Privacy Policy

This  privacy policy  outlines how Rawson Touring uses and processes your  personal data when  you use services, such as through our  website and mobile apps. It also  informs you about your rights regarding  your personal data and how you  can contact us. 

If you are a resident of the United States  please consult the section titled “United States residents’ rights” to understand the  rights that apply to you. Additionally, you can review our supplementary CCPA notice for more information..

The Controller responsible for processing your personal data is:

Controller:  Rawson Touring  GmbH

Address: 99 hillcrest drive bluewater bay South Africa

Contact: http://rawsontouring.com

For   clarity, any data processing by Activity Providers who offer their   services on the  Rawson Touring platform is subject to their respective   privacy policies. Activity providers act as separate data controllers.

When   you visit our websites or mobile apps we automatically collect certain   information. The following data is stored separately from other data   that you may transmit to us: 

• URL of the page accessed
• Latency of the network connection
• Date and time
• Information   about your computer’s hardware and software (such as the operating   system, the internet browser used, software/application version data and   your language settings). 
• Information about clicks and which pages have been shown to you.

We store this data for the following purposes:

• For   load balancing, i.e. to distribute access to our website across  several  devices and to be able to offer you the fastest possible  loading times;
• To  ensure the security of our IT systems,  e.g. to defend against specific  attacks on our systems and to  recognise attack patterns;
• To ensure the proper operation of our IT systems, e.g. if errors occur that we can only rectify by storing the IP address;
• To   enable criminal prosecution, averting of danger or legal prosecution  in  the event of specific indications of criminal offences.

Your   IP address is encrypted to ensure confidentiality and is only   accessible when absolutely necessary. It is retained for a period of 45   days. 

If you’re using a mobile device, we collect data that   identifies the device, as well as data about your device-specific   settings and characteristics, app crashes and other system activity. 

In   this case, the processing is carried out to ensure the security of the   processing in accordance with Art. 32 GDPR, as well as on the basis of   our legitimate interest in protecting ourselves against misuse of our   service (Art. 6 para. 1 lit. f GDPR).

We   use technical service providers for hosting and some of the services   required for the website. Accordingly, the processing of data takes   place on the servers of these service providers. These service providers   only process the data according to our explicit instructions and are   obliged to guarantee sufficient technical and organisational measures   for data protection. Consequently, our service providers act for us as   so-called processors within the meaning of Art. 28 GDPR.

For   the hosting of our website, we use the services of Amazon Web Services   EMEA S.a.r.l. ("AWS") based in Luxembourg. Accordingly, when you   interact with our website or provide personal data, it is processed on   AWS servers. We only use servers located in the European Union. To cover   remote maintenance and similar constellations, we have concluded the    standard contractual clauses approved by the EU Commission with AWS in   accordance with Art. 46 para. 2 lit. c GDPR.

For   sending emails, we use the Sendgrid service of Twilio Inc based in the   USA ("Twilio"). Twilio is certified to the EU-U.S. Data Privacy   Framework, the UK Extension to the EU-U.S. Data Privacy Framework and   the Swiss-U.S. Data Privacy Framework with the U.S. Department of   Commerce.

You have   the option on our website to register for our newsletter. With our   newsletter, we would like to send you information on offers, tours,   activities or special promotions that is as personalised as possible. By   registering for our newsletter, you therefore consent to us processing   your email address for the purpose of sending the newsletter. The  legal  basis for this processing is Art. 6 para. 1 lit a GDPR. You can  revoke  your consent at any time by unsubscribing from our newsletter.  To do  this, you can use the unsubscribe link contained in every email  or send  us a message using the link http://rawsontouring.com  To verify your e-mail address, you will first receive a registration   e-mail, which you must confirm via a link (double opt-in). When you   register for the newsletter, we store the IP address and the date and   time of registration. The processing of this data is necessary in order   to be able to prove that consent has been given. The legal basis  results  from our legal obligation to prove your consent (Art. 6 para. 1  lit. c  in conjunction with Art. 7 para. 1 GDPR).

If you have  booked a  tour via our website or created a  Rawson Touring account, we  will send you  our newsletter based on our legitimate interest in  promoting similar  services to your bookings or account (Art. 6 para. 1  lit. f GDPR, § 7  para. 3 UWG) unless you have objected to this use. If  cookies are used  for newsletter personalisation, we will obtain your  separate consent.

You  can object to this at any time –  even during registration – by  deselecting the corresponding checkbox or  clicking the unsubscribe link  in the respective emails. In addition,  if you have an account, you can  always subscribe or unsubscribe to  different types of communication from  the Settings -> Notifications  section on your profile. 

For  the dispatch of our  newsletter and the personalisation of content, we  use the services of  the provider Braze Inc. based in the USA ("Braze").  Braze is certified  to the EU-U.S. Data Privacy Framework, the UK  Extension to the EU-U.S.  Data Privacy Framework and the Swiss-U.S. Data  Privacy Framework with  the U.S. Department of Commerce.

When   you book a tour, activity or similar on our site, we collect the data   required to carry out the tour. This usually includes the following   information: First and last name, billing address, email address,   telephone number, number of participants, date and time. Depending on   the activity booked, it may also be necessary for us to collect further   information, such as your flight number or the age of the participants.   The processing that takes place in connection with this is based on  Art.  6 para. 1 lit. b GDPR. To the extent necessary, we will transfer  your  data to the provider responsible for the tour or activity who will   process your personal data as set out in their privacy policy as an   independent data controller. If a transfer to a third country outside   the European Economic Area is necessary, this is based on Art. 49 para. 2   lit. b, c GDPR. 

If you make bookings via partner sites, you  will  be redirected to provide you personal data and conclude the  booking  process on the  Rawson Touring website, as described above. On  some partner  sites, your data is collected by the partner as a separate  data  controller, in accordance with their privacy policy, and we  receive the  data required to make the booking from the partner. 

On  other  websites who have partnered with us in order to integrate the  booking  offers directly on their own website, both the partner and   Rawson Touring  act as separate data controllers for the processing of  your personal  data. 

You have the option to share the booking  details with other  participants by providing the email address where   can send  them the booking confirmation and important communication  related to  the booking. If you choose to do so, it is your  responsibility to get  consent from the participant to share their email  address with 

In order to  keep  you updated on your bookings we will send you booking  confirmations as  well as reminders and updates for upcoming bookings  (e.g. changed times  or meeting points) to make sure that you have all  information you need  to attend your booked services. Booking  confirmations are sent to your  email address, and/or by SMS to the  phone number you provide during the  booking process and/or through a  push notification from GYG app. If you  have an account, you can choose  more granularly how you want to be  notified from the Settings ->  Notifications section on your profile.

We  process your personal  data in order to be able to provide you with  these features of our  service (Art. 6 para. 1 lit. b GDPR).

You   have various options for paying for your booking. In doing so, we will   process the data required in each case depending on the selected payment   method. Within this context, your personal data will be processed as   described below, which is based on Art. 6 para. 1 lit. b GDPR and is   necessary to carry out the payment method you have chosen.

5.3.1 Credit card payments

For   the processing of payments by credit card, we use the service provider  PayFast, which is based in the South Africa. The data  provided during  your payment will be forwarded by PayFast to the  respective banks or  financial institutions for the purpose of processing  the payment. In  the case of payments by credit card, we only receive  the information  that a payment has or has not been made, along with the  first and the  last 4 digits of the credit card number. We therefore have  no knowledge  of your full credit card number.

For the processing  of payments  by credit card, we also use the services of Primer API  Limited, based  in the UK, as a payment orchestration service that  automatically  redirects the payment request to the appropriate payment  service  provider. 

5.3.2 Payment via PayPal

If  you  have a PayPal account, you can also process your payment via  PayPal.  In this case, we receive from PayPal not only the information  that a  payment has been made, but also the e-mail address and address  you have  registered with PayPal.

In   order to protect ourselves and the activity providers from fraudulent   bookings, we evaluate the information provided by our customers during   the booking process, including the data technically transmitted by  their  device, insofar as this is necessary to protect our legitimate  interest  and that of the activity providers in reliable bookings (Art. 6  para. 1  lit. f GDPR).

To   protect us from bots and similar technologies, we use the Cheq service   provided by CHEQ AI Technologies Ltd. based in Israel ("Cheq"). Cheq   will use the data automatically transmitted by your device to determine   whether the request most likely originates from a human. No further   storage of the data will take place. The processing is carried out in   order to ensure the security of the processing in accordance with Art.   32 GDPR and on the basis of our legitimate interest in protecting   ourselves against misuse of our service (Art. 6 para. 1 lit. f GDPR).   For Israel, there is an adequacy decision of the EU Commission according   to Art. 45 GDPR.

We   use so-called "cookies" and other online tracking technologies to  offer  certain functions of our website,to optimise the use of our  website and  our apps or for the purpose of executing our marketing and  advertising  strategy. 

Specifically, we use (unless other cookies  are  specified elsewhere in this privacy policy or our cookie consent)  the  following cookies and tracking technologies:

• Session   cookies: These cookies are needed to store certain technical data  during  your visit to our website, e.g. to determine whether you have  logged  in.
• Persistent cookies: These cookies are needed to store data beyond a browser session if you wish to do so.
• Web   beacons (such as tags or tracking pixels): they can be used to  retrieve  information from your device, such as your device type or  operating  system, your IP address, and the time of your visit. They are  also used  to serve and read cookies in your browser or to trigger the  placement of  a cookie
• Scripts: are small computer  programs embedded  within our web pages that support different  functionality (security  features, interactive features etc). They can  also be used for  analytical or advertising purposes. For example, a  script can collect  information about how you use our website, such as  which pages you visit  or what you search for.
• Tracking  URLs: these are links  with a unique identifier in them used to track  which website brought you  to the our website or the app. 
• Software  Development  Kits (SDKs) are part of our app source code and unlike  browser cookies,  SDK data is stored in the app storage.They’re used to  analyse how the  apps are being used, send personalised push  notifications or to allow  the app to share data with third parties. To  do this, they record unique  identifiers associated with your device,  like device ID and IP address,  as well as your in-app activity and your  network location.

We categorise cookies and other tracking technologies into the following categories: 

• Strictly   Necessary Technologies: These are technologies required for our   websites and apps to function and they must be enabled in order for you   to use our services.
• Analytical Technologies: These   measure and track how our website and apps are used. We use this   information to improve our website, apps and services.