Privacy Policy

Last updated: September 23, 2025

1. What is the purpose of this Privacy Policy?

This Privacy Policy (the “Policy”) describes how we collect, use, disclose, and store your personal data (the “Data”), as well as the statutory rights you have. We protect your Data in accordance with applicable data protection laws, including the EU General Data Protection Regulation 2016/679 (the “GDPR”).

2. Who is my Data Controller?

Company: Trivial OÜ
Registration: 17314412
Email address: [email protected]
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tartu mnt 67/1-13b, 10115, Estonia

3. Purposes and legal basis of processing, categories of the Data concerned

3.1 Providing travel planning services and processing your payments

When you use our travel planning services or visit our website, we process your Data in order to provide the services you have requested. This includes managing your account registration, processing bookings and payments, handling travel itineraries, sending booking confirmations and updates, and ensuring the proper delivery and performance of our services.

Legal basis for the processing	Categories of the Data concerned	Is the provision of the Data a requirement?
Contract (Article 6(1)(b) of GDPR) Legitimate interest (to provide services to entities you represent) (Article 6(1)(f) of GDPR)	Name and surname, e-mail address, telephone number, nationality, main guest details (may be same as contact person), hotel, room type, stay dates, number of guests, reservation details (e.g., booking reference, price, special requests if added), payment method selected, card or crypto details, billing address, transaction identifiers, payment provider details, order history, booking confirmations	Yes, this is a contractual requirement. If you do not provide this data, you will not be able to order our services.

3.2 Handling your inquiries, requests and complaints

When you submit an inquiry, request, or complaint, we process the Data listed below in order to provide you with appropriate support and to ensure proper handling of your case.

Legal basis for the processing	Categories of the Data concerned	Is the provision of the Data a requirement?
Consent (Article 6(1)(a) of GDPR) Legitimate interest (to handle your inquiries (Article 6(1)(f) of GDPR)	Name, surname, e-mail address, telephone number, residential or business address, the content of the inquiry, request, or complaint, information and documents related to the submitted inquiry, request, or complaint, responses, correspondence records, chat transcripts, and any other information voluntarily provided by you in the course of communication.	No

3.3 Marketing & social media

When you register on our website, provide us with your consent, or when we have a legitimate interest, we may process your Data for marketing purposes, including sending you relevant offers, updates about our or our partners’ services and goods, and requests for feedback about the services we provide. In addition, when you interact with our social media accounts, we process the Data generated from these interactions in order to administer and improve our social media presence and to communicate with you effectively.

Legal basis for the processing	Categories of the Data concerned	Is the provision of the Data a requirement?
Consent (Article 6(1)(a) of GDPR) Legitimate interest (to inform you about our services and goods) (Article 6(1)(f) of GDPR) Customer relationship (Article 13(2) of the e-Privacy Directive 2002/58/EC)	Name and surname, e-mail address, telephone number, demographic information (age, gender, location, language preferences), communication preferences and consents, social media identifiers and usernames, profile information (profile photo, description, public interests), comments, reactions, messages sent to us, our replies to your messages, participation in surveys, promotions, contests, reviews, testimonials, and events, browsing behaviour on our websites and apps, interactions with marketing communications, device and technical data (IP address, device type, operating system, browser type, advertising identifiers, cookies, pixel tags, and similar technologies), geolocation data (if enabled), social media engagement statistics, ratings	No

3.4 Security, functionality, and improvement of our services and products

To ensure the security, stability, and proper functioning of our website, mobile application, and products, as well as to protect against fraud, abuse, and unauthorized access, we automatically collect and process certain technical and usage-related data. This information also helps us monitor performance, detect errors, implement product upgrades, develop new features, and improve the overall user experience.

Legal basis for the processing	Categories of the Data concerned	Is the provision of the Data a requirement?
Legitimate interest (to ensure the security, proper functioning, and continuous improvement of the website, mobile application, and products) (Article 6(1)(f) of GDPR)	IP address, device identifiers, device type and model, operating system and version, browser type and version, screen resolution, language settings, time zone, login data, session identifiers, cookies and similar tracking technologies, browsing and interaction data on the website, in the mobile app, and with product features, referrer URL, geolocation data (if enabled), network and connection information, log files, error and crash data, authentication and access records, user account activity (including login attempts), order history (to detect suspicious or unusual activity), feedback and in-app behavior related to product usage	No

3.5 Recruitment

When you apply for a vacant position in our company or when we contact you regarding job opportunities, we process your Data related to the recruitment process.

Legal basis for the processing	Categories of the Data concerned	Is the provision of the Data a requirement?
Consent (Article 6(1)(a) of GDPR) Legitimate interest to contact you regarding job opportunities in our company (Article 6(1)(f) of GDPR	Name, surname, place of residence or residential address, e-mail address, telephone number, information about work experience (employer, period of employment, position, responsibilities, achievements), information about education (educational institution, period of study, degree and/or qualification obtained), information about training (courses attended, certificates obtained), information about language skills, IT skills and other competences, other information provided in the CV, cover letter or other application documents, name of the referee/recommending person, content of the recommendation, summary of the interview, notes and opinions of the recruiter, results of candidate testing.	No

3.6 Compliance with legal requirements and defence of our legal interests

We will retain the Data in accordance with statutory limitation periods to defend our rights and legal interests if necessary. Some data must be retained to comply with legal requirements in accounting, archiving, and other areas. In rare cases, if you become involved in a legal process to which we are a party, we will use this data for that legal process.

Legal basis for the processing	Categories of the Data concerned	Is the provision of the Data a requirement?
Legal obligation (Article 6(1)(c) of GDPR) Legitimate interest in protecting our rights and legal interests (Article 6(1)(f) of GDPR)	Name, surname, email address, contracts, legally binding documents and data, correspondence, legal documents, pleadings, annexes, court documents, investigative information, information about convictions and criminal offences, information about the IT and communication tools we have provided to you, username, password, correspondence, information about the use of the IT and communication tools, logs, possible breaches and incidents, and any other Data provided and collected	When the processing of your Data is required under applicable laws, providing this data becomes a legal necessity. If you are unable to provide this data, unfortunately, we will not be in a position to offer our services to you.

4. How long do you keep my Data?

We retain the Data in a form that allows your identity to be determined no longer than necessary for the purposes for which the Data is processed, and in accordance with legal requirements:

We store information related to the provision of travel planning services for 10 years from the date of the end of business relations with the client;
For managing our recruiting and processing employment applications we will retain the information that we have obtained via our recruitment processes for 6 month after the end of the relevant selection process. If you give your consent, we keep the data for 3 years;
We will use your information for marketing purposes as long as you are our customer or have given us consent, and 3 years thereafter, unless you inform us that you no longer wish to receive such information from us;
We will retain other information necessary for the protection of our legal interests for 10 years after the termination of relationship with you.

5. Where do you collect my Data from?

We collect most of the Data from you. Where necessary for the purposes set out below, we collect Data from other sources.

Source of origin of data	Purpose of processing
Recruitment agencies, job search portals, professional social networks (e.g. LinkedIn)	Recruitment
Health care institutions	Investigation of workplace accidents
State labour, social security, tax, supervisory authorities, police, prosecutors, courts, law enforcement and other state and municipal authorities, participants in legal proceedings and their representatives	Compliance with legal requirements and defence of our legal interests

6. Who do you share my Data with?

Where necessary for the above purposes and subject to applicable law, we share data with the following recipients.

Recipients or categories of recipients	If the Data are to be transferred to a third country or an international organisation:
	Third country	Safeguard measure or exemption allowing the transfer
Lawyers, notaries, bailiffs, data protection officers, auditors, tax, business, HR and other consultants	---	---
Providers of IT tools and services, electronic communications service providers, payment and baking service providers, travel agencies and service providers, insurance companies, archiving and other service providers	---	---
State labour, social security, tax, supervisory authorities, police, prosecutors, courts, law enforcement and other state and local authorities	---	---
Decentralized UAB (CoinGate) (cryptocurrency and payment processing service provider)	---	---
Better Stack (system availability monitoring service provider)	---	---
Amazon Web Services, Inc. (cloud service provider)	USA	EU Standard Contractual Clauses
Google Inc. (IT infrastructure and services provider)	USA	EU Standard Contractual Clauses
GoDaddy Inc. (domain management service provider)	USA	EU Standard Contractual Clauses
Cloudflare Inc. (DNS management and web application firewall service provider)	USA	EU Standard Contractual Clauses
Linear Operations Inc. (issue tracking and task manger service provider)	USA	EU Standard Contractual Clauses
Raintank Inc. (Grafana Labs) (cloud observability service provider)	USA	EU Standard Contractual Clauses
PostHog Inc. (product analytics service provider)	USA	EU Standard Contractual Clauses
Functional Software Inc. (Sentry) (software performance monitoring and error tracking service provider)	USA	EU Standard Contractual Clauses
Facebook (Meta) (social media service provider)	USA	EU Standard Contractual Clauses
LinkedIn (social media service provider)	USA	EU Standard Contractual Clauses
Potential or actual purchasers of the business or part of it and their authorised advisers or representatives	Various	EU Standard Contractual Clauses

7. What rights do I have in relation to the processing of my Data?

My right	Summary
Right of access	The right to obtain confirmation from us as to whether Data relating to you is being processed and, if such Data is being processed, the right to have access to the Data and information about the processing.
Right to rectification	The right to require us to rectify inaccurate Data relating to you.
Right to erasure ('right to be forgotten')	when Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; when you withdraw consent on which the processing of Data is based and there is no other legal ground for the processing; when you object to the processing of Data and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes; where the Data have been unlawfully processed; where the Data have to be erased for compliance with a legal obligation; where the Data have been collected in relation to the offer of information society services directly to a child and subject to a consent.
Right to restriction of processing	where the accuracy of the Data is contested by you; where the processing of Data is unlawful and you oppose the erasure of the Data and request the restriction of their use instead; where we no longer need the Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; where you have objected to the processing of the Data and until it has been verified whether our legitimate interests override yours.
Right to data portability	where you seek to receive the Data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means.
Right to object	where the collection and use of the Data is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, including profiling, as explained in Section 3 of this Privacy Policy, or where you object to the collection of your data for direct marketing purposes.
Right to withdraw consent	where the processing of Data is based on consent, as explained in Section 3 of this Privacy Policy, and you seek to withdraw it at any time.
Right to lodge a complaint	The right to lodge a complaint with a supervisory authority.

8. Does your website place cookies on my device?

Yes, our website places the following cookies on your device:

Purpose of processing	Cookie	Category	Whether third parties will have access to the information	Duration of operation
To analyze visitor behavior on the website	ph_phc_WFa3ONmlKaxEehQy6ebm0BnDwvfccJxWpYI79rsDAVo_posthog	Analytics	Yes	1 year

9. How can I manage cookies?

You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. You can control the use of functionality cookies, targeting cookies or advertising cookies by adjusting your browser settings. To find out how to manage cookies in your browser, please visit one of the links below:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Google Chrome: https://support.google.com/chrome/answer/95647
Opera: https://www.opera.com/help/tutorials/security/privacy
Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-information-sfri11471/mac

10. Automated decision-making, including profiling

No, we do not make decisions based solely on automated processing of Data, including profiling, which would produce legal effects concerning you or similarly significantly affects you.

11. Can this Policy be amended?

We may amend this Policy unilaterally from time to time. Any such amendments will take effect immediately upon publication. Therefore, please visit our website at https://trip1.com regularly to review the latest version of this Policy.