Privacy Policy

1. Data Controller and Introduction

Ikigai Riverside OÜ

Registry code: 17031252

Address: Käbi tn 4, Tammiste küla, Tori vald, Pärnu County 85009, Estonia

Phone: +372 569 70 150

Ikigai Riverside OÜ (hereinafter "we" or "Ikigai Riverside Villa") operates the website www.ikigairiverside.com (hereinafter "Service").

Our Privacy Policy governs your visit to www.ikigairiverside.com and explains how we collect, protect, and disclose information that results from your use of our Service.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

2. Definitions

SERVICE means the www.ikigairiverside.com website operated by Ikigai Riverside OÜ.

PERSONAL DATA means information about an identified or identifiable natural person who can be directly or indirectly identified by reference to such data.

USAGE DATA is data collected automatically either generated by the use of the Service or from the Service infrastructure itself.

COOKIES are small files stored on your device.

DATA CONTROLLER is Ikigai Riverside OÜ, which determines the purposes and means of processing personal data.

DATA PROCESSORS are service providers who process data on behalf of the Data Controller.

DATA SUBJECT is any living individual who is the subject of Personal Data.

USER is the individual using our Service.

3. Types of Data Collected

3.1 Personal Data

While using our Service, we may ask you to provide certain personally identifiable information, including but not limited to:

Email address
First and last name
Phone number
Address, country, state/province, postal code, city
Cookies and Usage Data

Retention period: 7 years after the last transaction (to comply with accounting law requirements)

3.2 Usage Data

We automatically collect information that your browser sends when visiting our Service:

IP address
Browser type and version
Pages visited on our website
Time and date of visit
Unique device identifiers
Other diagnostic data

Retention period: 14 months

3.3 Location Data

We may use and store information about your location if you give us permission. We use this data to provide features of our Service and to improve and customize our Service.

You can enable or disable location services when you use our Service at any time through your device settings.

Retention period: until consent is withdrawn

3.4 Tracking & Cookies Data

We use cookies and similar tracking technologies to track activity on our Service and hold certain information.

We use the following cookies:

Essential cookies:

Session ID (session-based)
Shopping cart data (session-based)

Analytical cookies:

Google Analytics (_ga) - 14 months

Preference cookies:

Language selection - 1 year
Theme settings - 1 year

Marketing cookies:

Facebook pixel - 180 days
Advertising cookies - 90 days

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

3.5 Other Data

While using our Service, we may also collect:

Gender, age, date of birth
Payment and billing information
Preferences and feedback
Communication history with us
Passport details (where required)
Details of any special requirements or preferences
Information about your device and how you interact with our Service

4. Use of Data

Ikigai Riverside Villa uses the collected data for various purposes:

To provide and maintain our Service
To notify you about changes to our Service
To allow you to participate in interactive features of our Service
To provide customer support
To gather analysis or valuable information to improve our Service
To monitor the usage of our Service
To detect, prevent and address technical issues
To fulfill contractual obligations
To process payments
To prevent fraud and ensure security
To send you service-related notifications
To communicate with you about updates
To send you marketing and promotional communications (only with your consent)
To comply with legal obligations
For any other purpose with your consent

5. Data Retention

We retain your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to:

Comply with legal obligations (for example, if we are required to retain your data to comply with applicable laws)
Resolve disputes
Enforce our legal agreements and policies
Maintain accurate business and financial records
Protect our business interests

When data retention is no longer necessary, we will either delete or anonymize it.

5.1 Specific Retention Periods

Booking data: 7 years (accounting law requirement)
Marketing data: until consent is withdrawn
Log files: 14 months
Payment information: 7 years (accounting law requirement)
Correspondence: 3 years after last contact
Cookies: as per cookie type (see section 3.4)

6. Transfer of Data

Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside Estonia and choose to provide information to us, please note that we transfer the data, including Personal Data, to Estonia and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

6.1 International Transfers

When transferring data internationally, we ensure that:

The receiving country has adequate data protection levels as determined by the European Commission
Appropriate safeguards are in place through standard contractual clauses
Specific derogations apply for particular situations
All transfers comply with applicable data protection laws

7. Disclosure of Data

7.1 Law Enforcement

Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

7.2 Business Transaction

If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

7.3 Other Cases

We may disclose your information also:

To our subsidiaries and affiliates
To contractors, service providers, and other third parties we use to support our business
To fulfill the purpose for which you provide it
For the purpose of including your company's logo on our website
For any other purpose disclosed by us when you provide the information
With your consent in any other cases
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others

8. Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide Service on our behalf, perform Service-related services, or assist us in analyzing how our Service is used.

8.1 Analytics

We use Google Analytics to:

Monitor and analyze the use of our Service
Track user behavior
Improve user experience

Google Analytics' privacy policy is available on their website.

8.2 Development and Maintenance Tools (CI/CD)

We use the following tools:

Wix.com - website development, hosting and CMS
Other development tools as needed

8.3 Behavioral Remarketing

We use remarketing services to advertise on third party websites after you visited our Service. We and our third-party vendors use cookies to:

Inform, optimize and serve ads based on past visits to our Service.
Services used:
Google Ads
Facebook Pixel
LinkedIn Insight Tag

8.4 Payment Services

We use the following payment service providers:

Stripe
PayPal
Apple Pay
Google Pay
Maksekeskus

These payment providers:

Follow PCI-DSS standards
Do not share complete payment data with us
Have their own privacy policies
Process payments securely

9. Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

9.1 Implemented Security Measures

We implement and maintain the following security measures:

SSL/TLS encryption for data transmission
Two-factor authentication for administrative access
Regular security audits
Data backup systems
Access rights management
Staff training on data security
Secure data centers
Firewall protection
Regular software updates and security patches
Incident response procedures

9.2 Incident Handling

In case of a data breach, we will:

Notify affected users within 72 hours
Inform relevant supervisory authorities
Document all incidents
Take measures to mitigate any negative effects
Review and update security measures as needed

10. Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights covered by GDPR. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at info@ikigairiverside.com.

In certain circumstances, you have the following data protection rights:

The right to access, update or delete the information we have on you
The right of rectification - the right to have your information rectified if that information is inaccurate or incomplete
The right to object - the right to object to our processing of your Personal Data
The right of restriction - the right to request that we restrict the processing of your personal information
The right to data portability - the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format
The right to withdraw consent - the right to withdraw your consent at any time where we rely on your consent to process your personal information

Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not be able to provide Service without some necessary data.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

11. Your Data Protection Rights under the California Privacy Protection Act (CalOPPA)

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy.

According to CalOPPA we agree to the following:

Users can visit our site anonymously
Our Privacy Policy link includes the word "Privacy", and can easily be found on the home page of our website
Users will be notified of any privacy policy changes on our Privacy Policy Page
Users are able to change their personal information by emailing us at info@ikigairiverside.com

Our Policy on "Do Not Track" Signals:

We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

12. Your Data Protection Rights under the California Consumer Privacy Act (CCPA)

If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:

12.1 What personal information we have about you

If you make this request, we will return to you:

The categories of personal information we have collected about you
The categories of sources from which we collect your personal information
The business or commercial purpose for collecting or selling your personal information
The categories of third parties with whom we share personal information
The specific pieces of personal information we have collected about you
A list of categories of personal information that we have sold, along with the category of any other company we sold it to
A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with

Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.

12.2 To delete your personal information

If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.

12.3 To stop selling your personal information

We don't sell or rent your personal information to any third parties for any purpose. We do not sell your personal information for monetary consideration. However, under some circumstances, a transfer of personal information to a third party, or within our family of companies, without monetary consideration may be considered a "sale" under California law.

If you submit a request to stop selling your personal information, we will stop making such transfers.

Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.

To exercise your California data protection rights described above, please send your request(s) by email to info@ikigairiverside.com.

Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.

13. Children's Privacy

Our Services are not intended for use by children under the age of 18 ("Child" or "Children").

We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

14. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

Posting the new Privacy Policy on this page
Sending you an email notification
Placing a prominent notice on our Service

The changes will be effective when posted and will be reflected in the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. By continuing to use the Service after those changes become effective, you agree to be bound by the revised Privacy Policy.

16. Contact Us

If you have any questions about this Privacy Policy, please contact us: