legally bound to conclude the agreement and thus provide the data.

4.2. Favorites

After creating a user account, they can create favorite lists with activities and tours and share them with other users. The user’s data will be processed for these purposes to provide them with the related functions (Art. 6(1)(b) GDPR).

5. Reviews and Ratings

Our website does not offer the possibility to rate and comment on tours or activities. After completing a tour booked through our website, we may ask the user to rate it via Google My Business. Naturally, submitting a review is voluntary.

6. Customer Support

6.1. Processing Requests

The user’s request will be processed by our team. To continuously improve our customer service, we analyze the requests sent to us based on certain parameters and keywords. Although, as a general principle, no analysis is performed based on personal data, it cannot be excluded that, in individual cases, personal data may also be processed within this context. The processing necessary in this context serves our legitimate interest and that of our customers in the continuous improvement of our customer service (Art. 6(1)(f) GDPR).

7. Newsletter

The user has the option to register on our website for our newsletter. With our newsletter, we will send the user information on offers, tours, activities, or special promotions as personalized as possible. By registering for our newsletter, the user consents to the processing of their email address for the purpose of sending the newsletter. The legal basis for this processing is Art. 6(1)(a) GDPR. The user can revoke their consent at any time by unsubscribing from our newsletter. To do so, they can use the unsubscribe link contained in each email. To verify the user’s email address, they will first receive a registration email to confirm with a link (double opt-in). When registering for the newsletter, we save the IP address, date, and time of registration. The processing of these data is necessary to prove the provision of such consent. The legal basis derives from our legal obligation to prove the user’s consent (Art. 6(1)(c), in conjunction with Art. 7(1) GDPR).

If the user has booked a tour through our website or created a TE account, we will send them our newsletter based on our legitimate interest in promoting similar services for the user’s bookings or account (Art. 6(1)(f) GDPR, § 7(3) UWG [German Unfair Competition Act]), unless the user has objected to such use. If cookies are used for personalization, we will separately ask for the user’s consent.

The user can object to this at any time (also during registration) by unchecking the corresponding checkbox or clicking the unsubscribe link in the respective emails. Additionally, if the user has an account, they can subscribe or unsubscribe at any time to different types of communications from the “Settings” -> “Notifications” section of their profile.

9. Bookings and Payments

9.1. Bookings

When the user books a tour, activity, or similar on our website, we collect the data necessary to execute the tour. This generally includes the following information: first and last name, billing address, email address, phone number, number of participants, date and time, or the age of participants. The processing that takes place in relation to this is based on Art. 6(1)(b) GDPR. To the extent necessary, we will transfer the user’s data to the provider responsible for the tour or activity, who will process the personal data as indicated in their own privacy policy as an independent data controller. If it is necessary to transfer data outside the European Economic Area, this is based on Art. 49(2)(b), (c) GDPR.

9.2. Booking Confirmations

To keep the user updated about their bookings, we will send booking confirmations, reminders, and updates for scheduled bookings (e.g., changes in times or meeting points) to ensure they have all the necessary information to participate in the booked services. Booking confirmations are sent to the user’s email address provided during the booking process. If the user has an account, they can choose more detailed ways to receive notifications through the “Settings” -> “Notifications” section of their profile. We process personal data to provide the user with such features of our service (Art. 6(1)(b) GDPR).

9.3. Payments

The user has various options for payment when booking. Therefore, we will process the necessary data in each case, depending on the selected payment method. In this context, the user’s personal data will be processed as described below, based on Art. 6(1)(b) GDPR, and it will be necessary to process them to execute the chosen payment method.

10. Communication and Access to Personal Data

Only duly instructed authorized persons (e.g., employees) will have access to your personal data. Additionally, we may disclose your personal data to the following categories of recipients, who may act as data processors pursuant to Art. 28 of the GDPR, or as independent data controllers:

• Providers (e.g., Stripe for payment processing) who perform activities related or instrumental to our business activities. For our providers, the list is always available upon request by writing to info@trippyexperience.com.
• Partners/structures offering experiences selected by you;
• If we conduct a transaction or business operation (e.g., in case of bankruptcy, merger, acquisition, reorganization, sale of assets, or assignments, and due diligence related to such transactions), your personal data may be disclosed to our advisors and advisors of any potential buyer, and may be considered one of the assets transferred to another owner.
• Public, judicial, or police authorities, within the limits established by applicable laws.

Personal data will not be disclosed for reasons other than those mentioned above, unless such disclosure is deemed necessary to fulfill a legal obligation or if your consent is requested. Your data will also never be disseminated.