Privacy Policy

Kewyleo.com - Mountain Bike Rental Service

1. Introduction

Welcome to Kewyleo.com. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, process, and safeguard your information when you visit our website or use our mountain bike rental services.

This policy applies to all information collected through our website (kewyleo.com), related services, sales, marketing, and events.

2. Information We Collect

2.1 Personal Data

We may collect the following types of personal information:

  • Identity Data: First name, last name, username or similar identifier, date of birth.
  • Contact Data: Billing address, delivery address, email address, telephone numbers.
  • Financial Data: Payment card details (processed securely through our payment processors).
  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us, rental history.
  • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Profile Data: Your username and password, purchases or orders made by you, preferences, feedback, and survey responses.
  • Usage Data: Information about how you use our website, products, and services.

2.2 Automatically Collected Information

When you visit our website, our servers may automatically log standard data provided by your web browser. This may include your device's IP address, device type, browser type, referring pages, pages visited, time spent on each page, and other details about your visit.

3. How We Use Your Information

We use your personal data for the following purposes:

  • To register you as a new customer and manage our relationship with you
  • To process and deliver your bike rental orders, including managing payments
  • To verify your identity during the rental process
  • To provide customer support and respond to your inquiries
  • To improve our website, products, services, and customer relationships
  • To send you service-related communications
  • To send marketing communications (if you have opted in)
  • To comply with legal obligations
  • To prevent fraud and ensure the security of our services

4. Legal Basis for Processing

Under the GDPR, we process your personal data on the following legal grounds:

  • Contract: Processing is necessary for the performance of a contract with you (e.g., to provide the bike rental service you requested).
  • Legitimate Interests: Processing is necessary for our legitimate interests, provided those interests don't override your fundamental rights and freedoms.
  • Consent: You have given clear consent for us to process your personal data for specific purposes.
  • Legal Obligation: Processing is necessary to comply with our legal obligations.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements.

For tax and accounting purposes, we typically retain basic customer information for a minimum of 7 years.

6. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. You have the right to:

  • Access: Request access to your personal data.
  • Rectification: Request correction of inaccurate personal data.
  • Erasure: Request deletion of your personal data in certain circumstances.
  • Restriction: Request restriction of processing of your personal data.
  • Data Portability: Request the transfer of your personal data to you or a third party.
  • Object: Object to processing of your personal data based on legitimate interest.
  • Withdraw Consent: Withdraw consent where we rely on consent to process your personal data.

We will respond to all requests within one month. There may be circumstances where we cannot comply with your request, in which case we will explain why.

7. Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our website and store certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

We use the following types of cookies:

  • Essential cookies: Necessary for the website to function properly.
  • Analytical/performance cookies: Allow us to recognize and count the number of visitors and see how visitors move around our website.
  • Functionality cookies: Used to recognize you when you return to our website.
  • Targeting cookies: Record your visit to our website, the pages you have visited, and the links you have followed.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.

8. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. International Transfers

We may transfer your personal data to countries outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transferring data to countries that have been deemed to provide an adequate level of protection by the European Commission.
  • Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe.
  • For providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Last Updated: May 15, 2023