Privacy policy

Updated: 24.01.2026

This Privacy Policy explains how OÜ Tripibuss processes personal data on the website tripibuss.ee and in connection with booking requests, rental agreements, and payments. We process personal data in accordance with the General Data Protection Regulation (GDPR) and Estonian law. https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

1. Data Controller and Contact Details

Data Controller: OÜ Tripibuss Registry code: 16302157 VAT No.: EE102410404 Address: Tähe 18, Tartu 50103, Estonia Email: helari@tripibuss.ee Phone: +372 552 4950 https://tripibuss.ee/privaatsus

If you have questions or wish to exercise your rights (see Section 10), please contact us by email.

2. Principles We Follow

We process personal data lawfully, fairly, and transparently; collect data for specified purposes; use data minimisation; keep data accurate; store it no longer than necessary; and ensure appropriate security. https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

3. When This Policy Applies

This policy applies when you:

  • visit the tripibuss.ee website;
  • submit a booking request;
  • enter into a rental agreement and use the service;
  • make an online payment (via payment partners). https://tripibuss.ee/

4. What Personal Data We Process

4.1 Booking request and contract data (data you provide)

In the tripibuss.ee booking request form we request, among other things:

  • first name, last name
  • personal identification code
  • driving licence number
  • address
  • email, phone
  • rental period, pick-up/return time, destination/driving area
  • additional question/notes
  • whether you need an invoice to a company (if invoicing to a business)
  • acceptance of the rental terms (checkbox). https://tripibuss.ee/

> Please do not include special category data (e.g., health data) in the notes field unless it is strictly necessary.

4.2 Payment-related data

If you pay online, we share the data required to initiate the payment with the payment service provider (e.g., name/contact, amount, order reference). We do not have access to your bank card or bank-link credentials — payment is performed in the payment service provider’s environment. https://tripibuss.ee/privaatsus

4.3 Website technical data

Like most online services, we may process technical log data (e.g., IP address, request time, browser information) to ensure reliability and security. We use these data primarily for security, diagnostics, and to keep the service running (see also Sections 8 and 9). https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

5. Why We Process Data (Purposes)

We process personal data for the following purposes:

  1. Receiving and managing booking requests (including replying to you and asking for clarifications, making an offer). https://tripibuss.ee/
  2. Entering into and performing the rental agreement (including identification and data needed to verify driving entitlement). https://tripibuss.ee/rendileping
  3. Facilitating payments and refunds (via payment service providers). https://tripibuss.ee/privaatsus
  4. Accounting and legal obligations (e.g., invoices, contracts, and transaction records). https://www.riigiteataja.ee/en/eli/ee/530102013006/consolide/current
  5. Customer support and dispute resolution / protection of legal claims (e.g., communication and evidencing). https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng
  6. Website security and reliability (including abuse prevention and error management). https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

6. Legal Bases (GDPR Article 6)

We process personal data on the following bases:

7. Who We Share Data With (Recipients)

We share personal data only on a need-to-know basis:

  1. Payment service providers

tripibuss.ee mentions: Montonio Finance OÜ, SumUp EU Payments UAB. They process data necessary to provide payment services and may act as independent controllers for certain processing activities (according to their own privacy terms). https://tripibuss.ee/privaatsus

  1. Service providers (processors)

We may use IT and hosting providers, email/notification services, and accounting services that process data under our instructions and in line with contractual security requirements. https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

  1. Public authorities

Where required by law (e.g., tax and accounting requirements). https://www.emta.ee/en/admin/content/handbook_article/118

8. Cookies and Similar Technologies

tripibuss.ee uses cookies to operate the website and remember preferences. Strictly necessary cookies do not require consent, but analytics and marketing cookies (if used) are applied only with consent. https://harno.ee/sites/default/files/documents/2024-02/Andmekaitse%20%28R.%20H%C3%BCbner%202024%29%201.pdf

The tripibuss.ee cookie notice mentions, for example, a consent-storing cookie “tripibuss_consent” (up to 180 days) and states that choices can be managed via a “Cookie settings” link. https://tripibuss.ee/kypsised

9. Retention (How Long We Keep Data)

We keep personal data only as long as needed for the purpose or as required by law.

Typical principles:

10. Your Rights (Data Subject Rights)

You have the right to:

  • be informed and obtain access to your data;
  • request rectification of inaccurate data;
  • request erasure (where we are not legally required to keep the data);
  • request restriction of processing;
  • object to processing (especially where based on legitimate interests);
  • receive data in a portable format (where applicable);
  • withdraw consent (e.g., cookie consent) at any time, without affecting the lawfulness of processing before withdrawal. https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

To submit a request, email: [helari@tripibuss.ee](mailto:helari@tripibuss.ee). If needed, we may ask for additional information to verify your identity. https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

Right to lodge a complaint

If you believe your rights have been infringed, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (AKI) (see AKI’s website for contact details and instructions). https://www.aki.ee/

11. Data Security

We implement appropriate technical and organisational measures, taking account of risk (e.g., access controls, confidentiality, security updates, backups, secure transmission), to protect data against unauthorised access, alteration, loss, or disclosure. https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

12. Transfers Outside the European Economic Area

We aim to keep processing within the European Economic Area. If a service provider processes data outside the EEA, we apply GDPR-compliant safeguards (e.g., Standard Contractual Clauses or other appropriate measures). https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

13. Automated Decision-Making and Profiling

We do not make decisions about you that produce legal effects or similarly significantly affect you solely by automated processing (within the meaning of GDPR Article 22). https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

14. Children

tripibuss.ee services are primarily intended for adults. If you notice that a child has provided personal data without a parent/guardian’s consent, please contact us. https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

15. Changes to This Policy

We may update this Privacy Policy from time to time (e.g., due to changes in services or legal requirements). The current version is always available on the website.