Data Controller
Selfroute (selfroute.org) is the controller of personal data processed through this website.
What data we collect
- Contact form data: name, email address, and message text.
- Route form data: name, email, and trip preferences (interests, duration, pace) entered in our multi-step forms.
- Technical data: IP address, browser/device metadata, and server logs required for security and service operation.
- Cookie identifiers: consent status and, if you accept, analytics/advertising identifiers.
Legal basis for processing (GDPR Art. 6)
- Consent (Art. 6(1)(a)): for analytics/advertising cookies (including Google Ads tags) and related measurement.
- Performance of a contract or pre-contract steps (Art. 6(1)(b)): to deliver requested route materials and respond to direct requests.
- Legitimate interests (Art. 6(1)(f)): to protect the website, prevent abuse, and improve service reliability.
Cookies and Google Ads
We use essential cookies by default. Non-essential analytics and advertising cookies are activated only after your consent via our cookie banner. If consent is not given, those cookies remain disabled.
Data sharing and international transfers
We do not sell personal data. Data may be processed by providers needed to operate the website and email communication (e.g., hosting, email delivery, and, if consented, advertising/measurement providers such as Google). Where data is transferred outside the EEA, we rely on appropriate safeguards (such as Standard Contractual Clauses).
Retention
We retain personal data only as long as necessary for the purposes above, and as required by law.
Your GDPR rights
- right of access;
- right to rectification;
- right to erasure;
- right to restriction of processing;
- right to data portability;
- right to object to processing based on legitimate interests;
- right to withdraw consent at any time (without affecting processing before withdrawal);
- right to lodge a complaint with the supervisory authority in your country. The lead authority for this service is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl).
Response time
We respond to verified privacy requests within 30 days. If a request is complex, this period may be extended as permitted by GDPR, and we will inform you accordingly.
Contact
For privacy requests, contact: info@selfroute.org