Privacy Policy

1. Data Controller

Vital Ingredients & Adventures GmbH
Wiedner Hauptstraße 142/1/5
1050 Vienna, Austria
Email: privacy@theoneadventures.com
Website: https://theoneadventure.com

The data controller is responsible for the collection and processing of your personal data in accordance with applicable data protection laws, including GDPR and the Austrian Data Protection Act (DSG).

2. Personal Data We Collect

We only collect personal data necessary to provide our services. This includes:

2.1 Booking & Customer Data

• Name
• Email address
• Phone number
• Address (where applicable)
• Date of birth (if required for activity participation)
• Emergency contact (where applicable)

2.2 Payment Information

Payment details are processed securely by third-party payment providers. We do not store your full payment card details.

2.3 Website & Technical Data

• IP address
• Device information
• Cookies and tracking data
• Analytics data (Google Analytics, Meta Pixel, etc.)

2.4 Communication Data

• Emails
• Chat messages
• Contact form submissions

2.5 Marketing Data

• Newsletter subscription data
• User preferences (only with consent)

3. Purpose of Processing

We process your personal data for the following purposes:

• Contractual Necessity (Art. 6(1)(b) GDPR): Managing bookings and reservations, processing payments, providing customer support, delivering tour- and adventure-related information.
• Legal Obligations (Art. 6(1)(c) GDPR): Accounting and tax compliance, safety documentation, insurance requirements.
• Legitimate Interests (Art. 6(1)(f) GDPR): Improving website functionality, fraud prevention, customer relationship management.
• Consent (Art. 6(1)(a) GDPR): Marketing emails and newsletters, cookie-based analytics and tracking. You may withdraw your consent at any time.

4. Data Storage and Security

We take data protection seriously and implement the following measures:

• Encryption of data in transit and at rest
• Firewall and intrusion protection systems
• Strict access control (only authorized personnel)
• Data minimization (we only store what is necessary)
• Regular security audits and compliance reviews

5. Data Retention

We store your data only as long as necessary for the purposes described above or as required by law. Examples include:

• Booking records: 7 years (Austrian tax law)
• Communication data: 2 years
• Marketing data: until consent is withdrawn

6. Third-Party Processors

We work with trusted third-party providers who process data on our behalf. These include:

• Shopify International Ltd. (website and e-commerce services)
• Payment processors (Stripe, PayPal, etc.)
• Google Analytics (website analytics)
• Meta / Facebook Pixel (marketing analytics)
• Email service providers (newsletters and communication)

All third parties are contractually obligated to comply with GDPR requirements. We do not sell your personal data.

7. International Data Transfers

Some service providers may process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards according to GDPR, including Standard Contractual Clauses (SCCs) and equivalent data protection measures. This ensures your data remains protected at all times.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access – Request a copy of your data
• Right to Rectification – Correct inaccurate or incomplete data
• Right to Erasure (“right to be forgotten”)
• Right to Restrict Processing – Limit how we use your data
• Right to Data Portability – Request transfer of your data
• Right to Object – Especially regarding marketing
• Right to Withdraw Consent – At any time

9. Cookies & Tracking Technologies

We use cookies to improve website performance, analytics, and marketing. Types of cookies include:

• Necessary
• Functional
• Analytics
• Marketing/Advertising

Where legally required, we ask for your explicit consent via a cookie banner. A detailed cookie policy can be added separately.

10. Sharing of Personal Data

We only share your data when necessary:

• To fulfill your booking
• To comply with legal obligations
• To provide website infrastructure (Shopify, hosting providers)
• To process payments securely

All partners follow strict confidentiality agreements.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. Updated versions will be posted on our website. We encourage you to review this page periodically.

12. Contact Information

For questions, concerns, or data-related requests:

Vital Ingredients & Adventures GmbH
Email: privacy@theoneadventures.com
Website: https://theoneadventure.com