Privacy and Cookie Policy

This Privacy Policy covers Countryside Ski & Climb Limited trading as Countryside Ski & Climb, Countryside and any of its associated companies and/or web sites.

Countryside Ski & Climb Limited T/A Countryside and Countryside Ski & Climb Registered office and trading address: 118-120 High Street Stevenage Hertfordshire SG1 3DW

Registered in England 2979298 VAT Registration Number GB 906 4373 27 ICO (Information Commissioner’s Office) registration number Z1711535

Telephone in the UK: Freephone 0800 298 9975 or 01438 353086 Outside the UK Telephone: +44 1438 353086

General Data Protection Regulation (GDPR)

The Data Protection Bill frequently referred to as GDPR (General Data Protection Regulation) replaces the Data Protection Act (1998). There are many similarities between the DPA and GDPR however, there are a few significant differences which bring positive changes to the way personal data is stored and processed. This applies to data held in digital and printed forms where it is used.

Lawful Basis

The first of the changes under the new regulations, requires businesses to confirm on what basis they believe they should have access to your personal data, either 'Legitimate Interest' or full 'Consent'.At Countryside Ski & Climb we believe that the most transparent and appropriate way for us to serve your needs is with your full 'Consent' which must be given freely and without coercion or restriction on our part. At the time you provide your personal data to us we will make it clear to you what you're providing it for e.g. to complete a specific sale, warranty, refund or newsletter sign-up,

Under this requirement, whatever purpose you initially provide your consent for remains valid for that purpose only. As we continue to serve you, we amalgamate these sources so that we know precisely what we are entitled to use your data for. As consent is the entry basis we have always prescribed to, nothing has changed in that regard.

GDPR Data Inclusions - Personal Data

Under the regulations the emphasis is that you, our customer and 'data subject' are in control of who you provide your personal data to, granting us permission to use it so that we may provide you with the services you choose in support of a commercial relationship with us. Put simply, you are in effect 'loaning' us the access rights to your personal data until you see fit to change this arrangement.

Personal data, often referred to as personal information, includes things like your name, address, email address, telephone number(s) and social media accounts, but it can also include things like your account/order number(s), or a unique IP address – anything in fact that can link to you as an individual. This all falls under the protection of GDPR.

You may find that in some areas we ask you to confirm that you are 13 years of age or over. This is because under the regulations the UK Information Commissioner's Office (ICO) has deemed 13 years of age to be the point at which a child can provide consent to allow the processing of his/her own personal data. We are also obliged to ask for proof of age when selling certain products, including (but not limited to) bladed items, multitools, ice axes or fuel.

GDPR Data Exclusions - Transactional & Location Data

This is different to personal data and includes things related to your purchase history, namely the method you used to make a purchase from us, such as our website and also might also include when you made this purchase. As GDPR's focus is to protect your personal data, this information is not included under the regulations. However, should you ask to see the data we hold in addition to the personal data we retain, we may still show you examples of this, but this is an extension to our obligations and our way of extending the level of trust and transparency.

GDPR Data Exclusions - Financial Data

This is the third example of data that passes through our business and it includes credit and debit card information. However, the security of this is controlled through other regulations (namely the Payment Card Industry - Data Security Standards) which exists to further reduce your (and our) personal risk. This data bypasses Countryside Ski & Climb’s systems and instead enters a payment gateway to be processed directly between your bank or charge card company, and our financial partner.

Profiling

Data profiling is a trusted technique that attributes other assumed or known factors to the personal data that you consent to provide us. The process will add things such as: the typical size of your family, the size and approximate value of your home, the occupation you might have, your age range, your propensity to read certain newspapers or respond to email campaigns.

By understanding more about you we believe this will help us to improve the service we offer but we don't believe we should do this without your consent. So, over the course of your consent we will occasionally seek your approval for this periodically. Under GDPR you will always be able to see what data we hold on you by serving a 'SAR' a Subject Access Request upon us (details below).

Processing Personal Data

Under the Data Protection Bill once your data is passed to us, therefore by definition we become the 'Data Controller'. This definition is the highest definition placed upon us by the ICO and means that we are charged with utmost level of care when it comes to safeguarding your privacy.

To preserve our relationship with you and not cause unnecessary frustration or anxiety to others, Countryside Ski & Climb will from time-to-time work to maintain the quality and relevancy of the data we hold, processing it against nationally-verified suppression files such as change of address data, gone-away and bereavement registers. Whilst we are not obliged to do this, we believe that in order to fulfil our obligations as 'Data Controller', this remains good business practice and provides a duty of care to our customers and their families.

Accessibility

Personal, location and transactional data is collected through our businesses systems and is the responsibility of the company's Data Controller within Countryside Ski & Climb Ltd (within our Privacy Team). You can ask to see or amend what you believe are errors within this data or remove your permission for us to retain it, by reading the steps that we describe next e.g. 'Subject Access Request' & 'Right to be Forgotten'. For anything else, you can always contact our Privacy Team by initially contacting us here click here to send an email.

Subject Access Request (SAR)

You can ask to receive a copy of your personal data whenever you choose under a process called a 'Subject Access Request'. Under a 'SAR' we will provide you with a FREE copy of all the personal data we hold on you in a machine-readable format within 30 days of us being able to successfully validate who you say you are. This is particularly relevant in order to avoid any security breaches or false claims for access to your personal data.

If we believe your request is complex or numerous we can extend the process for a further two months, but we will explain to you why this has been necessary within the initial 30 days of us validating who you are. If we deem your requests to be manifestly unfounded, excessive or particularly repetitive we are permitted to charge a reasonable administration fee to comply with requests for further copies of the same information. Should these excessive requests continue we are legally entitled to refuse your request, which should you disagree, you are within your rights to contact the Information Commissioner's Office and state your claim. All SAR requests are logged within our systems to manage the individual frequency of each request.

You can submit a Subject Access Request (SAR) to our Privacy Team by initially contacting us here click here to send an email.

Right to be Forgotten (RTBF)

Should you ever decide to refuse us permission to use your personal data, you can invoke your 'Right to be Forgotten'. In activating this process, we will need to remove all your personal details from our systems. Once removed, this information will not be available to you, or us again, and should you recommence your relationship with us at a future date and provide us with a fresh set of permissions, none of your previous personal data would be available for re-assignment at that stage.

You can invoke your Right to be Forgotten to our Privacy Team by initially contacting us here click here to send an email.

N.B. Please note that should you decide to invoke your RTBF, we are still required under other company law to store any transactional data that would have once been connected to you as an individual.

CCTV

You will see located around our retail store some CCTV recording equipment. This equipment is there to safeguard you and our property whilst on our premises. It is not used to assign a personal identity to your photographic image and is therefore not governed by GDPR. This information may be legally used by the Police or other law enforcement agencies if called upon as part of any investigation.

Mailing & Telephone Preference Service (MPS & TPS)

Once you have given us your consent to communicate with you, any registration of your personal details on the Direct Marketing Association's Mailing Preference Service (MPS) or Telephone Preference Service (TPS) cease to become valid until you rescind your consent directly with us through any of the methods described above. Countryside Ski & Climb’s policy of direct consent remains the only position we will use to communicate with customers.

Privacy & Electronic Communications Regulations (2003)

The PECR is derived from European law (European Directive 2002/58/EC) and is also known as the 'E-Privacy Directive'. This regulation supplements the regulations under GDPR with its primary focus addressing personal privacy across passive or active forms of distributed electronic communication e.g. Email, SMS (Text Messaging), website tracking cookies, apps, digital telephony, etc. In 2019 this Regulation will be amended and renamed the ePrivacy Regulation (ePR) and will be adopted by Countryside Ski & Climb within this Privacy Policy.

Online Shopping

We accept that in this increasingly complex world, consumers may not be fully aware with the methods used to gather personal data, but as a Data Controller it is our role to make this as transparent as possible and provide you with methods to rescind your permission at any time, wherever we can.

Google Certified Shops

Details regarding your online transaction will be monitored by Google in accordance with their own Certified Shops Privacy Policy. Countryside Ski & Climb have no control over this, but they (Google) may contact you to discuss your shopping experience with us in the interests of other shoppers.

The Use of Cookies

A cookie is a piece of computer code - a text file - that is made up of a series of letters and numbers and placed on your device each time you visit our website. Although they may sound sinister to some, they're actually very useful as they allow us to greatly improve your, and the other users of your devices', visits to our site, simply by understanding more about your preferences and interests.

Web browsers and smart electronic devices allow the user to disable cookies, because cookies are used throughout our website, disabling them may prevent you from using certain parts of our site.  The cookies used on our website have been categorised based on the guidelines found in the ICC UK Cookie guide. We use the following categories on our website and online services:

Category 1 — Strictly Necessary Cookies

These cookies are essential to enable you to browse around our website and use features. Without these cookies, services like shopping baskets and e-billing cannot be provided.

Category 2 — Performance Cookies

These cookies collect information about how you use our website — for instance, which pages you mostly go to. This data may be used to help optimise our website and make them easier for you to navigate. These cookies are also used to let affiliates know if you came to one of our websites from an affiliate and if your visit resulted in the use or purchase of a product or service from us, including details of the product or service purchased. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous.

Category 3 — Functionality Cookies

These cookies allow our website to remember choices you make while browsing. For instance, we may store your geographic location in a cookie to ensure that we show you our website localised for your area. We may also remember preferences such as text size, fonts and other customisable site elements. They may also be used to keep track of what featured products or videos have been viewed to avoid repetition. The information these cookies collect will not personally identify you, and they cannot track your browsing activity on other websites.

Links to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over any other website  or your personal data privacy.

Social Media

We frequently post news online across Facebook, Instagram and Twitter's social media channels to maintain engagement and interaction with our customers, fans and followers. We also use social media to make announcements about our forthcoming events, product launches and other industry initiatives. In the main, these channels are used purely as a broadcast mechanism rather than a means of gathering data.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and in store.

Our Responsibility Commitment

Countryside Ski & Climb’s Data Controller will be responsible for the storing and processing of your data once you've given us your permission to use it and regardless of which of our data collection sources it comes to us from (mail order or newsletter sign-up, email marketing, store promotions, social media etc). At no stage will your personal data find its way into our systems unless you have willingly and freely provided it to us directly.

In possessing your personal data, we accept that this does not give us the right to abuse its use, and that consequently we will take due consideration of the balance between what we deem to be infringing your privacy and our ability to provide you with timely information, in effect creating a level of 'Privacy by Design'. Should you feel we've got this slightly wrong you can always remove specific permissions such as unsubscribing yourself from any future email activity using the unsubscribe link sent within every email campaign.

Beyond these options (or the SAR/RTBF methods mentioned above), we will also act in the background in other ways to preserve your personal data privacy. If you have neither opened, forwarded or clicked on an embedded link within any email from us we will automatically remove your email details from our marketing email system after 26 months of inactivity. Furthermore, if your entire commercial relationship with us appears to have ceased over a period of five years, then we will automatically obfuscate (that is, to render useless) your personal data.

Our Data Controller commits to maintaining your personal privacy throughout amendments to our system infrastructure and any of the commercial relationships we have with our third-party suppliers. These ongoing changes require that we review our Privacy Policy no less than once per annum and update the Policy edition, regardless of changes to the material content.

The only time we will share your data with anyone other than you, or senior members of our staff will be if we are required to do so as part of an investigation by UK law enforcement authorities.

Any changes we make to this Privacy Policy will be for the benefit of our customers and employees, but no changes will be made that breach our duty of care or any regulation. All changes will be notified in writing on our website.

ICO - Declaration

Should you ever feel that we have not met the regulations our registration details are: Countryside Ski & Climb Limited ICO (Information Commissioner’s Office) registration number Z1711535

If you have any queries concerning any aspect of our Privacy Policy please click here to send an email.