WILD ROCK LTD T/A Far PeakPrivacy Policy:At Wild Rock Ltd T/A Far Peak we take your Privacy very seriously. We use Truevo to process your online booking payments. Truevo are leaders in their field of online payment processing. Our till systems are provided by Epos Now, another reputable leader in the field. We store your data on a secured server, hosted by Storm Internet.We do not sell or pass on any of your personal details for profit or marketing purposes. News and special offers will be updated through the Website and Social Media sites, we will not contact you directly, unless you have accepted that can send you a marketing emails. Our aim under GDPR is to maintain the assurance of your rights to data privacy and protection. On this page you can find out how to contact us to find out more about your data and also your privacy rights and how we will act. GDPR (General Data Protection Regulation) GDPR is a new Data compliance law coming into EU law on 25th May 2018. Far Peak has applied the best practice of GDPR at our park and on our website On Account Register you will be asked to provide the following details:- Unique User Key (Hidden auto generated by the system) Email address. Account password First Name Last Name Date Of Birth Mobile Phone Number Address Line 1 Address Line 2 Address Line 3 Address Line 4 Address Locality City County Post code Medical Conditions. This is in case you are involved in an accident, so we can provide first aid and if required inform the emergency services. Emergency Contact Name and Phone Number. We only use this if their is an accident. Microsoft Account System The website uses a Microsoft Account system in the website, to hold the accounts. This system is used is very robust/secure and is used in many websites. Encryption/Decryption We also encrypt/decrypt alot of your account data on the fly. Site Certificate Our site runs completely over https, which opens a secure encrypted web tunnel from your web browser to our server. The requests and responsese from the website are then transmitted over this tunnel. Post code lookup We use an address lookup system called GetAddress.IO we pass in a post code and it returns all addresses in that postcode. This saves time on you typing information in. You will also be asked to check the following check boxes:- I allow my information to be used in the booking/waiver process and used for my visit at the park. (Mandatory) This is our legal basis Contract for GDPR. In GDPR you have to outline why we are collecting the information we are. We need this information so that you can book online and visit the centre. We use your booking to make sure we don’t go over capacity at the park. For Health & Safety - we are only allowed so many people on sessions at a specific time. The capacity of a session depends on the type of session. This is all handled by the website. Your safety is our highest priority. I have read and confirmed the Privacy Policy. (Mandatory) This is quite simply that you have read and agreed this notice and you know what your GDPR rights are. I have read and confirmed Terms And Conditions. (Mandatory) You have read and agreed our Terms & Conditions of operation. I consent to being a member of the loyalty scheme. (Optional) By ticking this checkbox, you become a member of our Loyalty scheme. I consent to receiving marketing emails. (Optional) By ticking the checkbox, you are agreeing to receive marketing emails. Far Peak won’t spam you but from time to time, we may run a fantastic promotion and if you want us to let you know… By ticking (or unticking) this box, you can opt in or out of marketing emails. You can change this in your account at any time. Our marketing emails are also managed by Mail Chimp, and you can opt ourt of the marketing emails at anytime, by clicking the footer on the bottom of the emails. For GDPR compliance we audit the changes to these checkbox’ and they can be viewed by our Administrators. The aim of this is not for user tracking, but just in case you question why you have received a service when you thought you hadn’t ticked the box. Please be aware out system will send you Booking confirmation emails, waiver emails when you book. These won’t contain any marketing, they are just information, so you are aware of your booking. When we send you waivers we have removed out the personal information for your security. Once registered you can edit your account. You can change your details and password at any time, under my account details. Party Information We do collect extra information when you book a party. This is only used to provide the best party. The extra info is:-
Forgotten password If you forget your password, then you can go through the forgotten password process when you click login. Waivers Waivers are linked to your account. Anyone who is climbing must have a waiver. You can create a waiver for you and your dependents. You can create waivers at any time, if any information changes, you can create a new waiver. Waivers are valid for 12 months and we can search in our system for you and your dependents waiver. This is the information we hold on Waivers:- UserID of the owning account (Only if you create a waiver in account) Email Address - (If you create a Waiver with no account) First Name Last Name Date Of Birth Address Line 1 Address Line 2 Address Line 3 Address Line 3 Locality City Country Post code Phone Number Medical Conditions. This is in case you are involved in an accident, so we can provide first aid and if required inform the emergency services. Emergency Contact Name and Phone Number. We only use this if their is an accident. Waiver Start and Finish Dates If our Privacy Policy/Terms and Conditions change over time. On your next login, we will ask you to read and re-confirm that you are happy with them. At this point you can also join/remove yourself from the Loyalty scheme and email marketing We audit this change and can view it in our admin area. As part of GDPR we need to know what version of documentation you signed against. Where else do we use your data? Your hosting is with Storm Internet- https://www.storminternet.co.uk/GDPRStatement GPDR requires that we tell you about every system that can use some or part of your data (Data processors). These Data processors are required to be GDPR compliant:- Google G Suite Far Peak uses G Suite to send and receive email to and from the centre. Google Cloud Services are GDPR compliant. https://www.google.com/cloud/security/gdpr/ Taking Payments We pass information to Truevo pay payment gateway for payment. Email address, 1st name, last name and client address. This saves the user from retyping the info. Truevo are PCI DSS compliant payment provider. https://truevo.com/business-terms-of-use/ Mail Chimp emails The website sends a lot of email, too much for a Google G Suite service so we have to use a different mass email provider. We use Mail Chimp Mandrill to send our emails The List of Emails the system sends you are:-
Mail Chimp - Marketing emails Mail Chimp is an industry standard email system used for mail marketing. We would send any marketing emails via Mail Chimp. Mail Chimp and GDPR https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation Google Analytics Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see relevant section below). Google Analytics makes use of cookies, details of which can be found on Google’s developer guides. For your information our website uses the analytics.js implementation of Google AnalyticsFurther information on Google Analytics and your privacy:- https://support.google.com/analytics/answer/6004245 Google Analytic Opt out Browser Addin In order to provide website visitors with more choice on how data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to stop data being sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not affect usage of the website in any other way. A link to further information on the Google Analytics Opt-out Browser Add-on is provided below for your convenience. Google Analytics opt-out. Google and GDPR:- https://privacy.google.com/businesses/compliance/ CCTV We have CCTV at the park for safety purposes and it is a requirement of our insurance company. Insurance If you have an accident at the park and we need to inform our insurance company then we need to pass your booking and account information to our insurance, plus any CCTV footage too. Plus any treatment/action required at the time of the accident. How Long do we Keep the Data for? Far Peak keeps the account data forever so you can continue to book. However we do anonymise the data as per below:- Bookings we will remove the booking from your account after 22 years and associate it with an anonymous user. So that we can’t trace the booking back to you. Bookings contain waivers. These waivers will be associated with an Anonymous waiver after 22 years. Waivers will expire for use after 12 months. At this point you can create a new user. In GDPR however you do have rights as an individual that overrule the above. These are outlined below:- Accessing your data We recognise our responsibility in looking after your data. You can ask us for a copy of the data we hold, have it corrected, sent to a third party or deleted (subject to our need to hold data for legal reasons). We manage this process by executing a Data Subject Access Request procedures in line with GDPR requirements when you contact us. You can request a Data Subject Access Request Form by contacting us: By Post: AK Leisure Group Ltd, Unit 9 Vulcan Road, Sheffield, S9 1EW. Email: info@farpeak.co.uk Phone: 01285 700 370 We will respond within 30 calendar days of receipt of this DSAR. We also reserve the right to increase the response time to three months if we consider the request to be complex and time consuming. If you are not satisfied you have the right to contact the Information Commissioners Office (ICO). The right to rectification;You can edit your account details at any time, by logging into the website and altering the details. You can also alter your consents to the loyalty and email marketing scheme here too. The only thing you cannot edit is your email address. This is for security. But we can edit it for you. If you need your email address changed, then please email info@farpeak.co.uk from the account registered with the system and we can change it for you. the right to erasure; If you want your account and waivers to be removed from the system then we can do that for you. Please email team@farpeak.co.uk from the account registered and we can start the process of removing you from the system. the right to restrict processing; As per above you can remove consents from email and loyalty system. We can also mark your account as inactive. So that no one can log in or use your account. Please email team@farpeak.co.uk with your request from the account that is registered. the right to data portability; You can download some of your own account information from the My Account area of the system. If you require any other data then please email the request to team@farpeak.co.uk. the right to object; You have the right to object to any processing undertaken for the purposes of direct marketing. We will stop processing for direct marketing as soon as we receive your objection. the right to not to be subject to automated decision making including profiling; We do not supply the information we hold to third parties for use in analysis or prediction. Data Breaches As per GDPR we have a process in place and would follow the GDPR process notifying you if any data breach affected your data. We will do this in 72 hours of identifying the breach. Our website uses Cloud Flare to help protect against illegal activities on our site, by hackers and 3rd parties to alleviate breaches. Or encryption of data also helps protect our systems against a breach. More information can be found here: - https://www.cloudflare.com/ We also have our internal security policy for our staff on how to keep your data secure on electronic devices or any paper based information. Cookies and Privacy Cookies are small files that are downloaded to your browser from the website. Far Peak use cookies on our website, these cookies though are only used for authentication and to make our website function correctly. Google Analytics uses cookies too. But we don’t use cookies in any malicious way. The website will not function correctly without using cookies. Any future development If we develop our systems any further we shall adopt a data protection by design model. We have done from the start and shall continue to do so. Questions and further contact If you have any questions or require any further information. Then please contact us below:- team@farpeak.co.uk. or use the contact form at Data Authority Our GDPR Data authority is:- ICO https://ico.org.uk Under GDPR you have the right to contact ICO at any time. But if you have any issues then please bring it to our attention first. |