Datenschutzerklärung

Introduction

This Privacy Policy explains how tickadoo Inc. ("tickadoo", "we", "us", "our") collects, uses, stores, and shares personal data in connection with the tickadoo | CONNECT programme and the connect.tickadoo.com platform.

This policy covers two categories of individuals whose data we process: (1) Partner account holders (hotels, venues, and other businesses who sign up to use tickadoo | CONNECT), and (2) End users (visitors to Partner websites or hosted pages who browse and book experiences through the tickadoo | CONNECT widget).

tickadoo Inc. is the data controller for personal data processed through the tickadoo | CONNECT platform. We are committed to processing personal data in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and US privacy regulations.

Data Controller Contact Details

• Company: tickadoo Inc.
• Address: 447 Broadway, New York, NY 10013, United States
• Email: privacy@tickadoo.com
• Website: connect.tickadoo.com

Data We Collect

3.1 Partner Account Data

When a business signs up for a tickadoo | CONNECT account, we collect:

• Business name, contact name, and email address
• Website URL and business type
• Logo and brand assets uploaded for widget customisation
• Stripe Connect account details and bank account information for profit share payouts (processed and stored by Stripe – see Section 6)
• Login credentials (password stored in hashed form)
• Communications and support interactions

3.2 End User Booking Data

When an end user makes a booking through a Partner's tickadoo | CONNECT widget or hosted page, we collect:

• Name and email address
• Phone number (where required for the booking)
• Payment card information (processed and stored by Stripe – we do not store full card details)
• Booking details including experience selected, date, number of participants, and booking reference
• IP address and device/browser information for fraud prevention purposes

3.3 Usage and Analytics Data

We collect analytics data on how the platform and widgets are used, including:

• Pages visited, clicks, and interactions with the widget
• Referral source and attribution data
• Device type, browser, and operating system
• Session data and conversion events

We use PostHog for analytics. Data collected by PostHog is subject to PostHog's privacy policy.

How We Use Personal Data

4.1 Partner Account Data

We use Partner account data to:

• Create and manage Partner accounts and provide access to the tickadoo | CONNECT platform
• Generate and display branded widgets and hosted landing pages
• Calculate, report, and process profit share payments via Stripe Connect
• Communicate with Partners about their account, programme updates, and support matters
• Verify Partner eligibility and prevent fraudulent account creation
• Improve and develop the tickadoo | CONNECT platform

4.2 End User Booking Data

We use end user data to:

• Process and confirm bookings
• Communicate with customers about their bookings, including confirmation, reminders, and post-experience follow-ups
• Pass necessary booking details to the relevant experience supplier for fulfilment
• Handle customer service enquiries, cancellations, and refunds
• Prevent fraud and ensure platform security
• Send marketing communications where the customer has given consent

Legal Basis for Processing

We process personal data on the following legal bases:

• Contract performance: Processing necessary to deliver the tickadoo | CONNECT service to Partners, and to fulfil bookings for end users
• Legitimate interests: Analytics, fraud prevention, platform security, and improving our services
• Legal obligation: Retaining financial and transactional records as required by law
• Consent: Sending marketing communications to end users who have opted in

Sharing Data with Third Parties

We share personal data with the following categories of third parties:

• Experience suppliers: We share relevant booking details (customer name, booking date, number of participants) with the supplier responsible for delivering the booked experience. Suppliers are contractually required to handle this data appropriately.
• Stripe: We use Stripe for payment processing and Stripe Connect for Partner payouts. Payment card data and bank account information are processed and stored by Stripe and are subject to Stripe's Privacy Policy (stripe.com/privacy). We do not store full card numbers or bank account details on our systems.
• PostHog: We use PostHog for product analytics and conversion tracking. Data processed by PostHog is subject to PostHog's privacy policy.
• Email and messaging providers: We use third-party providers to send transactional and marketing communications. These providers process email addresses and message content on our behalf.
• Legal and regulatory authorities: We may disclose data where required to do so by law, court order, or regulatory authority.

We do not sell personal data to third parties.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on the tickadoo | CONNECT platform. These fall into the following categories:

• Essential cookies: Required for the platform to function, including session management and security. These cannot be disabled.
• Analytics cookies: Used to understand how the platform and widget are used (PostHog). These help us improve our product.
• Attribution cookies: Used to track referrals and attribute bookings to the correct Partner account.

Where required by law, we obtain consent before setting non-essential cookies. You can manage your cookie preferences through the cookie banner displayed on the platform. Note that disabling certain cookies may affect the functionality of the booking widget.

Partners who embed the tickadoo | CONNECT widget on their own websites are responsible for ensuring their own cookie consent mechanisms cover the use of third-party widgets and associated tracking where required by applicable law.

International Data Transfers

Some of our third-party service providers (including Stripe and PostHog) may process data outside the European Economic Area (EEA) or United Kingdom. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, or reliance on adequacy decisions where applicable.

Data Retention

We retain personal data for the following periods:

• Partner account data: Retained for the duration of the partnership and for 3 years following account closure, to handle any outstanding disputes or compliance requirements
• Booking and transaction records: Retained for 7 years from the booking date for accounting, tax, and legal compliance purposes
• End user marketing data: Retained until consent is withdrawn or the user requests deletion
• Analytics data: Retained in aggregated or anonymised form indefinitely; identifiable session data is retained for up to 24 months

Your Rights

Under GDPR and applicable data protection law, individuals have the following rights in relation to their personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your data, subject to legal retention obligations
• Right to restriction: Request that we restrict processing of your data in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at privacy@tickadoo.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority if you believe we have not handled your data appropriately.

Children's Privacy

The tickadoo | CONNECT platform and the tickadoo.com booking service are not directed at children under the age of 18. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly. If you believe we have inadvertently collected such data, please contact privacy@tickadoo.com.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (HTTPS), hashed password storage, access controls, and regular security monitoring. However, no method of internet transmission is completely secure. Partners are responsible for maintaining the security of their own account credentials.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify Partners of material changes by email. The "Last updated" date at the top of this document reflects when the policy was last revised. Continued use of the tickadoo | CONNECT platform following notification of changes constitutes acceptance of the updated policy.

Contact and Complaints

For any questions, requests, or complaints relating to this Privacy Policy or the handling of your personal data:

• Email: privacy@tickadoo.com
• Address: 447 Broadway, New York, NY 10013, United States

If you are not satisfied with our response, you have the right to complain to the relevant supervisory authority. If you are based in the EU, you may contact your national data protection authority. If you are based in the UK, you may contact the Information Commissioner's Office (ICO). If you are based in the US, you may have additional rights under applicable state privacy laws.