This privacy statement was last updated on 05/01/2021 and applies to citizens of the United Kingdom.
In this privacy statement, we explain what we do with the data we obtain about you via https://www.stunningbikecotours.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:
- we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
- we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
- we first request your explicit consent to process your personal data in cases requiring your consent;
- we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
- we respect your right to access your personal data or have it corrected or deleted, at your request.
If you have any questions, or want to know exactly what data we keep of you, please contact us.
1. Purpose, data and retention period
1.1 We use your data for the following purpose:
Contact - Through phone, mail, email and/or webforms
For this purpose we use the following data:
- Name, Address and City
- Email address
- Birth date
- Username, passwords and other account specific data
- IP Address
- Location
- Visitor behavior
- Telephone number
- Other:
ID Data (such as Passport, ID, Driver's Licence etc)
The basis on which we may process these data is:
Consent obtained
Retention period
We determine the retention period according to fixed objective criteria: Until the applicable services require it
1.2 We use your data for the following purpose:
Payments
For this purpose we use the following data:
- Name, Address and City
- Email address
- Financial data
- Birth date
- Location
- Telephone number
The basis on which we may process these data is:
Performance of an agreement
Retention period
We retain this data until the service is terminated.
1.3 We use your data for the following purpose:
Registering an account
For this purpose we use the following data:
- Name, Address and City
- Email address
- Birth date
- Username, passwords and other account specific data
- IP Address
- Visitor behavior
- Telephone number
The basis on which we may process these data is:
Consent obtained
Retention period
We determine the retention period according to fixed objective criteria: Until the applicable services require it
1.4 We use your data for the following purpose:
Newsletters
For this purpose we use the following data:
- Name, Address and City
- Email address
- Birth date
- Username, passwords and other account specific data
- IP Address
- Location
- Telephone number
The basis on which we may process these data is:
Consent obtained
Retention period
We determine the retention period according to fixed objective criteria: Until the applicable services require it
1.5 We use your data for the following purpose:
To support services or products that a customer wants to buy or has purchased
For this purpose we use the following data:
- Name, Address and City
- Email address
- Birth date
- Username, passwords and other account specific data
- IP Address
- Location
- Visitor behavior
- Telephone number
The basis on which we may process these data is:
Performance of an agreement
Retention period
We determine the retention period according to fixed objective criteria: Until the applicable services require it
1.6 We use your data for the following purpose:
To be able to comply with legal obligations
For this purpose we use the following data:
- Name, Address and City
- Email address
- Birth date
- Sex
- Location
- Telephone number
The basis on which we may process these data is:
Legal obligation
Retention period
We determine the retention period according to fixed objective criteria: Until the applicable services require it
1.7 We use your data for the following purpose:
Compiling and analyzing statistics for website improvement.
For this purpose we use the following data:
- IP Address
- Location
- Visitor behavior
The basis on which we may process these data is:
Consent obtained
Retention period
We determine the retention period according to fixed objective criteria: Until the applicable services require it
1.8 We use your data for the following purpose:
To be able to offer personalized products and services
For this purpose we use the following data:
- Location
- Visitor behavior
The basis on which we may process these data is:
Consent obtained
Retention period
We determine the retention period according to fixed objective criteria: Until the applicable services require it
2. Sharing with other parties
We only share or disclose this data to processors for the following purposes:
Processors
Name: Stripe, Inc.
Country: United States
Purpose: Payments
Name: TripWorks, Ltd.
Country: United States
Purpose: Bookings
3. Cookies
To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. For more information about these technologies and partners, please refer to our Cookie Policy.
Stunning Bike Co-Tours participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. It uses the Consent Management Platform with the identification number 332.
We have concluded a data processing agreement with Google.
4. Security
We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.
The security measures we use consist of:
- Username and Password
- DNSSEC
- TLS / SSL
- Physical security measures of systems which contain personal data.
- Security software
- HTTP Strict Transport Security
- X-Content-Type-Options
- X-XSS-Protection
- X-Frame-Options
- No Referrer When Downgrade header
- Content Security Policy
5. Third party websites
This privacy statement does not apply to third party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.
6. Amendments to this privacy statement
We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.
7. Accessing and modifying your data
If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:
- You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
- Right of access: You have the right to access your personal data that is known to us.
- Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
- If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
- Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
- Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.
Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.
8. Automated decision-making
We make decisions on the basis of automated processing with respect to matters that may have (significant) consequences for individuals. These are decisions taken by computer programmes or systems without human intervention.
Our OTA partner "TripWorks" creates a predictions on payment behavior to allow a better data comprehension.
9. Submitting a complaint
If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Commissioner's Office:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
10. Data Protection Officer
Our Data Protection Officer has been registered with the Information Commissioner's Office. If you have any questions or requests with respect to this privacy statement or for the Data Protection Officer, you may contact Andrea Malinverni, via privacy@stunningbikecotours.com.
11. Children
Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.
12. Contact details
Stunning Bike Co-Tours
Via Rezzonico, 32
22100 - Como (CO)
Italy
Italy
Website: https://www.stunningbikecotours.com
Email: privacy@stunningbikecotours.com
Phone number: +393394364906
Annex
Service: "FAST" Customer Support
What we collect and store
When you register on our support site we will store the following information.- Your first name
- Your last name
- Your email address
- (if Oxygenna login) Envato username
- Ticket Subject
- Ticket Type
- Comment Content
- Upload Attachment
- Oxygenna Purchase Information
- Extra Fields (here you should list any extra fields you have created)
- Comment Content
- Upload Attachment
What we do with the information we gather
Members of our team have access to the information you provide us. For example, both Administrators and Ticket Agents can access:- Ticket Subject
- Ticket Type
- Comment Content
- Oxygenna Purchase Information
- Upload Attachment
Who we share your data with
This service does not share any personal data with any 3rd parties.-
Service: WooCommerce
What we collect and store
While you visit our site, weāll track:- Products youāve viewed: weāll use this to, for example, show you products youāve recently viewed
- Location, IP address and browser type: weāll use this for purposes like estimating taxes and shipping
- Shipping address: weāll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
What we share with others
This section doesn't share any data with third-parties
Payments
We accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information. Please see the Stripe Privacy Policy for more details. -Service: iThemes Security
What personal data we collect and why we collect it
Cookies
Visiting the login page sets a temporary cookie that aids compatibility with some alternate login methods. This cookie contains no personal data and expires after 1 hour.Security Logs
The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.Who we share your data with
When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site's URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.
This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.How long we retain your data
Security logs are retained for 60 days.Where we send your data
This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy. -Service: Forminator
Which forms collect personal data?
The forms which collect your personal data are:- Checkin
- Newsletter
- User Registration
What personal data do we collect and why?
By default Forminator captures the IP Address for each submission to a Form. Other personal data such as your name and email address may also be captured, depending on the Form Fields.
When visitors or users submit a form, we capture the IP Address for spam protection. We also capture the email address and might capture other personal data included in the Form fields. We collect the following data for the contact forms, checkin, newsletter and user registration:- Name and Surname,Ā to proceed with the online checkin and to give you a better personalised service
- Address, Country Ā and Citizenship,Ā to proceed with the online checkin
- Birthdate, to proceed with the online checkin
- User Name and Password, to register an user account
- ID, Passport or Driver's Licences data, to proceed with the online checkin
- Email address, to register an user account, proceed with the online checkin or contact you
- Phone number, proceed with the online checkin or contact you
How long we retain your data
When visitors or users submit a form we retain the data as long as the services require it.Where we send your data
All collected data might be sent to our workers or contractors to perform necessary actions based on the form submission.Third Parties
Forminator Forms uses these third parties:
- Google reCAPTCHA. Enabled when you added reCAPTCHA on your forms. We use Google reCAPTCHA for spam protection. Their privacy policy can be found here
Service: Stripe
Information shared with a payment provider to process payments includes:- Name
- Address
- Phone
- City/State/Zip
- Unique payment identifier
- Payment provider identifier
- wp_woocommerce_session_HASH
- _stripe_mid ā Learn more https://stripe.com/gb/privacy
- _stripe_sid ā Learn more https://stripe.com/gb/privacy
Service: YITH
What we collect and store
YITH WooCommerce Affiliates
While you visit our site, weāll track:- Visits to the store: weāll use this to generate statistics for affiliates and administrators.
- Location, IP address and browser type: weāll use this just for statistics, and to let administrators supervise traffic generated by affiliates.
- Affiliateās name, username, email address: weāll use this information to register and keep track of affiliates.
YITH Booking and Appointment for WooCommerce
While you visit our site, weāll track information concerning usersā bookings: date, number of people, services added and all other information about the booking.Who on our team has access
YITH WooCommerce Affiliates
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:- Affiliateās personal details;
- System-generated commissions;
- Payments sent to the affiliates;
- Visits and sales generated through referral links.
YITH Booking and Appointment for WooCommerce
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access to information about customer bookings.What we share with others
YITH WooCommerce Affiliates
We send payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the commission total and payment information. Please see the PayPal Privacy Policy for more details.YITH Booking and Appointment for WooCommerce
We share the availability calendars with external services, such as booking.com or Airbnb, as we sell our bookable products through these portals, to sync the availability information and prevent overbooking.