Phone x
+390315140010
WhatsApp x

WhatsApp Number

393394364906

Message
Privacy Statement (US) | Stunning Bike Co-Tours

Privacy Policy

This privacy statement was last changed on 31/12/2023, last checked on 31/12/2023, and applies to citizens and legal permanent residents of the United States.

In this privacy statement, we explain what we do with the data we obtain about you via https://www.stunningbikecotours.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose and categories of data

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

2. Sharing with other parties

We only share or disclose this data to other recipients for the following purposes:

Purpose of the data transfer: Bookings
Country or state in which this service provider is located: Canada
Purpose of the data transfer: Website Hosting
Country or state in which this service provider is located: Italy

Purpose of the data transfer: Payments
Country or state in which this third party is located: United States
Purpose of the data transfer: Payments
Country or state in which this third party is located: Luxembourg
Purpose of the data transfer: Analytics
Country or state in which this third party is located: Ireland
Purpose of the data transfer: Website Security
Country or state in which this third party is located: United States
Purpose of the data transfer: CMS Backend
Country or state in which this third party is located: United States
Purpose of the data transfer: Website DNS, Caching, Security & Analytics
Country or state in which this third party is located: United States

3. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

4. How we respond to Do Not Track signals & Global Privacy Control

Our website responds to and supports the Do Not Track (DNT) header request field. If you turn DNT on in your browser, those preferences are communicated to us in the HTTP request header, and we will not track your browsing behavior.

5. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy on our Opt-out preferences webpage. 

We have concluded a data processing agreement with Google.

Google may not use the data for any other Google services.

The inclusion of full IP addresses is blocked by us.

6. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorized access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

The security measures we use consist of:

  • Login Security
  • DKIM, SPF, DMARC and other specific DNS settings
  • (START)TLS / SSL / DANE Encryption
  • Website Hardening/Security Features
  • Security measures of hardware that contain, or process personal data.
  • ISO27001/27002 Certification
  • HTTP Strict Transport Security and related Security Headers and Browser Policies

7. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

8. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

9. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person. We shall provide the requested information only upon receipt of a verifiable consumer request. You can contact us by using the information below. You have the following rights:

9.1 You have the following rights with respect to your personal data

  1. You may submit a request for access to the data we process about you.
  2. You may object to the processing.
  3. You may request an overview, in a commonly used format, of the data we process about you.
  4. You may request correction or deletion of the data if it is incorrect or not or no longer relevant, or to ask to restrict the processing of the data.

9.2 Supplements

This section, which supplements the rest of this Privacy Statement, applies to citizens and legal permanent residents of California (CPRA), Colorado (CPA), Connecticut (CTDPA), Nevada (NRS 603A), Utah (UCPA) and Virginia (CDPA)

10. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

11. Contact details

Stunning Bike Co-Tours
Via Rezzonico, 32
22100 - Como (CO)
Italy
Italy
Website: https://www.stunningbikecotours.com
Email: privacy@stunningbikecotours.com

Phone number: +39031.514.0010

12. Data Requests

For the most frequently submitted requests, we also offer you the possibility to use our data request form

×

Annex

Service: Forms

 

Which forms collect personal data?

  The forms which collect your personal data are:

  • Checkin

What personal data do we collect and why?

 

By default Forminator captures the IP Address for each submission to a Form. Other personal data such as your name and email address may also be captured, depending on the Form Fields.

When visitors or users submit a form, we capture the IP Address for spam protection. We also capture the email address and might capture other personal data included in the Form fields. We collect the following data for the contact forms, checkin, newsletter and user registration:

  • Name and Surname, to proceed with the online checkin and to give you a better personalised service
  • Address, Country  and Citizenship, to proceed with the online checkin
  • Birthdate, to proceed with the online checkin
  • User Name and Password, to register an user account
  • ID, Passport or Driver's Licences data, to proceed with the online checkin
  • Email address, to register an user account, proceed with the online checkin or contact you
  • Phone number, proceed with the online checkin or contact you

How long we retain your data

When visitors or users submit a form we retain the data as long as the services require it.

Where we send your data

All collected data might be sent to our workers or contractors to perform necessary actions based on the form submission.

Third Parties

Forminator Forms uses these third parties:

  • Google reCAPTCHA. Enabled when you added reCAPTCHA on your forms. We use Google reCAPTCHA for spam protection. Their privacy policy can be found here

 

Service: Stripe Credit Card Payments

  Information shared with a payment provider to process payments includes:

  • Name
  • Email
  • Address
  • Phone
  • City/State/Zip
  • Unique payment identifier
  • Payment provider identifier

This plugin/extension sets the following cookies:

 

Service: WordPress

 

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

By default WordPress does not share any personal data with anyone. If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

 

Service: Marketing Popups

 

Which modules collect personal data?

Pop-ups are the modules we use to collect personal data with your consent for different scopes such as newsletters

What personal data do we collect and why?

When visitors or users submit a form or view a module, we capture the name and email address and might capture other personal data included in the form fields for marketing purposes. These information are provided by you after reading our privacy policy.

How long we retain your data

When visitors or users submit a form or view a module we retain the data until needed.

Where we send your data

All collected data might be shown publicly and we send it to our workers or contractors to perform necessary actions based on the form submission.

Third Parties

If your forms use either built-in or external third party services, in this section you should mention any third parties and its privacy policy.

We use reCAPTCHA to protect your website from fraud and abuse. Their privacy policy can be found here : https://policies.google.com/privacy.

Cookies

The service uses cookies to count how many times each module is visualized. Cookies might be used to handle other features such as display settings, used when a module should not be displayed for a certain time, whether the user commented before, whether the user has subscribed, among others, if their related settings are enabled.

 

Service: GDPR Conformity

 

Complianz | The Privacy Suite for WordPress

  This website uses the Privacy Suite for WordPress from Complianz to collect records of consent. For this functionality your IP address is anonymized and stored in our database. For more information, see the Complianz Privacy Statement.  

 

Service: Website Security

 

What personal data we collect and why we collect it

 

Cookies

Visiting the login page sets a temporary cookie that aids compatibility with some alternate login methods. This cookie contains no personal data and expires after 1 hour.

Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

When running Security Check, solidwp.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to solidwp.com as part of this process. Requests to solidwp.com include the site's URL. For solidwp.com privacy policy details, please see the SolidWP Privacy Policy.

This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

In order to ensure file integrity, Solid Security pulls data from wordpress.org, solidwp.com, ithemes.com and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site's locale, a list of installed plugins, and a list of each plugin's version. Requests to solidwp.com and amazonaws.com include the installed SolidWP products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For solidwp.com privacy policy details, please see the SolidWP Privacy Policy. Requests to amazonaws.com are to retrieve content added and managed by SolidWP which is covered by the Amazon Web Services Data Privacy policy.

How long we retain your data

Security logs are retained for 60 days.

Where we send your data

This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by solidwp.com. For privacy policy details, please see the SolidWP Privacy Policy.

 

Service: Identity Verification

 

We use Stripe for identity document verification. Stripe collects identity document images, facial images, ID numbers and addresses as well as advanced fraud signals and information about the devices that connect to its services. Stripe shares this information with us and also uses this information to operate and improve the services it provides, including for fraud detection. You may also choose to allow Stripe to use your data to improve Stripe’s biometric verification technology. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy. Stripe retains a copy of all the data provided as part of a verification. You may also have consented to allow Stripe to use your data to improve their technology. You can delete your information from Stripe’s servers or revoke your consent by visiting https://support.stripe.com  

 

Service: Call Center

 

The calls to our office are managed by an online phone service provider, CloudTalk, and we use the recording feature to allow our operators to train and to have statistics, as described in the message played during the call. 

 

To know more, you can read CloudTalk's Privacy Policy

 

Telephone Call Recording for GDPR Summary of Call Recording Policy

This summary outlines the call recording process that is in operation. The purpose of call recording is to provide a record of incoming and outgoing calls, which can:

 

  • - Protect the interests of both parties
  • - Help improve performance and service delivery in the interest of providing the best Customer Service
  • - Protect our team from nuisance or abusive calls
  • - Establish facts relating to incoming/outgoing calls made (e.g. concerns, complaints)
  • - Contract compliance 
  •  
  • Aim: This policy aims to ensure that the telephone call recording is operated under General Data Protection Regulations 2018. This will involve the recording of telephone conversations.
  • For call recording, the following GDPR conditions are met: Article 6, e) processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller;” 
  • Process: The Manager will make every reasonable effort to advise customers that their call will be recorded and for what purpose the recording may be used. Where a customer requests a copy of a recording then this is authorized under the general provisional of data subject access requests part of the GDPR. Any requests for copies of telephone conversations made as Subject Access Requests under the GDPR must be notified in writing to the Manager. 
  • Playback / Monitoring of Recorded Calls: Call recordings are securely stored as 256-bit encrypted files with access restricted to the Manager by use of login credentials. The monitoring of the call recordings will be undertaken by the Manager and/or Assistant Manager. Any playback of recordings will take place in a secure and confidential environment. The General Data Protection Regulation 2018 allows access to information that is held about you. This includes recorded telephone calls. Telephone call recordings are stored in such a way that will enable easy access to the information relating to one or more individuals. All access requests are by Subject Access Requests as per GDPR; applications should be made in writing to the Manager.
  • To know more about the data safety, please read: https://www.cloudtalk.io/security/

Stunning Bike Co-Tours Logo
Copyright © 2017 - 2024 · Stunning Bike Co-Tours · All rights reserved.
Sede Legale: Via Rezzonico, 32 - Como ·  Sede Operativa: Via Coloniola, 37 - Como ·PI: 03872230135 · REA: CO-403125
[email protected] · +39 031.514.0010
Stripe Payments Logos
en_US
Feedback
Feedback
How would you rate your experience?
Do you have any additional comment?
Next
Enter your email if you'd like us to contact you regarding with your feedback.
Back
Submit
Thank you for submitting your feedback!