Privacy Policy

1. Introduction

watermdori B.V. ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website watermdori.top, use our services, or interact with us.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable EU privacy laws. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Data Controller Information

3. Information We Collect

3.1 Personal Information

We may collect the following personal information:

• Name and contact information (email, phone number, address)
• Booking and payment information
• Emergency contact details
• Dietary requirements and health information relevant to tour participation
• Communication preferences
• Tour feedback and reviews

3.2 Technical Information

• IP address and browser information
• Device information and operating system
• Website usage data and analytics
• Cookies and similar tracking technologies

3.3 Special Categories of Data

We may collect health-related information only when necessary for tour safety and with your explicit consent. This includes mobility requirements, medical conditions that may affect participation, and dietary restrictions.

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Service Provision

• Processing and managing tour bookings
• Providing customer support and communication
• Ensuring tour safety and suitability
• Processing payments and managing refunds

4.2 Legal Obligations

• Compliance with tax and accounting requirements
• Meeting insurance and safety regulations
• Responding to legal requests and protecting our rights

4.3 Legitimate Interests

• Improving our services and website functionality
• Sending marketing communications (with consent)
• Analysing website usage and customer preferences
• Preventing fraud and ensuring security

5. Legal Basis for Processing

We process your personal data based on:

• Contract Performance: To provide tour services you've booked
• Legal Obligation: To comply with tax, safety, and other legal requirements
• Legitimate Interest: To improve services and prevent fraud
• Consent: For marketing communications and special category data
• Vital Interests: In emergency situations to protect health and safety

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers

• Payment processors and financial institutions
• Tour guides and local service providers
• IT service providers and website analytics
• Insurance providers when necessary

6.2 Legal Requirements

• Government authorities and regulatory bodies
• Law enforcement when legally required
• Emergency services in urgent situations

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure payment processing systems
• Regular data backups and recovery procedures

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Booking and payment data: 7 years (tax and accounting requirements)
• Marketing communications: Until you withdraw consent
• Website analytics: 26 months maximum
• Customer support records: 3 years
• Health and safety data: Duration of tour plus 1 year

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

10. Cookies and Tracking

Our website uses cookies and similar technologies. For detailed information about our cookie usage, please see our Cookie Policy.

11. International Data Transfers

We primarily process data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Certification schemes

12. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to remove that information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may provide additional notice through email or website notifications.

14. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first at [email protected].

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority if you believe we have not complied with data protection laws.

15. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us: