Works in 135+ countries
Reusable for frequent travellers
Express shipping to your home
100% money-back guarantee

Change settings

Language
EN | € Change
0

Privacy and Cookie Policy

Updated on 12th October 2020

Top Connect OÜ, registered in Estonian Commercial Register under registration number 10668897 with registered office at Väike-Paala 1, 11415 Tallinn (hereinafter “Top Connect”, “we”, “us” or “our”) has prepared this Privacy and Cookie Policy (hereinafter “Privacy Policy”) to inform you about our practices in connection with the collection, use and disclosure of the personal information you make available to us by visiting our website www.airbalticcard.com (hereinafter “Website”). Furthermore, this Privacy Policy describes the type of information that may be collected by our use of cookies and other technologies across our Website and also applies to our marketing leads and recruitment process.

This Privacy Policy applies to the Website and any authorized sub-sites that expressly adopt, display or link back to this Privacy Policy. By using the Website, you agree to the collection and use of your information in accordance with this Privacy Policy by us as the data controller of your personal data. If you do not agree with this Privacy Policy, please do not use our Website. It’s important you understand that by using our services, you give us consent to collect, use, disclose, and retain your personal data.

As we are a company registered in the Republic of Estonia, the processing of your personal data shall be governed by the laws of the Republic of Estonia.

Please take your time to read this Privacy Policy and contact our data protection officer (hereinafter “DPO”) Sergei Aleksejev at data.protection@topconnect.ee if you have any comments, questions or concerns. We will respond to your request by e-mail as a rule no later than within one month. Please note that before we can provide you with the requested information regarding your request, we need to verify your identity.

This Privacy Policy does not form a contract between an individual and us. If we change or modify our Privacy Policy, we shall post the latest version on our Website. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on the Webpage.

We will always be open and honest about the way in which we manage personal identifiable information. You have many rights that you can use to control your privacy and we respect those rights. We want to help you exercise your rights, so you will find details on how to do so below.

You have the right to make a complaint at any time to a supervisory authority. The Estonian Data Protection Inspectorate (registered offices at Väike-Ameerika 19, 10129 Tallinn, tel. +372 627 4135, e-mail info@aki.ee) is the lead data protection supervisory authority for Top Connect as being an Estonian data controller.

Data protection principles

First and foremost, it is important for us to emphasize that we comply with all relevant data protection principles when processing your personal data. These principles relate to:

  • Lawfulness, fairness and transparency – we process your personal data lawfully, fairly and in a transparent manner;
  • Purpose limitation – we only collect your personal data for a specific, explicit and legitimate purpose and only for as long as necessary to complete that purpose;
  • Data minimization – we do ensure that your personal data we process is adequate, relevant and limited to what is necessary in relation to our processing purpose;
  • Accuracy – we take every reasonable step to update or remove information that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous information that relates to you, and we will do so within a month;
  • Storage limitation – we delete your personal data when we no longer need it;
  • Integrity and confidentiality – we keep your personal data safe and protected against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate and reasonable technical or organizational measures.

Personal data we collect and purpose for processing of personal data

Personal data means any information relating to an identified or identifiable natural person. You don´t have to give us any personal information in order to use most of our Website. However, we may collect personal information that you voluntarily provide to us when you request information about our services, submit questions to us, subscribe to our services and when you choose to submit your resume in relation to career opportunities posted on our Website. Any information you send us for the purpose of a job application will be treated by us with the greatest care and for that purpose only.

For the purpose of this Privacy Policy, we are a data controller of your personal information and solely determine the purposes for which and the manner in which any personal information are, or are to be, processed and collected on our Website. We do not sell, share, or transfer this information, except as set out in this Privacy Policy. We use your information to improve our marketing, for administration and to provide our services.

If you subscribe to our newsletter via our Website or otherwise provide us with your contact details, Top Connect may send you updates, newsletters or other alerts which may be of interest to you. For marketing purposes, we may monitor whether you open and/or click on URLs in our newsletters.

How we use your personal data?

Top Connect will use your personal data for customer service, to provide you with information that you may request, and to customize your experience on the Website. Your personal data is used by Top Connect to respond to your requests, tailor offerings to you, and for general internal business purposes.

Top Connect operates businesses in multiple jurisdictions. We require all services providers to process your information in a secure manner and in accordance with EU law on data protection. We utilize standard means under EU law to legitimize data transfers outside the EU.

If Top Connect or part of this company is sold to or merges with, another company, or declares bankruptcy, some or all of the data collected from you may be transferred to a third party as a result of the transfer of assets. Top Connect may also disclose your data when Top Connect determines it necessary to comply with applicable laws or protect the interests or safety of Top Connect or other website or visitors.

Processing of special categories of personal data

Top Connect will not collect or use information revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, or any other information considered sensitive.

Legal ground for processing personal data

We collect several different types of information for various purposes to provide and improve our services to you. Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the data we collect and the specific context in which we collect it.

Top Connect may process your personal data because (a) we need to perform a contract with you; (b) you have given us your consent to do so; (c) the processing is in our legitimate interests and it´s not overridden by your rights and/or (d) to comply with the law.

We use the collected data for various purposes:

  • to provide, maintain and enhance you with the best Website possible;
  • to notify you about changes to our Website;
  • to gather analysis or valuable information so that we can improve our Website;
  • to monitor the usage of our Website;
  • to provide visitor support;
  • for compilation of anonymous usage statistics;
  • to detect, prevent and address technical issues;
  • for legal requirements and supervisory authorities;
  • to protect your and our rights;
  • to answer your own queries;
  • to contact you for administrative purposes to address relevant issue related to you.

Links to third party websites and applications

Our Website may contain links to third-party websites and applications that are not affiliated with us. We do not in any way endorse or make any representations about such third-party websites and applications. Any information you provide on third-party websites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through our Website. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Website. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

We may employ third party companies and individuals to facilitate our Website, to provide services on our behalf, to perform related services or to assist us in analyzing how our Website is used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Disclosure and transfer of personal data

We Process your personal data within the EEA, thus your information may be transferred to and maintained on computers located outside of your country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. We will comply with data privacy requirements providing adequate protection for the and take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). We also reserve the right to disclose personal data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the services and any facilities or equipment used to make the services available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.

We will notify visitors of inquiries made by public authorities to the maximum extent permitted by law through our communication channels.

Cookies and tracking technologies

We use automatically collected information and other information collected on our website and services through cookies and similar technologies. Cookie is a piece of data temporarily stored on the visitor’s hard drive containing information about the visitor. A cookie contains your contact information and information to allow us to identify your computer using our Website. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, if you do not accept cookies, you may not be able to use some portions of our Website.

Google Analytics

We use Google Analytics to measure and evaluate access to and traffic on the Website and create visitor navigation reports for our administrators. Google operates independently from us and has its own policies which we strongly suggest you review. Google may use the information collected through Google Analytics to evaluate visitors’ activity on our Website. For more information, see Google Analytics Privacy and Data Sharing.

We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need to know basis to resolve technical issues, administer the services and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify our visitors.

You can opt-out of having made your activity on the Website available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

Community Functions

The Website may make available to its visitors’ chat rooms, forums, message boards, and/or other community functions. Remember that any information you disclose in these areas becomes public information and you should exercise caution when deciding to disclose your personal, financial or other information.

Personal data security and retention

Top Connect will take reasonable steps to ensure that the data we collect from you, use or disclose is accurate, complete and up-to-date.

Top Connect will take all reasonable steps to ensure that the personal identifiable information we hold about you is protected from misuse and loss or from unauthorized access, modification or disclosure.

However, please note that no electronic transmission or storage of information is 100% secure. Therefore, despite the security measures that we have put in place to protect personal data about you, we cannot guarantee that loss, misuse, or alteration of data will never occur. If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.

Top Connect will also take reasonable steps to destroy or de-identify your personal data when we no longer need it and it is not necessary retain data to comply with applicable laws.

To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data and the purposes for which we process it. We must also consider periods for which we might need to retain personal data in order to meet our legal obligations or to deal with complaints, queries and to protect our legal rights in the event of claims being made.

We use collected statistical data for analysis for up to three years. Cookies are usually valid for a short term (a day, a week or a month), though in some cases they may remain valid for up to a year.

 

Your Data Protection Rights

Under certain circumstances, by law you have the right to:

  • Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding or using it.
  • Request access to your personal data (data subject access request). This enables you to receive a copy of the personal data we hold about you.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object when we are processing your personal information for direct marketing purposes.
  • Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal data or profiling of you.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request transfer of your personal data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
  • Withdraw consent. Then you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
  • Submit the complaint. In case you find that your rights have been breached, you have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA or the Estonian Data Protection Inspectorate (you can find contact details in the beginning of this Privacy Policy).

If you want to exercise any of these rights, then you may contact us through our Contact page or contact our DPO.

By using our Website, you consent to the collection and use of any personal data in the manner described.