Privacy Statement (UK) | Stunning Bike Co-Tours

This privacy statement was last updated on 05/01/2021 and applies to citizens of the United Kingdom.

In this privacy statement, we explain what we do with the data we obtain about you via https://www.stunningbikecotours.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
we first request your explicit consent to process your personal data in cases requiring your consent;
we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

1.1 We use your data for the following purpose:

Contact - Through phone, mail, email and/or webforms

For this purpose we use the following data:

Name, Address and City
Email address
Birth date
Username, passwords and other account specific data
IP Address
Location
Visitor behavior
Telephone number
Other:

ID Data (such as Passport, ID, Driver's Licence etc)

The basis on which we may process these data is:

Consent obtained

Retention period

We determine the retention period according to fixed objective criteria: Until the applicable services require it

1.2 We use your data for the following purpose:

Payments

For this purpose we use the following data:

Name, Address and City
Email address
Financial data
Birth date
Location
Telephone number

The basis on which we may process these data is:

Performance of an agreement

Retention period

We retain this data until the service is terminated.

1.3 We use your data for the following purpose:

Registering an account

For this purpose we use the following data:

Name, Address and City
Email address
Birth date
Username, passwords and other account specific data
IP Address
Visitor behavior
Telephone number

The basis on which we may process these data is:

Consent obtained

Retention period

We determine the retention period according to fixed objective criteria: Until the applicable services require it

1.4 We use your data for the following purpose:

Newsletters

For this purpose we use the following data:

Name, Address and City
Email address
Birth date
Username, passwords and other account specific data
IP Address
Location
Telephone number

The basis on which we may process these data is:

Consent obtained

Retention period

We determine the retention period according to fixed objective criteria: Until the applicable services require it

1.5 We use your data for the following purpose:

To support services or products that a customer wants to buy or has purchased

For this purpose we use the following data:

Name, Address and City
Email address
Birth date
Username, passwords and other account specific data
IP Address
Location
Visitor behavior
Telephone number

The basis on which we may process these data is:

Performance of an agreement

Retention period

We determine the retention period according to fixed objective criteria: Until the applicable services require it

1.6 We use your data for the following purpose:

To be able to comply with legal obligations

For this purpose we use the following data:

Name, Address and City
Email address
Birth date
Sex
Location
Telephone number

The basis on which we may process these data is:

Legal obligation

Retention period

We determine the retention period according to fixed objective criteria: Until the applicable services require it

1.7 We use your data for the following purpose:

Compiling and analyzing statistics for website improvement.

For this purpose we use the following data:

IP Address
Location
Visitor behavior

The basis on which we may process these data is:

Consent obtained

Retention period

We determine the retention period according to fixed objective criteria: Until the applicable services require it

1.8 We use your data for the following purpose:

To be able to offer personalized products and services

For this purpose we use the following data:

Location
Visitor behavior

The basis on which we may process these data is:

Consent obtained

Retention period

We determine the retention period according to fixed objective criteria: Until the applicable services require it

2. Sharing with other parties

We only share or disclose this data to processors for the following purposes:

Processors

Name: Stripe, Inc.
Country: United States
Purpose: Payments

Name: TripWorks, Ltd.
Country: United States
Purpose: Bookings

3. Cookies

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. For more information about these technologies and partners, please refer to our Cookie Policy.

Stunning Bike Co-Tours participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. It uses the Consent Management Platform with the identification number 332.

We have concluded a data processing agreement with Google.

4. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

The security measures we use consist of:

Username and Password
DNSSEC
TLS / SSL
Physical security measures of systems which contain personal data.
Security software
HTTP Strict Transport Security
X-Content-Type-Options
X-XSS-Protection
X-Frame-Options
No Referrer When Downgrade header
Content Security Policy

5. Third party websites

This privacy statement does not apply to third party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

6. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

7. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
Right of access: You have the right to access your personal data that is known to us.
Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

8. Automated decision-making

We make decisions on the basis of automated processing with respect to matters that may have (significant) consequences for individuals. These are decisions taken by computer programmes or systems without human intervention.

Our OTA partner "TripWorks" creates a predictions on payment behavior to allow a better data comprehension.

9. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Commissioner's Office:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

10. Data Protection Officer

Our Data Protection Officer has been registered with the Information Commissioner's Office. If you have any questions or requests with respect to this privacy statement or for the Data Protection Officer, you may contact Andrea Malinverni, via privacy@stunningbikecotours.com.

11. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

12. Contact details

Stunning Bike Co-Tours
Via Rezzonico, 32
22100 - Como (CO)
Italy
Italy
Website: https://www.stunningbikecotours.com
Email: privacy@stunningbikecotours.com
Phone number: +393394364906

Annex

Service: "FAST" Customer Support

What we collect and store

When you register on our support site we will store the following information.

Your first name
Your last name
Your email address
(if Oxygenna login) Envato username

When you create a ticket on our support site we will store the following information.

Ticket Subject
Ticket Type
Comment Content
Upload Attachment
Oxygenna Purchase Information
Extra Fields (here you should list any extra fields you have created)

When you reply to a ticket on our support site we will store the following information.

Comment Content
Upload Attachment

What we do with the information we gather

Members of our team have access to the information you provide us. For example, both Administrators and Ticket Agents can access:

Ticket Subject
Ticket Type
Comment Content
Oxygenna Purchase Information
Upload Attachment

Other customers will be able to view any tickets or comments you create unless you mark the ticket as private.

Who we share your data with

This service does not share any personal data with any 3rd parties.

-

Service: WooCommerce

We collect information about you during the checkout process on our store.

What we collect and store

While you visit our site, we’ll track:

Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site. When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

Send you information about your account and order
Respond to your requests, including refunds and complaints
Process payments and prevent fraud
Set up your account for our store
Comply with any legal obligations we have, such as calculating taxes
Improve our store offerings
Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders. We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for XXX years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses. We will also store comments or reviews, if you choose to leave them.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

Order information like what was purchased, when it was purchased and where it should be sent, and
Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

What we share with others

This section doesn't share any data with third-parties

Payments

We accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information. Please see the Stripe Privacy Policy for more details. -

Service: iThemes Security

What personal data we collect and why we collect it

Cookies

Visiting the login page sets a temporary cookie that aids compatibility with some alternate login methods. This cookie contains no personal data and expires after 1 hour.

Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site's URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.

This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

How long we retain your data

Security logs are retained for 60 days.

Where we send your data

This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy. -

Service: Forminator

Which forms collect personal data?

The forms which collect your personal data are:

Checkin
Newsletter
User Registration

What personal data do we collect and why?

By default Forminator captures the IP Address for each submission to a Form. Other personal data such as your name and email address may also be captured, depending on the Form Fields.

When visitors or users submit a form, we capture the IP Address for spam protection. We also capture the email address and might capture other personal data included in the Form fields. We collect the following data for the contact forms, checkin, newsletter and user registration:

Name and Surname, to proceed with the online checkin and to give you a better personalised service
Address, Country and Citizenship, to proceed with the online checkin
Birthdate, to proceed with the online checkin
User Name and Password, to register an user account
ID, Passport or Driver's Licences data, to proceed with the online checkin
Email address, to register an user account, proceed with the online checkin or contact you
Phone number, proceed with the online checkin or contact you

How long we retain your data

When visitors or users submit a form we retain the data as long as the services require it.

Where we send your data

All collected data might be sent to our workers or contractors to perform necessary actions based on the form submission.

Third Parties

Forminator Forms uses these third parties:

Google reCAPTCHA. Enabled when you added reCAPTCHA on your forms. We use Google reCAPTCHA for spam protection. Their privacy policy can be found here

Service: Stripe

Information shared with a payment provider to process payments includes:

Name
Email
Address
Phone
City/State/Zip
Unique payment identifier
Payment provider identifier

This plugin/extension sets the following cookies:

wp_woocommerce_session_HASH
_stripe_mid – Learn more https://stripe.com/gb/privacy
_stripe_sid – Learn more https://stripe.com/gb/privacy

Service: YITH

What we collect and store

YITH WooCommerce Affiliates

While you visit our site, we’ll track:

Visits to the store: we’ll use this to generate statistics for affiliates and administrators.
Location, IP address and browser type: we’ll use this just for statistics, and to let administrators supervise traffic generated by affiliates.
Affiliate’s name, username, email address: we’ll use this information to register and keep track of affiliates.

We’ll also use cookies to keep track of visit and sales generate by affiliates.

YITH Booking and Appointment for WooCommerce

While you visit our site, we’ll track information concerning users’ bookings: date, number of people, services added and all other information about the booking.

Who on our team has access

YITH WooCommerce Affiliates

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

Affiliate’s personal details;
System-generated commissions;
Payments sent to the affiliates;
Visits and sales generated through referral links.

Our team members have access to this information to correctly manage the affiliation system, and perform required actions in order to prevent customers from any inappropriate usage of the affiliate program.

YITH Booking and Appointment for WooCommerce

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access to information about customer bookings.

What we share with others

YITH WooCommerce Affiliates

We send payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the commission total and payment information. Please see the PayPal Privacy Policy for more details.

YITH Booking and Appointment for WooCommerce

We share the availability calendars with external services, such as booking.com or Airbnb, as we sell our bookable products through these portals, to sync the availability information and prevent overbooking.