Effective date: 01/05/2026
This Privacy Policy describes how IndoVentura OÜ (“we”, “us”, “our”) collects, uses and protects personal data in accordance with the EU General Data Protection Regulation (GDPR).
1. Data Controller
IndoVentura OÜ
Registry code: 17494733
Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551
Email: [email protected]
2. What Data We Collect
We only collect personal data necessary to provide our travel information and introduction services. This may include:
- Full name
- Email address
- Billing address (for invoicing and legal accounting requirements)
- Passport details (only when required for travel arrangements with service providers)
- Travel preferences
- Trip details
- Emergency contact informationname
- Payment records (transaction references — we do not store full payment card details)
3. How We Collect Data
We collect personal data when you:
- Contact us via our website or email
- Request a proposal or itinerary
- Proceed with travel arrangements with independent service providers
- Communicate with us regarding travel planning
4. Purpose of Data Processing
We process your data solely to:
- Communicate with you
- Provide travel information and prepare travel suggestions
- Introduce you to independent local service providers
- Provide customer support
- Fulfill legal and accounting obligations
We act solely as a travel information and introduction service and do not operate tours or act as a tour operator.
5. Legal Basis for Processing
We process your personal data based on:
- Performance of a contract — to arrange and support your requested travel services
- Legal obligations — invoicing, accounting, and regulatory compliance
- Your consent — where required (e.g., optional marketing communications)
6. Data Sharing
We only share data when necessary and only with relevant third-party service providers, including:
- Local guides
- Transportation providers
- Accommodation and activity operators
- Payment service providers (where applicable between client and provider)
Your data is shared strictly for the purpose of facilitating direct agreements between travellers and independent service providers.
We do not sell or monetise your data.
7. International Data Transfers
Some service providers are located outside the European Union, including in Indonesia.
Where transfers occur, appropriate contractual safeguards are applied to ensure GDPR-compliant data protection.
8. Data Retention
We retain personal data only for as long as necessary to:
- Provide requested services
- Fulfill contractual obligations
- Comply with accounting and legal document retention laws
Financial records may be retained for up to 7 years in accordance with Estonian statutory requirements.
9. Data Security
We apply appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure or alteration.
10. Your Rights
Under GDPR you have the right to:
- Access your personal data
- Correct inaccurate or incomplete data
- Request deletion of your data (“right to be forgotten”)
- Restrict processing
- Object to processing
- Request data portability
To exercise any rights, contact: [email protected]
11. Cookies
Our website may use essential cookies necessary for basic website functions and analytics cookies to measure site performance.
If analytics cookies are used, consent will be requested through a cookie banner.
12. Marketing Communications
We only send marketing emails when you have given explicit consent or if permitted under applicable laws.
You may unsubscribe at any time by contacting us or using the unsubscribe link.
13. Payment Data
We do not store full credit card or bank account details.
Payments are processed via third-party payment providers (e.g. banks, Wise, PayPal), who are solely responsible for secure payment processing.
IndoVentura does not act as a payment agent for travel service providers. Any payments between travellers and independent service providers are handled directly between those parties.
14. Children’s Data
We do not intentionally collect or store personal data relating to minors unless such information is strictly required to fulfill a booking and is provided by a parent or legal guardian.
15. Complaints
If you believe your data has been handled unlawfully, you may lodge a complaint with:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Or with your local EU data protection authority.
You may also contact us directly at [email protected] so we can address your concern before escalation.
16. Updates to This Policy
We may update this Privacy Policy from time to time.
The latest version will always be published on our website with the effective date clearly shown.
17. Contact
For any privacy-related inquiries, contact: