Who we are
Our website address is: https://firantes.com
What personal data we collect https://firantes.com and why we collect it
Controller and contact
The controller for purposes of processing your personal data is:
If you have any questions or suggestions regarding data protection or would like to exercise your rights, please feel free to contact us at the following link: https://firantes.com/contact/
You can reach our Data Protection Officer at: firstname.lastname@example.org
For clarity, any data processing by activity providers who offer their services on the firantes platform is subject to their respective privacy policies. Activity providers act as separate data controllers.
Subject of data protection
The subject of data protection is personal data, i.e. all information relating to an identified or identifiable natural person. Personal data is also referred to simply as data in the following.
Automated data collection
When accessing our website, your end device automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us:
We store this data for the following purposes:
Your IP address is only stored for a shorten period of time.
In this case, the processing is carried out to ensure the security of the processing in accordance with Art. 32 GDPR, as well as on the basis of our legitimate interest in protecting ourselves against misuse of our service (Art. 6 para. 1 lit. f GDPR).
Your registration data is required to set up and manage a user account for you. In this case, you conclude a (free) user agreement with us, on the basis of which we collect this data (Art. 6 para. 1 lit. b GDPR).
In order to conclude the agreement, you must provide us with this data. However, you are neither contractually nor legally obliged to conclude the agreement and thus to provide the data.
After you have created a customer account, you have the option to create wish lists with activities and tours and other item to share these wish lists with other users. Your data is processed for these purposes in order to be able to provide you with the corresponding functions (Art. 6 para. 1 lit. b GDPR).
Reviews and ratings
Our website offers the possibility to rate and comment on tours or activities. After you have completed a tour booked via our website, we may ask you to rate it accordingly. Submitting a rating is, of course, voluntary. When you submit a rating, we collect the data you enter in order to process it according to the function you use and publish it on our website. You can have a rating deleted at any time by contacting our customer service.
You can object at any time to receiving review requests by clicking the unsubscribe link in each review request email. If you have an account, you can also do so from the Settings -> Notifications section on your profile. Otherwise, you can also send us a message using the link https://firantes.com/contact/.
The processing of your data for these purposes is done to protect our legitimate interest in providing our users with as much information as possible about the tours we offer. User ratings are also in the interest of all users. Accordingly, the processing is based on Art. 6 para. 1 lit. f GDPR.
Processing of enquiries:
Your request will be processed by our processor, Firantes.
For the processing of enquiries, we or Firantes.
Improvement of customer service:
In order to continuously improve our customer service, we analyse enquiries sent to us on the basis of certain parameters and keywords. Although, as a matter of principle, no analysis is carried out on the basis of personal data, it cannot be ruled out that, in individual cases, personal data may also be processed within this context. The processing required within this context serves our legitimate interest as well as that of our customers in the continuous improvement of our customer service (Art. 6 para. 1 lit. f GDPR).
Technical service providers
We use technical service providers for hosting and some of the services required for the website. Accordingly, the processing of data takes place on the servers of these service providers. These service providers only process the data according to our explicit instructions and are obliged to guarantee sufficient technical and organisational measures for data protection. Consequently, our service providers act for us as so-called processors within the meaning of Art. 28 GDPR.
Hosting of the website
For the hosting of our website, we use the services of Amazon Web Services EMEA S.a.r.l. (“AWS”) based in Luxembourg. Accordingly, when you interact with our website or provide personal data, it is processed on AWS servers. We only use servers located in the European Union. To cover remote maintenance and similar constellations, we have concluded the standard contractual clauses approved by the EU Commission with AWS in accordance with Art. 46 para. 2 lit. c GDPR.7.2. E-mail system.
For sending emails, we use the Sendgrid service of Twilio Inc based in the USA (“Twilio”). There is no adequacy decision for the USA. We have therefore concluded the standard contractual clauses approved by the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR with Twilio.
You have the option on our website to register for our newsletter. With our newsletter, we would like to send you information on offers, tours, activities or special promotions that is as personalised as possible. By registering for our newsletter, you therefore consent to us processing your email address for the purpose of sending the newsletter. The legal basis for this processing is Art. 6 para. 1 lit a GDPR. You can revoke your consent at any time by unsubscribing from our newsletter. To do this, you can use the unsubscribe link contained in every email or send us a message using the link https://firantes.com/contact/. To verify your e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). When you register for the newsletter, we store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to prove your consent (Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR).
If you have booked a tour via our website or created a Firantesaccount, we will send you our newsletter based on our legitimate interest in promoting similar services to your bookings or account (Art. 6 para. 1 lit. f GDPR, § 7 para. 3 UWG) unless you have objected to this use. If cookies are used for personalisation, we will obtain your separate consent.
You can object to this at any time – even during registration – by deselecting the corresponding checkbox or clicking the unsubscribe link in the respective emails. In addition, if you have an account, you can always subscribe or unsubscribe to different types of communication from the Settings -> Notifications section on your profile.
For the dispatch of our newsletter and the personalisation of content, we use the services of the provider Braze Inc. based in the USA (“Braze”). There is no EU Commission adequacy decision for the USA. We have therefore concluded the standard contractual clauses approved by the EU Commission with Braze in accordance with Art. 46 para. 2 lit. c GDPR.
Bookings & payments
On other websites who have partnered with us in order to integrate the booking offers directly on their own website, both the partner and Firantesact as separate data controllers for the processing of your personal data.
In order to keep you updated on your bookings we will send you booking confirmations as well as reminders and updates for upcoming bookings (e.g. changed times or meeting points) to make sure that you have all information you need to attend your booked services. Booking confirmations are sent to your email address, and/or by SMS to the phone number you provide during the booking process. If you have an account, you can choose more granularly how you want to be notified from the Settings -> Notifications section on your profile.
We process your personal data in order to be able to provide you with these features of our service (Art. 6 para. 1 lit. b GDPR).
You have various options for paying for your booking. In doing so, we will process the data required in each case depending on the selected payment method. Within this context, your personal data will be processed as described below, which is based on Art. 6 para. 1 lit. b GDPR and is necessary to carry out the payment method you have chosen.
Credit card payments:
For the processing of payments by credit card, we use the service provider Adyen N.V. (“Adyen”), which is based in the Netherlands. The data provided during your payment will be forwarded by Adyen to the respective banks or financial institutions for the purpose of processing the payment. In the case of payments by credit card, we only receive the information that a payment has or has not been made, along with the last 4 digits of the credit card number. We therefore have no knowledge of your full credit card number.
Payment via PayPal:
If you have a PayPal account, you can also process your payment via PayPal. In this case, we receive from PayPal not only the information that a payment has been made, but also the e-mail address and address you have registered with PayPal.
Payment by invoice:
If you pay by invoice, we will transfer your personal data to Klarna Bank AB (publ) based in Sweden (“Klarna”). Klarna will process the data first for the purpose of credit assessment and then, if necessary, for payment processing.
In the event of chargebacks, we will transfer the necessary data to Global Merchant Risk Technologies trading as The Chargeback Company (Chargebacks911) based in Ireland to process a chargeback. The required data includes your name, booking information, telephone number and payment information. Chargebacks911 will then process the chargeback with your bank or PayPal or Ayden. The processing is carried out within the context of the execution of the contract (Art. 6 para. 1 lit. b GDPR) as well as on the basis of our legitimate interest in the effective processing of chargebacks (Art. 6 para. 1 lit. f GDPR).
Booking Cancellation Insurance
If you visit our website from certain regions, you will be able to also book activities with extended cancellation rights covered by insurance. The insurance coverage is offered to you by Companjon Admin GmbH with registered address at c/o Wilhelm Rechtsanwälte Partnerschaft von Rechtsanwälten mbB, Reichsstraße 43, 40217 Düsseldorf. If you book this option, your personal data will be processed based on Art. 6 para. 1 lit. b GDPR.
With regards to the data processing connected to offering these insurances on the Firanteswebsite, Firantesand Companjon Admin GmbH act as joint data controllers. With regards to the data processing directly connected to the insurance contract (such as eligibility, decision making process, claim processing etc.), Companjon Admin GmbH acts as an independent data controller.
You can excercise your data subject rights towards either Firantesor Companjon and we will ensure the requests is forwarded to the responsible party.
In order to protect ourselves and the activity providers from fraudulent bookings, we evaluate the information provided by our customers during the booking process, including the data technically transmitted by their device, insofar as this is necessary to protect our legitimate interest and that of the activity providers in reliable bookings (Art. 6 para. 1 lit. f GDPR).
For this purpose, we use services of the providers Sift Science, Inc. (USA), Adyen N.V. (Netherlands) and Ethoca Inc. (Canada). There is no EU Commission adequacy decision for the USA. We have therefore concluded the standard contractual clauses approved by the EU Commission with Sift Science, Inc. pursuant to Art. 46 para. 2 lit. c GDPR. For Canada, there is an adequacy decision by the EU Commission in accordance with Art. 45 GDPR for processing by private-sector organisations.
Protection against bots
To protect us from bots and similar technologies, we use the Cheq service provided by CHEQ AI Technologies Ltd. based in Israel (“Cheq”). Cheq will use the data automatically transmitted by your device to determine whether the request most likely originates from a human. No further storage of the data will take place. The processing is carried out in order to ensure the security of the processing in accordance with Art. 32 GDPR and on the basis of our legitimate interest in protecting ourselves against misuse of our service (Art. 6 para. 1 lit. f GDPR). For Israel, there is an adequacy decision of the EU Commission according to Art. 45 GDPR.
We use so-called “cookies” to offer certain functions of our website and to optimise the use of our website. “Cookies” are small files that are stored on your device with the help of your internet browser.
Customer surveys and research panels
When you access our website, you might be prompted in a pop-up window to answer some questions about the Firantesproduct or features. We collect the answers in an aggregate form and they are not linked personally to you. This is completely optional and you give your consent for us to process your answers if you choose to answer the questions.
Marketing and remarketing services
Evaluation of advertising on the web and on social media platforms
With regard to our social media advertising, we use a service provided by Smartly.io Solutions Oy, based in Finland, to analyse the success of our advertisements.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.