Privacy Policy

REYNES CYCLING BIKE RENTAL MALLORCA

Legal Name: Reynes Cycling S.L.CIF: ESB70799812

Postal Address: Carrer Arxiduc Luís Salvador, 5, 07179 Deià, Illes Balears, Spain

Email: [email protected]

Phone: +34 623 12 39 95

(Hereinafter, "REYNES CYCLING", "we", "us", "our platform")

Last Revised: July 8, 2025

At REYNES CYCLING, the protection and confidentiality of your personal data are extremely important to us. This privacy policy informs you about the type, scope, purpose, recipients, and legal basis of the personal data processed by us in relation to our services (hereinafter collectively referred to as "Services"), which we offer on reynescycling.com. Additionally, we inform you about your rights.

Personal data is any information relating to an identified or identifiable natural person (Art. 4 No. 1 of the EU General Data Protection Regulation (hereinafter, "GDPR")). This includes information such as your name, email address, postal address, or phone number.

1. Who is the Data Controller of Your Data?

  • Identity: Reynes Cycling S.L.
  • CIF: ESB70799812
  • Postal Address: Carrer Arxiduc Luís Salvador, 5, 07179 Deià, Illes Balears, Spain
  • Email: [email protected]
  • Phone: +34 623 12 39 95

2. What is the Legal Basis for Processing Your Data?

The legal basis for processing your data is:

  • The performance of a contract or pre-contract for the provision of our bike rental services and associated products (Art. 6.1.b GDPR).
  • Responding to requests for information or support from our customers (Art. 6.1.b GDPR for pre-contractual requests or Art. 6.1.a GDPR if explicit consent is given).
  • Your explicit consent for sending information and offers about products and services of interest to you, or for sending our newsletter (Art. 6.1.a GDPR).
  • Our legitimate interest (Art. 6.1.f GDPR) for the security of our bicycles and systems, fraud prevention, improvement of our services, and the defense of our business interests.

3. For What Purpose Do We Process Your Personal Data?

At REYNES CYCLING, we collect and use personal data from interested parties only to the extent necessary to:

  • Provide our bike rental services, process reservations, manage payments, and ensure the functionality of contracted services.
  • Send you information and offers about products and services of interest to you, if you have given your consent.
  • Send you our newsletter, if you have subscribed to it.
  • Manage and respond to your information and support inquiries.
  • To offer you products and services in line with your interests, we may create a "commercial profile" based on the information provided. No automated decisions with legal effects will be made based solely on this profile.

4. How Long Will We Retain Your Data?

Personal data provided will be retained as long as the commercial relationship is maintained or until its deletion is requested by the data subject. In any case, it will be kept for the legally required period for compliance with tax, accounting, and legal obligations. Generally, the data will be retained for a period of 5 years from the last confirmation of interest or the termination of the contractual relationship, for the purpose of addressing potential liabilities arising from processing.

5. To Which Recipients Will Your Data Be Communicated?

We process personal data only within our company. Our customers' information will not be shared with third parties for purposes unrelated to the provision of our services. To the extent that we use third-party services to provide our services (e.g., payment gateways, transport companies for bike deliveries/collections, platforms for booking like Booqable, or technical and hosting service providers), we will only transmit personal data to such third parties insofar as the transmission is necessary for the respective service and there is a legal basis for the transmission. All such third parties will act as data processors under our instructions and with the corresponding data processing agreements (DPAs) in place.

6. What Are Your Rights When You Provide Us With Your Data?

Anyone has the right to obtain confirmation as to whether or not REYNES CYCLING is processing personal data concerning them. You have the right to:

  • Access your personal data (Right of Access).
  • Request the rectification of inaccurate data or, where appropriate, request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected (Right to Rectification and Erasure/Right to be Forgotten).
  • In certain circumstances and for reasons related to your particular situation, data subjects may object to or request the limitation of the processing of their data (Right to Object and Right to Restriction of Processing). REYNES CYCLING will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
  • Receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit it to another data controller (Right to Data Portability).
  • Withdraw the consent given for the processing of your data for marketing or newsletter purposes at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

To exercise any of these rights, you can send us a written request to [email protected] or to our postal address indicated at the beginning of this document. Your request must include your full name, copy of your ID/passport and the right you wish to exercise.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), if you consider that the processing of your personal data infringes applicable regulations, through their website www.aepd.es.

This privacy policy is governed in all its aspects by the General Data Protection Regulation of the European Union and Spanish law.

7. Detailed Data Processing

Below, we inform you about the different ways personal data is processed, its purpose and legal basis, and how long it is stored.

a) General Access to Our Platform (Log Files) We routinely collect a series of general data and information each time our platforms are accessed. This data is stored in so-called log files of our system. We may record (1) the types and versions of browsers used, (2) the system operating system used by the accessing system, (3) the website from which an accessing system reaches our platforms (referrer), (4) the sub-websites accessed via an accessing system on our website, (5) the date and time of website access, (6) the Internet Protocol address (IP address) and the Internet service provider of the accessing system, and (7) other similar data and information used for security purposes in case of attacks on our information technology systems. For security reasons, particularly to trace attacks on our platforms, we store this data, including the IP address, for a limited period and then delete it. The IP address is necessary to establish and during the connection to allow the contents of our platform to be delivered to you. The legal basis for the processing and subsequent storage of the IP address is a legitimate interest in accordance with Article 6(1)(f) of the GDPR (our interest in network and information security). The legitimate interest with regard to the transmission of the IP address lies in the fact that this is necessary for the display of the contents of the respective platform; the display of the website is not possible without the transmission of the IP address. By using this general data and information, we do not draw any conclusions about you as a person. On the contrary, this information is necessary to (1) correctly deliver the contents of our platform, (2) optimize the contents of our platform and its advertising, (3) ensure the permanent functionality of our information technology systems and the technology of our platform, and (4) provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack. Anonymous data from log files is stored separately from all personal data provided. The data will not be passed on to third parties.

b) Processing of Data Submitted Via Forms Contact forms are provided on our platform, which can be used by our users for electronic contact for information and support purposes. By clicking the "Send" button, you consent to the transmission of the data entered into the input interface to us. Additionally, we save the date and time of your contact. You can also contact us via the email address or phone number provided. In this case, the personal data transmitted with the email/call and our response will be stored. The personal data voluntarily transmitted to us in this context serves for processing your inquiry and establishing contact with you. The legal basis for data transmission is Art. 6.1.a GDPR (your consent) or Art. 6.1.b GDPR if the inquiry is pre-contractual. We store the data for this purpose until the conversation with you has ended. The conversation ends when the circumstances indicate that the facts in question have been finally clarified and that there will be no further questions in the future.

c) Newsletters and Similar Messages You can register to receive newsletters by confirming in your account or by sending us your email address. In this case, we will use your email address to send you our periodic newsletter in which we will inform you about topics of interest. The legal basis is your consent in accordance with Art. 6.1.a GDPR. In relation with your newsletter registration, we also store your IP address and the date and time of registration so that we can track and prove the registration at a later time. The legal basis for this storage is a legitimate interest within the meaning of Art. 6.1.f GDPR, whereby the legitimate interest is the possibility to prove registration. We store your email address for sending newsletters until you unsubscribe from the newsletter service or until we stop sending you the newsletter. You can stop receiving newsletters or other messages from us at any time by using the appropriate settings in your account's notification options or by using the corresponding opt-out link contained in each email from us.

d) Account on Our Platform and Booking Processing By registering on our platform in order to use our services, we offer you the option to enter into a contract for the use of our services based on our Terms of Use. We collect your email address, as well as your name, postal address, NIF/CIF/NIE, and contact phone numbers. The email address and your password serve as login data to access your account. In connection with account registration and the setup of various functions, we also store your IP address and the date and time at the time of registration or the setup of the respective functions. In connection with each use of the account on our platform, we automatically process login data in order to prevent misuse or fraudulent use of our services, to protect REYNES CYCLING against attacks on our system, and to ensure and verify the proper functioning of contractual services at all times. The legal basis for the storage and use of your personal data in connection with your account and booking management is the performance of your contract with us, Art. 6.1.b GDPR. We store your personal data for as long as necessary to provide the contractually agreed service. Personal data stored by you in your account and your profile are available to you for the duration of the contract and are stored by us for this duration. Personal data will be deleted if you do so in relation to individual data or the account on our platform as a whole, ask us to do so accordingly, or if the contract terminates, i.e., if you or we terminate the contract.

e) Processing of Payment Data To process bookings and rental payments, we collect information necessary for the transaction, which may include your credit or debit card details. We do not directly store your full credit card details. We use external, secure payment service providers (such as third-party payment gateways) that comply with PCI DSS standards to process payments.Legal Basis: Performance of the contract (Art. 6.1.b GDPR) and compliance with a legal obligation (Art. 6.1.c GDPR) in relation to invoicing and tax requirements.Retention: Transaction data is retained for as long as necessary to comply with legal and accounting obligations (generally 5 years or more, depending on tax regulations).