Trippbo Privacy Policy
Last updated: 13 January 2026
This Privacy Policy explains how Trippbo OÜ (“Trippbo”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our website, apps, and related services (the “Service”).
1) Who is responsible for your data (Controller)
Controller: Trippbo OÜ (Registry code 17187333)
Address: Järvevana tee 9, 11314 Tallinn, Estonia
Privacy contact: [email protected]
(or the privacy contact shown on our Site)
2) What personal data we collect
We collect data in three main ways: (a) data you provide, (b) data from Providers/partners, and (c) data collected automatically.
A. Data you provide
  • Contact details: name, email, phone number, address (where relevant)
  • Booking details: guest names, stay dates, requests (e.g., accessibility needs)
  • Payment details (where “Pay now” applies): payment method details and billing info (processed via payment providers)
  • Communications with support (email, chat, phone notes; call recordings only where enabled and permitted)
B. Data we receive from Providers/partners
  • Booking status, confirmation numbers, changes/cancellations, refund status
  • Customer service messages needed to manage your booking
C. Data collected automatically
  • IP address, device identifiers, browser type, operating system
  • Usage data (pages viewed, clicks, timestamps, referral URLs)
  • Approximate location (city/country level) inferred from IP
  • Cookies and similar technologies (see our Cookie Policy)
3) Why we use your data and our legal bases
We process personal data only when we have a lawful basis under GDPR:
A. To provide and manage your bookings (Contract)
  • Create, confirm, and manage reservations
  • Send booking communications (confirmations, reminders, changes)
  • Provide customer support related to your booking
     Legal basis: performance of a contract
B. Account creation and login (Contract)
  • Create and manage your user account (if you choose to create one)
     Legal basis: performance of a contract
C. Customer support and service communications (Contract / Legitimate interests)
  • Respond to requests, handle complaints, assist you during travel
     Legal basis: contract and/or legitimate interests (helping customers, improving service)
D. Fraud prevention, security, and payment dispute handling (Legitimate interests / Legal obligation)
  • Fraud detection, risk checks, account security
  • Handling chargebacks/payment disputes and sharing evidence with payment processors/banks where necessary
     Legal basis: legitimate interests; legal obligation where applicable
E. Marketing (Consent and/or Legitimate interests)
  • Email newsletters and promotional messages (where required: consent)
  • On-site personalization and offers (may be legitimate interests, depending on implementation)
  • You can opt out at any time (unsubscribe links and account settings)
     Legal basis: consent and/or legitimate interests (depending on channel and local rules)
F. Analytics and improving our Service (Legitimate interests)
  • Understand usage, troubleshoot issues, improve features
     Legal basis: legitimate interests (and consent where cookie rules require it)
G. Legal compliance (Legal obligation)
  • Accounting, tax, regulatory requirements, responding to lawful requests
     Legal basis: legal obligation
4) Who we share data with
We share personal data only as needed:
A. Travel Providers (independent controllers)
Hotels/accommodation providers and other suppliers receive the data required to deliver your booking. They process your data under their own privacy policies.
B. Service providers (processors / sometimes controllers)
IT hosting, analytics, customer support tools, payment processing, fraud prevention, and dispute management providers.
C. Authorities and legal requests
We may disclose data if required by law or strictly necessary to prevent fraud or protect rights.
D. Business transfers
If Trippbo is involved in a merger/acquisition, data may be transferred subject to appropriate safeguards.
5) International transfers
Your booking may require transferring personal data outside the EU/EEA (for example, if a Provider or support vendor is located abroad).
Where we transfer data internationally, we rely on appropriate safeguards such as:
  • Transfers to organizations covered by an EU adequacy decision (where applicable), including the EU–U.S. Data Privacy Framework for certified US recipients, 
  • EU Standard Contractual Clauses (SCCs) and additional safeguards where required.
Important: If an international transfer is necessary to complete your booking (e.g., sending your guest details to a hotel outside the EU/EEA), and you do not want such transfers, we may be unable to provide the Service.
6) Data retention
We keep personal data only as long as necessary for:
  • delivering the Service and managing bookings,
  • complying with legal obligations (e.g., accounting/tax),
  • resolving disputes and preventing fraud.
Retention depends on the data type and purpose. For example:
  • Booking-related data may be retained for legal/accounting obligations.
  • Abandoned booking contact details may be retained briefly to help you complete a booking, then deleted or anonymized.
7) Security
We use organizational and technical measures designed to protect personal data (access controls, encryption in transit where applicable, logging, and least-privilege access). No system is 100% secure, but we work to reduce risks.
8) Your rights (GDPR)
You may have the right to:
  • access your personal data,
  • correct inaccurate data,
  • delete data (in certain cases),
  • restrict or object to processing,
  • data portability (in certain cases),
  • withdraw consent (where processing is based on consent),
  • object to direct marketing at any time.
To exercise rights, contact: [email protected]
. We respond within the timeframe required by law.
9) Complaints
You may lodge a complaint with a supervisory authority. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
10) Cookies
We use cookies and similar technologies. See our Cookie Policy for details and choices.
11) Updates to this policy
We may update this Privacy Policy from time to time. The “Last updated” date shows when it was last revised.

This website uses cookies to ensure you get the best experience on our website. Learn more about how we use cookies.