Subscribe to our mailing list for the latest info on our tours - no spam, we promise!

* indicates required

Have you tried one of our tours?

let us know what you thought of it: here

Privacy Policy

TimeRiftTours / Privacy Policy

Privacy Policy

Berlin, May 2018

As part of our business and the service that we provide, it is necessary to process information about you.

We attach great importance to respect your privacy, the security and the confidentiality of your personal data.

Therefore, we are committed to treating your personal data in compliance European regulations on the protection of personal data, namely: The Data Protection Act 2018 (DPA) and General Data Protection Regulation (GDPR) (hereafter referred to as “the Regulations”).

This privacy policy (and terms and conditions of our service and any other agreement to which these documents could refer) details the way we treat your personal data.

We invite you to read these documents carefully.

By using our services, you agree to be bound by this Privacy Policy and that we proceed to the processing of personal data on the terms outlined below.

For the purposes of the Regulations, we VRealTechnologies Gmbh – trading as TimeRiftTours.com – of Cotheniusstrasse 4, Berlin, 10407, are the data controller & processor.

  1. Where does the personal data come from?

The personal data that we may deal with comes from:

  • Data that you provide when you use our services or contact us by phone, email, or through our website booking forms,
  • Data related to your visit to our Site through tracking (such as cookies) and/or equivalent technologies;

These cookies and other trackers record and transmit information about the pages you visit, the time you spend on our site, the actions you perform there, etc.

  • Data collected from other software systems;

If we previously used a different software provider and your personal data was stored with a previous software system provider, then we may import your personal data from this software system provider, providing that their policies of an adequate level in order to fulfil this Privacy Policy.

  • Data that we receive from other sources;

This includes the data that we receive from our partners when you use to their services through our Site (for example, when using the payments service through our Site).

  1. What information do we process?

We process the following:

  • Information about your identity (your title, surname, name, address, email address, landline and/or mobile phone number, etc.)
  • Information we receive when you contact us contract our services;
  • Information related to your access of the Site:
    • The URLs of pages visited;
    • Your navigation to or from our website (including date and time of navigation);
    • Page response times;
    • Error messages;
  • Technical information related to the device you use:
    • The IP address of your device;
    • Your login data if aplicable;
    • The type and version of browser you are using (Safari, Chrome, Internet Explorer, etc.);

We do not handle sensitive data to data about you (on your religion, your political opinions, your health, your union membership, etc.).

  1. What is the purpose of our data processing?

We collect and process your personal data for the purpose of:

  • Monitoring our business relationship;
  • Providing adequate services and fulfilling our contractual obligations, as requested by you
  • Administering our Site and undertaking internal operations (eg, resolving anomalies, analysing data, conducting tests, etc.);
  • Allowing you to access our Site;
  • Ensuring the safety and continued availability of our Site;
  • Managing your requests to exercise your rights under Article 10 of this Privacy Policy.
  1. What is the legal basis for the processing of your data?

The processing of your data is based on our legitimate interest to run, improve and optimise our service for you. This is based on the contract between you and our company, through the Terms and Conditions.

However, in the following cases, the processing of your data is based on your specific consent (which will be collected through the checkbox on our registration/account settings page or a positive action on your part):

  • The reuse of data for purposes other than those outlined in Article 3 of this Privacy Policy;

As stated in Article 10 of this Privacy Policy below, you can revoke this consent at any time.

We will make sure to consider your application as soon as possible and to inform recipients of your data.

We are committed to protecting the privacy of children aged 16 or under. If you are aged 16 or under, please get your parent’s or guardian’s permission beforehand whenever you provide us with personal information.

  1. Who handles your data?

We are responsible for the processing of your personal data.In the case of a tour reservation we have to hand over some of your personal data to our trusted tour guide partners in order to organise your tour. This data includes, name and contact information, group size, time a date of proposed tour and any other information your share with us through the booking form.

The recipients of this data include:

  • Authorised staff of our company (Management & Administration Staff);
  • Authorised staff of our business partners, our service providers, our subcontractors and any person involved in the execution of the contract with you (for example, the provider of online payment service, tour guide partners who will be organising and guiding any reserved tours, etc.);
  • Public agencies, financial institutions and judicial officers, as required by law;
  • Any entitled person, when we are obliged to disclose and/or share your personal data in order to fulfil our legal obligations, execute our Terms & Conditions or any other agreement, or to protect the rights, property, or safety of our company, our customers or third parties. This includes the exchange of information with third parties to prevent against fraud and reduce credit risk;
  • Authorised staff of any affiliate of our company, such as parties interested in buying or selling assets of our company;
  • Any third party that would acquire our company or a substantial part of its shares.

The use of personal data by third parties to our business is governed by their own privacy policies. Please be assured we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so.

  1. Where is your data processed?

Your data is handled within the European Union.

However, when our relations with partners, subcontractors or third parties (such as suppliers who provide us with support services) involve border exchange of personal data outside the European Union, we ensure that these transfers are made to countries with an adequate level of protection, or are supervised by legal tools to ensure such transfers a level of protection complies with European requirements (such as contractual clauses Types of the European Commission, the internal rules company and / or the adhesion of entities recipients of these data to Privacy Shield, when located in the United States).

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

In any event, you agree to your personal data being processed under these conditions, outside the European Union.

  1. How is your data protected and conserved?

Security is at the heart of our concerns.

We implement appropriate technical and organisational measures, including physical, hardware and software, in order to preserve the security, integrity and confidentiality of your personal data and protect against unauthorised access, use, misuse, alteration, disclosure or destruction by unauthorised persons.

We demand sufficient guarantees of security and confidentiality from the recipients of data.

Furthermore, we encourage you to notify us of any security breach capable of generating a breach to your rights and freedoms, unless such communication is not necessary in cases referred to in Article 34 of the Regulations.

You are responsible for the confidentiality of any passwords you select and/or is assigned to you to in order to access certain features of the Site. You are not allowed to share the password with others.

  1. How long are your data kept by us?

Regarding data relating to the management of our customers:

The data of our customers will not be retained beyond the time strictly necessary to the management of the business relationship.

However, we will keep your data for analysis and statistics, for longer than the time required for the purpose of contract fulfilment, after having irreversibly anonymised this data.

After this period of three (3) years, we are committed to destroying your personal data.

  1. What are your rights with regard to the processing of your data?

Under the Regulations, you have, with regard to the processing of your personal data, a right of access, rectification, erasure, restriction, portability and a right to object.

Right of Information and Access

You have the right to obtain from us confirmation as to whether or not your personal data is being processed; where it is; access to the personal data and the following information:

  • the purposes of processing;
  • the categories of personal data concerned;
  • the recipients, or categories of recipients, to whom the persona data have been, or will be disclosed, including recipients in third countries or international organisations;
  • where possible the length of time that the personal data will be stored for, or the criteria used to determine that period;
  • the existence of the right to request from us rectification or erasure of personal data or restriction of processing or to subject to such processing;
  • the right to lodge a complaint with the supervisory authority;
  • where personal data is not collected from you, information as to the source;
  • the existence of automated decision-making, including profiling, the logic involved in such decision-making and any consequences for you; and
  • where persona data is transferred to a third country or international organisation, details of any safeguards in place

Right to Rectification

As a Data Subject you have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning them from the Data Controller.

Subject to the purposes for processing, data subjects have the right to have incomplete data completed, including by means of providing a supplementary statement.

Right to Erasure (‘Right to be Forgotten’)

A Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning them, without undue delay and the controller is obliged to erase that data where one of the following grounds applies:

  • the personal data is no longer necessary in relation to the purposes for which it was collected or processed;
  • the data subject withdraws the consent on which the processing is based and there is no other legal ground for processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for processing;
  • the personal data has been unlawfully processed;
  • the personal data has to be erased for compliance with a legal obligation; or
  • the personal data has been collected in relation to the offering of information society services under Article 8.1 of the Regulations.

Where the Data Controller has made the personal data public and is obliged to erase the personal data, the data controller, taking account of available technology and the cost of implementation, must take reasonable steps to inform data controllers processing the personal data that the data subject has requested erasure. Personal data does not require to be erased where processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation;
  • for archiving purposes in the public interest, scientific or historical research purposes of statistical purposes; or
  • for the establishment, exercise or defence of legal claims.

Right to Restriction of Processing

Data Subjects have the right to restrict a Data Controller’s processing of their personal data where:

  • the accuracy of the personal data is contested by the data subject. Processing can be restricted until the Data Controller has verified the accuracy of the personal data;
  • the processing is unlawful but the data subject opposes erasure and requests restriction instead;
  • the Data Controller no longer needs to process the personal data but the data is required by the data subject for the establishment, exercise or defence of legal claims; or
  • the data subject has objected to processing, pending verification whether the legitimate grounds of the controller override those of the data subject.

Right to Portability

Data subjects have the right to receive their personal data (where they have provided it to the Data Controller), in a structured, commonly used and machine-readable format and to have the data transmitted to another data controller without hindrance, where:

  • processing is based on consent; and
  • processing is carried out by automated means.

This right is dependent on the transfer between the Data Controller and the data subject being technically feasible.

The right will not apply to processing necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller.

This right cannot be exercised if it will adversely affect the rights and freedoms of others.

Finally, you can, if necessary, ask for the deletion of your personal data that has been collected when you were a minor.

The exercise of these rights will be by sending us your request by email to the following address: info@trtlabs.com

To access your application, we will need to know your identity.

We will therefore seek a photocopy of one of your identity documents with your signature. We will retain this copy for the time required to process your request (subject to periods specifically mentioned in section 8 above).

You will also need to provide us with the address to which the reply should be sent to you.

Your application does not need to be justified, except in cases of exercise by you of the right to object. Indeed, in case of exercise of your right of objection, you must provide proof of the existence of a legitimate reason, except in the case where your data is processed for marketing purposes, including commercial.

  1. Privacy Policy changes and amendments

We reserve the right to modify this Privacy Policy at any time and without prior notice.

We invite you to check this Privacy Policy, which is available on our website, to be aware of any amendments.

When necessary, we will notify you by email about any changes to this privacy policy.

For questions, please contact us by email at: info@timaerifttours.com