Privacy Policy — City Guide Pass

Privacy Policy — City Guide Pass

We are committed to protecting your personal data and processing it in accordance with Privacy-by-Design and GDPR principles.

Effective Date: 2025-01-01

Data Controller: L&A Technology Co., Ltd. (Dublin, Ireland)

At City Guide Pass, we are committed to protecting your personal data and processing it in accordance with the principles of Privacy-by-Design and the EU General Data Protection Regulation (GDPR). This policy explains what data we collect, how we use it, and what rights you have as a user.

1. What Personal Data We Collect

We only collect the minimum data necessary to operate our services:

  • Name
  • Email address
  • Country / city (optional)
  • Purchase and transaction records
  • Device and browser information
  • Activation code usage logs (security & fraud prevention)

We do not store credit card details. Payments are processed securely via Stripe or equivalent trusted processors.

2. Why We Collect Your Data (Legal Basis)

We process personal data based on:

  • Contract performance — providing your Ticket Pass and Web App access
  • Legitimate interest — service improvement, fraud prevention, security logs
  • Legal compliance — tax and accounting requirements
  • Consent — where required (cookies, marketing emails)

We do not sell or trade user data under any circumstances.

3. How Your Data Is Used

Your data is used to:

  • Deliver your Ticket Pass and activation code
  • Enable access to the Web App experience
  • Provide customer support
  • Maintain system security and fraud protection
  • Improve service reliability and performance analytics

4. Data Storage & Security

  • Data is stored in secure cloud infrastructure within the EU region where possible
  • Access is restricted using role-based security controls
  • Encryption is applied in transit and at rest
  • Access logs and security audits are maintained
  • We follow Privacy-by-Default system design

5. Data Retention

  • Purchase history and invoices — retained as required by financial regulations
  • Activation logs — retained only for security and fraud monitoring
  • Accounts inactive for 24 months may be anonymized or deleted

6. Your GDPR Rights

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time (where applicable)

Requests may be submitted via email.

7. Sharing Data With Third Parties

We only share data when necessary and with:

  • Payment processors
  • Email delivery providers
  • Cloud hosting infrastructure

All partners operate under data-processing agreements compliant with GDPR.

We do not sell or monetize personal data.

8. Cookies & Analytics

We use cookies to:

  • Maintain login sessions
  • Secure authentication
  • Improve service performance

Analytics is aggregated and anonymized where possible. Users can manage cookie preferences.

9. Contact & Data Protection Officer

For privacy inquiries or GDPR rights requests:

Data Protection Officer — City Guide Pass

Email: contact@cityguidepass.com

10. Updates to This Policy

This Privacy Policy may be updated when required to comply with regulations or improve transparency. Any major changes will be communicated to users.