Privacy Policy

1. Data Controller

fourlezbqd B.V. is the data controller responsible for your personal data. You can contact us regarding privacy matters at:

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

• Name, email address, and phone number
• Booking and reservation details
• Payment information (processed securely by third-party payment providers)
• Emergency contact information
• Health and fitness information relevant to adventure participation
• Communication preferences and correspondence with us

2.2 Technical Information

When you visit our website, we automatically collect:

• IP address and browser information
• Device and operating system details
• Pages visited and time spent on our site
• Referring website information
• Cookies and similar tracking technologies (see our Cookie Policy)

3. How We Use Your Information

3.1 Service Provision

• Processing and managing your bookings and reservations
• Providing mountain river adventure services
• Communicating about your bookings and services
• Ensuring safety during adventures and expeditions
• Processing payments and managing refunds

3.2 Business Operations

• Improving our services and customer experience
• Conducting market research and analytics
• Preventing fraud and ensuring security
• Complying with legal obligations
• Managing customer support and inquiries

3.3 Marketing (with consent)

• Sending newsletters and promotional materials
• Notifying you about new services and special offers
• Personalizing marketing communications

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary for providing our adventure services
• Legitimate Interests: Business operations, security, and service improvement
• Consent: Marketing communications and non-essential cookies
• Legal Obligation: Compliance with applicable laws and regulations
• Vital Interests: Emergency situations during adventures

5. Information Sharing

We may share your personal information with:

5.1 Service Providers

• Payment processing companies
• Booking and reservation systems
• Email and communication services
• Website hosting and analytics providers
• Insurance companies (for coverage purposes)

5.2 Legal Requirements

• Law enforcement and regulatory authorities
• Courts and legal proceedings
• Emergency services (when necessary for safety)

5.3 Business Partners

• Local guides and adventure partners
• Accommodation and transport providers
• Equipment suppliers (when relevant to your booking)

6. Data Retention

We retain your personal data for the following periods:

• Booking Data: 7 years after service completion (for legal and insurance purposes)
• Marketing Data: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months maximum
• Communication Records: 3 years for customer service purposes
• Financial Records: 7 years as required by law

7. Your Rights Under GDPR

As a data subject, you have the following rights:

7.1 Access and Portability

• Request a copy of your personal data
• Receive your data in a portable format
• Transfer your data to another service provider

7.2 Correction and Deletion

• Correct inaccurate personal information
• Request deletion of your personal data (right to be forgotten)
• Restrict processing in certain circumstances

7.3 Consent and Objection

• Withdraw consent for marketing communications
• Object to processing based on legitimate interests
• Opt out of automated decision-making

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. International Data Transfers

We primarily process data within the European Union. When we transfer data outside the EU, we ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Certification schemes and codes of conduct
• Binding corporate rules where applicable

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and employee training
• Secure payment processing systems
• Regular data backups and recovery procedures
• Incident response and breach notification procedures

10. Cookies and Tracking

Our website uses cookies and similar technologies. For detailed information about our cookie practices, please see our Cookie Policy. You can manage your cookie preferences through your browser settings or our cookie consent tool.

11. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly. Parents or guardians making bookings for minors are responsible for providing consent and managing their child's data.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Updating the "Last Updated" date at the top of this policy

13. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

14. Supervisory Authority

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.