Type Of Data We Collect
We set out below the types of personal data about you which we may collect or create via your interaction with the website. In each case we have specified the purpose for which we use the relevant personal data and our ‘lawful basis’ for processing it. The GDPR law specifies certain ‘lawful bases’ for which we are allowed to use your personal data. Most commonly, we will rely on one or more of the following lawful bases for processing your personal data:
- Where it is necessary for efficient and timely communication between us and you for your trip/inquiry;
- Where it is necessary for the performance of the contract; i.e. where we need to collect the information to provide you the best trip, tourism proposal, tour package or service possible (including your bike sizing information, place of birth, date of birth, dietary and medical issues, contact information, etc);
- Where it is necessary for purchase of other services from third party suppliers (such as hotels, transfers, etc) related to a contract, trip, service or tourism package we are providing;
- Where it is necessary for compliance with a legal or fiscal obligation to which we are subject; including your date of birth and place of birth, for invoicing reasons.
- where it is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of our travelers.
- Where it is necessary for compliance with traveler safety and security.
- Where it is necessary for compliance with transportation laws
- Where it is necessary for the purposes of the legitimate interests pursued by us or a third party (including accountants, banking institutions, fiscal agencies, professional associations and companies that assist with auditing, project management and due diligence), except where such interests are overridden by the interests or fundamental rights and freedoms of our travelers.
- Personal Data: By personal data we mean any information relating to you such as your name and contact details. Personal data does not include data which has been anonymized, such as data from Google Analytics carried out on an anonymized basis. Personal Data does include personally identifiable information, such as your name, mailing address, email address, and telephone number, and demographic information, such as your age, gender, hometown, and interests, that you voluntarily give to us either when you sign up for a rental or trip or fill out a form or fill out an evaluation form after a trip. You are under no obligation to provide us with personal information that is not required for us to perform the services we provide. Therefore, we will not require information on a form if it is not necessary for the services we provide.
- Responding to inquiries and trip information: If you contact us and choose to provide personal data, such as your name, address, telephone number or e-mail address, we may use that information to respond and continue the correspondence or address the matters you raise. It is for you to decide what personal data you provide but we do generally require a minimum of your name, email address and phone number in order to most efficiently reply to your request on initial contact.
- Mobile Device Data: Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the Site from a mobile device
- Data From Contests, Giveaways, and Surveys: Personal and other information you may provide when entering contests or giveaways and/or responding to surveys.
- Derivative Data and Tracking Technologies: By accessing our site we will process some data our servers or Site automatically collect when you access the Site, such as your IP address (anonymized in most cases) your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site.
How We Use Your Data
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we use information collected about you via the Site or through email contact with our staff to do the following (please note, this list is not exhaustive):
- Email you regarding your inquiries or requests.
- Create and manage your trip to make all aspects of it run as smooth as possible including information specific to travel plans before, during and after your experience with us.
- Process payments and refunds.
- Monitor and analyze usage and trends to improve your experience with the Site.
- Offer new products, services, and/or recommendations to you based on previous interests or on marketing surveys
- Deliver targeted advertising, newsletters, and other information regarding promotions and the Site (through third party internet advertisers – see tracking technologies under how we collect your data)
- Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
- Respond to product and customer service requests.
- Send you a newsletter or other relevant marketing materials based on your experience or inquiries.
Who We Share Your Data With
We may share information we have collected about you in certain situations. Your information may be disclosed as follows:
- By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction as well as airport and port authorities, customs and immigration institutions.
- Third-Party Service Providers: We may share your information with third parties that perform services for us or on our behalf, including payment processing, email delivery, and any establishments we need to use on the ground to fulfill your trip or service, including but not limited to hotels, restaurants, taxi services, activity providers etc. In each of these cases we’ll only provide the necessary information to carry out the contract. Currently we use Mailchimp, E-Agency and Office 365 to manage customer information and our trips. All these companies have GDPR compliant privacy policies.
- Business Partners: We may share your information with our business partners to fulfill our legal and fiscal obligations as well as to offer you certain products, services or promotions but we will make sure they do not use your data for anything other than working with us.
Keeping Your Data Secure
All information you provide to us will be stored on our secure servers managed by SkyToaster.com which are based in the USA or on Office365, managed by Microsoft. Our affiliate company ExperiencePlus! is based in the USA but we are complying by GDPR standards in all use of personal data.
- Transferring information outside of the EU: When we transfer information from the EEA to the USA, the transfer is made using an encrypted channel to Microsoft’s servers, whether using Outlook, a web browser or a mobile. Once we have received your information, we will use appropriate technical and organizational measures to prevent unauthorized access, disclosure, loss or damage to your personal data.
- Data on children: We do not knowingly solicit information from children unless they are traveling with us and then we will just ask for the minimum information required to offer them a great trip.
- While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.
Data Retention and Access Requests
Data Retention and Consent Reversal
Data retention will be from when first contacted to 20 years after your trip is completed or after first contact.
At any moment you may exercise any and all other rights, as applicable in Articles 15 to 22 of the EU GDPR, namely the right of access, right to rectification, right to erasure or “to be forgotten”, right to restriction of processing, right to data portability, right to object by contacting BikesPlus. For more information or to report any violation please see https://www.garanteprivacy.it/en/home_en
• Contacting us using the contact information provided below or emailing firstname.lastname@example.org
• Unsubscribing from our Mailchimp and marketing newsletters here by inputting your email here.
• If you would like to know what information we have on file or to have us delete all your information, we will do so upon request. Please email email@example.com with the subject: Personal Data Request.
This Privacy Notice was written with brevity and clarity in mind and is not an exhaustive account of all aspects of our collection and use of personal data. If you require any further information about this Privacy Notice, the practices of this website, or your dealings with this website, please do not hesitate to contact us.
updated August 31, 2018