Last updated: 21.05.2018
The purpose of this Privacy Notice is to outline how weather to ski has established measures to protect your privacy and information rights, and how we process the personally identifying information (“Personal Data”) that we collect and receive from you when you visit our website (www.weathertoski.co.uk), email us with queries, or subscribe to our newsletters.
Weather to ski is the Data Controller in respect of any Personal Data that you submit to us or that we collect from or about you. Weather to ski is owned and managed by Fraser Wilkin.
We will update this Privacy Notice from time to time to reflect changes in our business. All such changes will be posted to our website and if we consider it appropriate we will notify newsletter subscribers of any material changes by e-mail.
1. Our privacy commitments
We are committed to safeguarding the privacy of our website visitors and newsletter recipients, and will only collect, keep, use and share Personal Data for the purposes outlined in this Privacy Notice.
We will be as clear and open as we can with you on what Personal Data we collect and how it will be processed and, for as long as we maintain records of your Personal Data, we will keep it up to date and protect it with appropriate safeguards.
2. Your rights in relation to Personal Data
We recognise that you have rights as a ‘data subject’, and that we have an obligation to uphold these. This Privacy Notice aims to outline how we maintain these rights. In particular, it outlines:
- How we collect and process that information;
- Why we do this;
- How you can exercise your rights; and
- Who to contact in the event that you are unhappy with how we have dealt with your request.
Depending on why we have collected your information, your rights could include:
Right to be informed
You have the right to confirmation of whether or not we process your Personal Data, and to be informed of how we collect and use it.
Right to access
You have the right to access your Personal Data together with certain additional information (including the categories of Personal Data concerned, why and how we process it, and the recipients of any data). If you wish to exercise this right, we will supply you with a copy of the Personal Data that we hold on you, providing the rights and freedoms of others are not affected.
Right to rectification
If the information we hold on you is inaccurate or incomplete, you can request we correct or complete it.
Right to erasure
You can request we delete or remove Personal Data where there is no compelling reason for us to continue its processing. Where the legal basis for our processing your Personal Data is that you have consented to us doing so, you have the right to withdraw that consent at any time.
Right to restrict processing
You have the right to request that we cease processing your data if:
- You consider it inaccurate or incomplete;
- Processing is unlawful but you oppose erasure;
- We no longer need it for the original reason we collected it, but you require it for the establishment, exercise or defence of legal claims; or
- You have objected to processing and we are considering whether we still have a legitimate interest in processing it.
Where processing has been restricted on this basis, we may continue to store your Personal Data. However, we will only process it:
- With your consent;
- For the establishment, exercise or defence of legal claims;
- For the protection of the rights of another natural or legal person; or
- For reasons of important public interest.
Right to object to processing
You have the right to object to our processing your Personal Data under certain circumstances. For example, you can object to processing for:
- Direct marketing (including profiling); and
- Scientific/historical research or statistical purposes (unless the processing is necessary for the performance of a task carried out for reasons of public interest).
Right to data portability
Where you have consented to our processing your Personal Data, or where the processing is necessary for us to deliver a contract, you can request that a copy of your Personal Data be provided to a third party in electronic form, so long as doing so would not adversely affect the rights and freedoms of others.
Right to complain to a supervisory authority
If you consider that our processing of your Personal Data infringes data protection laws, you have a legal right to lodge a complaint with the supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In the UK, the relevant supervisory authority is The Information Commissioner’s Office.
3. Information we collect
Please find below a summary of the information we collect and how we use this to deliver services to you.
Please do not supply any other person's Personal Data to us, unless we prompt you to do so. Before you disclose to us the Personal Data of another person, you must obtain that person’s consent to both the disclosure and the processing of that Personal Data in accordance with this Privacy Notice.
Information we collect:
We may process data about your use of our website ("Usage Data"). The source of this data is Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
This may include your IP address (although it will be anonymised before it is stored and will not be associated with any other data held by Google), geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
Why we collect this:
We collect the Usage Data in order to analyse the use of our website. The legal basis for this processing is our legitimate interests, namely the monitoring and improving of our website.
How we process it:
Google places cookies on your computer to enable it to provide us with activity reports relating to our website. Google uses this data only to provide us with information on how users use the website and does not associate your IP address with any other data held by Google. The information generated by Google cookies about your use of the platform will be transmitted to and stored by Google. Google anonymises your IP address before this data is stored.
You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout.
Information we collect:
We may process information contained in or related to any communication that you make with us or send to us, or enquiry that you submit to us via our website (including the communication content and metadata associated with the communication) ("Correspondence Data").
This may include your name, e-mail address or telephone number. Our website will generate the metadata associated with communications made using the website contact forms.
Why we collect this:
We collect the Correspondence Data for the purposes of communicating with you, in response to a request by you for us to do so. The legal basis for this processing is our legitimate interest, namely the proper administration of our website and business and communications with users.
We may also process any of your Personal Data where necessary for compliance with a legal obligation to which we are subject, in order to protect your vital interests or the vital interests of another natural person, or for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
How we process it:
We store the Correspondence Data in the form of emails or documents on our server (provided by 1&1 Internet Inc.) and local devices.
Information we collect:
We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("Notification Data"). The Notification Data may include your name and email address.
Why we collect it:
We collect the Notification Data in order to send you the relevant email notifications and/or newsletters. The legal basis for this processing is consent.
How we process it:
We process your Personal Data using MailChimp, a customer relationship management system, marketing automation platform and email marketing service provided by The Rocket Science Group LLC. MailChimp and its sub-processors process your Personal Data on our behalf.
4. Transfer of data
Weather to ski will not sell your information. We will not share your information with any third party except as stated in in this Privacy Notice or as required or permitted by law, where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may disclose your Personal Data to any of our employees or officers insofar as reasonably necessary for the purpose of dealing with your enquiry and/or providing you with goods and services.
Where we transfer Personal Data to processors located outside the European Economic Area (EEA), we only do so after taking such steps as are required to ensure that the Personal Data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors located the USA are certified as compliant with the EU-US Privacy Shield Framework. To learn more about the Privacy Shield program, please visit: https://www.privacyshield.gov/ Processors outside the EEA and US are located in jurisdictions certified by the European Commission as having an adequate level of data protection.
Please find below a summary of who information is shared with and why, and where this involves a transfer overseas:
Marketing automation platform & email marketing service
If you have subscribed to our mailing list, we will process your Personal Data using MailChimp, a marketing automation platform and email marketing service provided by The Rocket Science Group LLC, located in the US. We do this in order to send you newsletter and email communications. Transfers to the US will be protected by appropriate safeguards, namely compliance with the EU-US Privacy Shield Framework.
Email and internet provider
The hosting facilities for our website and email service are provided by 1&1 Internet, whose servers are located in both the EEA and US. Transfers to the US will be protected by appropriate safeguards, namely compliance with the EU-US Privacy Shield Framework.
Third party suppliers of goods and services
From time to time we may have advertising on our website for goods and services provided by third party suppliers (such as airlines, tour operators, transfer providers, car hire companies, hotels and other accommodation providers, ski schools, and ski hire companies). Any Personal Data that you provide to these suppliers is not processed or held by us. Any information you may input into online forms is done so on those third party suppliers' servers and will be dealt with in accordance with their privacy policies.
5. Securing your information
We maintain technical and physical safeguards that are designed to protect the security and integrity of your Personal Data, and to guard it against accidental or unauthorised access, use, alteration or disclosure to unauthorised third parties. These measures include device encryption, firewalls and virus checking procedures. Where we keep Personal Data files on local devices these devices are protected and accessible only to authorised employees. We regularly review our security systems to ensure that your Personal Data remains safe and secure.
6. Retention of data
We do not keep Personal Data that we process for any purpose or purposes for longer than is necessary for that purpose or those purposes.
We will retain and delete your Personal Data as follows:
Data about your use of our website will be retained for no more than 50 months following the date of your last visit to our website.
Correspondence Data will be retained for no more than 7 years following the point of last contact, unless your name and email address are being retained for the purposes of email marketing, to which you have consented. If you object to this retention, please contact us.
Notification Data (meaning names and email addresses of those persons having consented to receive e-mail marketing) shall be retained until such time as the recipient chooses to unsubscribe from the email marketing.
7. Contacting us
If you have any questions about this Privacy Notice or how we process and/or store your Personal Data, or would like to exercise your rights as a data subject (for example, to change either the Personal Data we hold on you or how we communicate with you in the future) or, if you have given consent for processing wish to withdraw that consent, you can contact us at firstname.lastname@example.org or on +44 (0)20 3151 3154.
If you wish to exercise your right to access, providing the rights and freedoms of others are not affected, we will supply to you a copy of your Personal Data. The first copy will be provided free of charge.
If you do not feel that we have responded to your query adequately, or if you have a further complaint, The Information Commissioner’s Office can be contacted on 0303 123 1113.