1.1. Data subject – an individual whose personal data is being processed (e.g., student, parent, etc.).
1.2. Personal data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
1.3. Processing of personal data – any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;
1.4. Controller – a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
1.5. Processor – a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
1.6. Third party – a natural or legal person, public authority, agency, or body;
1.7. Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
1.8. Data subject – an individual whose personal data is being processed;
1.9. Customer – a person who purchases Terraxplora trips or flight tickets.
2.1. Lawfulness, fairness, and transparency – processing is lawful, fair, and transparent to the data subject;
2.2. Purpose limitation – personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
2.3. Data minimization – personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
2.4. Accuracy – personal data is accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
2.5. Storage limitation – personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
2.6. Integrity and confidentiality – personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
3.1. Terraxplora implements organizational, physical, and information technology security measures to protect personal data, following the principle of reasonableness.
3.2. Terraxplora also uses authorized processors for processing personal data and providing services. Terraxplora ensures that authorized processors process personal data according to Terraxplora’s instructions and in compliance with applicable law, implementing appropriate security measures.
3.3. Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
4.1. Terraxplora processes personal data obtained directly from data subjects and personal data encountered during service provision. Terraxplora acts as a data controller in the personal data processing processes, except in cases mentioned in points 4.1.2., 4.1.4., and 4.1.5. Terraxplora processes the following personal data for the following purposes:
4.1.1. First and last name, personal identification code, contact phone, postal and email address, when a customer orders a trip or flight ticket from us via email, web, or phone;
4.1.2. When a customer purchases a trip to a destination requiring a visa, we request the necessary personal data required by the destination country’s legislation for visa application. This may include all or some of the following personal data: first and last name, personal identification code, contact phone, postal and email address, date of birth, parents’ names, copy of travel document and/or document number, occupation, workplace, workplace address, contact person, their address, and relationship to the traveler. The responsible controller in the visa application process is the destination country’s visa-issuing authority;
4.1.3. Customers have the option to provide special requests when ordering trips and flight tickets from us. Special requests might involve shared accommodation or health-related requests, where customers may disclose health data necessary for safe travel;
4.1.4. Customers also have the option to purchase health, trip cancellation, or baggage insurance or to insure against additional risks (natural disasters) when ordering travel services from us. We do not collect separate personal data for insurance quotes; instead, we forward the customer’s insurance interest and contact information to the insurance provider, who is the responsible controller for insurance quotes;
4.1.5. If a customer wishes to pay for a trip with a credit card or pay for a trip in three installments, our website www.terraxplora.eu redirects to the payment solution provider Montonio’s website, which is the responsible controller for payment methods;
4.1.6. We collect IP addresses on our website www.terraxplora.eu to enhance the usability of our website;
4.1.7. We collect information about the user’s web browser (or other program used to access the Terraxplora website) and access time on our website www.terraxplora.eu to enhance the usability of our website;
4.2. Terraxplora acts as the responsible data controller and follows the principles of ensuring the confidentiality of personal data to protect individuals’ privacy. Access to modify and process personal data is limited to authorized Terraxplora personnel.
5.1. Terraxplora may disclose personal data to third parties and authorized processors for the following purposes:
5.1.1. Providing visa-required destination country embassies with the customer’s visa application data;
5.1.2. Facilitating accommodation for customers;
5.1.3. Booking train, bus, ship, or flight tickets, or excursions required during the customer’s booked trip;
5.1.4. Providing airlines or travel agencies with flight ticket orders for customers;
5.2. Whenever personal data is disclosed to third parties for the above reasons, Terraxplora makes every effort to ensure that our partners and authorized processors implement sufficient security measures for personal data protection.
6.1. When fulfilling contracts, personal data may be transmitted outside the EU or equivalent territories, such as for visa applications, providing accommodations, booking third-country domestic train, bus, ship, or flight tickets. In such cases, personal data may be transmitted to the relevant provider to fulfill the contract made between Terraxplora and the customer.
6.2. When possible, we enter into agreements with data recipients outlining personal data protection points, although this may not be possible in all cases. We cannot guarantee that all authorized providers located in third countries will process personal data in compliance with general regulations.
7.1.1. In cases of personal data requests, Terraxplora must verify that the request is made by the individual to whom the data pertains. Therefore, the requester may need to provide proof of their identity or authorization to access the data.
7.2. Data subjects also have the right to request the erasure and restriction of processing of personal data, where appropriate and where not prohibited by law.
7.3. Data subjects may, under certain conditions, have the right to receive the personal data concerning them, which they have provided to Terraxplora, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another data controller.
7.4. Data subjects have the right to lodge a complaint with the Data Protection Inspectorate regarding the processing of personal data.
8.1. Terraxplora retains personal data for as long as necessary to fulfill the purposes for which the personal data were processed.
8.2. Terraxplora securely destroys or deletes all personal data for which there is no legitimate purpose for retention.
8.3. To comply with legal requirements, we retain data according to the periods specified in the law, such as retaining payment invoices for 7 years from ticket issuance according to Estonian accounting law.
8.4. For contractual obligations, we retain personal data according to the agreed-upon timeframes in the contract.
8.5. Personal data processed based on customer consent is retained for as long as necessary to fulfill the purposes for which the personal data were processed based on the consent.
9.2.1. Necessary cookies are used for essential functions during your website visit. These include recognizing your country and language, transaction processing, identifying the website version (mobile or desktop), fraud detection and prevention, compliance, and website stability. These cookies are categorized based on the needs of maintaining the website’s functionality.
9.2.2. Performance-related cookies are used to measure our website’s performance and analyze your usage. We monitor which pages you visit, whether you encounter errors while using our website, to facilitate problem-solving on the Terraxplora website. Performance-related cookies also track how much you use different parts of the website. Typically, these cookies collect anonymous statistical data. All information is anonymous and is only used to help us enhance your experience on our website, understand your interests, and measure marketing effectiveness.
9.2.3. Functional cookies improve user-friendliness by storing information about choices made by the customer on the website. This enables us to show you more relevant and personalized information.
9.3. Users can modify their web browser’s cookie settings at any time. By changing these settings, users can block automatic cookie processing or set up notifications about cookies when accessing the website. More detailed information about cookie handling options and methods is available in the end-user’s web browser software usage guide and at www.aboutcookies.org. Not using cookies may affect the correct functioning of websites, and some services may not be accessible.
For all inquiries, concerns, or suggestions related to the processing of personal data, you can contact the responsible controller at the following contacts:
TerraXplora/Germalo Reisid OÜ
Poordi 1-26, Tallinn