Last revision: 20th of March 2020

Tour Desk ehf. (“TourDesk”, “We”, “Us”, “Our”) is committed to protecting your privacy and data. We know that your privacy is very important to you and have set up this policy to help you understand what information we collect, how we use that information, who can access it, where and what information is shared, and how we protect that information. This policy applies to all TourDesk systems/applications including white label sales portals, Agent systems, API, customer support, phone service, registration process, and checkout.

Our clients’ data security is of great importance to us. We are aware that some of the information collected, processed, and presented through Tour Desk services could be regarded as personal data. We are determined to protect it to the fullest extent possible and have taken the appropriate steps to ensure we are compliant with the General Data Protection Regulation (GDPR).

The types of information we collect
Information that you give us: When you make a purchase or you register as an affiliate or supplier we collect the information that you give us. That information may include…

• Identity Data may include First Name, Last Name, and Company Name.
• Contact Data may include Email address, phone number, company email address, and company phone number.
• Transaction Data may include details about payments for services.
• Profile Data may include the size of the hotel, company homepage, supplier system, country, operating regions, and time zone.

Information that we collect while you use our services: While using our we might collect information on your use. That may include information about your device, your location, or logs on information changed.

When signing in to the Agent system we will store information about your IP address, product model, operating system, browser type, and browser version as well as what times you signed in.

Your purchasing: When completing a purchase through checkout or the agent system we will store information on your IP Address. The IP address might be used to determine the country your purchase was made.

Your card details are not stored with TourDesk. At the time of purchase, they are sent directly to a card acquirer. Your name, email, or phone number is not sent to the acquirer. All our card acquirers are PCI-certified. They store your card information and give us a virtual number for later use.

We store that virtual number along with the last 4 digits of your card number. In case of cancellations or other problems, this allows us to refund directly to your card without you having to give out your card details to a support personnel.

Information collected by TourDesk and its partners using Google Analytics: Our website places a cookie on the hard drive of your computer. A "cookie" is a file that allows us to track and target the interests of users. In addition, our website uses third-party cookies from Google Analytics, including the following features:

Google Analytics Demographics - This gives us insight into behavior information relating to visitor age, gender, and interests on an anonymous and aggregate level. This will help us to understand browsing behavior to give you a better experience whilst visiting our sites.

Cookies are used to analyze your use of our website, how you came to find it, and what, if anything, you might have purchased. The information we collect and share with third parties through cookies is aggregated and therefore anonymous. You can access information about Google's Privacy Policy here.

At any time, you may choose to opt out of Google Analytics tracking with the Google Analytics opt-out browser add-on.

Our reseller partners can add their own Google Analytics tracking code to their reseller pages. Giving them access to the same information mentioned above.

2. How we use your information

We use the information that you give us and the information we collect to deliver, maintain, and improve our services. We also use this information to provide you with services that you request, develop new services, suggest personally relevant features, offer you customized content, provide you with tailored advertising, protect Tour Desk and our users, and investigate and prevent activities that are potentially illegal or that violate our user agreements or terms of use. Whenever you contact us, we use the information that you provide to us to help resolve issues you might be having when you use our services. We also use information, such as your email address, to respond to you when you contact us, to let you know about changes to our policies and terms, to let you know about changes or improvements to our services, and to inform you about other services that we offer. 

We may use cookies, or other similar technologies, on some of the features of our services. Cookies are small files that are typically downloaded to the browser application on your device. Cookies help us to ensure the safety and smooth functioning of certain features of our services and they also help us to collect information about your user preferences. We sometimes use information collected from cookies to improve your user experience and the quality of our services. For example, by saving your user preferences, we may be able to customize our services in ways that you prefer. You may be able to disable cookies in your browser settings or set your browser to alert you when cookies are being used. If you disable cookies, you may not be able to use all of the features of our services.

Some web browsers may transmit "do not track" signals. We currently do not take action in response to these signals. Analytics providers are third-party companies that collect information when you use some of our services. These companies use cookies, web beacons, software development kits (SDKs), and similar technologies to collect and analyze crash reports, keep track of what content or ads you view, how long you spend on different pages, how you arrived on a particular page and how you respond to the ads we show you. Analytics providers may combine the information they collect from our services with other information they collect from other sites and services. The practices of these third-party analytics providers are governed by their privacy policies. The analytics providers with whom we work include but are not limited to, the companies listed below. Some of these companies, including those listed on the page linked below, may give users choices about how they collect and use your information. By browsing our sites you accept our cookie policy.www.tourdesk.io/Docs/CookiePolicy

We also may permit our partners/resellers to set their analytics tracking cookies like Google Analytics or Facebook Pixel. These will also be on an opt-in basis.

3. How is your information shared
We may share your information for legal and business purposes, such as complying with legal processes, responding to claims or inquiries, enforcing our terms, or protecting the rights, property, or personal safety of our operations, our users, or the public. Your information may also be shared as part of any sale or transfer of company assets if legally permitted. When you make a purchase your Name, Email address, phone number, and what you purchased will be accessible by the agent of the reseller you bought through (for example, your hotel). This does not include your credit card information as that information is not stored with Tour Desk. Agent access to their reseller system is logged by TourDesk. The same information is also shared with the supplier through the supply system they are using and would then fall under the privacy policy of that system. See a list of supported supplier systems here.www.tourdesk.io/Docs/SupplierSystems

Tour Desk does not store your credit card or other payment information. TourDesk uses PCI-certified acquirers that store your information according to the PCI regulations. They return to us a virtual number that we store along with the last 4 digits of your card number for identification. See a list of Tour Desk’s acquirers here.www.tourdesk.io/Docs/PaymentAcquirers

Tour Desk employees will have access to your name, email address, phone number and purchase history through TourDesk's internal administration system. Employee access to the internal administration system is logged.

4. Your choices

In some cases, you may choose what information we are allowed to collect and how that information is shared.

You are not able to opt out of your payment details being shared with the acquirer as the payment can’t be processed without going through the acquirer.

5. Security

We have implemented administrative, physical, and technical security measures that are designed to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. All your passwords are stored salted with a running encryption key. You should understand though that, despite our efforts, no security can be guaranteed as impenetrable.

Payment information, such as credit card numbers or CVC codes is not stored with TourDesk.

All of our internet-accessible applications communicate through SSL on a 2048-bit encrypted connection.

6. Changes to this policy

TourDesk might need to change this privacy policy. When we make changes to this policy we’ll update the “Last Revision” date at the top of this document. If we make any material changes to how we use or share past collected data about you this change will be shared with you through email to your last known email address before it is implemented.

If you are a partner or have a user account with Tour Desk we will send any updates made to the privacy policy to your email address.

7. GDPR

All of our customers and partners will enjoy the same data protection regulations according to the EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”)) as such we are a ‘data controller’ of your personal information.

How you can access your personal information
You are also entitled to ask us to port your personal information (i.e. to transfer in a structured, commonly used, and machine-readable format, to you), to erase it, or restrict its processing. You also have the right to object to some processing that is based on our legitimate interests, such as profiling that we perform for direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent as more fully described below.
These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your personal information. In some instances, this means that we may retain some data even if you withdraw your consent.
Where we require your personal information to comply with legal or contractual obligations, then the provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you or to meet obligations placed on us. In all other cases, the provision of requested personal information is optional.
If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.

If you wish to exercise any of the above rights, please get in touch with us.

We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

8. Contact information

If you have any questions, concerns, or comments regarding this privacy policy or any of our privacy practices, please get in touch with us

via email at info@tourdesk.io,
via phone at +354 553 4321,
or via regular mail at Tour Desk ehf., Lækjartorg 5, 101 Reykjavík, Iceland.