Hey Estonia

Privacy Policy

Effective Date: November 5, 2025

Heyest OÜ (“we”, “us”, “our”, or “Hey Estonia”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our website www.heyestonia.com and purchase our services (“Services”), in accordance with the EU General Data Protection Regulation (GDPR).


Data Controller

Heyest OÜ

Registry code: 17340390

Address: Harju maakond, Rae vald, Jüri alevik, Väljaku tn 6a-29, 75301, Estonia

Phone: +372 53072169

Email: info@heyestonia.com

We are the data controller for all personal data collected through our website https://heyestonia.com/ and services. Certain third-party service providers (e.g., Google Analytics, Meta Pixel, payment providers) may act as data processors on our behalf. Their role is strictly limited to providing the services for which they were engaged.


What data do we collect?

Hey Estonia collects the following data:

  • Contact Information: Name, email address, phone number, country of residence
  • Booking Information: Accommodation address (for pick-up), selected service and date, shoe size, dietary requirements, allergies.
  • Payment Information: We process data required to handle payments through secure third-party payment gateways. For card payments, including Apple Pay, Google Pay, and Link, we never store your full credit or debit card details on our servers. Instead, secure payment gateways (e.g., Stripe) may tokenize your card data by replacing it with a unique identifier. This means we only receive a payment confirmation, the transaction amount, and partial card details (such as the last four digits) for fraud prevention and accounting. When you pay via bank transfer or Revolut, we will see your name and account number, which are necessary to identify the payment and link it to your booking in compliance with our legal accounting obligations. We emphasize that we do not collect or retain sensitive payment data, such as full credit card numbers or security codes. All payment processing is conducted within the secure environment of GDPR-compliant and PCI DSS certified payment service providers.

  • Usage Data: Website usage data collected through cookies, Google Analytics, and Meta Pixel.
  • Communication Data: Messages exchanged via email or WhatsApp related to bookings, inquiries, or service delivery.
  • Media Data: Photographs and videos taken during hikes for promotional purposes (consent obtained prior to taking media). 


How do we collect your data?

You directly provide Hey Estonia with most of the data we collect. We collect data and process data when you:

  • Make a booking for any of our services.
  • Contact us with an inquiry via email, WhatsApp, or our website contact form.
  • Voluntarily provide feedback or communicate with us.
  • Use or view our website via your browser’s cookies.

Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

  • To provide our Services, including online guides and bog-shoe hikes (contractual necessity).
  • To communicate with you regarding bookings, inquiries, and service updates (contractual necessity).
  • To send you necessary travel-related information and materials (contractual necessity).
  • As part of the Services, we may share personalized travel recommendations, including Google Maps links, directly with you via WhatsApp or email (contractual necessity).
  • To process payments and manage billing (contractual necessity).
  • To comply with legal obligations, including accounting, tax, and recordkeeping requirements (legal obligation).
  • To analyze and improve our website, user experience, and services through the use of analytics tools such as Google Analytics and Meta Pixel (legitimate interest).
  • To provide personalized offers, promotions, or newsletters where you have given explicit consent (consent).
  • To ensure the safety, health, and security of participants during hikes and outdoor activities (legitimate interest).

 

Communication via WhatsApp and Email

Communication with clients is primarily conducted via WhatsApp and email. Messages may include information essential to the purchased service (for example, hike details, travel tips, or personalized map links). We do not use WhatsApp or email for unsolicited marketing purposes

 

Data Sharing and Third-Party Processors

We do not sell or rent your personal data. Your personal data may be shared with:

  • Payment Providers: For secure processing of transactions.
  • Service Partners: For delivering bog-shoe hikes or other Services.
  • Analytics Providers: Google Analytics and Meta Pixel, for performance and marketing analytics.
  • Authorities: When required by law, such as for tax or regulatory compliance.

Note: Google Analytics and Meta Pixel may process data outside the EU. These transfers are safeguarded using Standard Contractual Clauses (SCCs) or other GDPR-compliant mechanisms. 


How do we store your data?

Hey Estonia securely stores your data on encrypted cloud servers and password-protected systems, applying strict technical and organizational measures to prevent unauthorized access.

We will keep your booking and payment data for 7 years, in accordance with Estonian tax and accounting laws. Once this time period has expired, we will permanently delete your data by removing it from our databases and any associated backups. Marketing and analytics data will be retained for up to 2 years, after which it will be anonymized or deleted. Data related to your consent will be kept for as long as you use our services and will be deleted upon your request to withdraw consent.

 

Marketing

Hey Estonia would like to send you information about products and services of ours that we think you might like. We will only do so if you have given your explicit consent to receive marketing communications.

If you have agreed to receive marketing, you may always opt out at a later date.

You have the right at any time to stop Hey Estonia from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please contact us at info@heyestonia.com.

 

What are your data protection rights?

Hey Estonia would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access - You have the right to request Hey Estonia for copies of your personal data.
  • The right to rectification - You have the right to request that Hey Estonia correct any information you believe is inaccurate. You also have the right to request Hey Estonia to complete information you believe is incomplete.
  • The right to erasure - You have the right to request that Hey Estonia erase your personal data, under certain conditions.
  • The right to restrict processing - You have the right to request that Hey Estonia restrict the processing of your personal data, under certain conditions.
  • The right to object to processing - You have the right to object to Hey Estonia processing of your personal data, under certain conditions.
  • The right to data portability - You have the right to request that Hey Estonia transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email info@heyestonia.com.


What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our website, we may collect information from you automatically through cookies or similar technology.

For further information, visit allaboutcookies.org.


Cookies and Tracking

We use cookies and similar technologies to improve your experience and analyze website traffic.


Types of Cookies

Necessary Cookies: Required for website operation (e.g., shopping cart, bookings).

Analytics Cookies: Google Analytics collects anonymized data for site performance, such as pages visited, time spent, and user behavior patterns.

Marketing Cookies: Meta Pixel allows us to deliver personalized advertisements and measure ad campaign effectiveness.


Your Consent for Cookies

When you first visit our website, you will be presented with a cookie banner requesting your consent to use non-essential cookies. We will only use Analytics and Marketing cookies if you provide your explicit consent by clicking "Accept" or by enabling them in the settings. Necessary cookies do not require your consent as they are essential for the website to function.

You can withdraw or change your consent at any time through our cookie management tool, which can be accessed via the cookie banner or a persistent link on our website. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal.


How to Manage Cookies

You have full control over the cookies used on our site. You can manage your preferences at any time in the following ways:

  • Via Our Cookie Banner: Adjust your preferences for Analytics and Marketing cookies directly in our cookie consent tool.
  • Via Your Browser Settings: You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. Please note that if you disable or refuse cookies, some parts of this website may become inaccessible or not function properly. You can find instructions on how to manage cookies in popular browsers here: Google Chrome, Mozilla Firefox, Safari, Microsoft Edge. For further information about cookies, visit allaboutcookies.org.

Third-Party Cookies

Third-party cookies may track user behavior for analytics or marketing purposes. We do not control their use; please refer to the respective provider’s privacy policies for details:

Google Analytics Privacy Policy

Meta Pixel Privacy Policy


Automated Decision-Making and Profiling

We do not use automated decision-making that significantly affects users.

Profiling for marketing purposes via Meta Pixel is allowed, but you have the right to object to profiling at any time.

Security of Personal Data

We implement technical and organizational measures to protect your personal data, including:

  • Encryption of sensitive information.
  • Limited access to authorized personnel only.
  • Regular security audits and updates.


Data Breach Notification

In case of a personal data breach, we will notify affected users without undue delay and in compliance with GDPR requirements.


International Data Transfers

Some third-party processors may transfer data outside the EU. We ensure adequate protection via Standard Contractual Clauses (SCCs) or other GDPR-compliant mechanisms.


Media and Photos

We may take photographs or videos during hikes for promotional purposes. Our guide will always ask for your verbal consent before taking photos where you are clearly identifiable. You have the right to refuse, and if you do not wish to be photographed, please inform your guide at any point. 


Privacy policies of other websites

Hey Estonia website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.


Changes to our privacy policy

Hey Estonia keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 5 November 2025


How to contact us

If you have any questions about Hey Estonia’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: info@heyestonia.com

Call us: +372 53072169


How to contact the appropriate authority

Should you wish to report a complaint or if you feel that Hey Estonia has not addressed your concern in a satisfactory manner, you may contact the Data Protection Inspectorate if you suspect misuse of your personal data: phone: +372 627 4135, e-mail: info@aki.ee, postal address: Väike-Ameerika 19, Tallinn 10129. 

Update cookies preferences