Privacy Policy

Last Updated: December 2024

This Privacy Policy explains how crashvsev B.V. ("we", "us", or "our") collects, uses, processes, and protects your personal information when you visit our website crashvsev.live, use our adventure travel services, or interact with us. This policy applies to all personal data processing activities conducted by crashvsev in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch privacy laws.

Data Controller Information

crashvsev B.V. is the data controller responsible for your personal information. Our company is registered in the Netherlands with registration number 61958423 and VAT number NL237619584B188. Our registered address is Nieuwstraat 166, 4819 TP Breda, North Brabant, Netherlands. For all privacy-related inquiries, please contact us at privacy@crashvsev.live.

Data Collection

The data we collect includes personal information that you provide directly to us and information we collect automatically when you use our services. We collect the following types of personal data:

• Contact Information: Name, email address, phone number, postal address
• Booking Information: Adventure preferences, dates, group size, special requirements
• Payment Information: Billing details, payment method information (processed securely through third-party payment processors)
• Health and Safety Information: Fitness level, medical conditions, dietary restrictions, emergency contact details
• Technical Information: IP address, browser type, device information, website usage data
• Communication Records: Emails, phone calls, chat messages, and other correspondence
• Marketing Preferences: Your consent for marketing communications and preferences

How We Use Your Information

We explain how we use your information for various purposes related to providing adventure travel services and maintaining our business operations. The use of your data is based on the following legal grounds under GDPR:

• Contract Performance: To provide adventure travel services, process bookings, arrange accommodations, and fulfill our contractual obligations
• Legal Obligation: To comply with legal requirements, safety regulations, and tax obligations
• Legitimate Interest: To improve our services, conduct business analysis, prevent fraud, and ensure website security
• Consent: To send marketing communications, use cookies for analytics, and process special category data where required
• Vital Interest: To protect your safety and well-being during adventure activities

Specifically, we use your personal data to book and organize adventure experiences, communicate with you about your bookings, process payments, ensure your safety during activities, provide customer support, comply with legal and regulatory requirements, improve our services through analysis and feedback, send marketing communications (with your consent), and protect against fraud and security threats.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds: performance of a contract when providing adventure travel services, compliance with legal obligations including safety and tax requirements, legitimate interests for business operations and service improvement, your explicit consent for marketing and special category data, and vital interests to protect your safety during adventure activities.

Data Sharing and Disclosure

We may share your personal information with trusted third parties who assist us in providing our services:

• Adventure Partners: Local guides, accommodation providers, transport companies
• Payment Processors: Secure payment processing services
• Insurance Providers: For travel and activity insurance purposes
• Emergency Services: In case of medical emergencies or safety incidents
• Legal Authorities: When required by law or to protect safety
• Service Providers: IT support, marketing platforms, analytics services

We ensure all third parties are bound by appropriate data protection agreements and process your data only as instructed by us.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Our retention periods are as follows:

• Booking and Service Data: 7 years for tax and legal compliance
• Marketing Consent: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months from collection
• Safety and Emergency Data: 10 years for liability and insurance purposes
• Communication Records: 3 years for customer service purposes

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right to Lodge a Complaint: File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including adequacy decisions, standard contractual clauses, or other approved transfer mechanisms under GDPR.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your website experience, analyze usage, and provide personalized content. For detailed information about our cookie practices, please refer to our Cookie Policy. You can manage your cookie preferences through your browser settings or our cookie consent banner.

Security Measures

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, regular security assessments, access controls and authentication, secure payment processing, staff training on data protection, and incident response procedures.

Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16 without parental consent. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will delete that information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of any material changes by posting the updated policy on our website and, where required by law, by sending you direct notification. The "Last Updated" date at the top of this policy indicates when the most recent changes were made.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us using the following information:

We are committed to responding to your inquiries promptly and will typically respond within 30 days as required by GDPR. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.