We respect your privacy and are committed to protecting it through our compliance with this privacy policy (“Policy”). This Policy describes the types of information we may collect from you or that you may provide (“Personal Information”) on the skibookers.com website (“Website” or “Service”) and any of its related products and services (collectively, “Services”), and our practices for collecting, using, maintaining, protecting, and disclosing that Personal Information. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update it.
This Policy is a legally binding agreement between you (“User”, “you” or “your”) and Skibookers B.V. (“Skibookers B.V.”, “we”, “us” or “our”). If you are entering into this Policy on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Policy, in which case the terms “User”, “you” or “your” shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Policy, you must not accept this Policy and may not access and use the Website and Services. By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
When you open the Website, our servers automatically record information that your browser sends. This data may include IP address, browser type/version, operating system, language preferences, the page you visited before coming to the Website, pages you visit, time spent, searches, access times and dates, and other statistics. We use this information to identify potential abuse and compile aggregate statistics about usage and traffic. These statistics are not combined in a way that identifies any particular User.
You can access and use the Website and Services without telling us who you are. To use certain features, you may be asked to provide Personal Information (e.g., name, email). We receive and store information you knowingly provide when you create an account, make a purchase, or fill forms. When required, this may include:
We act as a data controller when we determine purposes and means of processing (e.g., account creation, checkout). We act as a data processor where we process Personal Information on your instructions (e.g., content you submit for bookings).
We may need to collect and use certain Personal Information to provide the Services or meet legal obligations. If you do not provide requested information, we may be unable to deliver the requested Services. We may use information to:
Legal bases (EU/UK GDPR): consent; performance of a contract or pre-contract steps; compliance with legal obligations; legitimate interests (e.g., service security, improvements, fraud prevention, direct marketing where allowed). Where we rely on consent, you can withdraw it at any time.
We may aggregate or de-identify Personal Information for analytics and improvements.
Legal Bases for Processing and Retention Periods
In accordance with Article 6 of the GDPR, we process personal data only when there is a valid legal basis. The following table summarises the purposes of processing, applicable legal bases, and retention periods:
Purpose
Legal Basis
Retention Period
Booking management and service delivery
Contract performance
10 years (as required by Dutch tax law)
Payment processing and accounting
Legal obligation
10 years
Customer communication and support
Legitimate interest
5 years after case closure
Marketing and promotional communications
Consent
Until consent is withdrawn
Analytics and website improvement
Legitimate interest
Up to 24 months
For paid Services, you may need to provide payment details used solely to process payments. We use third-party payment processors (“Payment Processors”) that adhere to PCI security standards. Sensitive data is transmitted over SSL and protected with industry security controls. We share payment data with Payment Processors only as needed to process payments/refunds and resolve related issues. Their use of your data is governed by their privacy policies, which we recommend you review.
You may delete certain Personal Information via your account or by contacting us. We may retain unrevised copies as required for legal, contractual, or operational reasons (see “Retention of information”).
We may share information with trusted subsidiaries, joint venture partners, contracted companies, and service providers (“Service Providers”) who support our operations (e.g., cloud hosting, analytics, payments, communications, user authentication, sales & marketing). These parties act under contract, are limited to necessary use, and must protect Personal Information. We do not share with unaffiliated third parties for their own marketing.
We may disclose Personal Information as required by law or to protect rights, safety, investigate fraud, respond to authorities, or in connection with a merger, acquisition, or sale of assets.
We retain Personal Information for as long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce agreements, up to a maximum of 120 months unless a longer period is required by law. Aggregated/de-identified data may be retained. After the retention period, Personal Information will be deleted or anonymized.
Financial and transactional data (including invoices, payment records, and accounting documentation) are retained for 10 years to comply with statutory obligations under Dutch law.
Depending on your location, data transfers may involve storing your Personal Information outside your country, including within the EU/EEA and the UK. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) or your explicit consent. You can contact us for details of applicable safeguards.
If you are a resident of the EU/EEA or UK, you have rights under GDPR/UK GDPR, including:
We generally respond within one month (extendable where permitted). See “How to exercise your rights” below.
Where local laws grant similar rights (access, correction, deletion, restriction, objection, portability, opt-out of targeted ads/data “sales”), we will honor those rights in accordance with applicable law.
Submit a request using our data access form (if available) or contact us using the details below. We may need to verify your identity or authority (e.g., power of attorney for an authorized representative) before responding. Please include sufficient detail to allow us to identify you and your request.
We use cookies to personalize your experience, secure the Service, and compile statistics. You can accept or decline cookies via browser settings and our cookie banner/preferences center. For more information, see our Cookie Policy.
We may use third-party analytics tools that use cookies or similar technologies to collect standard internet activity and usage information. We use aggregated reports to monitor performance and improve the Services. We do not use analytics tools to identify you personally, nor do we combine analytics reports with directly identifying information.
We do not knowingly collect Personal Information from children under 13. If you believe a child under 13 has provided Personal Information, contact us to delete it. Parents/guardians should supervise children’s online activity. (Where local law sets a higher age of consent for online services, we comply with that requirement.)
Our Services do not track users over time and across third-party sites for the purpose of targeted advertising. Some third parties may track your browsing when they serve content. To learn about browser/device DNT settings, visit internetcookies.com.
We may allow third parties to tailor advertising (where permitted). These parties may place cookies and track behavior. For info on choices to opt-in/opt-out of interest-based ads, visit the Digital Advertising Alliance or the Network Advertising Initiative.
You may opt in to push notifications and can opt out anytime via device settings. We use a third-party provider that relies on a device token; this does not reveal your identity to us.
We may engage in affiliate marketing. If you click an affiliate link, a cookie may be placed to track sales for commission purposes.
Our Services contain links to resources not owned or controlled by us. We are not responsible for their privacy practices. Read the privacy statements of each resource that may collect Personal Information.
We protect information with reasonable administrative, technical, and physical safeguards. While we strive to protect your Personal Information, transmission over the Internet is not risk-free. Please also protect your device and credentials.
If we learn of a breach affecting Personal Information, we may take appropriate measures, including investigation, notification to users and/or authorities where required, and cooperation with law enforcement.
In the event of a personal data breach, Skibookers will notify the relevant supervisory authority and affected users within 72 hours of becoming aware of the breach, in accordance with Articles 33 and 34 of the GDPR.
We may modify this Policy at any time. When we do, we may notify you (e.g., by email or in-product notice). The updated Policy is effective upon posting unless otherwise stated. We will not, without your consent, use your Personal Information in a materially different manner than stated at collection.
By accessing and using the Website and Services and submitting your information, you agree to this Policy. If you do not agree, you are not authorized to access or use the Website and Services.
For details on how cookies and similar technologies are used on our website, please refer to our Cookie Policy.
Controller: Skibookers B.V.
Registered address: Pietersbergweg 291, 1105 BM Amsterdam, The Netherlands
Chamber of Commerce (KvK): 98088610
VAT (BTW): NL868354235B01
Directors: John Lafeber; Anastasiia Lizanets
Related documents:
