Book a Tour

Not Just Miles—Moments.

Privacy Policy

Privacy Policy

Effective Date: 01/01/2025

This Privacy Policy explains how Summits & Adventures LLC collects, uses, shares, and protects personal information when visitors browse our website and submit booking-related forms for our tours. This notice is designed for clarity and transparency and covers users in the United States, the EU/EEA, the UK, and Canada.

Who we are

  • Data Controller: Summits & Adventures LLC, Houston, Texas; Contact: admin@beyondtheride.com; Data Controller.
  • Scope: This notice applies to our public website and to data collected via our booking, inquiry, and waitlist forms; we do not operate user accounts on the site.

What we collect

We only collect personal data that you provide directly through web forms and do not collect device identifiers, analytics, cookies, or tracking data.

  • Inquiries: email address to respond to your request.
  • Waitlist: name and email to notify you of availability or future dates.
  • Bookings: name, email, phone, address, city, country for each traveler and companion, and bike size to plan and deliver the tour you requested.
  • Payments: handled by Stripe; we do not receive or store your full payment card details.
  • Special categories: we do not seek or collect special category data (e.g., health information).

How we collect it

  • Methods: voluntary submission via web forms; we do not use pixels, analytics SDKs, A/B testing, or session replay tools.
  • No cookies/trackers: we do not place non‑essential cookies or run analytics or advertising pixels on our site.

Cookies and similar technologies

We do not deploy non‑essential cookies, analytics, or advertising trackers, and therefore do not present a cookie banner; strictly necessary functionality only is in use, with no profiling or cross‑site tracking. If in future we introduce non‑essential cookies, we will obtain valid, granular prior consent and provide clear controls and disclosures.

Purposes and lawful bases (EU/UK)

For EU/UK visitors, each purpose is mapped to a lawful basis under GDPR/UK GDPR.

  • Responding to inquiries and organizing bookings: performance of a contract or steps prior to entering into a contract.
  • Waitlist notifications: consent, which you can withdraw at any time via email.
  • Payments via Stripe: performance of a contract to process your booking payment.
  • Testimonials, photos, and video content: consent gathered during booking (Terms & Conditions), which you may withdraw.

How we use personal information

We use your information to respond to inquiries, manage waitlists, process bookings and payments, coordinate tour logistics, and provide transactional communications related to your trip. We do not engage in behavioral advertising, user profiling, or marketing communications.

Sharing and disclosures

  • Service providers: we share necessary data with Stripe to process payments and with insurers for tour-related coverage or claims, limited to the minimum required.
  • No sale or sharing for advertising: we do not “sell” or “share” personal information as defined under the California Consumer Privacy Act (as amended by the CPRA).
  • Categories of recipients: payment processor (Stripe) and insurers as applicable for the stated purposes.

International data transfers

  • We are based in the United States and store booking data in the US.
  • Stripe uses recognized transfer mechanisms under GDPR/UK GDPR (e.g., Standard Contractual Clauses or equivalent safeguards) for international transfers as required by law.

Retention

  • We retain booking records and related communications as needed to fulfill the contract and meet legal/operational obligations, while non‑necessary data is deleted after one year; only aggregated, non‑identifiable data may be retained thereafter.
  • Retention periods may vary according to legal, tax, and operational requirements, and we will keep data no longer than necessary for the purposes described.

Security

  • Payments: Stripe manages payment processing with its own security controls and compliance measures; we do not store full card numbers.
  • Bookings: personal data is stored in a secure cloud database with access limited to authorized personnel and protected by technical and organizational safeguards.
  • We maintain administrative, technical, and organizational controls appropriate to the nature of data processed and review practices periodically.

Individual rights (EU/UK)

Depending on your jurisdiction, you may have rights to access, rectify, delete, restrict, or object to processing; to data portability; and to withdraw consent where consent is the lawful basis. You can exercise your rights by emailing admin@beyondtheride.com, and you also have the right to lodge a complaint with your local data protection authority.

California privacy rights (CPRA)

If you are a California resident, you may request to know the categories and specific pieces of personal information we collected, request deletion or correction, and not be discriminated against for exercising privacy rights. We do not “sell” or “share” personal information for cross‑context behavioral advertising; as an online business, you may exercise rights via email at admin@beyondtheride.com, and we will update this policy at least annually.

Children

Bookings can only be made by individuals aged 21+; adults who book may provide limited information for minor guests traveling with them. We do not knowingly collect personal information directly from minors through the website.

Marketing communications

We send transactional communications related to inquiries and bookings and do not send marketing emails, SMS, or WhatsApp messages. There is no profiling or personalization for marketing purposes.

User content, photos, and testimonials

We may publish guest reviews or media with your consent gathered during booking (Terms and Conditions), and you may withdraw consent via email for future use. Upon verified request, we will remove content we control from our channels where feasible and lawful.

Third‑party links and social media

Our website may contain links to third‑party sites or social media platforms whose privacy practices are independent of ours; we encourage you to review their policies. We are not responsible for the content or privacy practices of third parties.

Changes to this Policy

We will review and update this Privacy Policy at least annually and will post the new effective date at the top of this page. Material changes will be clearly indicated within the policy text.

Contact

To exercise your rights or ask questions about this Policy, contact the Data Controller at admin@beyondtheride.com (Summits & Adventures LLC, Houston, Texas).