Last updated: 10 August 2023
TOURISH is a travel retail services marketplace, that is available to product vendors, travellers or end-users via iOS and Android mobile app (the “App”). We also have an official website, i.e., www.tourish.market (the “Website”).
TOURISH (a product by Swissynergizers GmbH) values its customers – travellers and vendors alike, and respects that privacy of their personal data is very important.
This privacy policy (the “Privacy Policy”) describes how TOURISH processes these personal data with respect to but not limited to, collection, storage, usage and disclosure when using the marketplace platform via mobile app/s. The data controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
swissynergizers GmbH
c/o RA Felix Kappeler
Dammstrasse 19
6300 Zug
Switzerland
info@swissynergizers.com
TOURISH's representative in the European Union is:
Alexander Schroll
c/o Bestconnex
Überreiterweg 5
85748 Garching b. München
Germany
a.schroll@bestconnex.de
This Privacy Policy is an integral part of TOURISH Terms of Use. When you push the “I accept” button, you confirm that you have read the Privacy Policy carefully and that you accept its terms.
This Privacy Policy is prepared in accordance with the European General Data Protection Regulation (GDPR), applicable US legislation (i.e., Acts of the Federal Trade Commission, the Electronic Communications Privacy Act and others), Swiss Data Protection Law and the best international practices in the field of personal data protection.
The App uses non-standard PII (Personal Identifiable Information) and includes the Google Limited Use disclosure to demonstrate compliance with Google API Services User Data Policy.
Data Protection Officer
Having the greatest respect for your personal data, we appointed Manish Shrivastava to be our data protection officer. You can email our data protection officer at manish@tourish.market or at our postal address indicated above with any questions you may have.
If you also have any requests regarding privacy matters, you can also contact us at any time at admin@tourish.market.
The Privacy Policy covers the following:
When you create an account in the App, sign up to receive offers or information, or make a purchase using our platform, you give us your personal information. We also receive information from our business partners and other third-parties’ applications that help us improve our platform and associated tools and services, update and maintain accurate records, potentially detect and investigate fraud, and enable better offer our services.
On our Website, we may use cookies and cookie-like technologies from third parties on our website. Cookies are small text files that are stored on your device. If you call up our website, a cookie may be stored on your operating system. This cookie contains a specific sequence of characters that enables the browser to be uniquely identified when the website is called up again. Cookies do not cause any damage to your device. Cookie-like technologies from third parties, similar to cookies, can also be used to collect information (usually your IP address) from you.
The primary reason we gather and use your personal data is to offer you with services and the ability to utilize the App. The fulfilment of a contract with you (Terms of Use; see Art. 6 para. 1 lit. b GDPR for European customers) is the legal basis on which we treat your personal data for this purpose. The kind of the data we process is directly related to the services you use in the App; for example, if you do not use any of the App's features, we do not need or process any associated data.
Please note that we will be unable to provide you with a service that necessitates the processing of some data if access to your personal data is denied by you.
When purchasing a service or signing up for services, if you are acting on behalf of another person, you must make sure that person has both (i) requested the services and (ii) given consent to us to use his or her personal information to provide those services.
We also collect and use personal data from you in order to improve and develop the App and Website. We gather and process cookies, log files, and data on your behaviour inside the App and our Website for this reason. IP addresses, browser information, Internet service providers (ISP), referring/exit sites, operating systems, device type, App version, session date/time stamps, clickstream data, usage of the app, date of initial App launch, and mobile carrier are among them. We accomplish this on our own as well as with the help of third-party service providers. The legal basis on which we process your personal data for these purposes is our legitimate interest (see Art. 6 para. 1 lit. f GDPR) to make the App and the Website correspond to your needs and to keep them secure as well as to facilitate access to information about the App for other persons who may be interested in it. On our Website, we only use cookies or cookie-like technologies that are necessary to provide you with a functional website. Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. The data is stored in the log files of our system. This data is not stored together with other of your personal data. Furthermore, we use social media plug-ins ("plug-ins") of Facebook LinkedIn and Twitter on our Website. These services are operated by the following companies:
In order to increase the protection of your data when visiting our Website, the plug-ins are not integrated into the page without restriction, but only using an HTML link. This integration ensures that when you call up a page of our website that contains such plug-ins, no connection is yet established with the servers of the provider of the respective social network. If you click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider.
We also process data to adjust our promotion strategy. We may receive the name of the ad campaign, keyword, ad group, and click date if you install the App via Apple Search Ads. This information is used to fine-tune our future advertising initiatives. These data are not used for direct marketing. We also collect, aggregate and generalize data on your orders that are reflected in the App, as well as reviews and ratings you placed on the App. We share anonymized statistics with vendors that use these data to improve their offered service (e.g., to choose which lounge to provide discounts during what hours of service to improve business). Due to the anonymized nature of the data, no direct marketing or profiling can be performed based on these data. The legal basis on which we process your personal data for these purposes is our legitimate interest (see for European Customers Art. 6 para. 1 lit. f GDPR) in tracking and analysing trends in the travel industry and to prepare aggregated statistical reports on people’s behaviour with respect to their choice of products.
We may also email you promotional offers and news, in accordance with applicable law. You may opt-out of marketing emails or our newsletter at any time by clicking the link labelled “unsubscribe” at the bottom of any newsletter emails we send you or email us at info@tourish.market . Please note that even if you opt-out of receiving email marketing communications, we may still email you important transactional or administrative information or respond to your enquiries. Where we are required to have a legal basis for this processing of your personal data, we rely upon consent.
According to our assessment, processing based on specified legitimate interests does not adversely affect your rights and freedoms. Regardless, you are entitled to object to and request the restriction of processing at any time, if the law provides for it.
We do not process any special categories of personal data (e.g. data revealing racial and ethnic origins, political opinions, religious or philosophical beliefs, trade union memberships or genetic and biometric data) or data related to criminal convictions and offenses, except if provided by you voluntarily. We do not transfer such data to any third party.
We collect your data from:
You can access and update your personal data on your own in certain sections of the App (e.g., Profile). You can also choose to delete your account. Please note that your account deletion may not be effective immediately if you have payment to be settled and/or services pending to provided/received.
You have – if the corresponding legal requirements are met – the full legal right to obtain information about the personal data we have stored about you, the right to rectification or deletion, the right to request us to restrict the processing of your personal data. If you have provided us with personal data for the performance of a contract or on the basis of consent, you may request that you receive the personal data you have provided in a structured, common and machine-readable format or that we transfer it to another controller. If you have given us consent, you can revoke this at any time with effect for the future. The lawfulness of the processing of the data until the revocation remains unaffected.
In general, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out in our legitimate interest; this also applies to profiling based on these provisions. If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to processing of your personal data for such marketing; this also applies to profiling, insofar as it is related to such direct marketing
You may lodge a complaint with the competent supervisory authority if you believe that the processing of personal data violates applicable law. To do so, you can contact the supervisory authority responsible for your place of residence or the data protection authority responsible for us in Switzerland (Swiss Federal Data Protection and Information Commissioner).
In addition to any of the rights explained in this Policy, in case you are not satisfied with our personal data processing activities and/or have any other complaints, contact us at info@tourish.market.
No one can guarantee that data transmission over the Internet or the methods used for electronic storage are 100% secure. Bear this in mind before submitting any information about yourself.
However, the security of your personal data is one of our top priorities. We follow the best international practices and applicable laws to protect your personal data, both during transmission and once we receive it. We implemented the appropriate technical and organizational measures to ensure the security and confidentiality of your personal data, and we follow strict procedures to prevent the unauthorized access, loss or destruction of your personal data. Namely, we follow the Payment Card Industry Data Security Standard (PCI DSS) to ensure the secure processing of your bank card information.
We use AWS to store the data in connection with the App functioning. AWS designed the security of its infrastructure in layers that build upon one another, from the physical security of data centres to the security protections of hardware and software, to the processes used to support operational security. This layered protection creates a strong security foundation. A full list of data security measures undertaken by AWS please find here .
We do not share your data with third parties except as described in the Privacy Policy. We only transfer data to the following categories of recipients (primary in order to fulfil our contract with you):
We would like to point out that your data is transferred to a country that does not have an adequate level of data protection. National data protection legislation applies, which may make it more difficult to enforce your rights.
In these cases, we ensure adequate protection of your personal data in accordance with data protection regulations, in particular by concluding appropriate standard agreements in the event of commissioned data processing, alternatively by involving only service providers with approved Binding Corporate Rules, if necessary by means of further agreements (e.g. standard data protection clauses), and additional technical measures in the area of access control, such as encryption or pseudonymization. Your personal data can only be accessed by our authorized employees, consultants, vendors and service providers, or by the concerned group entities. We take appropriate organizational and technical measures to protect your personal data when interchanging data with such third parties. They are bound by confidentiality obligations, and they must ensure the security and confidentiality of data. Vendors must not use personal data received from us other than for the purpose fulfilling the specific contract entered into via TOURISH.
We endeavour to cooperate only with those third parties who respect and comply with personal data processing requirements.
We may also share personal data with third parties when:
While using the App, you might be interested in inviting random people whom you do not know but with whom you are interested in communicating through the App. In this event, make sure you truly wish to share any of your information or data with such a person. Once you provide the information to such a person, we cannot guarantee that this person will not use this information against you, trade it or misuse it in any other way. We will not be able to prevent such misuse, nor will we be liable for it. We will only be able to block the account or delete the account of any user who violates the Privacy Policy or Terms of Use. However, once any information is provided by you directly to anybody through the App, we are not responsible for any consequences.
We share anonymized statistics with third parties that use these data to improve their services (e.g., to choose what products / services to offer at which terminals). Due to the anonymized nature of the data, no direct marketing or profiling can be performed based on them.
When you send us screenshots for their inclusion to our profile on the AppStore page, please keep in mind that we will post such screenshots on the publicly available webpage where everyone can see them. So, please exclude from the screenshots all the information you do not want to be disclosed in such away.
Personal data is only processed for the period of time required to achieve the respective purpose of storage or if this is provided for in laws or regulations applicable to us.
If you delete your account or any part of the information about you contained in the App, we also delete the corresponding information on our servers, subject to a complete check of open payments or commitments, if any.
We do not constantly track if you have the App installed on your device. If you want us to quickly delete information about you, you should delete your account before deleting the App.
We use AWS to store your data. AWS servers are located worldwide and data are stored in AWS network of geographically distributed data centres (see AWS website for more details). The information may be processed outside of your local state or outside of the EU, including in Switzerland, where we are headquartered.
AWS processes personal data on our behalf as so-called "processors". AWS is obliged to process personal data exclusively in accordance with our instructions and to take appropriate data security measures. We ensure that data protection is guaranteed throughout the processing of your personal data by selecting the order processors and by means of suitable contractual agreements. See Privacy Policy Declaration of AWS .
The data protection law and other laws in different countries might not be as comprehensive as those in your country, but please be assured that we have taken steps to ensure that your privacy is protected. With respect to the data of EU users, we ensure that there are appropriate safeguards as set forth in Article 46 of the GDPR (e.g., standard data protection clauses regarding a party storing or otherwise accessing data are in place), or we rely on derogations for specific situations as set forth in Article 49 of the GDPR, i.e. the performance of a contract with you.
We respect your personal data, so during the collection and processing of them, we strictly adhere to the applicable business practices and principles of applicable legislation, including:
The App and the Website is for general audience use and is not directed at children. Should a child whom we know to be under 16, sends personal data to us, we will use that data only to respond directly to that child to inform him or her that we must have parental consent before processing personal data.
We reserve the right to modify the Privacy Policy at any time. If we decide to do so, we will notify you by sending you a message to your personal profile in the App, or by showing the update on the screen of your device when using the App.
If there is a personal data breach, we will without undue delay and where feasible, no later than 72 hours after having become aware of it, notify the competent supervisory authority of the personal data breach unless we reasonably decide that such a breach is unlikely to result in any risk to the rights and freedoms of data subjects.
If a data breach is likely to result in a high risk to your rights and freedoms, we will also send a parallel communication to you.
Identification of you in the App:
| Data | Purpose(s) | Source | Third parties |
|---|---|---|---|
| Full name | To properly identify you within the App | When you enter data manually in the App, or automatically through: | We use AWS to store data |
| To send you confirmations, updates, security alerts, support and administrative messages, and to otherwise facilitate your use of and our administration and operation of the App | From Sign in with Apple feature | ||
| Phone | |||
| Password hash (if an account was created using Tourish authentication system) |
| Data | Purpose(s) | Source | Third parties |
|---|---|---|---|
| Uploaded images, documents or other files | To allow you to store the necessary documents | When you upload them manually to the App | All data are stored in AWS |
| Permissions | Purpose(s) |
|---|---|
| Camera Permission | To allow you to take a photograph of the document that you would store |
| Storage Permission | To allow you to upload any image, document or any file |
| Network State | To prompt you whether you have an active internet connection |