Privacy Policy

Last updated: 1 January 2024

1. Introduction

paintvqfr B.V. ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our bicycle tour services, visit our website at paintvqfr.top, or interact with us.

This policy applies to all personal data processing activities carried out by paintvqfr B.V., registered in the Netherlands (Registration Number: 41963402, VAT Number: NL549625207B02), with registered address at Molenweg 115, 4880 CS Breda, North Brabant, Netherlands.

2. Data Controller

Company: paintvqfr B.V.

Address: Molenweg 115, 4880 CS Breda, North Brabant, Netherlands

Phone: +31 303779796

Email: [email protected]

Data Protection Officer: [email protected]

3. Information We Collect

3.1 Personal Information You Provide

  • Contact Information: Name, email address, phone number, postal address
  • Booking Information: Tour preferences, group size, dates, special requirements
  • Payment Information: Billing address, payment method details (processed securely by our payment providers)
  • Health Information: Fitness level, medical conditions relevant to cycling activities (with your consent)
  • Communication Records: Messages, emails, phone call records, feedback, and reviews
  • Emergency Contacts: Contact details for emergency situations during tours

3.2 Information Automatically Collected

  • Website Usage Data: IP address, browser type, pages visited, time spent on site
  • Device Information: Device type, operating system, screen resolution
  • Location Data: General geographic location (with your consent)
  • Cookies and Tracking: As described in our Cookie Policy

3.3 Information from Third Parties

  • Payment Processors: Transaction confirmations and payment status
  • Social Media: Public profile information if you interact with our social media
  • Travel Partners: Accommodation and transport providers for multi-day tours

4. How We Use Your Information

4.1 Service Provision (Legal Basis: Contract Performance)

  • Processing tour bookings and reservations
  • Providing bicycle tour services and customer support
  • Coordinating tour logistics and safety measures
  • Processing payments and managing billing
  • Communicating tour details and updates

4.2 Legal Obligations (Legal Basis: Legal Compliance)

  • Maintaining safety records and incident reports
  • Tax reporting and financial record keeping
  • Compliance with tourism and business regulations
  • Responding to legal requests and court orders

4.3 Legitimate Interests (Legal Basis: Legitimate Interest)

  • Improving our services and developing new tour offerings
  • Website analytics and performance optimization
  • Fraud prevention and security monitoring
  • Business administration and operational efficiency

4.4 Consent-Based Processing (Legal Basis: Consent)

  • Marketing communications and newsletters
  • Photography and promotional materials
  • Location-based services and recommendations
  • Processing sensitive health information

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third parties who help us provide our services:

  • Payment Processors: For secure payment processing
  • Accommodation Partners: Hotels and guesthouses for multi-day tours
  • Transport Providers: For luggage transport and emergency support
  • Insurance Companies: For activity insurance coverage
  • IT Service Providers: Website hosting, email services, and data backup

5.2 Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal obligations and court orders
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our customers
  • Investigate fraud or security incidents

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction, subject to appropriate safeguards.

6. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Certification schemes and codes of conduct

For more information about specific transfer mechanisms, please contact us at [email protected].

7. Data Retention

We retain your personal information for different periods depending on the type of data and purpose:

Retention Periods:

  • Booking and Tour Data: 7 years (for legal and tax purposes)
  • Marketing Communications: Until you unsubscribe or 3 years of inactivity
  • Website Analytics: 26 months maximum
  • Safety and Incident Records: 10 years (legal requirement)
  • Financial Records: 7 years (legal requirement)
  • General Enquiries: 2 years after last contact

When the retention period expires, we securely delete or anonymize your personal information unless we are required to retain it longer by law.

8. Your Rights Under GDPR

As a data subject in the EU, you have the following rights regarding your personal data:

Right of Access (Article 15)

Request a copy of the personal data we hold about you

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data

Right to Erasure (Article 17)

Request deletion of your personal data in certain circumstances

Right to Restrict Processing (Article 18)

Request limitation of processing in certain circumstances

Right to Data Portability (Article 20)

Receive your data in a structured, commonly used format

Right to Object (Article 21)

Object to processing based on legitimate interests or for marketing

Right to Withdraw Consent

Withdraw consent for processing where consent is the legal basis

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

Technical Measures:

  • SSL/TLS encryption for data transmission
  • Encrypted data storage and backups
  • Regular security updates and patches
  • Secure payment processing systems
  • Access controls and authentication systems

Organisational Measures:

  • Staff training on data protection
  • Data protection impact assessments
  • Regular security audits and reviews
  • Incident response procedures
  • Vendor security assessments

Despite these measures, no system is 100% secure. If you become aware of any security incident, please contact us immediately at [email protected].

10. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your browsing experience and analyze website usage. For detailed information about our use of cookies, please see our Cookie Policy.

You can manage your cookie preferences through your browser settings or our cookie consent banner.

11. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

For family tours including children, we require parental consent and may collect limited information necessary for safety and tour coordination.

12. Marketing Communications

With your consent, we may send you marketing communications about:

  • New tour offerings and seasonal specials
  • Cycling tips and destination information
  • Company news and updates
  • Customer surveys and feedback requests

You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in emails or contacting us at [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notification to registered users
  • Displaying a notice on our website

Your continued use of our services after the effective date constitutes acceptance of the updated policy.

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal data in violation of applicable data protection laws.

Dutch Data Protection Authority:

Autoriteit Persoonsgegevens

Postbus 93374

2509 AJ Den Haag

Netherlands

Website: autoriteitpersoonsgegevens.nl

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Data Protection Contact:

Email: [email protected]

Phone: +31 303779796

Address: paintvqfr B.V., Molenweg 115, 4880 CS Breda, North Brabant, Netherlands

Business Hours: Monday-Friday, 10:00 AM - 7:00 PM