All the stuff you need to know about your personal data
Rockstar Climbing Privacy and Data Policy
The policies that follow contain important information regarding your personal rights to privacy and as such we recommend you read it carefully in order that you can understand how we collect and manage your personal data.
Please note too that any data you provide us is on a completely voluntary basis, however, without providing us with certain types of personal data we cannot provide access legally to certain services or facilities.
Rockstar Climbing Privacy and Data Policy
When do we collect personal information from you?
We collect personal information from you when you provide it directly.
For example, when you visit Rockstar Climbing and you complete our climber registration form, when you book onto a course or session online, over the phone or face-to-face at our Front Desk, when you sign up to our mailing list or communicate with us via email.
We collect personal information from you when it is publically available.
This could include when you interact with us via social media (Facebook, Instagram, Twitter).
We collect personal information when it is provided indirectly, i.e. by a third party.
For example, this could be information passed onto us by another service promoting our sessions or courses (such as Groupon, etc) where you might have booked to attend through a third party.
We also collect certain information via our website.
When you visit our website and browse it we might collect certain types of data such as your Internet Protocol (IP) address used by your device to connect to the internet. We may also collect information regarding the device you’re using itself to view our website (i.e smartphone, tablet or PC/laptop), and the operating system you use (Windows, OS, etc.). In addition we may also track the number of page visits we receive and the visit duration.
What personal information do you store and how do you use it?
We may collect and store the following types of personal data:
Your full name, postal address, contact telephone number(s), email address, date of birth, gender, emergency contact details and in some cases any relevant medical conditions.
Personal photograph(s) such as headshots.
CCTV footage where you might be visible at the centre.
Any information relating to personal qualifications relevant to the climbing industry including first aid.
Certain financial or billing information such as bank details and/or credit/debit card details. Where this information is stored, however, it is done so via a regulated financial provider such as Stripe or Worldpay and data is encrypted and stored in a limited way.
We may use this data for the following reasons:
To register you as a climber at Rockstar via our registration process.
To allow you to make bookings at Rockstar either online, by phone or face-to-face.
To allow you to make other types of purchases at Rockstar, such as from our shop or café.
To help us communicate with you to answer any general questions you have asked of us.
To inform you of any cancellations or rescheduling of sessions or courses you, or a junior under your supervision, may be booked onto.
To provide you with information regarding upcoming events, other activities and news where appropriate and only if you have provided your consent to receive such information.
To assist in providing and delivering our NICAS/NIBAS schemes for juniors.
To allow you to apply for work with us.
For the prevention of fraud or misuse of personal data by others or for the misuse of our facilities.
For the establishment, defence and/or enforcement of any legal claims against Rockstar.
To allow a prompt and rapid response in the event of a medical emergency or to support emergency service personnel in the advent of an accident or medical situation.
To keep our facility safe and secure and to help protect our staff and customers.
Communicating with you for marketing or promotional purposes
We may use your contact details to communicate with you about new products, services, courses, events or promotions which we feel may be of interest to you and this may happen through email, or social media.
Communications of this nature will only happen if you have given us your express consent to do so, so in the case of marketing information via email you may have either signed up via our website directly or opted-in via our registration process to grant this consent. With regards to social media you may receive our posts in your social feeds if you have chosen to connect with us.
Where you have provided us with consent previously but no longer wish to receive communications of a marketing nature from us then please contact our Data Protection Officer by emailing firstname.lastname@example.org. You can also opt-out of our email communications at any time by clicking the ‘unsubscribe’ link at the bottom of our emails.
Legitimate Interest and Lawful Basis
The terms set down under the General Data Protection Regulation (GDPR) states that organisations must rely on a lawful basis/legitimate interest to use any personal data collected. For Rockstar Climbing Limited this is considered to be:
Where you have provided specific consent for us to use your personal data, such as registering to use our facilities as a customer, signing up to our mailings relating to news, events and courses, or following us on social media.
Where we are obliged to do so for legal reasons, such as regulatory bodies which govern our industry, government bodies or legal establishments, or where there is vital interest such as emergency services.
Where necessary to allow us to provide our service to you as a customer upon your request, for example, for the completion of a booking, entry fee to the centre or subscription.
Personal information for children
We will only collect and store personal data for a child when we have consent to do so by either the child or the parent/legal guardian of the child in question. Rockstar Climbing operates a rigorous Safeguarding Policy to ensure that all children are kept safe and are protected and this extends to include the appropriate handling of data.
How long do we retain your personal information?
Certain records such as facility waivers (registration forms that permit an individual to climb at Rockstar) will expire every two years at which point we will ask you to re-register if you wish to continue using our facility; this relates to both adults and children.
Expired waivers and other registration or permission based documents will remain on file for a total duration of 3 years following the date of original collection, or in the case of minors until they are 21 years of age. If before this duration your personal data is no longer required we will then remove your data from our records.
Do you sell or share personal data?
We will never sell or share your personal data for marketing or promotional purposes. However, we may divulge some personal data to third parties in order for us to achieve our legal or contractual obligations as a Company.
For example, we may disclose certain elements of a customer’s personal data to register them on the NICAS/NIBAS scheme if they are attending our Cliffhangers sessions, or we may further disclose some details to emergency services, government bodies or legal representatives in case of an accident, medical situation or legal dispute.
How is personal data stored?
Rockstar are committed to keeping your personal data as safe and secure as possible.
Data is stored electronically on secure servers either directly (i.e. created electronically in the first instance via an electronic device) or indirectly (i.e. where a paper record has been created it is then scanned and then the paper copy destroyed).
Your personal information is accessible only by trained staff and certain parts of your personal data is limited to staff members who require a higher level of access, such as senior managers and directors.
We have security measures in place to prevent unauthorised access to stored data.
Personal data - your rights
You have the right to withdraw your consent for us to use your personal data at any time, including unsubscribing from our mailing list, and your rights further extend to the following options:
Right of access - you can request confirmation of what information we hold about you or a child of yours on our records providing you can prove you have lawful entitlement to view this data (proof of identity will be required).
Right to be forgotten - You can request to stop receiving communications from Rockstar Climbing or further request any data we hold on you or a child of yours be deleted from our records. Upon verification of this request we will then remove all data bar any information we are legally required to retain.
Right of modification - If you believe any data we hold on your or a child of yours to be inaccurate then you have the right to request this data be modified to bring it up to date. You can also request, via your right of access, for us to provide you with the information we hold on you if you are unsure if your data is accurate.
Right to restrict processing - You have the right to request we stop processing your personal data if you believe your data is inaccurate or is being used illegitimately.
Getting in contact with us
If you have any concerns regarding your data or you wish to contact us regarding your personal information and its usage please contact us using the details below.
Email our Data Protection Officer on: email@example.com
Telephone: 01793 824 177 and ask for our Data Protection Officer
By post: Rockstar Climbing, Unit 3, i.o. Centre, Hobley Drive, Swindon SN3 4NS.
Please mark any correspondence for the attention of our Data Protection Officer.
If you feel an enquiry you make with us isn’t being handled to your satisfaction you have the right to make a complaint to the Information Commissioner’s Office (ICO) contactable via www.ico.org.uk.