Sam Sykes™ Privacy Statement

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

GDPR compliance & Data protection

Introduction

Sam Sykes™ takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you need more information, please contact:

info@samsykesltd.co.uk

If you are taking part in, or booking a course with Sam Sykes™ Ltd or one of our trading names (Sam Sykes™, Mammut Mountain School™), the controller of your data will be Sam Sykes™

Our personal information handling policy and procedures have been developed in line with the requirements of the 1995 European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation (in force from 25 May 2018) and applicable national law.

1. What information do we collect?We collect and process personal contact and medical information from participants on our courses, as well as information from individuals that may book courses on behalf of other people. The personal data we process includes:

   • your name.

   • your home address, email address and phone number.

   • your medical information and consent.

   • emergency contact details in case of incident.

   • your payment and delivery details, including billing and delivery addresses and credit card details, where you make purchases from us directly.

   • and/or any other information you provide.

2. How do we use this information and what is the legal basis for this use?We process the personal data listed in paragraph 1, above for the following purposes:

   • as required to establish a booking with you, for example, if you make a purchase from us or enter into an agreement to provide or receive services. This may include verifying your identity, taking payments, communicating with you, providing customer services and arranging the delivery or other provision of products or services. We require this information in order to enter into a contract with you and are unable to do so without it;

   • to comply with applicable law and regulation;

   • in accordance with our legitimate interests in protecting Sam Sykes™ Ltd’s legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);

   • with your express consent to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our website or our products or services;

   • we may use information you provide to personalise our communications to you;

   • if you provide a credit or debit card, we may also use third parties (such as POS payment providers) to check the validity of the sort code, account number and card number you submit in order to prevent fraud, in accordance with our legitimate interests and those of third parties;

   • we may monitor any customer account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law and our legitimate interests;

3. With whom and where will we share your personal data?Your personal information is shared with your instructor and other related supervisory and administrative staff at Sam Sykes™ Ltd, as is required by our safety systems in line with Health and Safety Executive regulations.Any payment or personal information you have used to book one of our courses through our website is held on our website server, or through the payment portal our website operates with.Personal data may be shared with government authorities and/or law enforcement officials if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws.In the event that our business or any part of it is sold or integrated with another business, your details will be passed to the new owners of the business.

4. How long will you keep my personal data?We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose.We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.Where you are a customer, we will keep your information for the length of any booking you have with us, and after that for a minimum period of 12 years.In the case of any contact you may have with our administrative team, we will retain those details for as long as is necessary to resolve your query.We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require Sam Sykes™ Ltd to hold certain information for specific periods other than those listed above.

5. Where is my data stored?All consent/medical forms are held at Sam Sykes™ HQ in our secure documentation and server room, unless the course you are booked onto is live, where this information is held by your supervisory staff on the course with you, as is required by our safety systems in line with Health and Safety Executive regulations.Any electronic data we receive, such as your name and age is held on a secure internal sever at Sam Sykes™ HQ.Any payment or personal information you have used to book one of our courses through our website is held on our website server, or through the payment portal our website operates with. Some online personal data that we collect from you may be transferred to, and stored outside the European Economic Area (“EEA”) if based upon external servers.

6. What are my rights in relation to my personal data?If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.You also have the right, with some exceptions and qualifications, to ask us to provide a copy of any personal data we hold about you.Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) if it is no longer necessary for us to use your personal data; (b) if you object to the use of your personal data and we don’t have a good reason to continue to use it;

7. Where can I find more information about Sam Sykes™ Ltd’s handling of my data?

Should you have any queries regarding this Privacy Notice, about how Sam Sykes™ Ltd processes your personal data or wish to exercise your rights you can contact the Sam Sykes™ Ltd team using this email address: info@samsykesltd.co.uk.

If you are not happy with our response, you can contact the Information Commissioner’s Office: https://ico.org.uk/