Subscribe to ALEX-TUURS News

We use cookies 🍪

This website uses cookies in accordance with Regulation (EU) 2016/679 (GDPR) and the ePrivacy Directive to ensure proper site functionality, security, and usage analytics. By continuing to use this website, you confirm that you have been informed about the use of cookies.

Privacy Policy Security Policy

Cart0 item(s) - 0€ 0

  • Your shopping cart is empty!

0

Privacy Policy

Privacy Policy

Privacy Policy

1. General Provisions

This Privacy Policy (hereinafter the “Policy”) describes how ALEX-TUURS OÜ processes personal data of users of the website tuurs.ee: what data may be collected, in which cases and for what purposes it is used, on what legal grounds the processing is carried out, how data protection is ensured, and what rights users have in connection with the processing of their personal data.

This Policy applies to the processing of personal data when using the website tuurs.ee, including browsing pages, filling in contact/request forms, ordering consultations, communicating via email or other communication channels indicated on the website, as well as using e-commerce functions, if such functions are enabled.

The website tuurs.ee operates on the OpenCart 3 platform. Depending on the website configuration and installed modules, this system may automatically process technical data (such as IP address, browser and device information, cookies, session identifiers) and store data that the user voluntarily provides (such as name, email address, phone number, and the content of inquiries). This data is used exclusively to ensure the proper functioning of the website, security, processing of inquiries, and provision of services.

ALEX-TUURS OÜ respects users’ right to privacy and processes personal data in accordance with the applicable legislation of the European Union and the Republic of Estonia, including the General Data Protection Regulation (GDPR). We adhere to the principles of lawfulness, fairness and transparency, data minimisation, purpose limitation, accuracy, storage limitation, and confidentiality.

We do not request or expect users to submit excessive or sensitive data via the website forms (such as passwords, full bank card details, or verification codes). If a user voluntarily provides such information, we will endeavour to process it only to the extent objectively necessary to respond and, where possible, remove or mask it from operational systems, unless this would conflict with legal obligations.

By using the website tuurs.ee and providing their personal data, the user confirms that they have familiarised themselves with this Policy and understand the basic principles of data processing. At the same time, the user retains all rights provided under the GDPR regardless of this acknowledgement and may contact us regarding data processing matters using the contact details available on the website.

If the user does not agree with the provisions of this Policy, they may discontinue using the website and refrain from providing personal data via the website forms. In such cases, however, certain functionalities (such as processing requests or providing feedback) may not be available.

2. Data Controller

The data controller responsible for the processing of personal data in connection with the website tuurs.ee is:

  • Company: ALEX-TUURS OÜ
  • Registration code: 17163628
  • Field of activity (EMTAK): 79111 — Travel agencies

ALEX-TUURS OÜ determines the purposes and means of processing personal data within the scope of its activities and is responsible for compliance with data protection legislation, including fulfilling obligations related to informing users, ensuring the rights of data subjects, and implementing reasonable security measures.

In certain processes, ALEX-TUURS OÜ may engage third-party service providers (such as hosting providers, email services, payment systems, analytics or communication tools) who process data on behalf of the company as data processors. In such cases, we strive to select reliable partners and ensure the existence of appropriate contractual arrangements regarding confidentiality and data protection, to the extent required by applicable law.

If, in the course of providing travel services, it is necessary to transfer data to tour operators, carriers, insurers, or other partners (for example, for booking purposes), such entities may act as independent data controllers within the scope of their own processes. In such cases, the processing of data by these third parties is governed by their own privacy policies and terms, and the scope of data transferred is limited to what is necessary for the provision of the service.

3. What Personal Data We Collect

Depending on the method and nature of the user’s interaction with the website tuurs.ee, ALEX-TUURS OÜ may process various categories of personal data. The volume and composition of such data are always limited to what is objectively necessary to provide services, process inquiries, and ensure the proper functioning of the website.

In particular, the following categories of personal data may be processed:

  • Contact data
    First and last name, phone number, email address, preferred language of communication, and other contact details that the user voluntarily provides when filling in website forms or contacting us via electronic communication channels. This data is used to identify the user and enable communication.
  • Inquiry and request data
    The content of messages and requests for travel selection, travel parameters (destination, estimated dates, budget, number of travellers, preferences), as well as other information voluntarily provided by the user to obtain consultation or service offers. Providing such data beyond what is required by the form is optional and at the user’s discretion.
  • Technical and operational data
    When visiting the website, technical data may be processed automatically, such as IP address, browser type and version, operating system, device type, screen resolution, date and time of access, cookies, session identifiers, error logs, and similar data. This information is used exclusively to ensure the proper functioning and security of the website, analyse technical errors, and protect against misuse, and is not intended for direct identification of the user.
  • Payment-related data
    ALEX-TUURS OÜ does not process or store full payment card details (card number, expiry date, CVC/CVV code). When online payments are used, payment details are entered on the payment service provider’s side. The website may receive only a limited set of technical information necessary to confirm the payment (such as payment status, amount, or transaction identifier), without access to the user’s full payment details.

We deliberately do not collect or process special categories of personal data within the meaning of the GDPR (such as health data, biometric data, or information revealing religious, political, or other beliefs), nor do we request excessive information unrelated to the provision of travel services or interaction with the user.

If a user voluntarily includes additional information in an inquiry that is not requested by the website form, such data is processed only to the extent necessary to respond to the request and is not used for other purposes.

4. Purposes of Processing Personal Data

Personal data of users is processed by ALEX-TUURS OÜ exclusively for specific, explicit, and lawful purposes that correspond to the nature of the company’s activities and the user’s reasonable expectations when contacting us via the website tuurs.ee.

The main purposes of processing personal data include:

  • receiving, processing, and administering user inquiries, requests, and applications;
  • selecting, preparing, and offering travel services and solutions in accordance with the user’s request;
  • communicating with the user to clarify request details, provide information, consultations, and answers to questions;
  • fulfilling contractual obligations and preparing for the conclusion of contracts for travel services;
  • organising bookings and interacting with tour operators, carriers, and other partners to the extent necessary to provide the service;
  • processing and confirming payments (without access to payment card details);
  • ensuring the proper, secure, and stable operation of the website, including diagnosing technical errors and protecting against misuse;
  • complying with applicable legal requirements, accounting and tax obligations, and other mandatory legal provisions.

Personal data is not used for purposes incompatible with those listed above. If it becomes necessary to process data for new purposes not covered by this Policy, the user will be informed separately and, where required, their consent will be obtained.

We do not use personal data for intrusive marketing, automated decision-making, or profiling unless expressly stated and agreed with the user in accordance with applicable legal requirements.

5. Legal Grounds for Data Processing

ALEX-TUURS OÜ processes users’ personal data exclusively on the basis of lawful grounds provided for in the General Data Protection Regulation (GDPR). The specific legal ground applied depends on the nature of the user’s interaction with the website tuurs.ee and the content of the services provided.

Personal data is processed, in particular, on the following legal grounds:

  • Performance of a contract or taking steps prior to entering into a contract
    Data processing is necessary to review the user’s request, select travel services, prepare an offer, arrange bookings, or fulfil contractual obligations to which the user is a party.
  • User consent
    In certain cases, processing is carried out on the basis of the user’s freely given, specific, informed consent, for example when submitting contact forms, sending requests, or voluntarily providing additional information. The user has the right to withdraw their consent at any time, unless processing is required for the performance of a contract or compliance with legal obligations.
  • Legal obligations
    Processing may be necessary to comply with obligations imposed on the company by law (for example, accounting, tax reporting, or compliance with requirements of public authorities).
  • Legitimate interests of ALEX-TUURS OÜ
    In certain cases, data may be processed within the scope of the company’s legitimate interests, such as ensuring information security, preventing fraud, protecting the company’s rights and lawful interests, and improving service quality and website stability. In all such cases, a balance is maintained between the company’s interests and the user’s rights and freedoms.

If the processing of personal data requires a different legal basis not listed above, the user will be informed separately and, where necessary, their consent will be requested.

6. Disclosure of Data to Third Parties

ALEX-TUURS OÜ respects the confidentiality of users’ personal data and does not sell, rent, or otherwise disclose personal data to third parties for commercial or marketing purposes.

Disclosure of personal data to third parties may occur only in limited and justified circumstances, including:

  • Provision of the requested service
    Disclosure of data to tour operators, carriers, or other partners may be necessary to arrange bookings, organise travel products, or fulfil contractual obligations to the user. In such cases, only the minimum amount of data necessary is disclosed.
  • Use of service providers
    To ensure the operation of the website and the provision of services, the company may engage service providers (such as hosting providers, email services, payment systems, IT contractors). Such parties process data solely on behalf of ALEX-TUURS OÜ and only to the extent necessary to provide their services, while complying with confidentiality and security requirements.
  • Lawful requests from public authorities
    Data may be disclosed in cases expressly provided for by law, in response to lawful requests from courts, law enforcement, or supervisory authorities, within the scope of their powers.
  • User consent
    In specific cases, data may be disclosed to third parties with the explicit consent of the user, given in a particular situation.

In all cases of disclosure of personal data, ALEX-TUURS OÜ follows the principles of data minimisation and proportionality: only the data that is objectively necessary for achieving a specific purpose is disclosed.

The company takes reasonable measures to ensure that third parties who receive access to personal data provide an appropriate level of data protection in accordance with applicable legal requirements.

7. Data Retention

ALEX-TUURS OÜ retains users’ personal data only for as long as necessary to achieve the purposes of processing, unless a longer retention period is required or permitted by applicable law.

Retention periods for personal data are determined on a case-by-case basis, taking into account, in particular, the following factors:

  • the nature of the user’s inquiry, request, or ordered service;
  • the existence and duration of contractual obligations between the user and the company;
  • requirements of accounting, tax, and other mandatory legislation;
  • the need to protect the rights and legitimate interests of ALEX-TUURS OÜ, including in the event of potential disputes or claims;
  • technical and organisational requirements for ensuring data security and integrity.

Upon expiry of the retention periods, personal data is deleted, anonymised, or otherwise rendered no longer subject to processing, unless further retention is required by law or for the protection of the company’s legitimate interests.

Technical data and security logs may be retained for a limited period necessary to analyse system failures, security incidents, and to ensure the stable operation of the website.

8. User Rights

In accordance with the General Data Protection Regulation (GDPR), users of the website tuurs.ee have a number of rights regarding the processing of their personal data. These rights are intended to ensure transparency and give users control over their information.

The user has the right to:

  • Obtain information and access to data
    The user has the right to request confirmation as to whether personal data concerning them is being processed, as well as access to such data and information about its processing.
  • Request rectification of data
    The user has the right to request the correction of inaccurate, outdated, or incomplete personal data without undue delay.
  • Request erasure of data (“right to be forgotten”)
    In cases provided for by law, the user has the right to request the deletion of their personal data if further processing is not required for lawful purposes.
  • Restrict data processing
    The user may request a temporary restriction of the processing of personal data, for example while the accuracy or lawfulness of the processing is being verified.
  • Object to data processing
    The user has the right to object to the processing of personal data carried out on the basis of the company’s legitimate interests, where there are grounds relating to their particular situation.
  • Withdraw consent
    Where processing is based on the user’s consent, the user has the right to withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
  • Lodge a complaint
    The user has the right to lodge a complaint with a competent data protection supervisory authority if they believe that their rights have been violated.

The exercise of certain user rights may be limited or delayed in cases where the processing of personal data is necessary for compliance with legal obligations, performance of a contract, or the protection of the legitimate interests of ALEX-TUURS OÜ in accordance with applicable law.

To exercise their rights, the user may contact the company using the contact details provided on the website tuurs.ee. Requests are handled within the timeframes and in accordance with the procedures established by applicable law.

9. Data Security

ALEX-TUURS OÜ pays special attention to the protection of personal data and applies reasonable technical and organisational measures to prevent unauthorised access, loss, alteration, destruction, or unlawful disclosure of personal data.

Security measures are selected taking into account the nature of the processed data, the scope of processing, current risks, as well as the technical capabilities of the platform used (OpenCart 3) and the server infrastructure. The company aims to ensure a balanced level of protection without unnecessarily complicating user interaction.

A more detailed description of the principles and measures for ensuring information security, including infrastructure protection, access management, and incident response, is provided in a separate document — the Security Policy, available on the website tuurs.ee.

10. Cookies and Analytics

The website tuurs.ee may use cookies and similar technologies to ensure the proper and secure operation of the website, maintain user sessions, remember selected settings, and analyse technical aspects of website usage.

Cookies may be used for:

  • ensuring basic website functionality;
  • improving user experience and ease of navigation;
  • collecting anonymised statistical information about website traffic and performance;
  • ensuring security and protection against misuse.

Detailed information about the types of cookies used, their retention periods, processing purposes, as well as options for managing user consent and disabling cookies, is provided in a separate Cookie Policy.

11. Changes to the Privacy Policy

ALEX-TUURS OÜ reserves the right to amend and supplement this Privacy Policy as legislation changes, as the website tuurs.ee evolves, as functionality is updated (including the OpenCart 3 platform), or as internal business processes change.

The current version of the Privacy Policy is always published on the website tuurs.ee and enters into force upon publication, unless otherwise stated in the text. We recommend that users periodically review this section to stay informed of any updates.

Continued use of the website after the publication of changes constitutes the user’s acceptance of the updated version of the Privacy Policy to the extent permitted by applicable law.

12. Contact Information

For any questions related to the processing of personal data, the exercise of user rights, or clarification of the provisions of this Privacy Policy, you may contact ALEX-TUURS OÜ using the contact details provided on the website tuurs.ee in the “Contacts” section.

We aim to review requests related to the protection of personal data carefully and within reasonable timeframes established by applicable law.

Last updated: 13.12.2025