Privacy Policy

Last updated: 27 March 2026

This policy explains how EcoTripon (operated by Timurtas Teknoloji Turizm LTD) collects and uses personal data when you use our website and book experiences with us.

1. Data controller

The data controller is Timurtas Teknoloji Turizm LTD (company registration number 16393395), United Kingdom, trading as EcoTripon. Registered address: 128 City Road, London, United Kingdom, EC1V 2NX.

For privacy enquiries: info@ecotripon.com

2. What we collect

Depending on how you use our services, we may process:

  • Identity and contact data: name, email address, and any details you provide when you contact us or complete a booking.
  • Booking data: tour selected, date, number of guests, and related messages or preferences you share with us.
  • Payment data: payments are handled by Stripe. We receive confirmation of payment and metadata (such as amount and currency) but we do not store your full card number or CVC on our systems.
  • Technical data: IP address, browser type, device type, and general usage information when you browse our site (see cookies below).
  • Marketing preferences: where you sign up for updates or similar, your choices and consent records.

Cookies and similar technologies: Our site may use cookies or local storage that are essential for security and basic functionality. If we add analytics or marketing cookies, we will update this policy and, where required, ask for your consent.

3. How we use your data and legal bases

Under UK GDPR we rely on the following bases, as appropriate:

  • Contract — to take steps before a contract and to perform our contract with you (processing bookings, taking payment via Stripe, sending confirmations, arranging the experience).
  • Legitimate interests — to operate and improve our website, respond to enquiries, and to monitor transactions for fraud prevention in accordance with the requirements of card schemes (including Visa and Mastercard), and to keep records of transactions, where these interests are not overridden by your rights.
  • Legal obligation — to comply with accounting, tax, and regulatory requirements (for example keeping financial records).
  • Consent — where we send optional marketing communications or use non-essential cookies, where we ask for your consent.

4. Payment processing

Card payments are processed by Stripe Payments Europe Ltd (or another Stripe entity depending on your region), acting as a payment processor. Stripe processes card data according to its own privacy policy and terms. We encourage you to read Stripe's privacy notice at stripe.com/privacy.

Where you choose to pay via Shopify checkout, payments are additionally processed by Shopify Inc. or its affiliates in accordance with Shopify's privacy policy, available at shopify.com/legal/privacy.

5. Sharing with third parties

We may share limited personal data with:

  • Tour and transport operators — the minimum information needed to run your experience (for example name, party size, date, and pickup details where applicable).
  • Stripe — to process payments as described above.
  • Hosting and infrastructure providers — who host our website and process data on our instructions under appropriate safeguards.
  • Authorities — when required by law or to protect our legal rights.

Some processors may be located outside the UK. Where data is transferred internationally, we ensure appropriate safeguards apply (such as UK-approved standard contractual clauses or adequacy decisions), as required by UK data protection law.

6. How long we keep data

  • Booking and accounting records: typically up to 7 years after the transaction, to meet UK tax and company record-keeping requirements.
  • Enquiry emails — for a reasonable period to handle follow-up, unless you ask us to delete sooner and we have no overriding legal reason to retain them.
  • Technical logs (such as IP addresses and device identifiers): retained for up to 90 days for security, troubleshooting, and fraud-prevention purposes.
  • Marketing — until you withdraw consent or unsubscribe, where consent is the basis.

7. Your rights

Under UK GDPR you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request erasure, restriction of processing, or object to certain processing.
  • Data portability, where applicable.
  • Withdraw consent at any time, where we rely on consent (this does not affect lawfulness before withdrawal).
  • Lodge a complaint with the Information Commissioner's Office (ICO) in the UK — ico.org.uk.

To exercise your rights, contact us at info@ecotripon.com We may need to verify your identity before responding.

8. Children

Our services are not directed at individuals under 18. We do not knowingly collect or process payment information from individuals under 18. If you believe we have collected such data in error, please contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will change when we do. Material changes may be highlighted on our website or by email where appropriate.