We set out below the types of personal data about you which we may collect or create via your interaction with the website. In each case we have specified the purpose for which we use the relevant personal data and our ‘lawful basis’ for processing it. The GDPR law specifies certain ‘lawful bases’ for which we are allowed to use your personal data. Most commonly, we will rely on one or more of the following lawful bases for processing your personal data:

• Where it is necessary for efficient and timely communication between us and you for your trip/inquiry;
• Where it is necessary for the performance of the contract; i.e. where we need to collect the information to provide you the best trip, tourism proposal, tour package or service possible (including your bike sizing information, place of birth, date of birth, dietary and medical issues, contact information, etc);
• Where it is necessary for purchase of other services from third party suppliers (such as hotels, transfers, etc) related to a contract, trip, service or tourism package we are providing;
• Where it is necessary for compliance with a legal or fiscal obligation to which we are subject; including your date of birth and place of birth, for invoicing reasons.
• where it is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of our travelers.
• Where it is necessary for compliance with traveler safety and security.
• Where it is necessary for compliance with transportation laws
• Where it is necessary for the purposes of the legitimate interests pursued by us or a third party (including accountants, banking institutions, fiscal agencies, professional associations and companies that assist with auditing, project management and due diligence), except where such interests are overridden by the interests or fundamental rights and freedoms of our travelers.

• Personal Data: By personal data we mean any information relating to you such as your name and contact details. Personal data does not include data which has been anonymized, such as data from Google Analytics carried out on an anonymized basis. Personal Data does include personally identifiable information, such as your name, mailing address, email address, and telephone number, and demographic information, such as your age, gender, hometown, and interests, that you voluntarily give to us either when you sign up for a rental or trip or fill out a form or fill out an evaluation form after a trip.  You are under no obligation to provide us with personal information that is not required for us to perform the services we provide.  Therefore, we will not require information on a form if it is not necessary for the services we provide.
• Responding to inquiries and trip information: If you contact us and choose to provide personal data, such as your name, address, telephone number or e-mail address, we may use that information to respond and continue the correspondence or address the matters you raise. It is for you to decide what personal data you provide but we do generally require a minimum of your name, email address and phone number in order to most efficiently reply to your request on initial contact.
• Financial Data: Financial information, such as data related to your payment method when you book a trip or rental (e.g. valid credit card number, card brand, expiration date, billing address) from the Site. We store very limited, and no identifiable financial information that we collect. Otherwise, all financial information is stored by our payment processor, Consorzio Triveneto, and you are encouraged to review their privacy policy and contact them directly for responses to your questions.
• Mobile Device Data: Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the Site from a mobile device
• Data From Contests, Giveaways, and Surveys: Personal and other information you may provide when entering contests or giveaways and/or responding to surveys.
• Derivative Data and Tracking Technologies:  By accessing our site we will process some data our servers or Site automatically collect when you access the Site, such as your IP address (anonymized in most cases) your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site.
  • We use a tool called “Google Analytics” to collect information about the use of our website. Google Analytics collects information such as how often users visit the site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to improve our website. Google Analytics collects only the IP address and anonymizes it for our purposes rather than your name or other identifying information. We do not combine the information collected through Google Analytics with personally identifiable information. Google Analytics uses cookies to distinguish you from other uses of our website. A “cookie” is a small file of letters and numbers that is stored on your browser or the hard drive of your computer to identify you as a unique user the next time you visit the site and to distinguish you from other users of our website. Cookies cannot read data off your hard drive but are used for site registration and identification. The Google Analytics cookies cannot be used by anyone but Google. When you open our website, you will be asked to accept the use of cookies. If you accept, you are agreeing to the use of cookies for the purposes described here. If you do not accept cookies, some pages on our website may not be able to access certain information on the website. You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. You may also opt-out by completing Google Analytics’ opt-out form accessible through this link: https://tools.google.com/dlpage/gaoptout. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.
• Cookies and Web Beacons: We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Site to help customize the Site and improve your experience. When you access the Site your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action may affect the availability and functionality of the. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience.  Specifically, we use information collected about you via the Site or through email contact with our staff to do the following (please note, this list is not exhaustive):

• Email you regarding your inquiries or requests.
• Create and manage your trip to make all aspects of it run as smooth as possible including information specific to travel plans before, during and after your experience with us.
• Process payments and refunds.
• Monitor and analyze usage and trends to improve your experience with the Site.
• Offer new products, services, and/or recommendations to you based on previous interests or on marketing surveys
• Deliver targeted advertising, newsletters, and other information regarding promotions and the Site (through third party internet advertisers – see tracking technologies under how we collect your data)
• Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
• Respond to product and customer service requests.
• Send you a newsletter or other relevant marketing materials based on your experience or inquiries

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

•  By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.  This includes exchanging information with other entities for fraud protection and credit risk reduction as well as airport and port authorities, customs and immigration institutions.
• Third-Party Service Providers: We may share your information with third parties that perform services for us or on our behalf, including payment processing, email delivery, and any establishments we need to use on the ground to fulfill your trip or service, including but not limited to hotels, restaurants, taxi services, activity providers etc. In each of these cases we’ll only provide the necessary information to carry out the contract. Currently we use Mailchimp, Zoho, E-Agency and Office 365 to manage customer information and our trips. All these companies have GDPR compliant privacy policies.
• Third-Party Advertisers: We may use third-party advertising companies to serve ads after you visit the Site. This third-party software may use cookies or similar tracking technology to help manage and optimize your online experience with us.  For more information about opting-out of interest-based ads, visit the Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.
• Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include the company ExperiencePlus! Bicycle Tours which resides outside of the EU, any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
• Business Partners: We may share your information with our business partners to fulfill our legal and fiscal obligations as well as to offer you certain products, services or promotions but we will make sure they do not use your data for anything other than working with us.

All information you provide to us will be stored on our secure servers managed by SkyToaster.com which are based in the USA or on Office365, managed by Microsoft. Our affiliate company ExperiencePlus! is based in the USA but we are complying by GDPR standards in all use of personal data.

• Transferring information outside of the EU: When we transfer information from the EEA to the USA, the transfer is made using an encrypted channel to Microsoft’s servers, whether using Outlook, a web browser or a mobile. Once we have received your information, we will use appropriate technical and organizational measures to prevent unauthorized access, disclosure, loss or damage to your personal data.
• Data on children: We do not knowingly solicit information from children unless they are traveling with us and then we will just ask for the minimum information required to offer them a great trip.
• Controls and Do-Not-Track Options: Most web browsers and some mobile operating systems include a Do-Not-Track (DNT) or Privacy or Incognito feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.  No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.  If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.  Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

Data Retention and Consent Reversal

Data retention will be from when first contacted to 20 years after your trip is completed or after first contact.

At any moment you may exercise any and all other rights, as applicable in Articles 15 to 22 of the EU GDPR, namely the right of access, right to rectification, right to erasure or “to be forgotten”, right to restriction of processing, right to data portability, right to object by contacting Cycle Europe. For more information or to report any violation please see https://www.garanteprivacy.it/en/home_en

• Contacting us using the contact information provided below or emailing info@cycleeurope.com
• Unsubscribing from our Mailchimp and marketing newsletters here by inputting your email here.
• If you would like to know what information we have on file or to have us delete all your information, we will do so upon request. Please email info@cycleeurope.com with the subject: Personal Data Request.