Privacy policy02-04-2026

UPDATED: 02 April, 2026

Responsible for the collection, processing and use of your personal data within the meaning of GDPR is – Kull Jet OU (Address: Ehitajate tee 114-11, 13517, Tallinn, Estonia), hereinafter referred to as the "Company," "We," "Us," or "Our." 

If you wish to object to the collection, processing, or use of your data by us in accordance with these data protection regulations as a whole or for individual measures, you can address your objection to us.

You can save and print out this Privacy Policy at any time.

We have appointed a Data Protection Officer (DPO) responsible for overseeing questions in relation to this Privacy Policy and our data protection practices. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our DPO:

Name: Kyrylo Kuprikov
Email: [email protected]

Our Company profoundly cares about the safety of its Users ("Clients", "Visitors", "You," and "Your"), as well as about the security of their private information. This Privacy Policy applies to kj.tours and kj-tours.ee. Although these domains may display different localized versions, they are connected to a single backend, and this unified privacy policy governs how we collect, use, and protect your data across both domains.

By using any of our websites or services, you consent to the data practices described in this policy. We urge Our Clients to study the following Privacy Policy section before they proceed to cooperation with Us. You accept the following information regarding the Privacy Policy as well as the Terms and Conditions.

All personal data is collected and processed in compliance with the General Data Protection Regulation (GDPR).

We have no official right to collect any private information from persons who are not yet 18. It is strictly prohibited for Users under 18 to use Our Websites and any of the Services offered by Our Company.

As soon as the Company finds out that the information presented by the User is not eligible because of age limits, it will be promptly erased.

We bear no responsibility if You're not old enough to use the Websites. You must be of legal age to be in line with Our Privacy Policy, as well as with Our Terms and Conditions.

Please alert Us in case one of Your children under 18 is using Our Websites trying to get access to our services. We'll take possible measures to block access from Your IP address.

We collect some personal information to enable you to use our Services. Depending on how you use our Services and which Services you use, different personal information may be collected. There are several ways in which we may collect personal information from you: you may provide it, or we will get it automatically through our Services and from third parties.

1. Information You Provide We collect and process the personal information You provide on submission, contact, or booking forms across any of our domains.

• Contact Information: Full name, email address, and telephone number.
• Travel-Specific Information: Travel dates, flight preferences, room requirements, and any special requests (e.g., dietary needs, accessibility assistance).
• Passport Details (Optional): Passport information (name, number, date of birth, expiry date) is collected only at your discretion. You are not obliged to provide this information; however, doing so allows us to process your booking more efficiently. Where provided, passport data is processed on the basis of Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(a) GDPR (your consent, given by voluntarily submitting the data).
• Payment Details: Billing address and any other passed by the payment provider of our choice.

The User is responsible for the legitimacy of the content provided.

2. Information We Collect Automatically We also collect and use personal data that You provide when using Our Services (including data collected by Cookies). This includes technical and usage data such as your IP address, browser type, operating system, and pages visited to analyze and improve our website's performance.

We process your personal data on the following legal grounds under GDPR Article 6:

• Contract Performance (Article 6(1)(b)): Processing your contact information, travel details, and optionally provided passport data to fulfill your booking and deliver our travel services.

• Legal Obligation (Article 6(1)(c)): Retaining financial and booking records to comply with applicable tax and accounting laws.

• Consent (Article 6(1)(a)): Processing voluntarily submitted passport details, and use of non-essential cookies and analytics tools where you have given prior consent via our cookie consent management tool.

• Legitimate Interests (Article 6(1)(f)): Processing technical and usage data (IP address, browser type, pages visited) to maintain website security, prevent fraud, and improve our services, where such interests are not overridden by your rights.

We use your information based on legal grounds under the General Data Protection Regulation (GDPR), such as the performance of a contract with you, our legal obligations, and your consent.

• To Process Your Booking: This is our core service. We use your details to reserve hotels, flights, and other services. This is necessary to perform the contract we have with you.

• To Communicate With You: We send you booking confirmations, travel documents, important updates about your trip, and respond to your inquiries. We use Your contact information only for communication with Our Support Team and will never share it with third parties for marketing purposes.

• To Process Payments: We utilize third-party payment providers to handle transactions securely.

• For Legal and Security Purposes: We may use your data to comply with legal obligations (e.g., tax accounting), prevent fraud, and ensure the security of our services.

• To Improve Our Services: We partially scan your data with analytics tools to find out about the effectiveness of Our work and the functionality of Our Websites. We do this to improve Customer Service and not to identify Our Clients personally.

Our website includes a cruise search and booking widget provided by a third-party operator, 4Gates (https://4gates.cruises/). This widget is embedded via an iframe and includes its own integrated checkout process, which we do not operate or control.

When you interact with the cruise widget, including searching for cruises or completing a booking, you are engaging directly with 4Gates' platform. Any personal data you submit through this widget, including any health-related or special category information that may be required for cruise travel (e.g., accessibility needs, medical conditions), is collected and processed by 4Gates under their own privacy policy and terms of service. We encourage you to review 4Gates' privacy policy before completing a cruise booking.

We bear no responsibility for the data practices of 4Gates or their platform. We reserve the right to receive your personal data fully or partially after the cruise has been booked in order to comply with laws and process your booking within our partnership deal with 4Gates platform.

To ensure secure online payments, we use MakeCommerce by Maksekeskus AS as our payment processor.

• Secure Handling: When you choose to pay via MakeCommerce, your payment information (e.g., card number) is encrypted and sent directly to MakeCommerce's secure servers.

• Data Retention: We reserve the right to keep the billing information (Billing address; IP address), but We don't have complete access to the numbers of Your credit cards. We only receive the necessary information to confirm the transaction, such as your name, the payment amount, and transaction status. We do not store or have access to your full card details.

• Third-Party Policy: MakeCommerce processes payments in accordance with its Terms and Conditions. Our Websites may also collect information and statistics about the way You use our payment system in an impersonated form for further analysis to enhance Your experience. For more details, please review the MakeCommerce info page: https://makecommerce.net/general-terms/

We do not use Your personal information for any other purposes except for the ones mentioned in this Privacy Policy section. However, to provide our travel services, we must share data with specific partners:

• Service Providers: We might share your booking details with the hotels, airlines, and other tour operators that are part of your travel package. These providers are contractually obligated to protect your data.

• Payment Processors: As described above, we share data with MakeCommerce to process payments.

• Legal Requirements: We may disclose your information if required to do so by law or in a good faith belief that such action is necessary to comply with a legal obligation.

We never share Your data with third-party companies for marketing or promotional purposes. Our Support Team can also access your personal information to verify your age and the legitimacy of Your activity on Our Websites.

Some of our third-party service providers, including Google Analytics, transfer and process data outside the European Economic Area (EEA), including to the United States. Where such transfers occur, they are carried out on the basis of the European Commission's Standard Contractual Clauses (SCCs) under Article 46(2)(c) GDPR, or another applicable transfer mechanism, ensuring an adequate level of protection for your personal data. For more information on the safeguards applied by individual providers, please refer to their respective privacy policies.

We use HTTPS/TLS encryption (SSL) to protect the personal information of Our Users. This technology guarantees strong protection of Your data so that it will not be stolen or transferred anywhere without your permission. All payments and transactions performed through Our Websites are secure because of the additional encryption and enhanced gateway. Remember that We are not responsible for the breaches of security caused by Your irresponsible actions or Our service suppliers.

We will retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected.

• Bookings: Typically, booking data is retained for the duration of your trip plus a period of up to 7 years to comply with accounting and tax regulations.

• Legal Requirements: In some cases, the legislator provides for the storage of personal data (e.g., tax or commercial law). In these cases, the data will only be stored by Us for these legal purposes and will be deleted after the expiry of the legal retention period.

We use so-called session cookies to optimize our websites. A session cookie is a small text file that is sent by the respective servers when you visit a website and stored temporarily on your hard drive. We also use persistent cookies to some extent, which remain on your terminal device and enable Us to recognize your browser the next time you visit. Their life span ranges from 1 month to 10 years. This enables Us to present our services to you in a more user-friendly, effective, and secure manner. Non-essential cookies are only activated following your explicit consent, which you may provide or withdraw at any time via our cookie consent management tool available on our websites.

Google Analytics

We use Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies" to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser within the context of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, or by using the browser plug-in available at: https://tools.google.com/dlpage/gaoptout

PostHog

We use PostHog to gain insights into user interactions on our websites. PostHog records data such as mouse movements, clicks, scrolls, page views, and user events to help us enhance user experience, debug issues, and improve website functionality. We apply proper data masking to ensure that any personally identifiable information (such as form field inputs) is excluded from session recordings. PostHog may share aggregated data with third parties for processing. For more details on how PostHog collects and processes data, please refer to the PostHog Privacy Statement at https://posthog.com/privacy.

Cookie Management

You can set your browser so that you are informed in advance about the setting of cookies and can decide on individual cases whether to accept them. You can also block, disable, or delete cookies at any time by changing the settings in your browser. However, this may limit the functionality of the websites. Your browser may offer a Do Not Track (DNT) setting. We don't currently respond to these signals because there is not yet a common understanding of how to process them or a consensus on what "tracking" means. For more information about cookies, visit www.cookiesandyou.com and www.aboutads.info/choices.

We study the behavior patterns of Our Users and track the number of people in different parts of the Websites. We do not identify the Users in any way during this process, which is performed to analyze Our work and the work of the Website elements.

We reserve the right to update this Privacy Policy at any time. The date at the top of this page indicates when this policy was last revised. Previous versions of this Privacy Policy are archived and remain freely accessible on our website, so you can review any prior version at any time.

As our services are currently available without user accounts or mandatory registration, we are unable to directly notify individual users of changes. We therefore encourage you to periodically review this page to stay informed about how we protect your data. Continued use of our websites following any update constitutes your acknowledgment of the revised policy.

According to the applicable laws, you have various rights regarding your personal data. If you wish to assert these rights, please send your request by email or by post to the address specified in the Contact Us section below, clearly identifying yourself. We will respond to your request within 30 days of receipt, in accordance with GDPR Article 12.

• Right to Acknowledgement and Access: You have the right to receive confirmation from Us at any time as to whether personal data relating to you is being processed, and to request a copy of this data free of charge.

• Right to Correction: You have the right to request Us to correct any inaccurate personal data concerning you without delay.

• Right to Cancellation ("Right to be Forgotten"): You have the right to demand that we delete personal data concerning you without delay if the data is no longer necessary, you withdraw consent, or you object to processing.

• Right to Limitation of Processing: You have the right to request Us to restrict processing if you dispute the accuracy of data or if processing is unlawful.

• Right to Transferability of Data: You have the right to receive the personal data concerning you in a structured, machine-readable format and transmit it to another controller.

• Right of Objection: You have the right to object at any time to processing of your personal data for direct marketing purposes.

• Automated Decisions: You have the right not to be subject to a decision based exclusively on automated processing (profiling) that has legal effect against you. Automated decision making based on the collected personal data does not take place.

• Right to Revoke Consent: You have the right to revoke your consent to the processing of personal data at any time.

• Right of Appeal: You have the right to lodge a complaint with a supervisory authority. As Kull Jet OÜ is registered in Estonia, your primary point of contact is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon — AKI), reachable at www.aki.ee. If you reside in another EU/EEA member state, you may alternatively contact your local supervisory authority; a full list of authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

If you need additional information about the Privacy Policy issues or wish to exercise your rights, please get in touch with us:

• By Email: [email protected]

• Data Protection Officer: [email protected]

• By Post (Estonia): Kull Jet OU, Ehitajate tee 114-11, 13517, Tallinn, Estonia