Privacy policy

The controller of the personal data of the website is Discover Estonia OÜ (registry code 12125505), located at Pirni 4-8, Tallinn, Estonia, phone +372 5828 1809 and e-mail [email protected].

Which personal data are processed?

– name;
– phone number;
– e-mail address.

For which purposes are personal data processed?

Personal information such as the client's email address, telephone number and name will be processed for any queries relating to the provision of the service (tour organisation).
Email is also used to forward invoices and the telephone number is used to inform the client of any changes and to remind them of tour start dates.

Legal basis

The purpose of processing personal data is to fulfil the agreement entered into with the customer (managing the customer’s orders, delivery and reimbursing payments).
Personal data are processed in order to fulfil legal obligations (e.g. for accounting).
The processing of personal data, i.e. the collection of purchase history data for the purposes of resolving potential consumer disputes, is necessary due to the controller’s legitimate interest.
An analysis of legitimate interest should be carried out before exercising legitimate interest (instructions:
The analysis should either be included in the privacy policy or it should be explicitly indicated how the analysis can be accessed (e.g. in order to access the legitimate interest analysis, send an e-mail to andmekaitse@ettevõte). See clause 13 (1) d) of the GDPR.

Security and access to data

Personal data are stored in the servers, which are located on the territory of a member state of the European Union or states of the European Economic Area. Data may be forwarded to states whose level of data protection is sufficient according to the European Commission or to a company of a third state to which a safeguard specified in articles 46 or 47 or in subsection 49 (1) of the GDPR has been applied.
The specific safeguard should be pointed out and it should be indicated how it can be accessed (e.g. if the online shop relies with the third state provider on the European Commission’s standard data protection clauses). See clause 13 (1) f) of the GDPR.
The specific safeguard should be pointed out and it should be indicated how it can be accessed (e.g. if the online shop relies with the third state provider on the European Commission’s standard data protection clauses). See clause 13 (1) f) of the GDPR.
Personal data can be accessed by the staff of Discover Estonia OÜ in order to resolve technical issues related to the use of the website and to provide customer support.
Discover Estonia OÜ applies the relevant physical, organisational and IT security measures in order to protect personal data from accidental or unlawful destruction, loss, amendment or unauthorised access and disclosure.
Personal data are forwarded to processors (e.g. the transport service provider) on the basis of contracts between Discover Estonia OÜ and processors. Upon processing data, the processors are obliged to ensure the relevant safeguards in accordance with article 28 of the GDPR.

Access to and rectification of personal data

Personal data can be accessed and rectified via customer support. If the request to access personal data has been submitted electronically, the information will also be provided via commonly used electronic means.

Withdrawal of consent

If personal data are processed with the customer’s consent, the customer has the right to withdraw their consent by notifying customer support via e-mail.


Personal data are erased upon appropriate request by the customer, except for personal data (purchase history) that are necessary for accounting or resolving consumer disputes.
In case of payment disputes and consumer disputes, personal data is stored until the claim is settled or the statute of limitations expires. Personal data in original accounting documents is kept for seven years.


If the data are incorrect, incomplete or processed unlawfully, the customer has the right to request the restriction of the processing of their personal data.


The customer has the right to submit objections regarding the processing of their personal data if they have a reason to believe that there is no legal basis to process their personal data.


For the erasure of personal data, customer support should be contacted by e-mail. Requests for erasure are responded to within one month and the period of erasure is specified. The response to
the request will also indicate which personal data will not be erased, on which legal basis and why.


Requests to transfer personal data submitted via e-mail are responded to within one month.
Customer support identifies the person and indicates which personal data is to be transferred.

Resolution of disputes

Disputes concerning the processing of personal data are settled through customer support ([email protected]). The supervisory authority is the Estonian Data Protection Inspectorate ([email protected]).
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram