PRIVACY POLICY & GDPR INFORMATION


PRIVACY POLICY

What To Do In Singapore

Effective date: 1.2.2025


This Privacy Policy explains how personal data is processed in connection with the purchase and use of digital travel products and related services offered under the brand What To Do In Singapore (“we”, “us”, “our”, “Provider”), in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Czech data protection laws. By using our website, booking system and services, you acknowledge that you have read and understood this Privacy Policy.


  1. Data Controller
    Data Controller / Provider: Bc. Marek Kotyza
    Business ID (IČO): 75084431
    Registered office: Matějkova 1935/12, 190 00 Praha – Libeň, Czech Republic
    Email (GDPR contact): info@tourguidematch.com
    (hereinafter referred to as the “Controller”)
    We do not appoint a Data Protection Officer (DPO) unless required by law.
  2. Scope of processing
    We process personal data only to the extent necessary for providing digital products and services, processing bookings, payments and issuing vouchers or tickets, delivering access links and digital content, customer communication and support, handling complaints and disputes, compliance with legal and regulatory obligations, fraud prevention, abuse detection and risk management, analytics and performance measurement, improvement of services and user experience, and marketing and remarketing where legally permitted. We do not sell personal data.
  3. Categories of personal data
    Depending on your interaction, we may process identification and contact data such as name, surname, email address and phone number if provided. We may process booking and transaction data including booking ID, purchase date and time, purchased products, price, currency, payment status, vouchers, QR codes and refund history. We process payment-related data only in the form of transaction identifiers and do not store full payment card details. We may process communication data such as emails, support messages and complaint handling communication. We may process technical and device data including IP address, browser, device type, operating system, language settings, timestamps, referrer URL and cookie identifiers. IP addresses are treated as personal data and may be anonymized where possible. We may also process behavioral and usage data such as interaction with the website and usage of digital products, approximate location data derived from IP address, and legal or security data such as fraud indicators, audit logs, abuse reports and dispute evidence. We do not intentionally process special categories of personal data.
  4. Legal bases for processing
    Personal data is processed on the basis of contract performance under Article 6(1)(b) GDPR, compliance with legal obligations under Article 6(1)(c), legitimate interest under Article 6(1)(f), and consent under Article 6(1)(a) where applicable. Legitimate interests include fraud prevention, service security, analytics and optimization, direct marketing where permitted and protection of legal claims.
  5. Data sharing
    Personal data may be shared only when necessary with booking platforms such as Bókun, payment providers such as Stripe, third-party suppliers for ticket redemption and service delivery, analytics providers such as Google Analytics, advertising platforms such as Meta and Google Ads, email and CRM tools such as Mailchimp or Brevo, hosting and IT providers, and legal, tax and regulatory authorities. These entities may act as data processors or independent controllers depending on their role.
  6. Third-party services
    The website may use services such as Google Analytics, Google Ads, Meta platforms, the Bókun booking system and Stripe payment gateway. These providers may process personal data independently under their own privacy policies.
  7. International data transfers
    Personal data may be transferred outside the European Economic Area. In such cases, appropriate safeguards are implemented, including Standard Contractual Clauses, contractual and technical protections and the use of reputable providers ensuring adequate data protection standards.
  8. Data retention
    Personal data is retained only for as long as necessary. Booking and accounting data is typically retained for up to 10 years. Customer communication is retained for up to 3 years. Analytics data is retained for up to 24 months. Security logs are retained for 6 to 24 months. Marketing data is retained until consent is withdrawn or an objection is raised. Data is periodically reviewed and deleted or anonymized when no longer necessary.
  9. Cookies and tracking
    The website uses cookies and similar technologies to ensure functionality, analyze usage and support marketing activities. Cookies may include strictly necessary, functional, analytics and marketing categories. Non-essential cookies are activated only after user consent and no tracking scripts are executed before consent is granted. Users can accept or reject cookies and change their preferences at any time. Example cookies may include Google Analytics cookies such as _ga and _gid, marketing cookies such as _fbp and _gcl_au, and technical cookies such as session_id and cookie_consent.
  10. Email communication
    We may send emails related to bookings and transactions, customer support and service updates. Marketing emails are sent only where permitted by law or based on consent. Each marketing email contains an option to unsubscribe.
  11. Data minimization and accuracy
    We process only personal data necessary for the defined purposes. The user is responsible for providing accurate and up-to-date data.
  12. Security measures
    We implement appropriate technical and organizational measures including encrypted communication via HTTPS, access control, monitoring and logging and protection against unauthorized access.
  13. Fraud prevention and security
    Personal data may be processed for fraud detection, prevention of abuse, protection of services and enforcement of legal claims.
  14. Data breach management
    In case of a personal data breach, risks are assessed, supervisory authorities are notified where required and affected individuals are informed if necessary.
  15. Automated decision-making
    We do not carry out automated decision-making with legal or similarly significant effects.
  16. Your rights
    You have the right to access your personal data, request rectification, request erasure, request restriction of processing, request data portability, object to processing and withdraw consent at any time. You also have the right to lodge a complaint with the Czech supervisory authority, the Office for Personal Data Protection (ÚOOÚ).
  17. Exercising your rights
    Requests can be sent to info@tourguidematch.com. We respond without undue delay, typically within 30 days. We may verify your identity before processing requests. Internal procedures are in place to handle data subject requests and coordinate with third parties where necessary.
  18. Children
    The services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.
  19. Updates to this policy
    This Privacy Policy may be updated at any time to reflect changes in legal requirements or our services. The current version is always available on the website.
  20. Contact
    Bc. Marek Kotyza
    IČO: 75084431
    Matějkova 1935/12, Praha – Libeň
    Email: info@tourguidematch.com