lifeonabike-logo
search-icon
Frequent Questions

Last Updated: 05 February 2026

Life On a Bike is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our Platform.

1. CONTROLLER INFORMATION

Contact for Privacy Matters:

We do not have a designated Data Protection Officer (DPO), but all privacy inquiries should be directed to the email above.

2. SCOPE OF THIS POLICY

2.1 What This Policy Covers

This Privacy Policy applies to personal data we collect through:

  • Our website (lifeonabike.com)
  • Mobile applications (if any)
  • Email communications
  • Customer support interactions
  • Booking and payment processes

2.2 Third-Party Services

This Policy does not cover:

  • Tour Operator websites or services (they have their own privacy policies)
  • Stripe payment processing (covered by Stripe's privacy policy)
  • Third-party websites linked from our Platform

When we share your data with Tour Operators or Stripe, they become independent data controllers for that data.

3. LEGAL BASIS FOR PROCESSING (GDPR)

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

Purpose Legal Basis
Processing bookings and payments Performance of contract (GDPR Art. 6(1)(b))
Creating and managing your account Performance of contract
Communicating with you about bookings Performance of contract
Sharing data with Tour Operators Performance of contract + Legitimate interest
Customer support Performance of contract + Legitimate interest
Marketing communications Consent (GDPR Art. 6(1)(a))
Analytics and platform improvement Legitimate interest (GDPR Art. 6(1)(f))
Fraud prevention and security Legitimate interest + Legal obligation
Compliance with legal obligations Legal obligation (GDPR Art. 6(1)(c))

4. PERSONAL DATA WE COLLECT

4.1 Information You Provide Directly

Booking Information:

  • Names of all travelers (Full names as they appear on travel documents)
  • Contact information (email, phone)
  • Date of birth
  • Country of residence
  • Emergency contact details
  • Passport/ID information (if required by Tour Operator)

Special Requirements:

  • Dietary restrictions (allergies, vegetarian, vegan, etc.)
  • Medical conditions (if disclosed)
  • Mobility limitations
  • Bicycle preferences (size, type, e-bike, etc.)
  • Other special requests

Payment Information:

  • Billing name and address
  • Payment card details (processed and stored by Stripe; we only store last 4 digits and card type for reference)
  • Transaction history

Communications:

  • Emails, chat messages, and phone calls with customer support
  • Feedback and reviews
  • Survey responses (if you participate)

4.2 Information Collected Automatically

Technical Data:

  • IP address
  • Browser type and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Screen resolution
  • Time zone and location (country/city level)

Usage Data:

  • Pages visited and time spent on pages
  • Tours viewed and searched
  • Clicks and navigation paths
  • Referral source (how you found our Platform)
  • Date and time of visits

Cookies and Tracking:

  • Session cookies (essential for Platform functionality)
  • Analytics cookies (Google Analytics or similar)
  • Marketing cookies (Facebook Pixel, Google Ads, etc.) - only with your consent
  • See our Cookie Policy for detailed information

4.3 Information from Third Parties

Payment Data from Stripe:

  • Payment confirmation status
  • Transaction IDs
  • Fraud risk indicators

5. HOW WE USE YOUR PERSONAL DATA

5.1 Essential Uses (Cannot Opt Out)

We use your data to:

a) Process Bookings:

  • Confirm and manage your reservations
  • Process payments via Stripe
  • Send booking confirmations and receipts
  • Schedule balance payments

b) Share with Tour Operators:

  • Transmit your booking details to the Tour Operator responsible for your tour
  • Enable the Tour Operator to contact you (after balance payment)
  • Coordinate tour logistics

c) Customer Support:

  • Respond to your inquiries
  • Resolve issues with bookings
  • Handle cancellations and modifications

d) Platform Operations:

  • Maintain and improve Platform functionality
  • Debug technical issues
  • Ensure Platform security

e) Legal Compliance:

  • Comply with accounting, tax, and legal requirements
  • Respond to legal requests (court orders, government inquiries)
  • Prevent fraud and enforce our Terms

5.2 Optional Uses (You Can Opt Out)

Marketing Communications:

  • Send promotional emails about new tours, special offers, and travel inspiration
  • Personalized tour recommendations based on your interests
  • Post-trip follow-ups and review requests

You can opt out by:

  • Clicking "Unsubscribe" in any marketing email
  • Adjusting email preferences in your account settings
  • Emailing info@lifeonabike.com

Note: Even if you opt out of marketing, we will still send essential transactional emails (booking confirmations, payment receipts, etc.).

5.3 Analytics and Improvement

Platform Analytics:

  • Analyze how users navigate the Platform
  • Identify popular tours and features
  • Detect and fix usability issues
  • Optimize Platform performance

Business Intelligence:

  • Aggregate statistics (no individual identification)
  • Market research and trends
  • Product development

Tools We Use:

  • Google Analytics (anonymized IP)
  • Heatmap tools (e.g., Hotjar)
  • Email tracking (open rates, click rates)

5.4 What We Do NOT Do

We do NOT:

  • Sell your personal data to third parties
  • Share your data with third parties for their own marketing purposes (without your consent)
  • Use your data for purposes incompatible with those described in this Policy
  • Make automated decisions that significantly affect you without human review

6. DATA SHARING AND RECIPIENTS

6.1 Tour Operators (Independent Controllers)

What We Share: When you book a tour, we share the following with the responsible Tour Operator:

  • Traveler names
  • Contact information (email, phone)
  • Emergency contact
  • Special requirements (dietary, medical, bicycle preferences)
  • Booking details (tour, dates, number of travelers, type of room)

Purpose: To enable the Tour Operator to provide the tour services you booked.

Legal Basis: Performance of contract + necessary for fulfilling your booking request.

Tour Operator's Responsibility: The Tour Operator becomes an independent data controller for the personal data necessary to provide the tour. They are responsible for:

  • Compliance with GDPR and their national privacy laws
  • Processing your data only for tour provision
  • Protecting your data
  • Responding to your data subject rights requests related to their processing

We require Tour Operators to maintain GDPR compliance, but we are not responsible for their data practices. Review the Tour Operator's privacy policy (provided to you after booking).

6.2 Payment Processor (Stripe)

What We Share:

  • Booking amount and currency
  • Your name and email
  • Billing address

What Stripe Collects Directly:

  • Payment card details (you enter these directly on Stripe's secure form)
  • Transaction data

Purpose: To process payments securely.

Stripe's Role: Stripe is an independent data controller for payment data. See Stripe's Privacy Policy: https://stripe.com/privacy

Data Location: Stripe Payments Europe Ltd. (Ireland) processes EU customer payments. Data may be transferred to Stripe Inc. (USA) for fraud prevention, subject to Standard Contractual Clauses.

6.3 Service Providers (Data Processors)

We may share data with trusted service providers who process data on our behalf under strict data processing agreements:

Email Service Providers (e.g., SendGrid, Mailchimp):

  • To send booking confirmations, marketing emails, and notifications
  • Processors: Follow our instructions only
  • Location: EU/EEA or USA (with Standard Contractual Clauses)

Customer Support Tools (e.g., Zendesk, Intercom):

  • To manage support tickets and live chat
  • Processors: Follow our instructions only

Analytics Providers (e.g., Google Analytics):

  • To understand Platform usage
  • Data anonymized where possible

Hosting Providers (e.g., AWS, DigitalOcean):

  • To host Platform infrastructure
  • Location: EU data centers (Frankfurt, Amsterdam)

Data Processing Agreements: All processors sign agreements requiring them to:

  • Process data only per our instructions
  • Implement appropriate security measures
  • Not use data for their own purposes
  • Delete data when services end

6.4 Legal and Safety Disclosures

We may disclose your data if required by law or to:

  • Comply with legal processes (court orders, subpoenas, warrants)
  • Respond to government or regulatory requests
  • Enforce our Terms and Conditions
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of users or the public
  • Detect, prevent, or address fraud, security, or technical issues

6.5 Business Transfers

If Lifeonabike is involved in a merger, acquisition, bankruptcy, or sale of assets, your personal data may be transferred to the successor entity. You will be notified via email and/or Platform notice.

7. INTERNATIONAL DATA TRANSFERS

7.1 Data Storage Location

Our primary servers are located in the European Union (Germany/Frankfurt via AWS or similar).

7.2 Transfers Outside the EEA

Some service providers (e.g., Stripe Inc., Google LLC) are located in countries outside the European Economic Area (EEA), primarily the United States.

Safeguards: When we transfer data outside the EEA, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions (e.g., UK is considered adequate)
  • Certification schemes (e.g., EU-U.S. Data Privacy Framework for U.S. companies)

Stripe Transfers: Stripe Payments Europe Ltd. (Ireland) processes EU payments. Data may be transferred to Stripe Inc. (USA) with SCCs in place.

Google Analytics: Google LLC (USA) processes analytics data. Google is certified under the EU-U.S. Data Privacy Framework.

7.3 Your Rights Regarding Transfers

If you object to data transfers outside the EEA, you may request deletion of your account. However, this may prevent us from providing services (as payment processing via Stripe requires such transfers).

8. DATA RETENTION

8.1 How Long We Keep Your Data

Data Type Retention Period Reason
Account data Until account deletion + 30 days Contract fulfillment
Booking data 2 years after tour completion Legal obligations (accounting, tax)
Payment records 7 years Estonian accounting law requirements
Marketing consents Until you withdraw consent + 30 days Legal obligation to demonstrate consent
Support communications 3 years Legitimate interest (dispute resolution)
Analytics data (anonymized) Indefinitely No personal identification possible

8.2 Extended Retention for Legal Claims

If there is an ongoing dispute, complaint, or legal claim, we may retain relevant data until the matter is resolved, even beyond the periods above.

8.3 Deletion After Retention Period

After the retention period expires, we securely delete or anonymize your data so it can no longer identify you.

9. YOUR RIGHTS UNDER GDPR

As a data subject in the European Economic Area, you have the following rights:

9.1 Right of Access (Art. 15 GDPR)

You can request a copy of the personal data we hold about you.

We will provide:

  • Categories of data processed
  • Purposes of processing
  • Recipients of your data
  • Retention periods
  • A copy of your data in a structured, commonly used format

How to exercise: Email info@lifeonabike.com with subject "Data Access Request" Response time: Within 1 month (may be extended by 2 months for complex requests)

9.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete data.

How to exercise:

Response time: Within 1 month

9.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You can request deletion of your personal data in certain circumstances:

  • Data no longer necessary for the purposes collected
  • You withdraw consent (for consent-based processing)
  • You object to processing and there are no overriding legitimate grounds
  • Data processed unlawfully
  • Legal obligation to delete

Exceptions (we may refuse deletion if):

  • Required to comply with legal obligations (e.g., tax records)
  • Necessary to establish, exercise, or defend legal claims
  • Public interest or scientific/historical research purposes

How to exercise: Email info@lifeonabike.com with subject "Data Deletion Request"

Note: If you have an upcoming or recently completed booking, we may need to retain booking data for legal/contractual reasons.

9.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request that we limit how we use your data in certain situations:

  • You contest the accuracy (while we verify)
  • Processing is unlawful but you don't want deletion
  • We no longer need the data but you need it for legal claims
  • You've objected to processing (while we verify our legitimate interests)

How to exercise: Email info@lifeonabike.com

9.5 Right to Data Portability (Art. 20 GDPR)

You can receive your personal data in a structured, machine-readable format (e.g., JSON, CSV) and transmit it to another controller.

Applies to:

  • Data you provided to us
  • Processing based on consent or contract
  • Processing carried out by automated means

How to exercise: Email info@lifeonabike.com with subject "Data Portability Request"

9.6 Right to Object (Art. 21 GDPR)

Object to Processing Based on Legitimate Interest: You can object to processing based on our legitimate interests (e.g., analytics, fraud prevention). We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Object to Marketing: You can object to marketing communications at any time by:

  • Clicking "Unsubscribe" in any marketing email
  • Adjusting preferences in your account settings
  • Emailing info@lifeonabike.com

9.7 Right to Withdraw Consent (Art. 7 GDPR)

For processing based on consent (e.g., marketing emails, optional cookies), you can withdraw consent at any time.

Withdrawal does not affect:

  • Lawfulness of processing before withdrawal
  • Processing based on other legal grounds (e.g., contract)

How to withdraw:

  • Unsubscribe from marketing emails
  • Adjust cookie preferences in cookie banner
  • Email info@lifeonabike.com

9.8 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you can lodge a complaint with a supervisory authority:

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

Or your local data protection authority (if you reside in another EU country)

9.9 Exercising Your Rights

How to Submit Requests:

Include:

  • Your full name
  • Email address associated with your account
  • Description of your request
  • Proof of identity (to prevent unauthorized access)

Response Time: We will respond within 1 month of receiving your request (may be extended by 2 additional months for complex requests, with explanation).

Free of Charge: We do not charge fees for exercising your rights, unless requests are manifestly unfounded or excessive (especially repetitive).

10. DATA SECURITY

10.1 Technical and Organizational Measures

We implement appropriate security measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

Technical Measures:

  • Encryption in transit: All data transmitted via HTTPS/TLS
  • Encryption at rest: Sensitive data encrypted in databases
  • Payment security: PCI-DSS Level 1 compliance via Stripe (we do not store complete card numbers)
  • Access controls: Multi-factor authentication for staff accounts
  • Firewalls and intrusion detection
  • Regular security updates and patches

Organizational Measures:

  • Data access limitations: Only authorized personnel access personal data on a need-to-know basis
  • Staff training: Privacy and security training for employees
  • Data processing agreements: With all processors
  • Incident response plan: Procedures for data breach notification
  • Regular audits: Internal security reviews

10.2 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the Estonian Data Protection Inspectorate within 72 hours of becoming aware
  • We will notify affected individuals without undue delay if the breach poses a high risk
  • Notification will include: nature of the breach, likely consequences, and measures taken

11. CHILDREN'S PRIVACY

11.1 Age Restriction

Our Platform is not intended for children under 18 years old. We do not knowingly collect personal data from children under 18.

11.2 Parental Consent

If a parent/guardian books a tour for a minor (under 18), the parent/guardian provides the minor's data and consents to processing on the minor's behalf.

11.3 If We Discover Child Data

If we become aware that we have collected data from a child under 18 without proper parental consent, we will delete it promptly.

12. COOKIES AND TRACKING TECHNOLOGIES

12.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Platform. They help us recognize you, remember your preferences, and improve your experience.

12.2 Types of Cookies We Use

Essential Cookies (No Consent Required):

  • Session cookies: Keep you logged in during your visit
  • Security cookies: Detect and prevent fraud
  • Load balancing: Distribute traffic across servers

Analytics Cookies (Consent Required):

  • Google Analytics: Understand how visitors use the Platform (anonymized IP)
  • Heatmap tools: See where users click and scroll

Marketing Cookies (Consent Required):

  • Facebook Pixel: Track conversions from Facebook ads
  • Google Ads: Track conversions from Google ads
  • Retargeting pixels: Show relevant ads on other websites

12.3 Cookie Consent

When you first visit our Platform, you will see a cookie banner asking for consent to non-essential cookies.

You can:

  • Accept all cookies
  • Accept only essential cookies
  • Customize your preferences

Change Your Mind: You can change cookie preferences at any time by:

  • Clicking the "Cookie Settings" link in the footer
  • Adjusting browser settings (see below)

12.4 Managing Cookies via Browser

You can control cookies through your browser settings:

  • Block all cookies: May impair Platform functionality
  • Delete existing cookies: Clear browsing data
  • Enable "Do Not Track": We respect this signal

12.5 Third-Party Cookies

Some cookies are set by third parties (Google, Facebook) when you visit our Platform. We do not control these cookies. See their privacy policies:

13. EMAIL TRACKING

13.1 Open and Click Tracking

We use tracking technologies in emails to measure:

  • Open rates: Whether you opened the email (via invisible pixel)
  • Click rates: Which links you clicked

Purpose: Improve email content and relevance Opt-Out: Disable image loading in your email client to block open tracking. Click tracking cannot be disabled without unsubscribing.

13.2 Marketing vs. Transactional Emails

Marketing Emails (opt-in):

  • Promotional offers
  • New tour announcements
  • Travel inspiration
  • You can unsubscribe anytime

Transactional Emails (cannot opt out):

  • Booking confirmations
  • Payment receipts
  • Balance payment reminders
  • Customer support responses
  • Essential for service delivery

14. CHANGES TO THIS PRIVACY POLICY

14.1 Updates

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • New features or services
  • Legal or regulatory requirements
  • User feedback

Notification:

  • Updated Policy posted on Platform with new "Last Updated" date
  • Material changes: Email notification to account holders at least 30 days before effective date

Continued Use: Continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

14.2 Review Regularly

We encourage you to review this Privacy Policy periodically.

15. CONTACT US

15.1 Privacy Questions

For questions about this Privacy Policy or our data practices:

15.2 Data Subject Rights Requests

To exercise your GDPR rights (access, deletion, etc.):

Include your full name, account email, and proof of identity.

15.3 Data Protection Authority

You have the right to lodge a complaint with:

Estonian Data Protection Inspectorate

16. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

16.1 CCPA Rights

  • Right to Know: What personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out of Sale: We do NOT sell personal information, so this does not apply
  • Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights

16.2 Exercising CCPA Rights

Email: info@lifeonabike.com with "California Privacy Request" in the subject line. We will verify your identity before processing requests.

16.3 "Do Not Sell My Personal Information"

We do NOT sell personal information as defined by the CCPA. We share data only as described in Section 6 (for business purposes necessary to provide services).

17. ACCESSIBILITY

17.1 Accessible Format

If you need this Privacy Policy in an accessible format (large print, audio, etc.), please contact info@lifeonabike.com.

Last Updated: 05 February 2026

© 2025 Lifeonabike All rights reserved.

Lifeonabike srl

Your trusted partner for cycling holidays in Europe.

© Lifeonabike 2026 - All rights reserved.

Version 1.32.4

Navigation

Frequent QuestionsBlogHow it worksPlant a tree!
Terms and conditionsPrivacy Policy

Sign up and receive unique travel offers!

Become part of our community, stay updated on our activities

I want to sign up