Boat Bike Tours complies with the General Data Protection Regulation (GDPR). This implies that:
- We will explicitly ask your permission when necessary to process your personal data;
- We take the appropriate technical and organizational measures to ensure the safety of your personal data by meeting the requirements of the Regulation;
- We will not disclose any personal data to other parties, unless this is necessary in order to achieve the purposes for which the data was collected;
- We are aware of your rights with respect to your personal data, we will inform you about them and we will respect them.
Boat Bike Tours B.V.
1021 KB Amsterdam
Telephone: +31 20 72 35 400
Telefax: +31 20 72 35 405
We collect data from you directly when you fill out a form, purchase a product, or communicate with us via email or social media. We also collect data from you when you use our Website. We may collect personal data from third parties such as our payment processors, advertising networks, and/or analytics providers. Your data is stored in a secure platform. We use your personal data for processing as outlined below or a reasonably compatible purpose.
- Usage Data. We may process data about your use of our Website and services. This may include your IP address, browser type, operating system, geographical location, page views, website navigation paths, and frequency and/or pattern of your use of our website. This data is collected through our analytics tracking systems, including Google Analytics and similar. This data is used to analyze the use of the Website, to deliver relevant content and advertising, and understand users. The legal basis for processing is our legitimate interest, namely monitoring and improving the website, marketing, and services.
- Customer Data. We may process user data, such as name, email address, address, telephone number, credit-card number, language spoken, company name (if applicable), Chamber of Commerce number (if applicable), VAT number (if applicable), Length (in regard to bike size), diet-information (in case you have special wishes/requirements regarding meals on board) and other relevant data as related to purchases of products and/or services and/or to fulfill a (travel)agreement. We process this data to supply content, products and/or services to you, and/or to fulfill a (travel)agreement, as well as to market other relevant goods and services to you. The legal basis for processing is consent and your affirmative action to enter into such contract with us and/or the purchase and delivery of the contract between you and us.
- User Data. We may process personal information you provide us for the purpose of subscribing to our email notifications, free content, and/or newsletters, as well as communication data that you send to us either through email, social media, or other posting and/or communication methods. We process this data for the purposes of communicating with you, to deliver relevant website content, and for the purposes of sending you marketing, content and/or emails. The legal basis for this process is consent or our legitimate interests, which is to grow our business and keep records which may be needed to pursue or defend a legal action.
3. a) E-mail marketing:
E-mail advertising if you subscribe to the newsletter. If you subscribe to our newsletter, we will regularly send you our e-mail newsletter based on your consent according to Art. 6 (1) 1 lit. a) GDPR, using the data required or disclosed by you separately for this purpose. You may unsubscribe from the newsletter service at any time. For this purpose you can either send a message to the contact option specified below or use the opt-out link in the newsletter. Upon unsubscription, we will delete your email address unless you have expressly consented to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by the law, of which we inform you in this notice.
Your data will never be shared with unrelated third parties. We may disclose your information to payment service providers, administrative and marketing providers, business advisors, or third parties who carry out (parts of) a (travel)agreement, as well as if we sell or transfer parts of our Company. Third parties, we share your data with, will keep it secure and respect your privacy under the law and regulations of GDPR.
We only transfer personal data to third parties with whom we have concluded a processing agreement. In this agreement we take all the necessary provisions to ensure the safety of your data. We will not transfer data to any other third party only with your written consent, unless there is a legal obligation.
We only process personal data of a minor (age younger than 16 yrs.) when we have a written consent of a parent, guardian or legal representative.
Data retention period
Personal data that we process for any purpose shall not be kept for longer than is necessary to fulfil its collection purpose or to satisfy a legal or accounting purpose. In some cases, your data by be anonymized for research purposes and used indefinitely. If your data no longer meets any of the above criteria, personal data will be deleted or otherwise disposed of in a safe and secure manner.
Data security and breach response
We have taken appropriate technical and organizational measures to protect your personal data against unlawful processing, unauthorized access, misuse, or disclosure. Among other things, we have taken the following precautions;
- Every person that is able to access your personal data on behalf of Boat Bike Tours under a strict duty of care;
- We protect our computer systems with User-ID’s and passwords;
- We pseudonimize and encrypt personal data if necessary;
- Online-bookings are made through a secured connection;
- IP-addresses are registered and temporarily saved, but they cannot be traced back to you;
- We make back-ups of the personal data to restore the files in case of physical or technical problems;
- We test and evaluate our measures regularly;
- Our employees are aware of the importance of privacy-protection.
Should there be a potential breach of personal data, we have procedures in place to respond. The breach will be identified, the scope will be determined, and we will make reports and/or notification if we are legally required to do so.
You acknowledge that the personal information you voluntarily share could be accessed or tampered with by a third party. You agree that we are not responsible for any intercepted information shared through our website or social media without our knowledge or permission. Additionally, you release us from any and all claims arising out of or related to the use of such intercepted information in any unauthorized manner. You agree to notify us for any breach of security or unauthorized use of your information.
Your rights to privacy
Your rights under data protection laws include the right to access, erase, correct, restrict, and/or object to our use and processing of your personal data, as well as the right to portability of the data. You have the right to confirmation as to how and where we process your data. To the extent that the legal basis for our processing consent, you have the right to withdraw at any time. We may ask you to identify yourself before we can meet the above requests.
If you have a complaint about the processing of your personal data, we ask you to please contact us immediately. In case we are not able to solve the problem, we would regret this. You have the right to submit your complaint to the ‘Autoriteit Persoonsgegevens’, the Dutch governmental data protection supervising authority (https://autoriteitpersoonsgegevens.nl/en).
Version: May 2018