Privacy Statement (BR)

This privacy statement was last updated on 18/08/2022 and applies to citizens and legal permanent residents of Brazil.

In this privacy statement, we explain what we do with the data we obtain about you via https://www.stunningbikecotours.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

2. What if you don't provide us with your personal information?

If you don't provide us with your personal information, we may not be able to provide you with the information, products or assistance that you are seeking.

3. Sharing with other parties

We only share this data with operators and with other third parties for which consent must be obtained. It concerns the following party or parties:

Operators

Name: TripWorks, Ltd.
Country: United States
Purpose: Bookings
Name: VHosting Solution S.r.l Unipersonale
Country: Italy
Purpose: Website Hosting

Third parties

Name: Stripe, Inc.
Country: United States
Purpose: Payments
Data: Financial DataName: PayPal (Europe) S.à r.l. et Cie, S.C.A.
Country: Luxembourg
Purpose: Payments
Data: Financial DataName: Google Ltd
Country: Ireland
Purpose: Analytics
Data: Analytics DataName: Incsub, LLC
Country: United States
Purpose: Website Security
Data: IP Address, LocationName: Automattic Inc.
Country: United States
Purpose: CMS Backend
Data: Name: GetYourGuide Deutschland GmbH
Country: Germany
Purpose: Bookings
Data: Booking-related dataName: Tripadvisor Ireland Limited
Country: Ireland
Purpose: Bookings
Data: Booking-related dataName: Musement S.p.A.
Country: Italy
Purpose: Bookings
Data: Booking-related dataName: CloudFlare Inc.
Country: United States
Purpose: Website DNS, Caching, Security & Analytics
Data: IP Address & approximate location

4. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy

We have concluded a data processing agreement with Google.

Google may not use the data for any other Google services.

The inclusion of full IP addresses is blocked by us.

5. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

The security measures we use consist of:

  • Username and Password
  • TLS / SSL
  • Physical security measures of systems which contain personal data.
  • Security software
  • HTTP Strict Transport Security
  • X-Content-Type-Options
  • X-XSS-Protection
  • X-Frame-Options
  • Content Security Policy

6. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

7. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

8. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. Your rights with respect to personal data:

  • confirmation of the existence of processing;
  • access to data;
  • correction of incomplete, inaccurate, or outdated data;
  • anonymization, blocking, or deletion of unnecessary, excessive, or processed data in disagreement with the provisions of the General Law for the Protection of Personal Data (LGPD);
  • portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets;
  • deletion of personal data processed with the consent of the holder, except in the cases provided for in art. 16 of the General Law for the Protection of Personal Data (LGPD);
  • information on public and private entities with which the controller shared data;
  • information on the possibility of not providing consent and on the consequences of denial.

To exercise these rights, please contact us. Please refer to the contact details at the bottom of this Privacy Statement.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

9. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the National Data Protection Authority (ANPD):


Autoridade Nacional de Proteção de Dados

Esplanada dos Ministérios,
Bloco C,
2º andar,
CEP 70297-400 - Brasília – DF.
Website

10. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

11. Contact details

Stunning Bike Co-Tours
Via Rezzonico, 32
22100 - Como (CO)
Italy
Italy
Website: https://www.stunningbikecotours.com
Email: moc.sruotocekibgninnuts@ycavirp
Phone number: (+39) 031.514.0010

12. Data requests

For the most frequently submitted requests, we also offer you the possibility to use our data request form

×

Annex

Service: Forms

   

Which forms collect personal data?

  The forms which collect your personal data are:
  • Checkin
  • Newsletter
 

What personal data do we collect and why?

 

By default Forminator captures the IP Address for each submission to a Form. Other personal data such as your name and email address may also be captured, depending on the Form Fields.

When visitors or users submit a form, we capture the IP Address for spam protection. We also capture the email address and might capture other personal data included in the Form fields. We collect the following data for the contact forms, checkin, newsletter and user registration:
  • Name and Surname, to proceed with the online checkin and to give you a better personalised service
  • Address, Country  and Citizenship, to proceed with the online checkin
  • Birthdate, to proceed with the online checkin
  • User Name and Password, to register an user account
  • ID, Passport or Driver's Licences data, to proceed with the online checkin
  • Email address, to register an user account, proceed with the online checkin or contact you
  • Phone number, proceed with the online checkin or contact you
 

How long we retain your data

  When visitors or users submit a form we retain the data as long as the services require it.  

Where we send your data

  All collected data might be sent to our workers or contractors to perform necessary actions based on the form submission.  

Third Parties

 

Forminator Forms uses these third parties:

  • Google reCAPTCHA. Enabled when you added reCAPTCHA on your forms. We use Google reCAPTCHA for spam protection. Their privacy policy can be found here
 

Service: Stripe Credit Card Payments

    Information shared with a payment provider to process payments includes:
  • Name
  • Email
  • Address
  • Phone
  • City/State/Zip
  • Unique payment identifier
  • Payment provider identifier
This plugin/extension sets the following cookies:  

Service: PayPal

 

PayPal Checkout

By using this extension, you may be storing personal data or sharing data with an external service. Learn more about how this works, including what you may want to include in your privacy policy.  

Service: Bookings

   

What we collect and store

  While you visit our site, we’ll track information concerning users’ bookings: date, number of people, services added and all other information about the booking.  

Who on our team has access

  Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access to information about customer bookings.  

What we share with others

  We share the availability calendars with external services, such as TripWorks, Apple or Google, as we sell our bookable products through these portals, to sync the availability information and prevent overbooking.  
 

Service: Litespeed Cache

  This site utilizes caching in order to facilitate a faster response time and better user experience. Caching potentially stores a duplicate copy of every web page that is on display on this site. All cache files are temporary, and are never accessed by any third party, except as necessary to obtain technical support from the cache plugin vendor. Cache files expire on a schedule set by the site administrator, but may easily be purged by the admin before their natural expiration, if necessary.  

Service: WordPress

 

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.  

Who we share your data with

 

By default WordPress does not share any personal data with anyone. If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

  If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.  

Where we send your data

  Visitor comments may be checked through an automated spam detection service.
 

Service: Marketing Popups

 

Which modules collect personal data?

 

Pop-ups are the modules we use to collect personal data with your consent for different scopes such as newsletters

 

What personal data do we collect and why?

  When visitors or users submit a form or view a module, we capture the name and email address and might capture other personal data included in the form fields for marketing purposes. These information are provided by you after reading our privacy policy.  

How long we retain your data

  When visitors or users submit a form or view a module we retain the data until needed.  

Where we send your data

  All collected data might be shown publicly and we send it to our workers or contractors to perform necessary actions based on the form submission.  

Third Parties

 

If your forms use either built-in or external third party services, in this section you should mention any third parties and its privacy policy.

We use reCAPTCHA to protect your website from fraud and abuse. Their privacy policy can be found here : https://policies.google.com/privacy.

 

Cookies

 

The service uses cookies to count how many times each module is visualized. Cookies might be used to handle other features such as display settings, used when a module should not be displayed for a certain time, whether the user commented before, whether the user has subscribed, among others, if their related settings are enabled.

 

Service: Newsletter

If you have subscribed to our newsletter or if you are a member of our website (you can log in) or if you have purchased on our website, there is a good chance you will receive emails from us. We will only send you emails which you have signed up to receive, or which pertain to the services we provided to you. To send you emails, we use the name and email address you provide us. Our site also logs the IP address you used when you signed up for the service to prevent abuse of the system. This website can send emails through the MailPoet sending service. This service allows us to track opens and clicks on our emails. We use this information to improve the content of our newsletters. No identifiable information is otherwise tracked outside this website except for the email address. MailPoet creates and stores two cookies if you are using WooCommerce and MailPoet together. Those cookies are: Cookie name: mailpoet_revenue_tracking Cookie expiry: 14 days. Cookie description: The purpose of this cookie is to track which newsletter sent from your website has acquired a click-through and a subsequent purchase in your WooCommerce store. Cookie name: mailpoet_abandoned_cart_tracking Cookie expiry: 3,650 days. Cookie description: The purpose of this cookie is to track a user that has abandoned their cart in your WooCommerce store to then be able to send them an abandoned cart newsletter from MailPoet. Note: User must be opted-in and a confirmed subscriber.  

Service: GDPR Conformity

 

Complianz | The Privacy Suite for WordPress

  This website uses the Privacy Suite for WordPress from Complianz to collect records of consent. For this functionality your IP address is anonymized and stored in our database. For more information, see the Complianz Privacy Statement.  

Service: Image Optimizer

User-submitted images may be transmitted to image compression servers in the United States and stored there for up to 30 days.  

Service: Website Security

What personal data we collect and why we collect it

 

Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site's URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.

This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

In order to ensure file integrity, iThemes Security pulls data from wordpress.org, ithemes.com, and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site's locale, a list of installed plugins, and a list of each plugin's version. Requests to ithemes.com and amazonaws.com include the installed iThemes products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For ithemes.com privacy policy details, please see the iThemes Privacy Policy. Requests to amazonaws.com are to content added and managed by iThemes which is covered by the Amazon Web Services Data Privacy policy.

How long we retain your data

Security logs are retained for 60 days.

Where we send your data

This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

en_US
Feedback
Feedback
How would you rate your experience?
Do you have any additional comment?
Next
Enter your email if you'd like us to contact you regarding with your feedback.
Back
Submit
Thank you for submitting your feedback!