Tagoo

Privacy policy

1. DATA CONTROLLER

UAB “Tagoo Group” (hereinafter referred to as the “Company”) is the controller of the personal data it processes and ensures that personal data is processed within the Company in accordance with the personal data protection requirements applicable to data controllers.

Information about the Company: UAB “Tagoo Group”, legal entity code 306391313, Vašingtono a. 1-66, LT-01108; information about the Company is collected and stored in the Register of Legal Entities of the Republic of Lithuania. Company website address: www.tagoo.lt, tel. +370 700 11001, email info@tagoo.lt.

This Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the GDPR). This Privacy Policy provides information regarding the purposes of personal data processing by the Company, the legal basis for such processing, the personal data processed by the Company, its sources, retention periods, purposes of disclosure, the procedure for exercising data subjects’ rights, and data recipients.

2. EXERCISE OF DATA SUBJECTS’ RIGHTS

As a data subject, you have the right to contact the Company regarding issues related to the processing of your personal data; that is, you have the following rights:

  • the right to receive information about data processing;
  • the right to access the data;
  • the right to request the correction of data;
  • the right to request the erasure of data (“the right to be forgotten”);
  • the right to restrict data processing;
  • the right to data portability (when data is processed by automated means);
  • the right to object to the processing of personal data (when personal data is processed based on your consent and/or a legitimate interest);
  • the right to request that no decision based solely on automated processing, including profiling, be applied to you.

You have the right to exercise your data subject rights by contacting the Company verbally or in writing, by submitting a request in person, by mail, or by email to info@tagoo.lt. If you exercise your rights verbally or submit a written request in person, you must verify your identity by presenting a valid identification document. Failure to do so will result in your rights not being exercised.

When submitting a written request regarding the exercise of data subject rights, it is recommended to use the request form provided in the Personal Data Processing Rules.

Upon receiving your request, the Company will provide you with information regarding the actions taken in response to your request no later than 1 (one) month from the date of receipt. If there is a delay in providing the information, you will be notified within the specified timeframe, stating the reasons for the delay and informing you of the possibility to file a complaint with the State Data Protection Inspectorate (L. Sapiegos St. 17, Vilnius, tel. (8 5) 271 2804, 279 1445, email ada@ada.lt).

3. PURPOSES OF PERSONAL DATA PROCESSING BY THE COMPANY AND CONDITIONS FOR LAWFUL PROCESSING

The Company, acting as a data controller, processes your personal data as a data subject for the following purposes:

  • To provide you with service during the pre-contractual relationship, without sending commercial offers. Legal basis for the processing of personal data – processing is necessary for taking steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR):
  1. providing and managing responses to your inquiries prior to entering into a contract.
  • Submission of a proposal to enter into a contract. Legal basis for the processing of personal data – processing is necessary to take steps at your request prior to entering into a contract (Article 6(b) of the GDPR):
  1. Submission of a specific proposal for the conclusion of a contract in response to your request for a proposal;
  2. Administration of the response to the proposal for the conclusion of a contract.
  • Sale of airline tickets and administration of this service. Legal basis for processing personal data – processing is necessary for the performance of a contract (GDPR Article 6(1)(b)):
  1. concluding contracts and processing orders in reservation and other information systems;
  2. examination and administration of complaints and other requests from you;
  3. prompt notification to you regarding changes to the terms or procedures for providing services;
  4. provision of personal data to service providers in fulfilling your order;
  5. fulfillment of other obligations undertaken.
  • Sale of flight-related services and administration of the provision of these services. Legal basis for the processing of personal data – processing is necessary for the performance of a contract (Article 6(1)(b) of the GDPR):
  1. concluding contracts and processing orders in reservation and other information systems;
  2. examining and managing complaints and other requests from you;
  3. promptly informing you of changes to the terms or procedures for providing services;
  4. providing personal data to service providers when fulfilling your orders;
  5. fulfilling other obligations undertaken.
  • Compliance with the requirements of public administration institutions and legislation. Legal basis for the processing of personal data – processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR):
  1. compliance with requirements for crossing state borders;
  2. customs control;
  3. compliance with visa requirements;
  4. compliance with other border crossing requirements;
  5. compliance with the requirements of public administration authorities;
  6. compliance with legal acts requiring the provision of information about tourists and travelers;
  7. pursuit of objectives related to the prevention of other legal violations.
  • Direct marketing to new customers. Legal basis for processing personal data – your consent to the processing of personal data (Article 6(1)(a) of the GDPR):
  1. sending marketing messages/newsletters regarding the sale of organized tours, tourism service packages, and/or individual tourism services, including airline tickets;
  2. analyzing operations to improve service quality.
  • Conducting direct marketing to existing customers. Legal bases for the processing of personal data – processing is necessary for the legitimate interests of the Company (Article 6(1)(f) of the GDPR):
  1. to provide offers regarding similar services of the Company.
  • Conducting direct marketing related to claims management companies. Legal basis for processing personal data – your consent to process personal data (GDPR Article 6(1)(a)):
  1. sending marketing communications regarding the possibility of filing claims related to flight delays, cancellations, or refusals to transport through claims management companies.
  • Conclusion and performance of other contracts. Legal basis for processing personal data – processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).

The Company, acting as a data processor, processes your personal data as a data subject for the following purposes:

  • Sale of insurance services. Legal basis for the processing of personal data – processing is necessary for the performance of a contract (Article 6(1)(b) of the GDPR):
  1. concluding contracts on behalf of the insurance company and processing orders in the insurance company’s reservation system;
  2. fulfillment of other obligations assumed under the contract concluded with the insurance company.

4. PERSONAL DATA PROCESSED BY THE COMPANY AND THEIR RETENTION PERIOD

As the data controller, the Company processes the following personal data during pre-contractual customer service interactions, for the purpose of providing customer service without sending commercial offers:

  • first name;
  • email address, phone number.

The Company, as the data controller, processes the following personal data for the purpose of submitting a proposal to enter into a contract:

  • first name;
  • email address, phone number.

The Company, as the data controller, processes the following personal data for the purpose of selling airline tickets and administering the provision of this service:

  • first name, last name, date of birth, details of the identity document—date of issue and validity, place, number, date of birth, gender, nationality, issuing country, gender, nationality, issuing country, phone number, email address, payment details, flight information (date, flight number, booking number provided by the airline, etc.).

The Company, as the data controller, processes the following personal data for the purpose of selling flight-related services and administering these services:

  • when booking the fast passenger check-in service: email address;
  • when booking an airport parking service: first name, last name, email address, phone number, vehicle registration number.

The Company, as the data controller, processes the following personal data for the purpose of complying with the requirements of public administration institutions and legislation:

  • first name, last name, date of birth, place of residence (address), details of the identity document—date of issue and validity, place, number, date of birth, gender, nationality, country of issuance, telephone number, email address, payment details, flight information (date, flight number, booking number provided by the airline, etc.).

The Company, as the data controller, processes the following personal data for direct marketing purposes to new customers:

  • email address;
  • data related to the confirmation of consent to receive the Company’s newsletter and its validity: the fact of confirmation, date, and time; the fact of withdrawal of consent, date, and time.

The Company, as the data controller, processes the following personal data for direct marketing purposes for existing customers:

  • email address.

The Company processes the following personal data for the purpose of conducting direct marketing related to claims management companies:

  • first name, last name, email address, phone number;
  • flight information (date, flight number, route, booking number provided by the airline, airline name, route);
  • data related to the confirmation of consent to receive the Company’s marketing offers and the validity of such consent: the fact of confirmation, date and time, the fact of withdrawal of consent, date and time.

The Company, as the data controller, processes the following personal data for the purpose of concluding and performing other contracts:

  • if the contract is concluded with a natural person—the person’s first name, last name, personal identification number or date of birth, residential address, email address, mobile or landline phone number, information/financial data transmitted along with the payment (payment account number, transaction amount), the number of the individual activity certificate or business license;
  • the first and last names, email address, and mobile or landline phone number of persons authorized to represent the legal entity in its relations with third parties, as well as persons involved in the administration, supervision, and/or control of the legal entity.

As a data controller, the Company processes the following personal data for the purpose of selling insurance services:

  • first name, last name, personal identification number, phone number, email address, payment details, and other information related to the insurance policy (policy number, contract term, risk, insurer’s coverage limits, etc.).

The Company processes personal data that you voluntarily provide by mail, registered mail, email, fax, telephone, by visiting the Company’s sales office in person, as well as through the Company’s website.

Your consent for direct marketing is valid for 5 years, and for direct marketing related to claims management companies—18 months. You have the right to opt out of the use of your personal data for direct marketing purposes by notifying the Company via email at info@tagoo.lt.

When the Company acts as a data controller, personal data is retained for the following periods:

  • for the purpose of pre-contractual customer service and/or the submission of commercial offers, personal data is retained for 1 year from the date of receipt;
  • for the purpose of selling services, concluding and performing contracts—for the duration of the contract and 10 years after the contract’s expiration;
  • for the examination and administration of claims—for the duration of the contract and 3 years after the contract’s expiration;
  • for direct marketing purposes to new customers—stored for the duration of the consent (5 years from the date of receipt or less if we receive your request to opt out of receiving direct marketing communications), as well as for the purposes of ensuring compliance with archiving requirements, 2 years after the expiration of consent;
  • for direct marketing purposes to existing customers, stored for the duration of the Passenger Transport Contract or for a shorter period if we receive your request to opt out of receiving direct marketing communications;
  • for the purpose of direct marketing related to claims management companies, stored for the duration of the consent (18 months from the date of receipt or for a shorter period if we receive your request to opt out of receiving direct marketing communications), and also for the purpose of ensuring compliance with archiving requirements, for 2 years after the expiration of the consent.

Upon expiration of the retention period for a document containing personal data, a decision is made to destroy it, and the document is destroyed in accordance with the procedure established by the Law on Documents and Archives of the Republic of Lithuania. Documents containing personal data that are stored on a permanent basis are transferred to state archives for storage in accordance with the procedure established by law.

The Company, acting as a data processor, stores personal data for the period specified by the data controllers.

5. TRANSFER OF PERSONAL DATA

The information received from you, as the data subject, is processed and used solely for the purposes specified in the Privacy Policy.

Information received from you, as a data subject, may not be disclosed to third parties without a lawful basis, except to entities that participate in or contribute in any form to the performance or provision of services ordered by the data subject. This also applies to data processors or joint data controllers with whom the Company has entered into Personal Data Processing Agreements or other contracts addressing the requirements for the processing and security of Personal Data. In such cases, legal liability for a breach of Personal Data processing or for any resulting damage falls on the data processor or data controller responsible for the breach or damage. In other cases, personal data may be disclosed to third parties only when required or mandated by law. Personal data may also be transferred to public administration and law enforcement authorities when such an obligation is established for the Company by law.

In order for the Company to provide services to you, data may be provided to:

  • Amadeus IT Group S.A.;
  • DRCT;
  • UAB Baltic Tours Group;
  • the relevant airlines from which the data subject purchases tickets;
  • BTA Baltic Insurance Company AAS;
  • UAB Stova (the airport parking service provider);
  • the relevant branch of AB “Lietuvos oro uostas” (depending on the departure location, as the provider of fast-track security check services);
  • UAB “Skycop.com” (the provider of services for preparing claims regarding flight delays, cancellations, or refusals to carry passengers);
  • “Mailerlite” (the newsletter service provider);
  • other actual service providers.

Our website may also contain links to websites of other individuals, companies, or organizations where you have the right to book other services (accommodation, car rental, etc.). Please note that we are not responsible for the content of such websites or the privacy policies they employ. Therefore, if you click on a link from our website and are redirected to other websites, you should review their Privacy Policy and the terms of their personal data processing separately.

6. FINAL PROVISIONS

If you have any questions regarding the protection of personal data, please contact us by phone at +370 700 11001 or by email at info@tagoo.lt.

The Company reserves the right to amend this Privacy Policy; therefore, we kindly ask website visitors to check whether the Privacy Policy has changed and to familiarize themselves with any amended and/or new provisions of the Privacy Policy.

Additions or amendments to the Policy take effect on the date of their publication on the website.

Privacy Policy updated on January 28, 2025.

Get good deals on cheap flights with "Tagoo Flights" first!
Flights discounts
Special offers
Discount codes

Subscribe to the "Tagoo Flights" Newsletter