Introduction

This privacy policy describes how our company, Not A Tourist BV, processes your personal data when you visit our website, order products in our webshop or use the Not A Tourist app for iOS and Android. We use this data to offer and improve our products and services and to help you get the best out of your walking tour. Because personal data can be traced back to you, we always handle your data carefully and keep it safe.

We recommend that you read this privacy policy carefully. This privacy policy may be amended from time to time. For more information, please contact us using the contact details at the bottom of this privacy policy.

1. Definitions

The following definitions are used in this privacy policy:

– Apps: our Not A Tourist app for iOS and Android;
– User: that is you, user or customer of our Website, Webshop or Apps;
– Tassie / Not A Tourist: that's us, Not A Tourist BV;
– Website: Not A Tourist website under www.notatourist.nl;
– Webshop: the webshop on our Website;
– Services: all our services, such as our physical tours in the bag and our digital tours per app, but also our content and extra features that we offer.
– Eco-system: all digital channels through which Not A Tourist offers its services, such as the Apps and Website and social media channels.

2. Personal Data

Personal data is data that can be traced back to you directly or indirectly (in combination with other available data), such as your name, telephone number, e-mail address, IP address, address data, location data and data relating to your activities on the Website. We only process the personal data that is necessary for the purpose for which the processing takes place, such as offering and optimizing our Website, Apps and Services, sending and personalizing newsletters or executing orders via our Webshop.

We collect personal data from the moment you visit our website or use our apps, make purchases, download or use our services. This information includes your general preferences (such as language preferences), settings and system specifications and device IDs. Through cookies or similar techniques, data can be collected (with your permission) about the way in which you use our Website, Apps and Services, to analyze User data and to be able to make targeted offers. See point 3 of this Privacy Statement.

We also collect personal data (such as your name and e-mail address) when you buy or book a product or service via our website or apps, use services, for example when registering for our newsletter, participate in a competition, open an account, make a purchase in our webshop, communicate with our customer service, or when you post a comment, review or other information on our Website or Apps. When purchasing products via our Webshop, we collect your address details in order to be able to execute the order.

We may also request you to share your location when you use our website, apps or services, so that we can help you further or better. We therefore first ask for your permission. As a result, the routes with addresses/POIs (“Points Of Interest”) work better in some situations, more intuitively or we can give you specific and relevant (last minute) tips about certain POIs or show new POIs. After all, a city is always “on the move”. We can also use this to offer events or services from third parties in your area (such as tickets & tours or last minute events) even better based on your preferences or profile. If you came to Not A Tourist via a third party (such as via another website or partner), we can also receive your personal data (such as your email address) from them if you have given permission for this.

3. How do we currently use your personal data?

We use your personal data for a number of purposes, including:

▪ To ensure a smooth user experience – when using our website, apps or services, we collect certain information such as name, date of birth and email in order to recognize your digital device (such as computer, mobile device or smart watch) and your interaction with the website , optimize and improve apps and services and to better process transactions or login to your account.
▪ Customized content and services – by personalizing the content on our website, apps and services based on your data, such as the questions asked, we can offer you relevant products and services that suit the travel destination and your interests and wishes. With this we hope to make your walking tour even better and more personal.
▪ User account – to create and manage your user account (see point 5 below) we collect certain data, such as your name, e-mail address, or location and/or preferences if you have provided them;
▪ Purchases via our Webshop – in order to fulfill orders in our website and/or apps and to process them administratively, we collect certain data, such as your name and address details in order to confirm and invoice the purchase;
▪ Reviews – we collect certain personal data when you post reviews on our websites or apps, to respond to the review or to analyze user feedback on a product or service.
▪ Customer service – to streamline your communication with our customer service, we use certain personal data, such as your name, email address and telephone number, to:

• quickly and securely establish your identity and establish a direct link to your order history;
• facilitating follow-up communication via telephone, e-mail and in the future via chat. We can also use your personal data to provide assistance (such as help with an order or booking) when you ask us for it;
• to inform you of unexpected or exceptional situations that may affect your experience with our products or services, such as strikes, travel restrictions and potentially dangerous situations at your travel destination;

▪ Marketing purposes – this means semi-personal forms of communication, including newsletters (more details below) and promotion of our products and services on other websites that you may visit, including social media websites. For targeted advertising (via tracking cookies or third-party advertising cookies) and marketing on social media, you as a user must give explicit access.
▪ Fraud detection and security – your personal data also plays a vital role in helping to identify and prevent fraudulent transactions and other illegal activities on our platforms. In addition, this data enables us to send safety messages to our customers.
▪ Secure payments – we work with third party payment services (payment service providers) on all our payment transactions. Your account information or credit card information is collected directly (via a secure connection) by these third parties, without us having access to it. So we do not have access to your full payment information, but we may use partial information, such as the last two characters of your credit card number, for verification and anti-fraud purposes.

4 . Newsletters

We use newsletters to inform you about recent developments and to introduce you to new products, additional information, special offers and promotions. You can unsubscribe from these newsletters at any time by clicking on the 'Unsubscribe' link in the newsletter. Although we value feedback from our users, you are not obliged to give a reason for unsubscribing from the newsletter.

5. Your user accounts

You may have created a Not A Tourist account by confirming your email address or otherwise registering with us. With a user account you can use certain services within the webshop or apps and a profile can be created. By creating an account with us through a third party (such as Facebook, Apple or Google), you give us the right to verify your identity through these services and provide access to your personal details from your user account, as described under "Personal Data" above.

6. Location

We always ask for your permission before we gain access to your location. This only applies to digital devices (such as a computer, mobile device or smartwatch) that you are currently using. By sharing your location, our apps and websites work best and we can help you find the best and most relevant POIs in and around your destination. We also like to surprise you with the latest tips about this destination based on your interests if you have made them known. You can withdraw this consent at any time by changing the privacy settings on your computer or mobile device or smartwatch.

7. Legal Bases

Under the General Data Protection Regulation (GDPR), personal data may only be processed if there is a legal basis for doing so. Our use of your personal data is based on four bases:

Performance of a contract – we may use your information for the performance of a contract you have entered into with us. We may then use this information to, for example, process purchases of one or more of our products or services.
Legitimate interest – we may process your data when this is necessary for the purposes of a legitimate interest, for example to match the content of our website, apps, and communication with you to your preferences, to be able to refer you to websites of our partners, to optimize our services or to secure our website and apps and to detect fraud. You can object to this processing at any time by contacting us via the contact details under point 14.
Unambiguous consent – ​​based on your unambiguous consent, we can use your personal data for the processing operations for which that consent has been granted, for example for using location data, sending newsletters and placing marketing cookies. You always have the option to withdraw your consent. This can be done via the website or via the application in which the permission was given. You can withdraw permission for the newsletter via the link at the bottom of each newsletter.
Legal obligation – In some cases we may have a legal obligation to process your personal data.

8. Retention Periods

We store the collected data for shorter or longer periods depending on what the data is, how we use it and what legal retention periods apply. We store data in your User Account as long as the account is still active and then for a maximum of two years. Data related to orders placed by you via our Webshop are kept for 7 years on the basis of the statutory retention obligation that applies to our financial administration. We store data about your contact with our customer service for a maximum of twelve months after the last contact. For more information about retention periods, please contact us using the contact details below.

9. Cookies and Google Analytics

We want you to have an enjoyable experience on our platforms. That is why we use cookies or similar technologies (such as scripts or beacons) that ensure that our website and apps function smoothly and reliably. Cookies are small text documents that are placed on your computer or mobile device when you visit a website or app.

Your permission is requested in advance on the website or via the apps for the placement of (non-essential) preference cookies, analytical cookies and marketing cookies. In our Cookie Statement you can find more information about the cookies and similar technologies that we use, what data we collect with them and for what purposes we use them. It also states how consent, once given, can be withdrawn.

10. Third Party Access to Personal Data

We work together with a number of third parties, with whom your personal data can be shared in certain cases:
▪ Third party services – we use the services of third parties, including Google Analytics, which collect and analyze personal data for us. These third parties are used to optimize our services for you and to individualize and improve our marketing activities (such as newsletters).
▪ Financial Transactions – We also use third parties to process your online payments. We share your personal data with them to carry out and complete financial transactions for us. This only concerns PCI-certified parties that are obliged to keep your personal data confidential and only use this information for the purposes as agreed with us.
▪ IT service providers – We use IT service providers, such as hosting parties and developers, who in some cases can (temporarily) access your personal data

▪ Legal obligations – in some cases we may be required to share your personal data by law, in the context of a legal process or pursuant to an order issued to us by a competent authority.

In order to provide our services, we may be required to transfer personal data to countries outside the European Union. When this is the case, we take all necessary steps to lawfully transfer the personal data to those countries. We use European model contracts (Standard Contractual Clauses) and any additional measures to ensure the protection of your personal data.

11. How do we protect personal data?

To properly protect your personal data, we use a number of different physical and technical security measures. Physical security measures include monitored access to our offices and security measures for laptop and computer users. Our technical measures include regular scans of our website and apps to identify security vulnerabilities. We also use malware scanning and your personal data is safely protected behind secure networks. They are only accessible to a limited number of persons with special access rights to such systems. These persons are obliged to treat your personal data confidentially.

12. Your Rights as a User

Under the GDPR, you have the following rights in connection with the processing of your personal data for which we are responsible:

▪ You have the right to inspect, rectify and delete your personal data processed by us. You also have the right to object to the processing of your personal data.
▪ You have the right to request us to restrict processing and data portability. The latter means that you have the right to receive personal data that we process about you in a structured, commonly used and machine-readable form and, if necessary, to request that we forward that data directly to another controller.
▪ In all cases where the processing of your personal data is based on consent, you have the right to withdraw this consent at all times.
▪ If you want to make use of one of these rights, or if you have any questions about this privacy policy, you can reach us by sending an e-mail to: hello@notatourist.nl . For a smooth handling of your requests, it helps us if you include the text "Request Personal Data" in the subject of your e-mail.
▪ You can unsubscribe from newsletters via the unsubscribe function at the bottom of the newsletters or by sending an e-mail to: hello@notatourist.nl with the subject unsubscribe newsletter.

13. This Privacy Policy

We reserve the right to make changes to this privacy policy and will publish the amended version of the privacy policy on our website.

14. Our contact details

Not A Tourist BV is a Dutch private company, incorporated under Dutch law and registered with the Amsterdam Chamber of Commerce (no. 89762274). The visiting address of Not A Tourist BV is Prinsengracht 769, 1017 JZ Amsterdam, the Netherlands. For questions about this privacy policy, please send an email to: hello@notatourist.nl .

Do you have any further comments, requests, questions, or other feedback regarding the privacy policy? Please contact our customer service via hello@notatourist.nl .

Version June 2023.