Privacy Policy

Since 25 May 2018, the provisions of the EU General Data Protection Regulation (GDPR) apply. Hereinafter, we would like to inform you about the processing of personal data carried out by Viatu AG (‘Viatu) in accordance with this regulation. Please read our privacy policy carefully. If you have any questions or comments about this privacy statement, you can always address them to the email address indicated in section 2.

Overview

The following data protection information informs you about the type and extent of the processing of so-called personal data by Viatu. Personal data is information that is or can be directly or indirectly attributed to your person.

What is personal data?

Personal data is any information relating to an identified or identifiable natural person (hereinafter the "data subject"). This includes information such as your name, address, postal address, IP address, telephone number or your email address. Information that is not directly related to your real identity (such as favourite websites or number of page users) is not covered.

What is anonymised data?

With each access to the content of our online offering, general information is automatically stored (for example number and duration of the users of individual pages etc.). This data is not personal because it does not relate to an identified or identifiable natural person. It is therefore processed anonymously. Information of this type serves statistical purposes only and will be used by us to optimise our website.

The data processing on the platforms of Viatu can essentially be divided into two categories:

  • For the purpose of providing our offer, in particular for the development of tailor-made travel offers and the conduct of travel, all necessary data will be processed by Viatu. That way, we can guarantee the best possible service to our customers and potential customers. If third parties, e.g. tour operators, subcontractors, etc., are involved in the respective order or the conduct of the trip, your data will be passed on to the respective extent required.

  • By visiting the website www.viatu.com different information between your device and our server will be exchanged. This can also be personal data. The information collected in this way will be used to optimise our website or to display advertisements in the browser of your device.

According to the provisions of GDPR, you have various rights that you can assert against us. This includes, inter alia, the right to appeal against selected data processing, in particular data processing for advertising purposes. The possibility of contradiction is emphasised by printing technology. If you have any questions about our privacy policy, you can always contact our company data protection officer. The contact details can be found below.

Name and contact details of the controller and the data protection officer

This privacy policy applies to the processing of data by Viatu, Neugasse 6, 6300, Zug, Switzerland, and to our website www.viatu.com. The data protection officer of Viatu may be contacted at the above address, attn: Department Privacy or dataprotection@viatu.com.

Purposes of data processing, legal bases and legitimate interests pursued by Viatu or a third party as well as categories of recipients

Visiting our website

When you visit our website, the browser used on your device automatically sends information to the server of our website and temporarily stores it in a so-called log file. We have no influence over this. The following information will also be collected without your intervention and stored until automated deletion:

  • The IP address of the requesting Internet-enabled device
  • The date and time of access
  • The website from which the access was made (referrer URL)
  • Own campaign ID
  • The browser you use and, if necessary, the operating system of your Internet-capable computer as well as the name of your access provider.

The legal basis for the processing of the IP address is art. 6 para. 1 lit. f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point, we cannot draw any conclusions about your identity from the data collected and that we will not be drawn by it.

The IP address of your device and the other data listed above are used by us for the following purposes:

  • Ensuring a smooth connection setup
  • Ensuring comfortable use of our website
  • Evaluation of system security and stability
  • Other administrative purposes

The data is saved for the duration of the session and automatically deleted when the browser is closed. We also use cookies, tracking tools and a CRM system for our website. What exact procedures these are and how your data is used for this purpose will be explained in more detail in section 3.4 below.

Data processing for the provision of our offer and for the execution of the contract

Data processing for the determination of travel ideas in the questionnaire

The purpose of Viatu is to offer tailor-made trips into wild destinations. The aim is to be able to offer the interested party an individual journey orientated to his or her preferences and needs. For this purpose, we enable customers to customise an itinerary through our trip-builder, information which is then captured by Viatu.

The legal basis for this is art. 6 para. 1 lit. b) GDPR. As far as we do not use your contact data for advertising purposes (see below 3.3.) we store data collected from the questionnaire until the expiry of the statutory limitation period. After this period expires, we will retain the information required by commercial and tax law of the contractual relationship for the statutory periods. For this period (usually ten years from the conclusion of the contract), the data will be reprocessed in the event of a review by the tax authorities.

Data processing for individual travel advice

Once the customer has chosen their travel plans, accommodation and car rental service, our respective country experts will contact you to confirm the availability of all the chosen services. The trip will be confirmed after the full payment of the total booking. If you have decided to send an enquiry and use the services for individual travel advice and planning, we will try to do so on the basis of art. 6 (1) lit. a) and lit. b) GDPR together with you to identify important key data and circumstances for travel planning. The purpose of this processing is to provide you with the best possible service. In particular, the following data can be processed here:

  • Type of trip (round trip, safari, etc.),
  • Estimated travel time,
  • Number of travellers
  • Preferred destinations,
  • Type of accommodation,
  • Culinary preferences.

The data collected in this way will be stored until the expiry of the statutory limitation period. After this period expires, we will retain the information required by commercial and tax law of the contractual relationship for the statutory periods. For this period (usually ten years from the conclusion of the contract), the data will be reprocessed in the event of a review by the tax authorities.

Data processing for payment via Stripe

If a customer decides to pay by credit card, we will be required to ensure smooth payment processing and on the basis of art. 6 para. 1 lit. b) GDPR transmit the customer provided payment data such as name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number to our payment service Stripe, 510 Townsend St, San Francisco, CA 94103, United States (hereinafter "Stripe"). The data is used by Stripe exclusively for the implementation and realisation of the respective payment transaction and securely transmitted via the "SSL" encryption method. Stripe is certified as a service provider based in the United States. For more detailed information on privacy at Stripe, see the privacy statement of the provider or directly through the privacy officer of the provider, who may be contacted via info@stripe.com or the above mentioned address.

Data processing for contract execution

If you decide to book an individual trip, we proposed, we will use your data on the basis of art. 6 (1) lit. b) using GDPR for contract fulfilment, especially to plan and prepare your planned activities and where relevant, your flights. The necessary data, such as:

  • First name and surname,
  • Address,
  • Date of birth,
  • Arrival and departure day,
  • Passport number

will be sent to the companies involved to the necessary extent, such as affiliated tour operators, airlines, hotels, tour operators on site, shuttle service etc. The transfer is required to carry out the individual activities and thus serves the smooth completion of the contract. Together with our partners, we have concluded a contract for the commission processing according to the GDPR, which is why your data is only processed according to instructions. We store this travel master data until the expiry of the statutory limitation period. After this period expires, we will retain the information required by commercial and tax law of the contractual relationship for the statutory periods. For this period (usually ten years from the conclusion of the contract), the data will be reprocessed in the event of a review by the tax authorities.

Data processing for customer support, customer care or newsletter delivery

Newsletter registration via Double-Opt-In

On our website we offer you the possibility to subscribe to our newsletter. In order to make sure that no mistakes were made when entering the email address and that this is also attributable to the actual owner, we use the so-called double opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your email address be added to our mailing list. You can revoke your consent for future newsletters at any time. For this, send a short note by email to the email address info@viatu.com.

Freshworks

In order to manage our customer information and prospects, we use the Freshworks CRM platform, a service of freshworks.com. This helps us to record customer data, to communicate with the customer, to document this contact, and to create offers corresponding to the wishes.

If you have contacted us, for example via the questionnaire, the following data will be processed via the servers of Freshworks:

  • Surname,
  • E-mail address,
  • Travel request (destination, travel time, travel type, etc.),
  • Offers for the customer,
  • Data transmitted by the customer through the telephone (if applicable)
  • Data on the interactions with emails from Viatu.

This processing is based on art. 6 para. 1 lit. b) and lit. f) GDPR and serves the improvement of our services as well as the customer service, which is to be regarded as our legitimate interest. Freshworks is certified under the Privacy Shield Framework and thus complies with European standards for lawful order data processing. Additional information about Freshworks and privacy at Freshworks can be found in the Freshworks Privacy Statement. You can object to this processing at any time. For this, please use the contact options of our company data protection officer - dataprotection@viatu.com.

Online appearance and website optimisation

Cookies - General Information

We rely on our website on the basis of art. 6 para. 1 lit. f GDPR so-called cookies. Our interest in optimising our website is considered to be justified in the sense of the aforementioned provision. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software. Information is stored within the cookie, each resulting in connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity. The use of cookies mainly serves to make the use of our offer more pleasant for you.

Session cookies

When visiting our website, we use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after leaving our page. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a note always appears before a new cookie is created. However, disabling cookies completely may mean that you cannot use all features of our website. The storage period of cookies depends on their purpose and is not the same for all of them.

Google Tag Manager

We manage website tags (website code) with Google Tag Manager. These facilitate the administration and further development of our offer and shorten loading time. The Google Tag Manager only implements website code. The Google Tag Manager does not set cookies and does not collect personally identifiable information. The tool merely integrates website code that we have stored elsewhere that may be used to collect data. The tool only serves to facilitate the modulation of the respective code, but does not itself access the data processed by the code. We will inform you about all integrated tags in this privacy policy. For more information about the Google Tag Manager and its usage policies, visit the Google Sites.

Google Ads Conversion-Tracking

In order to control and improve our campaigns, we use, on the basis of Art. 6 para. 1 lit. f) GDPR the online advertising program "Google Ads" as well as the analysis tool Conversion-Tracking, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter: "Google"). When you click on an ad served by Google, a conversion tracking cookie will be placed on your machine. The information generated by the cookie:

  • Browser type / version,
  • Used operating system,
  • Location,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of server request,

are transmitted to a Google server in the US and stored there. These cookies lose their validity after 30 days, contain no personal data and are thus not used for personal identification. If you visit certain web pages on our website and the cookie has not expired, Google and we may recognise that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. Thus, there is no way that cookies can be tracked through the websites of advertisers. The information obtained through the cookie is used to generate conversion statistics for us as advertisers. This tells us the total number of users who clicked on our ad and were redirected to a conversion tracking tag page. However, we do not receive any information that personally identifies users. This processing for behavioural and interest-based advertising purposes is, according to recital 47 of the GDPR, to be regarded as our acknowledged legitimate interest.

You can prevent this processing in advance by generally preventing the installation of cookies by a browser setting of your browser (deactivation option) or by setting these cookies so that cookies from the domain googleleadservices.com. You can also opt out of processing by setting Sliders Off in Google Preferences.

Google Analytics

For the purpose of the needs-based design and continuous optimisation of our websites, we use the basis of Art. 6 para. 1 lit. f) GDPR Google Analytics Analysis Service, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as:

  • Browser type / version,
  • Device Name
  • Used operating system,
  • Referrer URL (the previously visited page),
  • Keywords / specific query,
  • Service providers,
  • Host name of the accessing computer (IP address),
  • Time of server request,

are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on the activities and to provide other services related to the use of the website and the internet for the purposes of market research and the needs-based design of these websites. This information may also be transferred to third parties if required by law or if third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymised, so that an assignment is not possible (so-called IP masking).

You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of our website may function as intended. 

Facebook Custom Audiences

For the target group-optimised modulation of Facebook campaigns and the measurement of their conversion, we use on the basis of Art. 6 para. 1 lit. f) GDPR so-called Facebook Lookalike audiences offered to us by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, (hereinafter "Facebook"). Further information on Facebook's Look Alike campaigns can be found at: https://www.facebook.com/business/help/365463786964246. This processing for behavioural and interest-based advertising purposes is, according to recital 47 of the GDPR, to be considered as our acknowledged legitimate interest, In the event that you belong to the Facebook Lookalike audience, we will forward your email address and device ID to Facebook. You may opt-out of this specific data processing at any time by either changing your Facebook settings: https://www.facebook.com/settings/?tab=ads or informing us that you no longer wish to do so in the future. For this please use the contact options of our company data protection officer.

Mapbox Integration

On our website, we use the basis of Art. 6 para. 1 lit. f) GDPR the Mapbox API operated by Mapbox Inc. This allows us to show you interactive maps directly in the website and allows you to conveniently use the map feature. In this context, a cookie may be used. The information generated by the cookie about your use of our website may include:

  • The visit of the corresponding subpage,
  • Browser type / version,
  • Used operating system,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request

This processing to improve our site and the user experience is to be considered as our acknowledged legitimate interest. For more information about Mapbox privacy please refer to the Mapbox Privacy Policy.

Consignees outside the EU

Some of our suppliers of software products are based in the United States. In these instances, the data transmission takes place in accordance with the principles of the EU & Swiss Privacy Shield. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/welcome.

Your rights

Overview

In addition to the right of revocation of your consent granted to us, you are entitled to the following further rights if the relevant legal requirements apply:

  • Right to information about your personal data stored with us in accordance with. Art. 15 GDPR,
  • Right to correction of incorrect or to the completion of correct data acc. Art. 16 GDPR,
  • Right to delete your stored data in accordance with. Art. 17 GDPR,
  • Right to restriction of the processing of your data acc. Art. 18 GDPR,
  • Right to data portability acc. Art. 20 GDPR.

To assert your rights a short notice to our data protection officer is sufficient via email dataprotection@viatu.com or by post to Viatu, attn: Neugasse 6, 6300, Zug, Switzerland,

General right of objection

Under the conditions of Article 21 (1) GDPR data processing can be objected to for reasons that arise from the particular situation of the person concerned.

The above general right of objection applies to all processing purposes described in this privacy policy, which are based on Art. 6 para. 1 lit. f) GDPR. Unlike the special right of objection directed to the processing of data for advertising purposes (see above), according to the GDPR, we are only obliged to implement such a general objection if you give us reasons of overriding importance (eg a possible danger to life or health). In addition, it is possible to contact the supervisory authority responsible for Viatu, the Swiss Commissioner for Data Protection and Freedom of Information via e-mail info@edoeb.admin.ch

Data security

All personally transmitted data, including your payment data, will be transmitted using the common and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard, e.g. is also used in online banking. You will see a secure SSL connection, including the attached “s” at the http (i.e. https: // ...) in the address bar of your browser or the lock icon at the bottom of your browser.

Incidentally, we use appropriate technical and organisational security measures to protect your personal data stored against us against manipulation, partial or complete loss and against unauthorised access by third parties.