1. Introduction

This Privacy Policy explains how Go Like a Local ApS (“Go Like a Local”, “we”, “our”, “us”) collects, uses, discloses and safeguards personal information when you visit https://www.golikealocal.com (the “Site”), interact with our booking engine (Bokun), make a reservation through an online travel agency (“OTA”) such as Viator / Tripadvisor Experiences, or otherwise communicate with us (together, the “Services”). It also describes your data-protection rights and how to exercise them.

Go Like a Local ApS is established in Denmark and subject to the EU General Data Protection Regulation (“GDPR”).

Data Controller

Go Like a Local ApS

CVR-nr.: 43056204

Business address: Blågårdsgade 19, 2200 Copenhagen N, Denmark

Telephone: +45 26 20 11 83

Email: michael@golikealocal.com

Data Protection Officer (DPO): Michael Olivarius – same contact details as above

2. Legal bases for processing

We process personal data only when one or more of the following legal bases applies (Art. 6 GDPR):

Legal basis Typical examples in our operation

Contract (Art. 6 (1)(b)) Accepting, confirming and delivering your tour booking; customer service.

Legal obligation (Art. 6 (1)(c)) Danish accounting rules; tourism-sector regulations; tax law.

Legitimate interests (Art. 6 (1)(f)) Improving the Site, preventing fraud, ensuring tour safety, direct marketing of similar services.

Consent (Art. 6 (1)(a)) Sending optional newsletters or personalised marketing; storing non-essential cookies. You may withdraw consent at any time.

3. Personal data we collect

Category What it includes Source

Identification & contact data Name, email address, phone number, nationality, language preference. Provided by you when enquiring or booking.

Booking details Tour date, party size, special requests, payment status, OTA booking reference. Provided by you or an OTA; generated within Bokun.

Payment data Last four digits of card, payment token, transaction ID (payment processing is handled by Bokun’s integrated payment providers; we do not receive full card numbers). Payment gateway via Bokun.

Device & usage data IP address, browser type, operating system, referring URLs, pages visited, actions taken, time spent. Collected automatically via cookies, log files and Google Analytics.

Location data Approximate geolocation derived from IP address. Automatically collected when you visit the Site.

Marketing preferences Newsletter opt-in/opt-out, cookie consent choices. Provided by you.

We do not intentionally collect special categories of personal data (Art. 9 GDPR) such as health or religious information; please avoid sending such data unless strictly necessary (e.g. mobility constraints or dietary requirements).

4. How we use personal data

Purpose Examples of processing

Provide and manage the Services Confirm bookings, issue tickets, send pre-tour reminders, handle payments, answer enquiries.

Improve and protect our business Analyse usage statistics, test new features, secure the Site, prevent fraud.

Marketing (own services only) Send follow-up offers, review requests, newsletters (with consent or under soft-opt-in rules).

Legal & compliance Maintain tax records, comply with Danish bookkeeping rules, respond to law-enforcement requests.

5. Sharing of personal data

We never sell your data. We share it only as necessary:

Recipient / role Why sharing is necessary Safeguards

Bokun hf. (Iceland) – booking engine & CMS Hosting the Site, processing bookings and payments. Data-processing agreement; servers within EEA.

Payment service providers (e.g. Stripe) Secure payment authorisation and settlement. PCI-DSS compliance; data-processing agreement.

OTAs (Viator / Tripadvisor, GetYourGuide, etc.) Where you made the initial booking; to fulfil and reconcile reservations. Data-sharing governed by OTA contracts.

Analytics & marketing partners (Google Analytics, Google Ads) Site performance, advertising and re-marketing (cookie-based, pseudonymised). Standard Contractual Clauses (SCCs) for transfers outside EEA.

Professional advisers (accountants, lawyers, insurers) Audit, legal advice, dispute resolution. Confidentiality obligations.

Public authorities / law enforcement Where required by law or to protect rights, safety or property. Disclosed only on a lawful request.

If we enter into a corporate transaction (merger, asset sale, etc.), data may be transferred to the acquiring entity under the same privacy commitments.

6. International data transfers

Some partners (e.g. Google LLC, Viator LLC) are based outside the European Economic Area (“EEA”). Where we transfer data abroad, we rely on:

An adequacy decision by the European Commission; or

Standard Contractual Clauses (SCCs) approved by the Commission; or

Another lawful derogation under Art. 49 GDPR (e.g. performance of a contract you requested).

7. Data retention

We keep personal data only for as long as necessary:

Data category Typical retention

Booking & accounting records 5 full financial years (Danish Bookkeeping Act).

Customer service emails 3 years from last interaction.

Marketing consent logs While consent is valid + 2 years.

Google Analytics logs 26 months (as configured).

Once retention periods expire, data are securely deleted or anonymised.

8. Cookies & tracking technologies

The Site uses session cookies, persistent cookies and third-party cookies for:

Basic site functionality and security

Remembering your preferences

Measuring traffic (Google Analytics)

Advertising & re-marketing (Google Ads)

You may refuse or delete non-essential cookies via the cookie banner or your browser settings. Essential cookies (strictly necessary) cannot be disabled as they ensure the Site functions correctly.

Detailed cookie list and lifetimes are available in the banner’s “Cookie Details” section.

9. Security measures

We employ industry-standard technical and organisational measures, including:

HTTPS / TLS encryption in transit

Access controls and role-based permissions in Bokun

Regular software patching and vulnerability scans

Staff training and confidentiality agreements

Data-processing agreements with all processors

No system is 100 % secure; however, we continually assess and upgrade our defences against unauthorised access.

10. Your GDPR rights

Subject to certain conditions, you have the right to:

Access – obtain a copy of your personal data.

Rectification – correct inaccurate or incomplete data.

Erasure – request deletion (“right to be forgotten”).

Restriction – limit how we process data.

Portability – receive data in a structured, machine-readable format.

Objection – object to processing based on legitimate interests or direct marketing.

Withdraw consent – at any time, where processing is based on consent.

Complain – lodge a complaint with your local supervisory authority. In Denmark this is Datatilsynet (www.datatilsynet.dk).

To exercise any right, contact our DPO at privacy@golikealocal.com. We will respond within one month (Art. 12 GDPR).

11. Marketing communications

We may send you emails or SMS about similar tours you have booked. You can opt out at any time by clicking “unsubscribe” or contacting us. Marketing based on consent stops immediately on withdrawal. Transactional or service emails (booking confirmations, policy updates) are not marketing and cannot be opted out of.

12. Minors

Our Services are not directed to children under 16. We do not knowingly collect personal data from minors. If you learn that a minor has provided us with personal data, please contact us and we will delete it promptly.

13. Changes to this Privacy Policy

We may update this Privacy Policy periodically. Any material changes will be posted on the Site with a new “Last modified” date and, where appropriate, notified to you by email. Continued use of the Services after an update constitutes acceptance of the revised Policy.

14. Contact

Company name: Go Like a Local ApS

CVR-nr. 43056204

Address: Blågårdsgade 19, 2200 København N, Denmark

Phone: +45 26 20 11 83

General enquiries michael@golikealocal.com

Privacy / DPO michael@golikealocal.com

If you wish to lodge a complaint about our processing of personal data, you may contact:
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Denmark
Phone: +45 33 19 32 00
Website: www.datatilsynet.dk

By using the Site or making a booking you acknowledge that you have read and understood this Privacy Policy.