1. INTRODUCTION AND CONTROLLER DETAILS

1.1. Welcome to the official Privacy Policy of Vital Ingredients & Adventures GmbH, operating under the brand name The One Adventure (hereinafter referred to as "we", "us", "our", or the "Company"). We are committed to protecting your personal data and respecting your privacy.

1.2. This Privacy Policy comprehensively outlines how we collect, process, store, and protect your personal data when you visit our website (https://theoneadventure.com), interact with us, or purchase our travel and adventure services. It also informs you about your privacy rights and how the law protects you.

1.3. For the purposes of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG), the Data Controller responsible for your personal data is:

Vital Ingredients & Adventures GmbH
Wiedner Hauptstraße 142/1/5 1050 Vienna, Austria
Company Registration (FN): 603592 k (Handelsgericht Wien)
Email for Privacy Inquiries: privacy@theoneadventures.com
Website: https://theoneadventure.com

2. THE PERSONAL DATA WE COLLECT

We limit the collection of personal data to what is strictly necessary to provide our services, manage your bookings, and improve your customer experience. Depending on your interactions with us, we may collect, use, store, and transfer different kinds of personal data, which we have grouped together as follows:

2.1. Identity and Contact Data: This includes your full name, title, date of birth (where required to verify eligibility for certain physical activities), billing address, residential address, email address, and telephone numbers.

2.2. Travel and Booking Data: Information required to fulfill your travel itinerary, including passport details (if applicable for international border crossings), dietary requirements, emergency contact information, and relevant medical or health information that you explicitly volunteer to ensure your safety during adventure activities.

2.3. Financial and Transaction Data: Details regarding payments to and from you, and other details of products and services you have purchased from us. Please note that all payments are processed securely by our third-party payment gateways (e.g., Stripe, PayPal). We do not store or process your full credit card details on our own servers.

2.4. Technical and Usage Data: Information about how you use our website, including your Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types, operating system, and information gathered via cookies and similar tracking technologies.

2.5. Communication and Marketing Data: Your preferences in receiving marketing materials from us and our third parties, your communication preferences, and records of any correspondence you have with our team (e.g., emails, chat logs, contact form submissions).

3. HOW WE COLLECT YOUR DATA

3.1. Direct Interactions: You may provide us with your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes data provided when you book a tour, subscribe to our newsletter, request marketing materials, or give us feedback.

3.2. Automated Technologies: As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions, and patterns using cookies, server logs, and other similar technologies.

3.3. Third Parties: We may receive personal data about you from various third parties, such as analytics providers (e.g., Google Analytics), advertising networks (e.g., Meta/Facebook), and technical or payment service providers (e.g., Shopify International Ltd.).

4. PURPOSES AND LEGAL BASIS FOR PROCESSING

We will only use your personal data when the law allows us to. Below are the specific legal bases under Article 6 of the GDPR upon which we rely to process your data:

4.1. Contractual Necessity (Art. 6(1)(b) GDPR): We process your Identity, Contact, Travel, and Financial Data to perform the contract we are about to enter into or have entered into with you. This includes managing bookings, processing payments, arranging your tour operations, and providing customer support.

4.2. Legal Obligations (Art. 6(1)(c) GDPR): We are required to process and retain certain data to comply with statutory and regulatory obligations. This includes Austrian corporate accounting and tax compliance, maintaining accurate safety records, and fulfilling insurance requirements.

4.3. Legitimate Interests (Art. 6(1)(f) GDPR): We process Technical and Usage Data to study how customers use our services, to develop our business, and to inform our marketing strategy. We also rely on legitimate interests to ensure network security, prevent fraud, and manage our customer relationships.

4.4. Consent (Art. 6(1)(a) GDPR): We rely on your explicit consent for sending direct marketing communications via email or newsletter, and for the use of non-essential cookies.

(Note regarding Health Data: Any voluntary disclosure of medical conditions or dietary requirements constitutes "Special Category Data" under Article 9 GDPR. We process this exclusively based on your explicit consent).

5. SHARING AND DISCLOSURE OF YOUR DATA

5.1. To successfully operate your Tour and provide our Services, we may need to share your personal data with strictly vetted third parties. 5.2. Operational Partners: We share necessary details with local ground handlers, tour guides, transport providers, and accommodation hosts solely for the purpose of fulfilling your travel itinerary. 5.3. Service Providers: We engage trusted third-party processors including Shopify International Ltd. 5.4. Professional Advisers and Authorities: We may disclose your data to lawyers, auditors, or insurers if legally obligated. We strictly do not sell your personal data.

6. INTERNATIONAL DATA TRANSFERS

6.1. It may be necessary to transfer your personal data outside the European Economic Area (EEA). 6.2. Whenever we transfer your personal data out of the EEA, we ensure safeguards like:

• Transferring data only to countries deemed to provide an adequate level of protection by the European Commission.
• Using Standard Contractual Clauses (SCCs) approved by the European Commission.

7. DATA RETENTION

7.1. We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for. 7.2. Under the Austrian Federal Fiscal Code (§ 132 BAO), we are legally required to retain basic information for a minimum of seven (7) years. 7.3. General inquiry data is typically retained for two (2) years.

8. DATA SECURITY

8.1. We have implemented robust and appropriate security measures to prevent your personal data from being accidentally lost or accessed in an unauthorized way. 8.2. These measures include encryption and strict access controls. 8.3. We have procedures to deal with any suspected personal data breach.

9. YOUR STATUTORY RIGHTS

Under the GDPR and the Austrian Data Protection Act (DSG), you possess several fundamental rights:

• Right of Access: Request a copy of the personal data we hold.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request the "right to be forgotten".
• Right to Restrict Processing: Suspend processing under certain scenarios.
• Right to Data Portability: Request transfer of data in a structured format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.

To exercise these rights, email: privacy@theoneadventures.com

10. COOKIES AND TRACKING TECHNOLOGIES

10.1. Our website uses cookies to distinguish you from other users. 10.2. We utilize strictly necessary, functional, analytical (Google Analytics), and marketing (Meta Pixel) cookies. 10.3. Upon your first visit, you will be presented with a cookie banner for explicit consent.

11. RIGHT TO LODGE A COMPLAINT

11.1. Contact us at privacy@theoneadventures.com first. 11.2. You retain the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde): Barichgasse 40-42, 1030 Vienna, Austria.

12. CHANGES TO THIS PRIVACY POLICY

12.1. We keep our Privacy Policy under regular review. 12.2. Any future changes will be posted on this page and notified by email where appropriate.