Data Protection

On this page, we briefly explain why and how we collect personal data. This description outlines what data we collect, how we use it, why we need it, and how it benefits you.

You can always request more information about our data protection practices by emailing info@goldtour.co.uk

Our Registers

We maintain customer, marketing, user, and applicant registers, as well as personal data registers within our software.

Data Controller

Goldtour Oü (EE102917952)Hobujaama tn 4, 10151Tallinn Estonia

What Personal Data We Collect and Why

Collecting personal data helps us serve you better. We only collect data for specific, explicit, and lawful purposes.

We process your data to deliver our services, communicate with you for marketing and customer support, and tailor our communications to suit your needs. The information collected also helps us develop better services in the future.

You may opt out of receiving marketing communications at any time. You can unsubscribe via the instructions in our messages or by emailing us directly.

Marketing Register

Purpose, Legal Basis, and Categories of Personal Data

Personal data is collected for marketing purposes. The legal basis is the data controller’s legitimate interest in conducting marketing.

The marketing register may contain information about private individuals and company contacts, such as names, contact details, and other information necessary for marketing. Data is collected via website forms, phone, email, or public sources, such as company contact details found online.

User Register

Purpose, Legal Basis, and Categories of Personal Data

The user register is used to deliver our software services, identify customers, and assign user rights on a contractual basis.

It contains users’ names, usernames, email addresses, and other information stored by administrators.

Customer Register

Purpose, Legal Basis, and Categories of Personal Data

Data is collected to manage customer relationships, deliver services, and comply with statutory obligations related to anti-money laundering and counter-terrorist financing.

The legal bases for processing are:

  • Contract (performance of the customer relationship)

  • Legal obligation (e.g., anti-money laundering law)

  • The data controller’s legitimate interest (customer administration)

The customer register includes, among other things:

  • Name and contact details (address, phone number, email)

  • Personal identification number, date of birth, and nationality

  • Copy of ID card or passport (photo and details)

  • Information about trades and transactions

  • Other information necessary to administer the customer relationship

Retention of Data

Under anti-money laundering legislation, identification data and transaction records are retained for five years after the customer relationship or one-off transaction ends. After this, personal data is deleted or anonymised securely.

Software Personal Data Registers

Purpose, Legal Basis, and Categories of Personal Data

Data is collected to provide software services to customers. Personal data of employees of customer companies may be stored in our software.

Registers may include users’ names, salary and working time information, and other data that users themselves store.

Applicant Register

Purpose, Legal Basis, and Categories of Personal Data

The legal basis for processing is the company’s legitimate interest, arising when someone applies for a job. We process personal data to manage recruitment, handle applications, assess suitability, and maintain contact during the recruitment process.

Data is mainly collected directly from applicants, but may also be obtained from other sources with consent. This may include external personality or aptitude assessments.

The register may include:

  • Full name and contact details

  • Identification data (e.g., year of birth, personal ID number, gender)

  • Education details (school, degree, length of studies)

  • Work experience (employer, position, period of employment)

  • Language skills

  • Data from personality and aptitude assessments

  • Position applied for

  • Other information provided in the application or CV

Contact Forms

Information submitted through website contact and sign-up forms is collected to provide the relevant service. It may also be used for marketing purposes if the user has accepted this when using the website or completing the form. Data is retained only as long as necessary to provide the service.

Disclosure of Data

We generally do not share your personal data with third parties. For certain training, we may share necessary information, such as name, position, and email address, with external course providers.

In some cases, data may also be disclosed to our partners who process personal data under written agreements. Partners follow our instructions and only use the data for the purposes described here, for example, for marketing.

Retention of Data

We respect the confidentiality of your personal data. Retention periods vary depending on the type of data and purpose. Data is only kept as long as necessary to fulfil the purposes outlined here.

Your Rights

You may request the deletion of your personal data. However, the right to deletion does not apply to data that must be retained for administrative, legal, or security reasons. Deleting data may affect ongoing matters related to the customer relationship.

You have the right to object at any time to the processing of your personal data for marketing purposes. Each marketing message includes a link to opt out of future messages.

Transfer of Data

As a rule, your data is not transferred outside the European Union or the European Economic Area. If this is nevertheless necessary to fulfill the purposes stated in this data protection description, we ensure that the recipient country has an adequate level of protection according to the EU Commission, that the recipient is Privacy Shield-certified (for recipients in the USA), or that the transfer takes place using the EU Commission’s standard contractual clauses. We always ensure that any transfer takes place on a lawful basis and with appropriate security mechanisms.

Information Security

We protect your personal data with appropriate technical and organisational measures, including employee training. Measures include encrypted connections, limited access rights, user identification, and system access control. Only staff whose tasks require access can view personal data. Data is stored securely, and we continuously improve our information security procedures.

Changes to This Data Protection Description

We continuously develop our services and may update this data protection description. Any changes will be notified here on this page.

This data protection description was last updated on September 15, 2025.