Politique de confidentialité
Dernière mise à jour : 6 avril 2026
Protecting your personal data is a priority for Authentic Day Tour. We are committed to transparency about how we collect, use, and share your information. This Privacy Policy explains how Authentic Day Tour, LLC ("Authentic Day Tour," "we," "us," or "our") processes your personal data when you use our website museumticket.istanbul (the "Platform") and the services we offer through it, including the purchase of museum tickets, attraction entries, and guided tour experiences in Istanbul, Turkey.
This Privacy Policy also informs you of your rights regarding your personal data and how to contact us.
By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Platform.
This Privacy Policy has been drafted in, and shall be construed in, the English language. This Privacy Policy may be translated into other languages for your convenience. In the event of any discrepancy, inconsistency, or conflict between the English version and any translated version, the English version shall prevail and govern the interpretation and enforcement of this Privacy Policy. Any legal proceedings arising from or related to this Privacy Policy shall be conducted based on the English version.
I. DEFINITIONS
The following terms are used throughout this Privacy Policy:
"Authentic Day Tour" refers to Authentic Day Tour, LLC, the company that operates the Platform.
"Booking" refers to the purchase of a museum ticket, attraction entry, or guided tour experience through the Platform.
"GDPR" refers to the General Data Protection Regulation (EU) 2016/679.
"Personal Data" refers to any information relating to an identified or identifiable natural person, as defined under the GDPR.
"Platform" refers to the website museumticket.istanbul, including all pages, features, and services accessible through it.
"Tour Guide" refers to the professional tourist guides who provide guided tour experiences or facilitate physical ticket pickups on behalf of Authentic Day Tour.
"Venue Operator" refers to the museums, attractions, and other venues whose tickets or experiences are offered through the Platform.
"You" or "Your" refers to any individual who accesses or uses the Platform, whether as a visitor, registered user, or customer.
II. CONTROLLER AND CONTACT
The controller responsible for processing your Personal Data is:
Authentic Day Tour, LLC
United States of America
Email: [email protected]
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your Personal Data, please contact us at the email address above.
III. INFORMATION WE COLLECT
We collect Personal Data in the following ways:
1. Information You Provide to Us
When you interact with our Platform, you may voluntarily provide us with the following Personal Data:
- (a) Account Registration
When you create an account on the Platform, we collect:
- Email address (via email magic link authentication)
- Name and profile information (via Google Sign-In, if you choose this method)
If you register using Google Sign-In, we receive your name, email address, and profile picture from Google. We use this information solely to create and manage your account.
- (b) Booking Information
When you purchase a ticket or book an experience through the Platform, we collect:
- First and last name
- Email address
- Phone number
This information is necessary to process your Booking, deliver your tickets, and communicate essential Booking-related information to you.
- (c) Customer Service Communications
If you contact us for support or with inquiries — whether via email, our live chat system, or WhatsApp — we may collect any information you provide during that communication, including your name, email address, phone number, booking details, and the content of your message or chat transcript.
2. Information Collected Automatically
When you visit the Platform, certain information is collected automatically through cookies and similar technologies:
- (a) Device and Browser Information
- Browser type and version
- Operating system
- Device type (desktop, mobile, tablet)
- Screen resolution
- (b) Usage Information
- Pages visited and interactions on the Platform
- Referring URL (the website that directed you to the Platform)
- Date and time of your visit
- Duration of your visit
- Click patterns and scrolling behavior
- (c) Network Information
- IP address
- Approximate geographic location (derived from IP address)
- Language preferences
We collect this data to ensure the proper operation and security of the Platform, to analyze usage patterns, and to improve our services. The legal basis for this processing is our legitimate interest in maintaining and improving the Platform (Art. 6(1)(f) GDPR).
IV. HOW WE USE YOUR INFORMATION
We only process your Personal Data when we have a valid legal basis to do so under the GDPR. The legal bases we rely on are outlined below for each processing purpose. For more information on the legal bases for processing under the GDPR, see: https://gdpr-info.eu/art-6-gdpr/
We use the Personal Data we collect for the following purposes:
1. Booking Fulfillment and Service Delivery
We process your name, email address, and phone number to complete and manage your Bookings, issue e-tickets, send booking confirmations, and communicate important updates related to your Bookings (e.g., schedule changes, meeting point details).
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
2. Booking Confirmations and Communications
Upon completing a Booking, we send you a confirmation and your e-ticket(s) via email and, where you have provided your phone number, via WhatsApp. We may also use these channels to send you important updates related to your Booking, such as schedule changes, meeting point instructions, or cancellation and exchange notifications.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
3. Booking Cancellations and Exchanges
If you cancel a Booking, we process your Personal Data to handle your cancellation request and, where applicable, issue a refund. Cancellations made at least 24 hours before the scheduled experience are eligible for a full refund. If less than 24 hours remain and you have not yet viewed your ticket, you may be eligible to exchange your Booking for a different museum or experience. We retain cancellation records as part of your Booking data for the period specified in Section X (Data Retention).
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
4. Account Management
We process your registration data to create and maintain your account, enable you to view your booking history, and provide a personalized experience on the Platform.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
5. Customer Support
We process information you provide in your communications with us — via email, live chat, or WhatsApp — to respond to your inquiries, resolve issues, and improve our support services.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and our legitimate interest in providing effective customer support (Art. 6(1)(f) GDPR).
6. Platform Security, Fraud Prevention, and Bot Protection
We process automatically collected data (such as IP addresses, usage patterns, and behavioral signals) to protect the Platform against fraud, unauthorized access, automated bot attacks, and other security threats. This includes the use of Vercel Firewall to detect and block suspicious traffic and automated requests before they reach the Platform (see Section VIII for details).
Legal basis: Our legitimate interest in ensuring the security of the Platform (Art. 6(1)(f) GDPR).
7. Analytics and Platform Improvement
We process anonymized and aggregated usage data to understand how the Platform is used, identify areas for improvement, and enhance the overall user experience.
Legal basis: Our legitimate interest in improving our services (Art. 6(1)(f) GDPR).
8. Advertising Measurement
We use tracking technologies (such as Meta Pixel) to measure the effectiveness of our advertising campaigns. This helps us understand how users interact with the Platform after viewing or clicking on an advertisement.
Legal basis: Your consent (Art. 6(1)(a) GDPR), obtained through our cookie consent mechanism.
9. Legal Compliance
We may process your Personal Data when required to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
Legal basis: Compliance with a legal obligation (Art. 6(1)(c) GDPR).
V. COOKIES AND TRACKING TECHNOLOGIES
We use cookies and similar tracking technologies to operate the Platform, analyze usage, and measure advertising effectiveness. When you first visit the Platform, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies.
1. Categories of Cookies
- (a) Strictly Necessary Cookies
These cookies are essential for the Platform to function properly. They enable core features such as page navigation, secure access, session management, and booking processing. These cookies cannot be disabled, as the Platform cannot function without them. No consent is required for these cookies.
- (b) Analytical Cookies
These cookies help us understand how visitors interact with the Platform by collecting and reporting information about usage patterns. The data collected is aggregated and anonymized wherever possible. These cookies are only placed on your device if you provide your consent through our cookie consent mechanism.
- (c) Marketing Cookies
These cookies are used to measure the effectiveness of our advertising efforts and to understand user behavior across the Platform. They may be set by us or by third-party providers operating on our behalf. These cookies are only placed on your device if you provide your consent through our cookie consent mechanism.
2. Tracking Technologies We Use
- (a) Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), to analyze usage of the Platform. Google Analytics uses cookies to collect information about your interactions with the Platform, including your IP address (which is anonymized). This data is used to generate reports about Platform activity and user behavior. Google may process Personal Data in countries outside the European Economic Area, specifically in the USA. Google participates in the EU-U.S. Data Privacy Framework, ensuring that transferred Personal Data is adequately protected.
For more information: https://policies.google.com/privacy
- (b) Google Tag Manager
We use Google Tag Manager, provided by Google, to manage tracking tags and scripts on the Platform. Google Tag Manager itself does not collect Personal Data, but it facilitates the deployment of other tracking technologies described in this section.
For more information: https://policies.google.com/privacy
- (c) Meta Pixel
We use Meta Pixel, a tracking technology provided by Meta Platforms Ireland Limited ("Meta"), to measure the effectiveness of our advertising on Meta's platforms (Facebook and Instagram). Meta Pixel collects data about your interactions with the Platform after you view or click on one of our advertisements. This data is transmitted to Meta in a pseudonymized form. Meta may process Personal Data in countries outside the European Economic Area, specifically in the USA. Meta participates in the EU-U.S. Data Privacy Framework, ensuring that transferred Personal Data is adequately protected.
For more information: https://www.facebook.com/privacy/policy/
- (d) Google Ads
If you have consented, we use advertising products from Google, including Google Ads, to display relevant advertisements for our services on websites within the Google advertising network (including Google Search, YouTube, and partner websites). To enable this, we analyze how you use the Platform through remarketing cookies and server-to-server connections. This helps us understand your interests so we can show you more relevant advertisements. The remarketing cookies are automatically deleted as soon as they are no longer necessary for the purposes for which they were collected. Google may process Personal Data in countries outside the European Economic Area, specifically in the USA. Google participates in the EU-U.S. Data Privacy Framework, ensuring that transferred Personal Data is adequately protected.
You can deactivate personalized advertising from Google at: https://adssettings.google.com
For more information: https://policies.google.com/privacy
- (e) Microsoft Clarity
We use Microsoft Clarity, a user behavior analytics tool provided by Microsoft Corporation ("Microsoft"), to understand how users interact with the Platform. Clarity captures session recordings, heatmaps, and click data to help us improve the user experience. Clarity automatically masks sensitive input fields to prevent the inadvertent capture of Personal Data entered into forms. This data is processed in an anonymized manner wherever possible. Microsoft may process Personal Data in countries outside the European Economic Area, specifically in the USA. Microsoft participates in the EU-U.S. Data Privacy Framework, ensuring that transferred Personal Data is adequately protected.
For more information: https://privacy.microsoft.com/privacystatement
3. Managing Your Cookie Preferences
You can manage your cookie preferences at any time through our cookie consent banner, which can be re-accessed via the cookie settings link in the footer of the Platform. You may also adjust your preferences through your browser settings.
Please note that disabling certain cookies may affect the functionality of the Platform.
Most web browsers allow you to control cookies through their settings. You can typically find these settings in the "Options" or "Preferences" menu of your browser. You may also use the following links to manage cookies in common browsers:
- Google Chrome: chrome://settings/cookies
- Mozilla Firefox: about:preferences#privacy
- Safari: Preferences > Privacy
- Microsoft Edge: edge://settings/privacy
You can also opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
Your cookie preferences are stored on your device and will be remembered for a period of 12 months, after which you will be asked to provide your preferences again.
VI. CUSTOMER SERVICE
1. Support Channels
We provide customer support through the following channels:
- Email: [email protected]
- Live Chat: available on the Platform, powered by our self-hosted Chatwoot instance
- WhatsApp: for real-time communication and booking-related support
When you contact us through any of these channels, we may process your name, email address, phone number, booking details, and the content of your messages to respond to your inquiry and resolve any issues.
2. Chatwoot (Live Chat)
Our live chat functionality is powered by Chatwoot, which we host on our own servers. All chat data — including messages, contact information, and chat transcripts — is stored on our self-hosted infrastructure and is not shared with any third-party service provider through the chat system. The processing of your data within our live chat is based on our legitimate interest in providing effective customer support and the performance of a contract with you (Art. 6(1)(b) and Art. 6(1)(f) GDPR).
3. WhatsApp
When you contact us or receive communications from us via WhatsApp, your messages are processed through WhatsApp's infrastructure, operated by Meta Platforms Ireland Limited ("Meta"). Meta processes certain data (such as your phone number and message metadata) in accordance with its own privacy policy. We use WhatsApp to send booking confirmations, e-tickets, booking updates, and to handle customer support inquiries.
Meta may process Personal Data in countries outside the European Economic Area, specifically in the USA. Meta participates in the EU-U.S. Data Privacy Framework, ensuring that transferred Personal Data is adequately protected.
For more information on WhatsApp's data processing: https://www.whatsapp.com/legal/privacy-policy
4. Improving Our Customer Service
To continuously improve our customer service, we may review and analyze customer interactions across all support channels. This analysis is conducted to identify common issues, improve response quality, and enhance the overall support experience. The processing of Personal Data within this context serves our legitimate interest in the continuous improvement of our customer service (Art. 6(1)(f) GDPR).
VII. BOOKING PROCESS
1. Ticket Purchase
When you book an Activity through the Platform, we collect the data required to organize and carry out the experience. This includes your first and last name, email address, and phone number. We use this Personal Data to provide our services to you, specifically to complete and manage your Booking based on Art. 6(1)(b) GDPR.
To the extent necessary, we transfer your first name, last name, and email address to the relevant Venue Operator for the purpose of ticket validation and entry. The Venue Operator will process your Personal Data as outlined in their own privacy policy, acting as an independent data controller.
For tickets to museums operated by the Republic of Turkey Ministry of Culture and Tourism, you can review their personal data policy at: https://muze.gov.tr/kisiselveriler
2. Booking Confirmations
To keep you updated on your Bookings, we send you booking confirmations, e-tickets, reminders, and important updates (e.g., schedule changes or meeting point instructions) via:
- Email, using our email service provider SendGrid (see Section VIII); and
- WhatsApp, where you have provided your phone number (see Section VI.3).
The processing of your Personal Data for booking confirmations is necessary to provide you with our services (Art. 6(1)(b) GDPR).
3. Tour Guide Experiences and Physical Ticket Pickup
For experiences that include a guided tour or a physical ticket pickup, we share your first name and last name with the assigned professional Tour Guide solely for the purpose of identifying and meeting you at the designated meeting point. Tour Guides are contractually obligated to use this information only for the stated purpose and to maintain its confidentiality.
4. Cancellations and Exchanges
You may cancel a Booking up to 24 hours before the scheduled experience for a full refund. If less than 24 hours remain and you have not yet viewed your e-ticket, you may be eligible to exchange your Booking for a different museum or experience, subject to availability. We process your Personal Data as necessary to handle cancellation and exchange requests (Art. 6(1)(b) GDPR).
VIII. INFORMATION SHARING AND THIRD PARTIES
We do not sell your Personal Data. We share your Personal Data only in the circumstances described below, and only to the extent necessary for the stated purposes.
1. Payment Processing — Stripe
All payments on the Platform are processed by Stripe, Inc. ("Stripe"). When you make a purchase, your payment information (including credit or debit card details) is transmitted directly to Stripe's secure servers. We do not collect, store, or have access to your full payment card information at any time. We only receive confirmation of whether the payment was successful, along with a transaction identifier.
Stripe acts as an independent data controller with respect to the payment data it processes. Stripe may process Personal Data in the USA. Stripe participates in the EU-U.S. Data Privacy Framework (https://www.dataprivacyframework.gov/), ensuring that transferred Personal Data is adequately protected.
For more information: https://stripe.com/privacy
2. Hosting — Vercel
The Platform is hosted on infrastructure provided by Vercel Inc. ("Vercel"). When you access the Platform, your requests are processed through Vercel's servers, which may log technical data such as your IP address, request timestamps, and browser information. Vercel acts as a data processor on our behalf.
Vercel may process Personal Data in the USA. Vercel participates in the EU-U.S. Data Privacy Framework, ensuring that transferred Personal Data is adequately protected.
For more information: https://vercel.com/legal/privacy-policy
3. Bot Protection — Vercel Firewall
To protect the Platform against automated attacks, fraudulent activity, and abusive traffic, we use the firewall and bot protection features provided by Vercel as part of our hosting infrastructure. Vercel Firewall analyzes incoming requests using technical data such as IP addresses, request headers, and behavioral patterns to identify and block suspicious or automated traffic before it reaches the Platform. No additional Personal Data is shared with third parties for this purpose, as the firewall operates within Vercel's hosting environment.
The processing is carried out to ensure the security of the Platform in accordance with Art. 32 GDPR (https://gdpr-info.eu/art-32-gdpr/) and on the basis of our legitimate interest in protecting our services against misuse (Art. 6(1)(f) GDPR).
4. Email Communications — SendGrid (Twilio)
We use SendGrid, a service provided by Twilio Inc. ("Twilio"), to send transactional emails such as booking confirmations, e-tickets, and customer support communications. For this purpose, your email address and the content of the email are transmitted to SendGrid.
Twilio may process Personal Data in the USA. Twilio participates in the EU-U.S. Data Privacy Framework, ensuring that transferred Personal Data is adequately protected.
For more information: https://www.twilio.com/legal/privacy
5. Analytics and Tracking Providers
We share data with analytics and tracking providers as described in Section V (Cookies and Tracking Technologies) of this Privacy Policy. These providers include Google (Google Analytics, Google Tag Manager), Meta (Meta Pixel), and Microsoft (Clarity).
6. Museums and Venue Operators
When you purchase a ticket for a museum or attraction, we share your first name, last name, and email address with the relevant Venue Operator for the purpose of ticket validation and entry. These Venue Operators act as independent data controllers and process your Personal Data in accordance with their own privacy policies.
For tickets to museums operated by the Republic of Turkey Ministry of Culture and Tourism, you can review their personal data policy at: https://muze.gov.tr/kisiselveriler
7. Professional Tour Guides
For experiences that include a guided tour or a physical ticket pickup with a Tour Guide, we share your first name and last name with the assigned professional Tour Guide solely for the purpose of identifying and meeting you at the designated meeting point. Tour Guides are contractually obligated to use this information only for the stated purpose and to maintain its confidentiality.
8. WhatsApp (Meta)
As described in Section VI.3, we use WhatsApp for booking confirmations and customer support communications. Messages sent via WhatsApp are processed through infrastructure operated by Meta. For more information, see Section VI.3.
9. Legal and Regulatory Disclosures
We may disclose your Personal Data if required to do so by law, regulation, legal process, or governmental request. We may also disclose your Personal Data if we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation;
- Protect and defend the rights or property of Authentic Day Tour;
- Prevent or investigate possible wrongdoing in connection with the Platform;
- Protect the personal safety of users of the Platform or the public.
10. Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform of any change in ownership or use of your Personal Data, as well as any choices you may have regarding your Personal Data.
IX. INTERNATIONAL DATA TRANSFERS
Authentic Day Tour, LLC is based in the United States of America. If you are accessing the Platform from outside the United States, please be aware that your Personal Data may be transferred to, stored in, and processed in the United States and other countries where our service providers operate.
For users located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we ensure that any transfer of your Personal Data to countries outside the EEA that have not been recognized by the European Commission as providing an adequate level of data protection is safeguarded by appropriate measures, including:
- Transfers to service providers that participate in the EU-U.S. Data Privacy Framework;
- Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Art. 46(2)(c) GDPR (https://gdpr-info.eu/art-46-gdpr/);
- Other appropriate safeguards as required by applicable law.
The following service providers may transfer Personal Data outside the EEA:
Service Provider | Country | Safeguard |
|---|---|---|
Stripe | USA | EU-U.S. Data Privacy Framework |
Vercel | USA | EU-U.S. Data Privacy Framework |
Twilio (SendGrid) | USA | EU-U.S. Data Privacy Framework |
USA | EU-U.S. Data Privacy Framework | |
Meta | USA |
By using the Platform, you understand that your Personal Data may be transferred to our facilities and those of the third parties with whom we share it, as described in this Privacy Policy.
X. DATA RETENTION
We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The following table outlines our general retention periods:
Data Category | Retention Period |
|---|---|
Account data (name, email) | Until you delete your account, or 3 years of account inactivity, whichever comes first |
Booking data (name, email, phone, ticket details) | 5 years from the date of the Booking, or as required by applicable tax and commercial law |
Payment records (transaction confirmations) | We do not store payment card data. Stripe retains payment data in accordance with its own retention policy. Transaction confirmations are retained for 5 years. |
Customer support communications (email, chat, WhatsApp) | 2 years from the date of the last communication |
Automatically collected data (analytics, logs) | Google Analytics: up to 26 months; Server logs: 30 days; Microsoft Clarity: 13 months |
Cookie consent preferences |
When your Personal Data is no longer required, we will securely delete or anonymize it so that it can no longer be associated with you.
XI. CHILDREN'S PRIVACY
While we offer tickets for children to visit museums and attractions, the Booking process is conducted by an adult. We do not knowingly collect Personal Data from children under the age of 16. All Personal Data collected during the Booking process (name, email address, phone number) pertains to the adult making the purchase.
If we become aware that we have inadvertently collected Personal Data from a child under the age of 16 without verifiable parental consent, we will take steps to delete such information promptly. If you believe that we may have collected information from a child under 16, please contact us at [email protected].
XII. AUTOMATED DECISION-MAKING
In accordance with Art. 22 GDPR, we inform you that we use automated decision-making in the following context:
Fraud Prevention and Suspicious Booking Detection
To safeguard the Platform and protect both our customers and Venue Operators from fraudulent transactions, we employ automated systems that analyze booking data and behavioral patterns to detect potentially fraudulent or suspicious activity. In certain cases, a Booking may be automatically declined if it is flagged as high-risk by our automated fraud detection system.
The automated analysis may consider factors such as:
- Transaction patterns and booking frequency
- IP address and geolocation data
- Device and browser characteristics
- Historical booking behavior
If your Booking is automatically declined, you have the right to:
- Request human intervention to review the decision;
- Express your point of view regarding the decision;
- Contest the decision.
To exercise any of these rights, please contact us at [email protected]. We will review your case and respond within a reasonable timeframe.
Legal basis: Our legitimate interest in preventing fraud and ensuring the security of the Platform (Art. 6(1)(f) GDPR).
XIII. YOUR RIGHTS
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR with respect to your Personal Data:
1. Right of Access (Art. 15 GDPR)
You have the right to request a copy of the Personal Data we hold about you, along with information about how we process it.
More information: https://gdpr-info.eu/art-15-gdpr/
2. Right to Rectification (Art. 16 GDPR)
You have the right to request that we correct any inaccurate or incomplete Personal Data we hold about you.
More information: https://gdpr-info.eu/art-16-gdpr/
3. Right to Erasure (Art. 17 GDPR)
You have the right to request that we delete your Personal Data when it is no longer necessary for the purposes for which it was collected, when you withdraw your consent (where consent is the legal basis for processing), when you object to the processing and there are no overriding legitimate grounds, or when the data has been unlawfully processed.
More information: https://gdpr-info.eu/art-17-gdpr/
4. Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request that we restrict the processing of your Personal Data in certain circumstances, such as when you contest the accuracy of your data, when the processing is unlawful but you oppose erasure, or when you have objected to processing pending verification of our legitimate grounds.
More information: https://gdpr-info.eu/art-18-gdpr/
5. Right to Data Portability (Art. 20 GDPR)
You have the right to receive the Personal Data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where the processing is based on consent or a contract and is carried out by automated means.
More information: https://gdpr-info.eu/art-20-gdpr/
6. Right to Object (Art. 21 GDPR)
You have the right to object, at any time and on grounds relating to your particular situation, to the processing of your Personal Data based on our legitimate interests. Upon receiving your objection, we will cease processing your Personal Data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
More information: https://gdpr-info.eu/art-21-gdpr/
7. Right to Withdraw Consent (Art. 7(3) GDPR)
Where we process your Personal Data based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent for cookies and tracking technologies at any time through our cookie consent mechanism accessible via the Platform footer.
More information: https://gdpr-info.eu/art-7-gdpr/
8. Right to Lodge a Complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory data protection authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your Personal Data infringes the GDPR.
More information: https://gdpr-info.eu/art-77-gdpr/
9. Right Not to be Subject to Automated Decision-Making (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. As described in Section XII of this Privacy Policy, we use automated decision-making for fraud prevention purposes. You have the right to request human intervention, express your point of view, and contest any automated decision. For details on how to exercise this right, please see Section XII.
More information: https://gdpr-info.eu/art-22-gdpr/
10. Data Processing When Exercising Your Rights
When you submit a request to exercise any of the rights described above, we process the Personal Data you provide in connection with your request (such as your name, email address, and the details of your request) for the purpose of fulfilling our legal obligation to respond to data subject requests. This processing is based on Art. 6(1)(c) GDPR in conjunction with Art. 15 to 22 GDPR. We may retain records of your request and our response for the purpose of demonstrating compliance.
To exercise any of these rights, please contact us at:
Email: [email protected]
We will respond to your request within 30 days of receipt. We may need to verify your identity before processing your request to ensure that Personal Data is not disclosed to any person who has no right to receive it. If your request is complex or we receive a large number of requests, we may extend the response period by an additional 60 days, in which case we will notify you of the extension and the reasons for it.
XIV. DATA SECURITY
We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
- Encryption of data in transit using TLS/SSL protocols;
- Secure payment processing through Stripe, which is PCI DSS Level 1 certified (https://stripe.com/docs/security);
- Bot protection and firewall through Vercel Firewall;
- Self-hosted customer service infrastructure (Chatwoot) to maintain control over support data;
- Access controls limiting personnel access to Personal Data on a need-to-know basis;
- Regular review of our data collection, storage, and processing practices;
- Use of secure hosting infrastructure provided by Vercel.
While we strive to protect your Personal Data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your Personal Data, but we are committed to taking all reasonable steps to safeguard it.
XV. THIRD-PARTY LINKS
The Platform may contain links to third-party websites, services, or applications that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.
XVI. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the "Last Updated" date at the top of this Privacy Policy.
If we make material changes to how we process your Personal Data, we will notify you by posting a prominent notice on the Platform or by sending you an email notification prior to the changes becoming effective.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your Personal Data.
XVII. CONTACT US
If you have any questions, concerns, or requests regarding this Privacy Policy, your Personal Data, or our data processing practices, please contact us at:
Authentic Day Tour, LLC
Email: [email protected]
We are committed to resolving any complaints about your privacy and our collection or use of your Personal Data. We will respond to your inquiry within a reasonable timeframe and in accordance with applicable law.