Last updated: 10 March 2026
Privacy policy
In compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), this policy describes how personal data is processed through this website.
Data controller
The data controller is the person identified in the legal notice.
1. What personal data is collected
The personal data collected depends on each user's interaction with the site:
a) Booking request form
- Full name.
- Email address.
- Phone number (with country code).
- Activity details: date, approximate time, number of adults and children, bike type, equipment requested and optional comments.
b) Contact by email
- Sender's email address.
- Name, if voluntarily provided.
- Any other data included in the message body.
c) Browsing data
If the user accepts analytics cookies, anonymous browsing data is collected (pages visited, session duration, device type) through a self-hosted measurement system located in the European Union. No personal identifiers, full IP addresses or individual browsing profiles are collected.
2. Purpose and legal basis
| Purpose | Legal basis (GDPR) |
|---|---|
| Process bike rental booking requests | Art. 6.1.b — Pre-contractual measures |
| Reply to enquiries received by email | Art. 6.1.f — Legitimate interest |
| Measure website usage (analytics) | Art. 6.1.a — Explicit consent (analytics cookies) |
| Fulfil legal and tax obligations | Art. 6.1.c — Legal obligation |
3. Data recipients
Personal data is not sold, shared or disclosed to third parties for commercial purposes. It is only shared with:
- Bike rental operators: when necessary to process a booking request.
- Web hosting provider: the server storing the site and form data is located in the European Union (Germany).
- Public authorities: when required by law.
4. International data transfers
No personal data is transferred outside the European Economic Area (EEA). The hosting server, analytics system and email service all operate within the EEA.
5. Retention periods
| Data category | Retention period |
|---|---|
| Booking requests | Until the activity is completed, plus the legal claim period (3 years) |
| Email enquiries | Until the enquiry is resolved, plus 1 additional year |
| Web analytics data | Anonymised data — not linked to identifiable individuals |
Once periods expire, data is deleted or irreversibly anonymised.
6. Your rights
Under the GDPR you may exercise the following rights at any time by contacting the email address shown in the data controller section:
- Access: find out what personal data is being processed.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion of data no longer needed.
- Objection: object to processing in certain circumstances.
- Restriction: request that data use be limited.
- Portability: receive your data in a structured, commonly used format.
- Withdrawal of consent: withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, send an email stating which right you wish to exercise and attach a copy of your identity document (or equivalent) for verification. A response will be provided within one month at most.
7. Right to lodge a complaint
If you believe the processing of your data does not comply with applicable regulations, you may contact us at [email protected] and we will address your request. You also have the right to lodge a complaint with the competent supervisory authority for data protection.
8. Security measures
Appropriate technical and organisational measures are applied, including:
- Encrypted communications via HTTPS/TLS.
- Restricted access to the server and stored data.
- Regular backups.
- Self-hosted web analytics system within the EEA, with no data transfers to third countries.
9. Children's data
This website is not aimed at children under 14. No data is intentionally collected from minors. If you are a parent or guardian and believe a child has submitted data without your consent, please contact us so we can delete it.
10. Cookies
Cookie usage is described in detail in the cookie policy.
11. Changes to this policy
This policy may be updated to reflect regulatory changes or variations in data processing. The date of the last update is shown at the top of the page. We recommend reviewing it periodically.