Legal
Privacy & Cookie Policy
Last updated: April 2026
Gravel Adventure — operated by MTB-Adventure Aps — takes your privacy seriously. This page explains
what personal data we collect, how we use it, and your rights under the EU General Data Protection
Regulation (GDPR).
If you have any questions, you can always reach us directly at
info@gravel-adventure.dk
or by phone at +45 22 22 19 22.
1
Data controller
The data controller responsible for personal data collected through this website is:
MTB-Adventure Aps
CVR: 39040751
Denmark
Email: info@gravel-adventure.dk
Phone: +45 22 22 19 22
2
What personal data we collect
We collect personal data only when you actively provide it to us — for example, when you send us
an enquiry, make a booking enquiry, or sign up for tour information.
The data we may collect includes:
Name and contact details (email address, phone number)
Tour preferences and booking information
Messages and correspondence you send us
Technical data collected automatically when you visit our website (see Cookies section below)
We do not collect sensitive personal data such as payment card numbers, health information, or
government identification numbers through this website.
3
How we use your data
We use the data we collect for the following purposes:
Responding to enquiries — when you contact us, we use
your details to reply and to help you find the right tour.
Booking and trip administration — if you book a tour,
we use your data to organise your trip, communicate logistics, and handle payments with our
banking and payment partners.
Improving our service — we use aggregated and
anonymised website analytics to understand how visitors use our site and to improve it.
Legal obligations — we retain certain booking and
financial records as required by Danish accounting and consumer protection law.
We do not sell your personal data to third parties, and we do not use it for automated
decision-making or profiling.
4
Legal basis for processing
We process your personal data on the following legal bases under GDPR Article 6:
Contractual necessity — to fulfil a booking or respond
to a pre-contractual enquiry (Art. 6(1)(b))
Legitimate interest — for general enquiry handling and
website improvement (Art. 6(1)(f))
Legal obligation — for retention of accounting and
booking records as required by law (Art. 6(1)(c))
Consent — for any non-essential cookies placed on your
device (Art. 6(1)(a))
5
How long we keep your data
We keep personal data only as long as necessary for the purpose it was collected:
Enquiry correspondence — up to 2 years, unless a booking follows
Booking and financial records — 5 years, as required by Danish bookkeeping law
Website analytics data — up to 26 months in anonymised form
6
Your rights
Under GDPR, you have the following rights regarding your personal data:
Right of access — you can ask us what data we hold about you
Right to rectification — you can ask us to correct inaccurate data
Right to erasure — you can ask us to delete your data (subject to legal retention requirements)
Right to restrict processing — you can ask us to limit how we use your data
Right to data portability — you can ask for your data in a machine-readable format
Right to object — you can object to processing based on legitimate interest
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at
info@gravel-adventure.dk.
We will respond within 30 days.
You also have the right to lodge a complaint with the Danish Data Protection Agency
(Datatilsynet) at www.datatilsynet.dk.
7
Cookies
Cookies are small text files placed on your device when you visit a website. We use them to make
the site work correctly and to understand how it is used. Here is an overview of the cookies we
use:
Strictly necessary cookies
These cookies are required for the website to function. They cannot be switched off. They include
session and security cookies set by WordPress.
| Cookie | Purpose | Duration |
|---|---|---|
| wordpress_* | WordPress session management | Session |
| wp-settings-* | WordPress interface preferences | 1 year |
Analytics cookies
These cookies help us understand how visitors use our site. We use this information to improve
the experience for future visitors. These cookies are only set with your consent.
| Cookie | Purpose | Duration |
|---|---|---|
| _ga | Google Analytics — distinguishes users | 2 years |
| _ga_* | Google Analytics — session persistence | 2 years |
You can manage or withdraw your cookie consent at any time via your browser settings. Most browsers
allow you to refuse cookies or to alert you when cookies are being sent. Note that refusing some
cookies may affect how the site works.
8
Third-party services
We use the following third-party services that may process your data:
Google Analytics — website usage analytics. Data is
processed in accordance with Google’s privacy policy and transferred to servers in the US under
Standard Contractual Clauses.
Email providers — we use standard email to handle
enquiries. Messages are transmitted and stored by our email provider.
We do not transfer your personal data to countries outside the EU/EEA except where covered by
appropriate safeguards (such as Standard Contractual Clauses with Google).
9
Changes to this policy
We may update this policy from time to time. The date at the top of this page reflects the most
recent revision. We encourage you to check back periodically. Significant changes will be
communicated directly to customers who have an active booking with us.
Questions about this policy? Write to us at
info@gravel-adventure.dk
or call +45 22 22 19 22.