1. Who We Are
Tally Ho Experiences Limited
189 Hercules Road, London SE1 7LD, United Kingdom
Email: hello@tallyho.cc
We are the controller of your personal data within the meaning of Article 4(7) of the GDPR.
2. What Personal Data We Collect
Depending on your interaction with our website, we may collect:
- Contact information (e.g., name, email address, phone number)
- Booking information
- Emergency contact details
- Communication content (e.g., messages sent through chat or forms)
- Technical data (e.g., IP address, browser, device type)
- Usage data (e.g., pages visited, time spent, clicks)
- Consent preferences (via cookie banner)
- Photographs and videos taken during tours
3. How We Collect Data
We collect data:
- Directly from you (e.g., when you fill out a form or make a booking)
- Automatically via cookies and similar tracking technologies
- Through third-party service providers embedded in our site
4. Legal Bases for Processing
We process your data based on the following legal grounds:
- Your consent (Article 6(1)(a) GDPR)
- Performance of a contract or steps prior to entering into a contract (Article 6(1)(b) GDPR)
- Compliance with a legal obligation (Article 6(1)(c) GDPR)
- Legitimate interests (Article 6(1)(f) GDPR)
5. Third-Party Tools and Services
Google Analytics 4 (GA4)
We use Google Analytics 4 to understand how users interact with our website. IP addresses are anonymised. Data is only collected after you provide consent.
- Data collected: anonymised IP, usage data, device/browser info
- Legal basis: Consent
- Provider: Google Ireland Ltd.
- Data transfer: May involve transfer to the United States; Google is certified under the EU-U.S. Data Privacy Framework
Google Tag Manager
Google Tag Manager is used to load scripts and manage other tracking tools. It does not process personal data directly.
- Legal basis: Legitimate interest
CookieScript
We use CookieScript to manage cookie consent in compliance with GDPR and the ePrivacy Directive. Your preferences are stored in a cookie.
- Data collected: consent state, device/browser info
- Legal basis: Consent and legal obligation
Meta (Facebook) Pixel
We use the Facebook Pixel to measure the effectiveness of our Meta ads and to create personalised audiences.
- Data collected: IP address, browser data, on-site behaviour
- Legal basis: Consent
- Data transfer: May be sent to the United States. Meta participates in the EU-U.S. Data Privacy Framework.
Hotjar
We use Hotjar to understand how users interact with our website through heatmaps, session recordings, and user feedback tools. This helps us improve the user experience by identifying how visitors navigate and use our site.
- Data collected: anonymised user interactions, mouse movements, clicks, scrolls, form interactions
- Legal basis: Consent
Crisp Chat
We use Crisp Chat to offer live chat and customer support on our website. If you initiate a chat or send a message, data such as your email address and message content will be processed to provide customer service.
- Data collected: name (if provided), email address, message content, usage data
- Legal basis: Contract (for customer support), Consent (for analytics)
Fillout Forms
We use Fillout to create and manage forms for bookings, enquiries, feedback, and other data collection purposes. This includes contact forms, booking requests, and customer surveys.
- Data collected: all form input data, IP address, browser information
- Legal basis: Consent
TicketingHub (Booking System)
Our bookings are handled via TicketingHub. When you make a booking, personal data is collected for the purpose of fulfilling the contract.
- Data collected: full name, contact information, payment data
- Legal basis: Performance of a contract
Stripe (Payment Processing)
We use Stripe to securely process credit card payments for all bookings. Stripe handles all payment transactions on our behalf.
- Data collected: customer name, email address, IP address, credit card details
- Security: All credit card information is tokenized and stored securely by Stripe in compliance with PCI DSS standards
- Legal basis: Performance of a contract
- Data transfer: Stripe, Inc. is based in the United States but operates under appropriate data protection frameworks
Attio (CRM)
We use Attio as our customer relationship management system to manage customer interactions and improve our service.
- Data collected: contact information, booking history, communication records
- Legal basis: Legitimate interest and contract performance
Zapier
We use Zapier to automate workflows between different applications and services we use to run our business. This helps us provide better customer service by ensuring information flows seamlessly between our systems.
- Data collected: data transferred between connected applications as part of automated workflows
- Legal basis: Legitimate interest and contract performance
MailChimp
We use MailChimp for email marketing to send newsletters, tour updates, and promotional communications to customers who have agreed to receive future communications from us.
- Data collected: email address, name, booking history, communication preferences
- Legal basis: Consent
- Your rights: You can unsubscribe from marketing emails at any time using the unsubscribe link in emails or by contacting us directly
6. Cookies
We use cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and personalise content. Cookies are small text files stored on your device when you visit our website.
Types of Cookies We Use:
- Essential Cookies: Necessary for the website to function properly
- Analytics Cookies: Help us understand how visitors use our website
- Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness
- Preference Cookies: Remember your settings and preferences
You can manage your cookie preferences through our cookie banner when you first visit the site, or by adjusting your browser settings. Please note that disabling certain cookies may affect website functionality.
7. Photography and Video
We reserve the right to take photographs and videos of our tours in action for marketing purposes. These images and videos may be shared on our social media channels, website, and with our travel agent partners for promotional activities.
- Data collected: photographs and videos featuring tour participants
- Storage: photo and video assets are stored securely in Google Drive
- Legal basis: Legitimate interest
- Your rights: If you do not wish to be photographed or filmed, please let us know in advance and we will ensure you are not included in any marketing materials.
8. Emergency Contacts and Tour Safety
Phone numbers provided during booking will be shared with your tour guides to ensure we can provide the best level of service whilst you are in destination and to contact you in case of emergency.
- Data collected: emergency contact information, mobile phone numbers
- Legal basis: Legitimate interest and contract performance
9. Partner Data Sharing
We reserve the right to share aspects of your data with our select partners in order to provide you with quotes for auxiliary services, such as out-of-town trips, attraction tickets, and other travel-related services that complement your tour experience.
- Data shared: contact information, tour preferences, booking details
- Legal basis: Legitimate interest
- Your rights: You have the right to request details of which partners receive your data and can opt out of such sharing by contacting us.
10. How Long We Store Your Data
We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including legal, accounting, or reporting obligations.
11. Your Rights Under GDPR
You have the right to:
- Access your data
- Correct inaccurate data
- Request deletion of your data
- Withdraw consent at any time
- Object to certain processing
- Lodge a complaint with a supervisory authority
To exercise any of these rights, please contact us at hello@tallyho.cc. For data protection complaints, you can also contact the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.
12. Data Transfers Outside the UK/EU/EEA
Some of our service providers are located in countries outside the UK/EU/EEA. Where this is the case, we ensure an adequate level of protection, for example by using Standard Contractual Clauses, relying on certified frameworks such as the EU-U.S. Data Privacy Framework, or transfers to countries with UK or EU adequacy decisions.
13. Changes to This Policy
We may update this policy to reflect changes in our data practices or legal requirements. The latest version will always be available on this page.