We recognize that your privacy is important. This document outlines the types of personal information we receive and collect when you use Vienna Unwrapped, as well as some of the steps we take to safeguard information. We hope this will help you make an informed decision about sharing personal information with us.
Vienna Unwrapped strives to maintain the highest standards of decency, fairness and integrity in all our operations. Likewise, we are dedicated to protecting our customers’, consumers’ and online visitors’ privacy on our website.
This policy explains what information we collect, how, and why, when you visit one of our websites, or when you use our Services. It also explains the specific ways we use and disclose that information. We take your privacy extremely seriously, and we never sell lists or email addresses.
These definitions should help you understand this policy. When we say “we,” “us,” “our,” and “Vienna Unwrapped” we are referring to ‘Vienna Unwrapped’, the UK-based entity of sole trader Barbara Eiras Cação.
When we say “you” and “user” we are referring either to a site visitor or a paying trip planning client. When we say “Inquirer” we refer to a person contacting Vienna Unwrapped via email, a website form, social media, instant messaging or telephone. When we say “Client” we refer to an individual paying client booking Vienna Unwrapped’s bespoke services.
A “Subscriber” is a user that subscribes to Vienna Unwrapped’s newsletters. A “Mailing List” is a list of Subscribers and all associated information related to those Subscribers (for example, email addresses).
“Personal Information” means any information that identifies or can be used to identify you or a subscriber, directly or indirectly, including, but not limited to, first and last name, date of birth, email address, gender, or other demographic information.
While providing the Services, and as described in more detail below, we may collect Personal Information about a Website visitor, Inquirer, person, Subscriber or email address.
We encourage you to periodically review this policy so that you will know what information we collect and how we use it.
4. Questions & Concerns
If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter, please use our contact form to send us a message. You may also contact us by postal mail or email at:
46 Tyrrell Road
London SE22 9NE
5. Information We Collect
(a) Information you voluntarily provide to us: When you sign up for and use the Services, consult with Vienna Unwrapped, send us an email, participate in a contest or sweepstakes, sign up to join our email list or request some other service or information from us or communicate with us in any way, you are voluntarily giving us information that we collect. Information collected on a voluntary basis may include name, physical address, email address, credit card information, company name and telephone number, IP address, as well as details including gender, occupation, location, and other demographic information. By giving us this information, you consent to this information being collected, used, disclosed, and stored by us.
If you request information from a third party through a contact form on certain pages of the Website, the personal information provided may be stored and transferred to the third party in order to respond to your request.
(c) Information from your use of the Service: We may receive information about how and when you use the Services, store it in log files or other types of files, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you have taken when browsing the Website. This type of information helps us to improve our Services for both you and for all of our users.
You have the ability to accept or decline cookies by modifying your Web browser; however, if you choose to decline cookies, you may not be able to fully experience the interactive features of the site.
Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you may wish to visit www.allaboutdnt.com.
(e) Web beacons: A web beacon is a transparent image file used to monitor your journey around a single website or collection of sites. They are also referred to as web bugs and are commonly used by sites that hire third-party services to monitor traffic. They may be used in association with cookies to understand how visitors interact with the pages and content on the pages of a web site.
We use web beacons on our Website and in our emails. When we send emails to Subscribers, using third party websites, we may track behaviour such as who opened the emails and who clicked the links. This allows us to measure the performance of our newsletter campaigns and to improve our features for specific segments of Subscribers. To do this, our mailing partners include single pixel gifs, also called web beacons, in emails we send. Web beacons allow us to collect information about when you open the email, your IP address, your browser or email client type, and other similar details.
Browsers can be set to accept or reject cookies or notify you when a cookie is being sent. Privacy software can be used to override web beacons. Taking either of these actions shouldn’t cause a problem with our site, should you so choose.
(f) Information from other sources: From time to time we may obtain information about you from third party sources, such as public databases, social media platforms, third party data providers and joint marketing partners. If we decide to do this we will take steps to ensure that such third parties are legally permitted or required to disclose such information to us. Examples of the information we may receive from other sources include: demographic information, device information (such as IP addresses), location, and online behavioural data (such as information about your use of social media websites, page view information and search results and links). We use this information, alone or in combination with other information (including Personal Information) we collect, to enhance our ability to provide relevant marketing and content to you and to develop and provide you with more relevant product features, and services.
6. Use and Disclosure of Personal Information
We may use and disclose Personal Information only for the following purposes:
(a) To provide a requested service to you. When you inquire about specific information or you hire Vienna Unwrapped’s trip planning services we may need to transfer your personal data to Suppliers to serve you. If Vienna Unwrapped is involved in the communication for a service agreement between you and a Supplier, it shall transfer the data required for this agreement to the respective Supplier. This Supplier processes and uses the data to initiate, conclude and execute the contract on its own responsibility. The identity of the respective Supplier can be taken from the booking dialogue.
(b) To promote use of our services to you and others. For example, if you use any of our Services and we think you might benefit from using another Service we offer, we may send you an email about that. You can stop receiving our emails by simply replying to us. In addition, we may use information we collect in order to advertise our Services to you or suggest additional features of our Services that you might consider using.
As part of our Services, we may use and incorporate into features information you have provided or we have collected from you. We may share this information, including Subscriber email addresses, with third parties in line with the approved uses in Section 6.
We may also use an element of your Personal Information such as your first name – that will not identify you to strangers – to advertise our Services to potential or other users like you, for example in a reference in our newsletter.
(c) To send you informational and promotional content in accordance with your marketing preferences. You can stop receiving our emails and newsletters by following the unsubscribe instructions included in every email.
(d) To bill and collect money owed to us by our Clients. This includes sending Clients emails, invoices, and receipts. We use links on our Website to PayPal – which is GDPR compliant – for secure payment processing, for you to voluntarily send billing information to PayPal online, to process your orders and payments.
(g) To protect the rights and safety of our Users and third parties, as well as our own.
(h) To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
(i) To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
(j) To prosecute and defend a court, arbitration, or similar legal proceeding.
(k) To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
(l) To provide, support, and improve the Services we offer. This includes our use of the data that our Users provide us in order to enable our Users to effectively use our Services. This also includes, for example, aggregating information from your use of the Services or visit to our Website and sharing this information with third parties to improve our Services. This might also include sharing your information with third parties in order to provide and support our Services or to make certain features of the Services available to you. When we do have to share Personal Information with third parties, those are required to use your Personal Information in a manner that is consistent with this policy. Examples of Service Providers include payment processors, hosting and mailing services and content delivery services.
7. Public Information and Third Party Websites
(a) Social media platforms and widgets. Our Website includes social media features, such as the Facebook Like button. These features may collect information about your IP address and which page you are visiting on our Website, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. We also maintain presences on social media platforms including Facebook, Twitter, Google+ and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
(c) Affiliated partners and service providers. We may also share your personal data with affiliated partners, with third parties with whom we have partnered to allow you to use their services, and with trusted third party service providers as necessary for them to perform services on our behalf. For example, if it is necessary to provide you with a service you have requested (like a private city tour), then we may share your and/or your fellow travelers’ Personal Information with a Service Provider for that purpose. All third parties with which we share this information are required to use your Personal Information in a manner that is consistent with this policy.
- Servicing Clients with tourism and leisure offers
- Processing payments
- Aggregating and distributing newsletters and mailings
- Collecting independent Client reviews
- Communicating with you, such as by way of email
We only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from utilizing, sharing or retaining your personal data for any purpose other than as they have been specifically contracted for (or without your consent).
8. How Long Do We Keep Your Personal Data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected, and never longer than 2 years.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
When you email us directly or fill in an inquiry form on the Website, we’ll keep the personal data you give us for three years so we can comply with our legal and contractual obligations.
Trip Planning Clients
We keep the data of Vienna Unwrapped’s paying trip planning Clients for ten years so we can comply with our legal and contractual obligations. For example, Vienna Unwrapped may keep some of your information for tax and auditing obligations.
Mailing Lists and Orders
If you sign up for our newsletter or make a payment to order an information product your personal data will be stored with our third parties. For information about how Third Parties collect and safeguard your personal data please refer to 7 (c).
9. Which Security Measures Are In Place?
Safeguarding Your Personal Information
We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
Our payment processing vendors use security measures to protect your information both during the transaction and after it is complete. If you have any questions about the security of your Personal Information, you may contact us at barbara.cacao(at)Vienna-unwrapped.com.
For security reasons and to protect confidential content during transfer, this site uses SSL encryption, for example, when you send enquiries to us as the site operator. You can tell that a connection is encrypted if the ‘http://’ in your browser’s address bar changes to ‘https://’ along with a lock symbol next to it. When SSL encryption is enabled, data you send us cannot be read by third parties.
Use of social media buttons with Shariff
On our website, we use the Shariff privacy solution, which is maintained by the German computer magazine c’t. Shariff replaces the usual social media share buttons in order to protect your online privacy.
Shariff integrates these social media share buttons into our website only as images containing a link to the corresponding social media platform. Clicking the respective image will redirect you to the social media service in question. The Shariff button establishes direct contact between the social media platform and our visitor only when the visitor actively clicks the share button. Only then is your data sent to the social media platform in question. If the user does not click the Shariff button, no data is exchanged between you and the social media platform. More information (English) on the Shariff privacy solution maintained by c’t magazine can be found here: https://en-gb.wordpress.org/plugins/shariff/
10. Notice of Breach of Security
If a security breach causes an unauthorized intrusion into our system that materially affects you, then Vienna Unwrapped will notify you as soon as possible and later report the action we took in response.
11. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (United Kingdom).
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
For all non-UK customers
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
Sometimes we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.
This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the UK.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
We’ll ensure that any third parties process your personal data only in accordance with their legitimate interests. These third parties may be subject to different laws from those which apply in your country of residence. Please note that we do not take active steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.
12. How You Can Correct or Remove Information
13. We Operate in Europe
Our server is located in the Netherlands and our office in the United Kingdom, so your information may be transferred to, stored, or processed in the Netherlands. By using our Website, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this policy.
14. Children’s Online Privacy Protection Act (COPPA)
This website is directed to adults; it is not directed to children under the age of 13. We operate our site in compliance with the Children’s Online Privacy Protection Act, and will not knowingly collect or use personal information from anyone under 13 years of age.
15. Accuracy and Retention of Data
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with information about whether we hold any of your Personal Information. We will retain your information for as long as needed to provide you with our Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
We will give an individual, either you or a Subscriber, access to any Personal Information we hold about them within 30 days of any request for that information. Individuals may request to access, correct, amend or delete information we hold about them by contacting us here. Unless it is prohibited by law, we will remove any Personal Information about an individual from our servers at your request. There is no charge for an individual to access or update their Personal Information.
17. Agreeing to Terms
18th May 2018
Barbara Cacao, Director
46 Tyrrell Road
London SE22 9NE
Last Updated on