Privacy policy

Introduction This privacy notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how and why we use it, who we disclose it to, and how we protect your privacy. It's likely that we'll update this privacy policy from time to time, we'll notify you of any significant changes, but you're welcome to come back and check it whenever you wish.

We hope the following sections will answer any questions you have, but if not please get in touch with us.

1. Who are we?

Mendip Outdoor Pursuits Limited is a privately owned, family run business registered in the UK under company number 5767244.

For simplicity throughout this notice, 'we' and 'us' means Mendip Outdoor Pursuits Limited and its brands.

'You' and 'your group' means you and your party members or anyone for whom you are making a booking.

2. What personal data we collect

We collect some personal data, for example when you book an activity with us, use our website or contact us.

When using the term 'personal data' in our Privacy Policy, we mean information that relates to you (or member of your group) and allows us to identify you (or members of your group), either directly or in combination with other information that we may hold.

Your personal data may include for example your name, your contact details, information relating to your itinerary such as your booking reference number or information on how you use our website or how you interact with us.

Using the website

We gather information gathered by the use of cookies in your web browser

To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer/device is located, the web pages viewed during your visit, the site referring you and any search terms you entered.

Requesting information, a proposal or quotation

Your name, contact details and query will be recorded when you fill out a contact form

We will use your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.

Making a booking

If you have a booking or online account with us we may have records of your name, gender, date of birth, email and telephone number(s). For your security, we'll also keep an encrypted record of your login password.

We hold details of your interactions with us through conversations with our sales and support teams, on centre, or online. For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of bookings you made, items added to your basket, voucher redemptions and how and when you contact us.

Organisation of your activity, event or camp

We hold copies of documents and information you provide. This may include details of your full name, address, date of birth and facial image.

Some of the personal data we hold for your party members may include for example party member's name, gender, date of birth and dietary requirements. We presume you have gained the necessary consent from party members / parents / guardians to use their personal data.

We collect child and adult height, weight and shoe size for the provision of ski equipment.

Visiting our centre

Your image and/or those of your group may be recorded on CCTV when you visit our activity centre.

In the event of any accidents or incidents on centre - your data may be recorded and shared with third parties as part of our duty of care.

Contact Post- Event

We retain your comments, feedback and product reviews.

We hold your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.

Special Category Data

When we provide our services to you we may collect information that could reveal racial or ethnic origin, details of physical or mental health (including SEND), or religious beliefs. This information is considered 'sensitive personal data' under GDPR and other data protection laws.

We only collect this information where it is necessary to deliver our services to you.

For example, if you inform us about specific dietary requirements, this could indicate specific religious beliefs or your racial or ethnic origin.

If you request special assistance, use of an adapted room or facilities; or provide medical information for you and/or your group, this could reveal information about health.

By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Policy. If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us. Please be aware that in such circumstances you will not be entitled to cancel or obtain a refund of any price you have paid.

In addition, we may also share your personal data with our suppliers who provide services to you on our behalf. For example, if we need an adapted coach to accommodate disabled users.

3. Explaining the legal bases we rely on

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

Consent

In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we can always make clear to you which data is necessary in connection with a particular service.

Contractual obligations

In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you book a trip with us, we will collect your address details in order to send you booking information.

Legal compliance

If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement. We may also have to pass data to regulatory or governing bodies.

Legitimate interest

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your booking history to send you or make available personalised offers. We also combine the browsing history of many customers to identify trends and/or develop new products/services. We will also use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you

4. How and why we use personal data

We want to give you a great customer experience.

One way to achieve that is to get a picture of who you are by combining the data we have about you. We then use this to offer you promotions, products and services that are most likely to interest you. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.

Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you've asked for.

Here's how we'll use your personal data and why:

To manage your booking and make arrangements for you

When you book an activity with us, we use your information to provide services to you and fulfil our contractual obligations, for example to confirm your travel arrangements such as travel, accommodation, and itinerary arrangements.

To communicate with you & manage our relationship

We will need to contact you by email for administrative or operational reasons, for example to send you confirmation of your booking and payments, to inform you about a specific aspect of the product you have enquired about or booked. Please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you have not opted into receiving marketing communications. We may also use your personal data after you have sent us a request, filled in a web-form through our website or contacted us on social media, where required to meet your request. In order to manage our relationship with you as our customer and to improve our services and experiences for customers we will use the communications you exchange with us and the feedback you may provide.

To personalise & improve customer experience

We may use personal data to tailor our services to your needs and preferences and to provide you with a personalised customer experience. For example, if you inform us about your preferred destination, trip type or curriculum area/role in school we will be able to send you communications relevant to your preferences. We'll do this as part of our legitimate business interests. We may also collect information on how you use our website, which pages of our website you visit most, which destinations and products you search for and what products you book, in order to understand what you like. We may use this information to tailor the content and offers that you see on our website and, if you have agreed to accept the use of marketing cookies on our website.

To inform you about activities linked to your curriculum and destination preferences.

When you provide your personal data via our website(s) or it is available in the public domain (e.g. on a school's website), we use this information for our legitimate business interests to provide information about and provision of residential trips. An example of when we might use this approach is for ensuring postal and digital marketing is relevant for you and tailored to your interests, determined by your booking history, your job role or known curriculum and/or destination preferences. We will also hold information about you so that we can respect your preferences for being contacted by us.

When we process your personal data for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

You can also choose to opt out from receiving marketing communications at any time, by clicking on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us.

Please note that we do not share your contact details and other personal data to external organisations.

To improve our services, fulfil our administrative purposes and protect our business interests

We will use your information for the following business purposes which include accounting, billing and audit, credit or other payment card verification, safety, security and legal purposes, statistical and marketing analysis, customer feedback requests, systems testing, maintenance and development.

To comply with our legal obligations

We may use your data to send you communications required by law such as updates to our Privacy Policy or to comply with any legal obligation to provide data to police.

To respond to your queries, refund requests and complaints

Handling the information you have sent to us enables us to respond. We may also keep a record of these communications to inform any other contact we have with you/your group and to demonstrate how we communicated throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing the best service and understanding how we can improve our service based on your experience.

To protect our business and your account from fraud and other illegal activities

This includes using your personal data to maintain, update and safeguard your account. We'll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We'll do all of this as part of our legitimate interest.

For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations.

To develop, test and improve our systems

We'll do this on the basis of our legitimate business interests. For example, we may record your browser's Session ID to help us understand more when you leave us online feedback about any problems you're having.

To send you survey and feedback requests to help improve our services

These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.

To administer any prize draws or competitions

We will use your data to contact you about prize draws or competitions which you enter, based on your consent given at the time of entering.

To inform our business decisions

We may combine data captured within our systems with that from third parties and data from publicly-available lists. We'll do this on the basis of our legitimate business interest. For example, by combining this data, this will help us personalise your experience and decide which content to share with you. We also use anonymised data from customer purchase histories to identify trends, create a better understanding of our customers and improve the quality of our marketing activities.

5. Requesting access to your personal data

We respect your right to control your data. Your rights include:

Right of access - you have the right to access and obtain a copy of the personal data that we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.

Right to rectification - you have the right to request that we correct any inaccuracies in the personal data stored about you.

Right to erasure - in certain circumstances, you have the right to request that we erase your personal data. For example, you may exercise this right in the following circumstances:

- your personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed by us

- where you withdraw consent and no other legal ground permits the processing

- where you object to the processing and there are no overriding legitimate grounds for the processing

- your personal data have been unlawfully processed

- your personal data must be erased for compliance with a legal obligation

Where we store your personal data for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your personal data for compliance with a legal obligation or in connection with legal proceedings.

Right to restriction - you have the right to restrict our processing of your personal data where any of the following circumstances apply:

- where you feel that the personal data which we hold about you are not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your personal data

- where the processing is unlawful and you do not want your personal data be erased and request the restriction of its use instead

- where we no longer need to process your personal data (e.g. any of the purposes outlined above have been completed or expire), but we require it in connection with legal proceedings

- where you have objected to our processing of your personal data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms.

Where you exercise your right to restrict our processing of your personal data, we will only continue to process it with your consent or in connection with legal proceedings or for the protection of the rights of other people or for reasons of important public interest.

Right to data portability - you have a right to receive and transfer the personal data that you provide to us in a structured, commonly used and machine-readable format where we process your personal data on the legal bases of: a) your consent; or b) where it is necessary to perform our contract with you. Where you make such a request, we will directly transfer your personal data on your behalf to another controller of your choice (where it is feasible for us to do so).

Right to withdraw consent - you have a right to withdraw your consent, at any time, to our processing of your personal data which is based on your consent. Where you exercise this right, our processing of your personal data prior to your withdrawal of consent will remain valid.

Right to object to processing - In certain circumstances, you have a right to object to our processing of your personal data where we process it on the legal bases of our legitimate business interest or your consent to marketing. We may not be able to comply with such a request where we can demonstrate that there are compelling legitimate grounds for us to process your personal data which override your interests, rights and freedoms or where the processing of your personal data is required for compliance with a legal obligation or in connection with legal proceedings.

If you would like to make a personal data access request, please email us at data@mendip.me with the subject title 'My data request' including the following required Information:

- your full name

- a description of your data access request

- all email addresses (past and present) used to book activities with us

- dates and times of your visits to our centres and any activities you participated in

- attach to the email a copy of your current and valid photo ID (for example, passport photo page)

From the date that we receive ALL the required Information, we have one month to process your request. If the request is complex or numerous we may require an additional two months and will contact to explain why the extension is necessary within the first month of your request. If you have questions in relation to your personal data, please contact us at: data@mendip.me

6. How we protect your personal data

We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data. When you provide your personal data through our website(s), this information is transmitted across the internet securely using high-grade encryption.

Sensitive data such as payment card information is secured by SSL encryption.

As described in this Privacy Policy, we may in some instances disclose your personal data to third parties (see Section 9.). Where Mendip Outdoor Pursuits Ltd discloses your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however in some instances we may be compelled by law to disclose your personal data to a third party and have limited control over how it is protected by that party.

The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Policy or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area - including by staff operating outside the EEA who work for one of our suppliers or agents (this includes staff engaged in, among other things, the fulfilment of your booking, and the provision of support services). Where your personal data are transferred outside of the EEA, we require that appropriate safeguards are in place.

7. How long will we keep your personal data?

Whenever we collect or process your personal data, we'll only keep it for as long as necessary for the purpose which it was collected. At the end of that period your data will either be deleted or anonymised, for example by aggregation with other data - so it can be used in a non-identifiable way for statistical analysis or business planning.

8. Cookies or other tracking technologies

To make full use of our website, your computer, tablet or mobile phone will need to accept cookies, as we can only provide you with certain personalised features of this website by using them.

9. Sharing your personal data

We may also share some of your personal data with, or obtain your personal data from, the following categories of third parties:

Suppliers providing services to us in order to help us run our business and improve our services and your customer experience. We may for example share your personal data with the companies who provide services e.g. coach companies, accommodation providers, agents who may book these services on our behalf, guides and representatives who assist your group whilst on tour and visit providers.

We may also share your personal data with marketing agencies and mailing houses to improve our products and services and to communicate with you.

We carefully select our suppliers who process your personal data on our behalf and require that they comply with high security standards for the protection of your personal data.

In addition to the parties listed above, we may disclose your personal data when this is required by the law of any jurisdiction to which Mendip Outdoor Pursuits Limited may be subject. Through our website we provide links to third party websites which are subject to separate Privacy Polices. Please be aware that this Privacy Policy does not apply to such websites and Mendip Outdoor Pursuits Limited is not responsible for your information that third parties may collect through these websites.

10. Contacting the Regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office.

You can contact them by calling 0303 123 1113.Or go online to www.ico.org.uk/concerns (we can't be responsible for the content of external websites)

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

11.Updates to our Privacy Policy

We may make changes to this Privacy Policy from time to time, including as part of the new European data protection legislation which will start to apply on 25 May 2018 (the 'General Data Protection Regulation') - we will update the Privacy Policy and we will publish on our website any new version of this Policy.

Dated: 18th May 2018

window.laravelCookieConsent = (function () { const COOKIE_VALUE = 1; const COOKIE_DOMAIN = 'mendipbasecamp.com'; function consentWithCookies() { setCookie('laravel_cookie_consent', COOKIE_VALUE, 7300); hideCookieDialog(); } function cookieExists(name) { return (document.cookie.split('; ').indexOf(name + '=' + COOKIE_VALUE) !== -1); } function hideCookieDialog() { const dialogs = document.getElementsByClassName('js-cookie-consent'); for (let i = 0; i < dialogs.length; ++i) { dialogs[i].style.display = 'none'; } } function setCookie(name, value, expirationInDays) { const date = new Date(); date.setTime(date.getTime() + (expirationInDays * 24 * 60 * 60 * 1000)); document.cookie = name + '=' + value + ';expires=' + date.toUTCString() + ';domain=' + COOKIE_DOMAIN + ';path=/' + ';samesite=lax'; } if (cookieExists('laravel_cookie_consent')) { hideCookieDialog(); } const buttons = document.getElementsByClassName('js-cookie-consent-agree'); for (let i = 0; i < buttons.length; ++i) { buttons[i].addEventListener('click', consentWithCookies); } return { consentWithCookies: consentWithCookies, hideCookieDialog: hideCookieDialog }; })(); window.fwSettings={'widget_id':80000001280}; !function(){if("function"!=typeof window.FreshworksWidget){var n=function(){n.q.push(arguments)};n.q=[],window.FreshworksWidget=n}}()