1. UbuntuTrails

UbuntuTrails is a tradename of a Dutch limited liability company. Our business activities take place in the European Economic Area (EEA) and unless otherwise indicated, we store our data on servers in the EEA. This privacy notice summarizes when and how your personal data is collected, used, secured and disclosed in connection with your access to and use of our website and our services.

2. General

We reserve the right to change the provisions of this privacy statement. If we make any changes to the privacy statement, we will notify you. We encourage you to periodically review the latest version of the privacy statement.

3. What personal data do we collect, for what purposes and for how long?

When using our website:

Necessary for the protection of UbuntuTrails’s legitimate interests, processing period up to 12 months after the last use of the website unless technically not reasonably possible:

  • Processing for securing the website
    • IP address
  • Functional cookies to improve your user experience
    • Completed form fields
  • Analytics cookies to improve UbuntuTrails’s Services
    • IP address
    • Via which website you found us
    • Which pages you visited
    • How long your visit lasted
    • How you navigate the website

When leaving your details

Necessary for the protection of UbuntuTrails’s legitimate interests, processing period up to 12 months after UbuntuTrails was last contacted:

  • To be able to answer your questions and provide you with information
    • Name
    • Email address
    • Phone number
    • Other personal data entered in the enquiry or booking form

Processing with your consent (implied by filling in optional fields), personal data for this purpose will be deleted as soon as you unsubscribe:

  • To send you marketing material at your request
    • Name
    • Email address

If you do not provide your personal data to UbuntuTrails or otherwise object to UbuntuTrails’s use of your personal data, this may cause you to be impeded in using our website and our services. The consequences of not providing or objecting to processing personal data are set out below for each processing basis.

Processing pursuant to a legal obligation of UbuntuTrails:

  • We may block or restrict your access to our website. The personal data set out in this section is required to comply with our legal obligations.

4. Sharing of personal data

Unless otherwise stated in this privacy statement, we do not describe, sell or trade personal information about our visitors and users to third parties.

4.1 Sharing with processors

We may engage third parties to assist us in providing our services. Such third parties may, as part of their role in providing these services, process your personal data. In this regard, such third parties are referred to hereinafter as ‘Processors’.

We use the following types of Processors:

  • analytical software (cookies) to improve our services (including privacy-friendly Google Analytics);
  • analytical software (cookies) to provide you with targeted offers from UbuntuTrails (in the sense of marketing);
  • hosting provider(s);
  • email service providers;
  • providers for video calls;
     

Other purposes that your personal information is being collected for:

  • For research towards improvement or development of our company processes, offerings, customer service, or future products or services related to our core business;
  • For market research regarding existing and proposed products;
  • For the purpose of marketing UbuntuTrails’s product and services;
  • To statistically analyze feedback received from our research or survey activities, to develop and improve our company processes, products and services, offerings, customer service and communications to you.

In some cases, the Processor may collect your personal data on our behalf. We inform Processors that they may not use personal data they obtain from us except for the purpose of providing the Service. We are not responsible for any additional information you provide directly to Processors. You should inform yourself about the Processor and its business before disclosing personal data to such Processors.

Some of the Processors engaged by UbuntuTrails for the purposes of marketing, UbuntuTrails’s email services and managing customer and user information store personal data outside the European Union. We only engage Processors that comply with the requirements of the General Data Protection Regulation and have the necessary certificates, business rules or model clauses from the European Commission.

4.2 Sharing with your consent

From time to time, we may also share personal data with third parties when you give us permission to do so. For example, we may work with other parties to offer specific services or offers directly to you. If you sign up for these third-party services or marketing offers, we may share the personal data you provide for this purpose, such as name or other contact details we reasonably deem necessary, with these third parties so that our business partner can provide the services or offers or contact you.

4.3 Our legal responsibility

We may share personal data if we are confident that this is permitted by law or if we are required to do so by law. We may also share personal data with third parties if reasonably necessary or appropriate to comply with the law, if necessary to comply with legal requests from authorities, to respond to any claims or to protect the rights, property or safety of us, our users, our employees or the public and, without limitation, to protect ourselves or our users from fraudulent, abusive, inappropriate or unlawful use of our services. We will promptly notify you of any requests we receive from any executive, administrative or other governmental authority that relate to your personal data, unless prohibited by applicable law.

4.4 Anonymized information

Please note that nothing herein restricts the sharing of anonymized information, which may be shared with third parties without your consent.

5. Protection of personal data

We will ensure that we take appropriate technical and organizational security measures for processing personal data. We follow generally accepted standards to protect personal data, both during its transmission and once we have received the personal data. We have taken at least the following measures:

  • Access to our database is only possible through personal accounts protected by a username and password. Only persons who need access to the database for their job are given such an account.
  • We have a password policy to ensure strong passwords. Passwords should be reset periodically.
  • Data stored on systems are encrypted. This encryption follows best practices appropriate to the system on which it is stored.
  • The maximum number of incorrect login attempts has been limited where possible.
  • All the equipment we use is managed centrally.
  • All the software we use is managed centrally and is part of the update policy.
  • Where applicable, we back up the database daily. Users who have access to the database do not have access to the backups to prevent unwanted deletion of databases.
  • Cookies do not contain complete authentication information such as passwords.
  • Information in cookies is deleted where applicable when you log out.
  • Important information in cookies is encrypted.
  • The duration of login sessions is time-limited where necessary.
  • There is a policy on the use of data carriers (such as laptops and USB sticks).

You should note that our Processors are responsible for processing, managing or storing all or part of the personal data we receive. Processors are not authorised to use this data to advertise to you. These Processors are contractually obliged, through a processor agreement, to secure the personal data they have received from us. However, there is no method of transmission over the internet or method of electronic storage that is 100% secure. Therefore, we cannot guarantee absolute security.

6. Links to third-party sites

Our Services and/or the website may contain links to other websites, as well as third-party advertisements. Third-party websites may track information about you. We have no control over such sites or their activities. Any personal data you provide on third-party pages will be provided directly to that third party and will be subject to that third party’s privacy policy. We are not responsible for the content, privacy and security practices and policies of websites to which we link or which advertise on our services and/or websites. Links from our website to third parties or to other sites are provided solely for your benefit. We encourage you to review their privacy and security practices and policies before providing personal data to them.

7. What choices do you have regarding the use of your personal data?

Before we share your personal data with third parties in ways not covered by this privacy statement, including use for direct marketing purposes, you will be notified and asked to consent at the time such information is collected.

We may send you marketing and promotional materials about our products and services. If you do not (or no longer) want the information to be used for direct marketing, you can contact us at the e-mail address listed under ‘Contact us’.

You can also unsubscribe yourself by following the unsubscribe instructions included with each promotional e-mail. This does not affect our right and ability to send you Service- and account-related emails or use personal data as described in this privacy statement. We will comply with your requests as soon as possible after receiving the request.

8. Your rights

Privacy laws give you certain rights regarding your own personal data. The rights we describe below are not absolute rights. We will always weigh up whether we can reasonably comply with your request. If we cannot, or if it would, for example, compromise the privacy of others, we may refuse your request. If we refuse a request, we will give reasons for our refusal.

8.1 Right of inspection

You have the right to request which personal data we process about you. You can also ask us to provide insight into the processing purposes, categories of personal data concerned, the (categories of) recipients of personal data, the retention period, the source of the data and whether or not we use automated decision-making. You may also ask for a copy of your personal data processed by us. Do you want additional copies? If so, we may charge a reasonable fee for these.

8.2 Right of rectification

If the personal data processed by us about you is incorrect or incomplete, you may request us to amend or supplement the personal data. If we comply with your request, we will, as far as reasonably possible, inform the parties to whom we provide data.

8.3 Right to erasure of data

Do you no longer want us to process certain personal data about you? If so, you can ask us to delete some (or all) personal data about you. Whether we will delete data depends on the processing purpose. Data that we process pursuant to a legal duty or for the performance of the agreement, we will only delete if the personal data are no longer necessary. If we process data on the grounds of legitimate interest, we will only delete data if your interest outweighs ours. We will make this consideration. If we process data based on consent, we will only delete the data if you withdraw your consent. Have we accidentally processed data unlawfully or does a specific law require us to delete data? Then we will delete the data. If the data are necessary for the settlement of legal proceedings or a (legal) dispute, we will only delete the personal data after the proceedings or dispute have ended. If we comply with your request, we will, as far as reasonably possible, inform the parties to whom we provide data.

8.4 Limitation of processing

If you dispute the accuracy of personal data processed by us, if you believe that we have processed your personal data unlawfully, if we no longer need the data or if you have objected to the processing, you may also ask us to restrict the processing of those personal data. For example, during the time we need to assess your dispute or objection, or if it is already clear that no lawful basis (no longer) exists for further processing of those personal data, but you still have an interest in us not deleting the personal data yet. If we restrict the processing of your personal data at your request, we may still use that data for the settlement of legal proceedings or a (legal) dispute.

8.5 Right to object and withdrawal of consent

If we process data based on a legitimate interest, you may object to the processing. If we process data based on your consent, you may withdraw that consent. For more information, please refer to the relevant processing purposes above.

8.6 Exercising your rights

You can send a request to access, correct, delete, transfer your personal data or request the revocation of your consent or objection to the processing of your personal data to [email protected].

To prevent abuse, when you make a written request for inspection, modification or deletion, we ask you to identify yourself adequately. You can do so by enclosing a copy of a valid identity document. Do not forget to mask your identification number and passport photo on the copy.

We aim to process your request, complaint or objection within one month. If it is not possible to issue a decision within one month, we will inform you of the reasons for the delay and when the decision is expected to be issued (no longer than 3 months from receipt).

8.9 Personal Data Authority

Do you have a complaint about our processing of your personal data? If so, please contact us. We will of course be happy to help you. If, despite this, you still cannot work things out with us, you also have the right under privacy legislation to submit a complaint to the privacy regulator, the Authority for Personal Data.

9. Contact

If you have any questions, concerns or comments about this privacy statement, please contact us by e-mail at [email protected].

Version: 2024