Privacy Policy

How we collect, use, and protect your personal information.

Last updated:

1. Data Controller

The data controller responsible for your personal data is:

Beamvrfloraau
New Cumnock KA18 4PN, United Kingdom
Email: help@beamvrfloraau.world
Phone: +44 1290 333000

2. Scope and Legal Framework

This Privacy Policy explains how we collect, process, store, and protect personal data when you visit beamvrfloraau.world or contact us regarding group cycling experiences.

We process personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), which applies to visitors and contacts located in Finland and the wider European Economic Area (EEA);
  • the Finnish Data Protection Act (1050/2018, tietosuojalaki);
  • the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, where applicable to our operations in the United Kingdom.

Where provisions of Finnish or EU law grant you stronger protection than UK law, those mandatory provisions apply to you.

3. Personal Data We Collect

We may collect the following categories of personal data:

  • Identity data: your name when submitted via our contact form.
  • Contact data: your email address and any contact details you provide.
  • Communication data: the content of messages you send through our contact form.
  • Technical data: IP address, browser type, device information, and pages visited, collected via cookies where consent is given.
  • Preference data: your cookie consent choices stored in your browser.

4. Purposes and Legal Bases

Under Article 6 GDPR, we process your personal data for the following purposes:

  • Responding to inquiries (legal basis: consent under Article 6(1)(a), and, where applicable, steps prior to a contract under Article 6(1)(b)) — to reply to messages submitted through our contact form and to arrange group cycling experiences you request.
  • Website operation and security (legal basis: legitimate interest under Article 6(1)(f)) — to maintain website functionality, prevent misuse, and protect our systems.
  • Analytics (legal basis: consent under Article 6(1)(a)) — to understand how visitors use our website, only after you accept analytics cookies.
  • Marketing and advertising measurement (legal basis: consent under Article 6(1)(a)) — to measure campaign effectiveness and deliver relevant content, only after you accept marketing cookies.
  • Legal compliance (legal basis: legal obligation under Article 6(1)(c)) — where we must retain or disclose data to comply with applicable law.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Data Retention

Contact form submissions are retained for up to 24 months from the date of your last communication, after which they are securely deleted. Cookie consent records are retained for 12 months. Analytics data is retained for up to 26 months in anonymised form. Technical logs are retained for up to 90 days.

6. Data Sharing and Processors

We do not sell your personal data. We may share data with trusted service providers (processors) who assist with website hosting, email delivery, analytics, or advertising measurement, solely to the extent necessary to provide those services. Each processor is bound by a data processing agreement requiring GDPR-compliant handling, confidentiality, and appropriate security measures.

Data may also be disclosed where required by law, by order of a competent authority, or where necessary to establish, exercise, or defend legal claims.

7. International Transfers

Where personal data is transferred outside the EEA or the United Kingdom, we ensure appropriate safeguards are in place as required by Chapter V GDPR. These may include:

  • transfers to countries covered by an adequacy decision of the European Commission or the UK Secretary of State;
  • Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office;
  • other lawful transfer mechanisms recognised under applicable data protection law.

You may request further information about transfer safeguards by contacting us using the details in Section 1.

8. Your Rights

If you are located in Finland, the EEA, or the United Kingdom, you have the following rights under applicable data protection law, including the GDPR:

  • Right of access (Article 15) — request a copy of the personal data we hold about you.
  • Right to rectification (Article 16) — request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17) — request deletion of your personal data where legally applicable.
  • Right to restrict processing (Article 18) — request limitation of how we use your data.
  • Right to data portability (Article 20) — receive data you provided in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
  • Right to object (Article 21) — object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent (Article 7(3)) — withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right not to be subject to automated decision-making (Article 22) — we do not use such processing, but you may request confirmation of this.

To exercise any of these rights, contact us at help@beamvrfloraau.world. We will respond without undue delay and, in any event, within one month of receiving your request, as required by Article 12 GDPR. That period may be extended by two further months where requests are complex or numerous; we will inform you of any extension and the reasons for it.

We may need to verify your identity before responding. There is no fee for exercising your rights unless your request is manifestly unfounded or excessive.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including HTTPS encryption, access controls, regular security reviews, and staff training on data protection practices.

10. Children

Our website is not directed at children. We do not knowingly collect personal data from anyone below the age at which valid consent may be given for information society services in their country of residence (13 years in Finland under the Finnish Data Protection Act, and 16 years in the United Kingdom unless a lower age is permitted by UK law). If you believe a child has provided us with personal data without appropriate consent, please contact us and we will promptly delete it.

11. Data Protection Officer

We are not required to appoint a Data Protection Officer under Article 37 GDPR. For all privacy-related enquiries, please use the contact details in Section 1.

12. Complaints

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority without prejudice to any other administrative or judicial remedy.

  • Finland: Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) — tietosuoja.fi
  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk

We encourage you to contact us first so we can try to resolve your concern directly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Where changes materially affect how we process your personal data, we will provide additional notice where required by law. We encourage you to review this policy periodically.

This website provides general information about group cycling experiences. Route descriptions, safety guidance, and related content are for planning purposes only and do not constitute professional coaching, insurance, or legal advice. Cycling involves inherent risks; assess your fitness, equipment, and local regulations before participating. Pricing, dates, and booking terms are confirmed individually upon inquiry.