Privacy policy

Website: www.tihuse.ee
Data controller: Tihuse OÜ
Address: Tihuse talu, Hellamaa village, 94701 Muhu Parish, Saare County, Estonia
Phone: +372 514 8667
Email: tihusetalu@gmail.com

Effective from: 7 May 2026

1. General provisions

This Privacy Policy (hereinafter the “Policy”) explains how Tihuse OÜ (hereinafter “we”, “us” or “Tihuse”) collects, uses, stores and protects the personal data of visitors and customers of the website www.tihuse.ee (hereinafter the “Website”).

Tihuse OÜ processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter “GDPR”) and the Estonian Personal Data Protection Act.

By using the Website or ordering our services, the user confirms that they have read this Policy and agree to it.

2. Data controller

The controller of personal data is Tihuse OÜ.

For all questions related to the processing of personal data, you can contact us at:

  • Email: tihusetalu@gmail.com
  • Phone: +372 514 8667
  • Postal address: Tihuse talu, Hellamaa village, 94701 Muhu Parish, Saare County, Estonia

3. What personal data we collect

Depending on how the user interacts with us, we may collect the following personal data:

3.1 Data the user provides to us

  • first name and surname;
  • email address;
  • phone number;
  • arrival and departure dates and number of guests when booking accommodation;
  • data required to order catering, riding, carriage or wagon trips and other services;
  • billing details (e.g. invoice recipient details, company details);
  • the contents of any free-form message (e.g. via the contact form, email or phone call);
  • special requests (e.g. food preferences, allergies, riding experience, age of children).

3.2 Data collected automatically

When a user visits the Website, we may automatically collect the following technical information:

  • IP address;
  • device type, operating system and browser version;
  • date, time and duration of the visit;
  • pages visited and the referring page;
  • approximate location (country, city) based on the IP address;
  • data collected through cookies and similar technologies (see section 7).

4. Purposes and legal bases for processing

We process personal data for the following purposes and on the following legal bases:

Performance of a contract (GDPR Art. 6(1)(b)) — receiving and confirming bookings, providing accommodation, catering and horse-related services, communicating with the customer during the provision of services.

Compliance with a legal obligation (GDPR Art. 6(1)(c)) — accounting obligations, including the issuing and retention of invoices, and obligations arising from tax legislation.

Legitimate interest (GDPR Art. 6(1)(f)) — ensuring the security of the Website and preventing misuse, statistics and improvement of the quality of services, communicating with customers within an existing customer relationship, and the establishment, exercise or defence of legal claims.

Consent (GDPR Art. 6(1)(a)) — the use of marketing cookies and third-party tools (Google Analytics, Facebook Pixel), and the sending of marketing messages where the user has given consent.

5. Retention period

We retain personal data only for as long as is necessary to fulfil the purpose of processing or to comply with legal obligations:

  • booking and customer-communication data: up to 3 years from the last contact;
  • accounting documents (including invoices): at least 7 years under the Accounting Act;
  • Website log files and technical data: up to 12 months;
  • data collected through cookies: up to 24 months or in line with the lifetime of the individual cookie (see section 7);
  • data processed on the basis of consent: until consent is withdrawn.

After the retention period has expired, personal data is deleted or anonymised.

6. Disclosure of personal data

We do not sell or rent personal data to third parties. We disclose personal data only in the following cases and to the following extent:

  • To processors providing services to us (e.g. web hosting, email, accounting, payment service providers). Processors process the data only on our instructions and are required to ensure the protection of personal data.
  • To third parties for analytics and marketing purposes (Google, Meta/Facebook) — on the basis of consent and through cookies (see section 7).
  • To competent authorities where required by law or where necessary to protect our rights.

Some of the service providers we use (e.g. Google, Meta) may transfer data outside the European Economic Area. In such cases, we rely on safeguards approved by the European Commission (e.g. Standard Contractual Clauses).

6.1 Redirection to Booking.com

The Website includes a booking form where users can enter arrival and departure dates and the number of guests. After completing the form, the user is redirected to the Booking.com platform (Booking.com B.V., the Netherlands), where the booking is finalised. Tihuse OÜ does not store or further process the data entered into the booking form on the Website itself.

As soon as the user reaches Booking.com, Booking.com starts collecting and processing personal data (including IP address, cookies, booking details) as an independent data controller. Further information about Booking.com’s data processing is available in their privacy policy: https://www.booking.com/content/privacy.html.

7. Cookies and tracking technologies

The Website uses cookies and similar technologies to ensure the functioning of the Website, improve user experience and analyse visitor statistics.

7.1 Types of cookies

Essential cookies — enable the basic functions of the Website (e.g. language selection, completing the booking form). These cookies cannot be disabled and do not require separate consent.

Statistics and analytics cookies — help us understand how visitors use the Website. We ask for the user’s consent before placing these cookies.

Marketing cookies — used to track visitor behaviour and to display targeted advertising. We ask for the user’s consent before placing these cookies.

7.2 Google Analytics

The Website uses Google Analytics (provider: Google Ireland Limited) to collect anonymised statistics about how the Website is used — for example, pages visited, duration of visit, device used and approximate location. We use the collected data to improve the Website.

Google Analytics may transfer data to Google’s servers, including outside the European Economic Area. More information about Google’s data processing can be found at https://policies.google.com/privacy.

To opt out of Google Analytics, users can install a browser add-on: https://tools.google.com/dlpage/gaoptout.

7.3 Facebook Pixel

The Website uses the Facebook Pixel provided by Meta Platforms Ireland Limited, which helps us measure the performance of our advertising, show relevant ads on Facebook and Instagram, and analyse visitor behaviour on the Website.

The Facebook Pixel processes information including the IP address, browser and device information, and information about pages visited. Data may also be transferred outside the European Economic Area.

More information about Meta’s data processing is available at https://www.facebook.com/privacy/policy/. Facebook ad settings can be changed at https://www.facebook.com/settings?tab=ads.

7.4 Managing cookies

The user can manage cookies through their browser settings, including refusing or deleting cookies. Disabling cookies may limit the use of some features of the Website. Consent for analytics and marketing cookies can be changed or withdrawn at any time through the cookie consent banner.

8. Rights of the data subject

Under the GDPR, the user has the following rights in respect of their personal data:

  • Right of access — to know what personal data we process about the user.
  • Right to rectification — to request the correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) — to request the deletion of data where there is no legal basis for processing.
  • Right to restriction of processing — to request the restriction of processing in cases provided for by law.
  • Right to data portability — to receive personal data in a structured, commonly used and machine-readable format and to transmit it to another controller.
  • Right to object — to object to processing based on legitimate interest, including direct marketing.
  • Right to withdraw consent — withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
  • Right to lodge a complaint with a supervisory authority — in Estonia, this is the Data Protection Inspectorate (www.aki.ee, email: info@aki.ee).

To exercise the above rights, please contact us at tihusetalu@gmail.com. We will respond to the request no later than within 30 days.

9. Data security

We implement reasonable technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include the use of secure data transmission (HTTPS), access restrictions and regular data backups.

Despite all measures, internet-based data transmission cannot be considered fully secure, and the user transmits data at their own risk.

10. Children

The Website is not directed at children under the age of 13, and we do not knowingly collect personal data concerning children without the consent of a parent or guardian. Where a booking concerns children (for example, when ordering a riding service), the data is provided by a parent or guardian.

11. Changes to the Privacy Policy

We reserve the right to amend or supplement this Policy from time to time to reflect legal requirements and changes in our activities. The current Policy is always available on the Website. We will notify users of any material changes on the Website or in another appropriate manner.

12. Contact

For all questions, requests or complaints related to privacy and the processing of personal data, please contact:

Tihuse OÜ
Tihuse talu, Hellamaa village, 94701 Muhu Parish, Saare County, Estonia
Email: tihusetalu@gmail.com
Phone: +372 514 8667