– Data Protection Principles
– Data Subjects Rights
- How we collect information
– Website Forms
– Email Links
- Third Party Data Processors
– Third Party Data Processors
– Embedded content from other websites
- How we store your information
– Data Retention
– Data Breaches
- Change log
This policy sets out the basis on which any personal data that you provide to us, will be processed by us. Please read the following to understand our views and practices regarding your personal data and how we will treat it.
Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person whose Personal Data is being Processed.
Child / Children – a natural person under 18 years of age.
Data Protection Principles
We promise to follow the following data protection principles:
- Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
- Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
- Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
- Processing is limited with a time period. We will not store your personal data for longer than needed.
- We will do our best to ensure the accuracy of data.
- We will do our best to ensure the integrity and confidentiality of data.
Data Subject’s rights
The Data Subject has the following rights:
Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
- Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered. In certain circumstances we can request a fee of £10 to cover administration costs.
- Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
- Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
- Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
- Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
- Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
- Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
- Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
- Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
- Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.
2 – How We Collect Your Information
Comments – WordPress
If you leave a comment on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Comments – Disqus
To allow visitors to discuss our blog articles and some web pages we use a discussion system called Disqus.
To do so we embed code that Disqus provide and we do not control ourselves. Disqus anonymously tracks visitors to pages like we do. They also remember who you are if you login to any Disqus service, so you can comment on any website using their tool.
Logging in to Disqus can be done in many ways, including via Facebook. If you login via social network, Disqus will be able to link your activity to that network. In this way, your Disqus activity may be personally identifiable.
Disqus will know what pages you viewed in our site and what you wrote on those comments. Of course all comments you leave are also publicly visible on the Internet alongside your name, so we do not imagine this is a concern for many people. We class Disqus as a third party data processor.
If you provide us with personal information whilst on a call with us we will input this into our website or internal system for processing. We will not sign you up to any newsletters without consent.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
When you submit a form on our website we will record all information submitted including any personal information provided (such as your name and email address).
This information is stored on within our websites database for a short period of time before being sent securely a mail delivery service called Mailgun. We consider Mailgun to be a third party data processor.
If you choose to join our email newsletter, the email address that you submit to us and any other personal information supplied (such as first and last names and mailing list preferences) will be forwarded to MailChimp or Campaign Monitor who provide us with email marketing services.
We consider MailChimp and Campaign Monitor to be a third party data processors. Your email address will remain within their database for as long as we continue to use these services for email marketing or until you specifically request removal from the list.
You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter. While your email address remains on our mailing list you will receive periodic (approximately 12 times a year) newsletter-style emails from us.
Should you choose to contact us using a mailto email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
You are responsible for the security of your email software used to send emails to us.
A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make sites work. Only we can access the cookies created by our website. You can control your cookies at the browser level. Choosing to disable cookies may hinder your use of certain functions.
- Necessary cookies – these cookies are required for you to be able to use some important features on our website, such as logging in. These cookies don’t collect any personal information.
- Functionality cookies – these cookies provide functionality that makes using our service more convenient and makes providing more personalised features possible. For example we anonymously measure how our site is used to help us improve the layout. We may also remember a choice or preference searched to help guide you to useful parts of the site.
- Optional Advertising cookies – these cookies are disabled by default and only enabled when you manually opt in. They help us improve our Google Adwords and Facebook advert campaigns.
You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us.
Some websites allow GA to track your IP address, however we anonymise your IP address from Google so no personal information is passed. We consider Google to be a third party data processor.
Facebook Pixel Tracking
Disabled by default unless you have manually opt’d in.
If you opt in we use Facebook Pixel Tracking to help us measure conversions from our Facebook to our website. This also allows us to target adverts to Facebook users who have visited or interacted with our site. We class Facebook as a third party data processor.
It is worth noting – If you are logged into any of Facebooks services then they may track your site usage directly. We have no control or use over that.
Google Adwords Tracking
Disabled by default unless you have manually opt’d in.
If you opt in we use Google Adwords Tracking to help us measure conversions from our paid advertising on Google. This helps us improve the layout of our website and refine any advertising keywords used on Google Adwords. We class Google and Google Adwords as a third party data processor.
It is worth noting – If you are logged into any of Googles services then they may track your site usage directly. We have no control or use over that.
We use a variety of modern payment providers to bill for our services or products online. These companies will have access to your personal and payment information. We never store or have any access to your credit / debit card details.
The third parties we use are Stripe and Paypal.
We share information with these companies only to the extent necessary for the purposes of processing payments you make via our website.
3 – Third Party Data Processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
4- How we store your information
Any data provided (including personal data) will be stored for our records and minimum legal requirements. For example we need to keep records of our customers.
We store all email address preferences for Newsletters so that we know if you are subscribed or unsubscribed.
We annually remove personal information from our system that we have no legal requirement to keep.
We reserve the right to store your data in secure locations for processing such as a bespoke administration system or protected Google Sheets / Drives.
We take many precautions to prevent the loss, misuse or alteration of your personal information. These precautions include:
- Use of SSL encryption for sensitive data
- Hardware stored in secured UK data centres behind firewalls
- All access to information restricted by password and/or secure key
We monitor our systems for possible vulnerabilities and attacks. Even though we try our best we can not guarantee the security of information.
If you have a username and password you are required to keep these safe and protected.
In operating our website it may become necessary to transfer data that we collect from you to locations outside of the European Union for processing and storing. By providing your personal data to us, you agree to this transfer, storing or processing. We do our upmost to ensure that all reasonable steps are taken to make sure that your data is treated stored securely.
Unfortunately the sending of information via the internet is not totally secure and on occasion such information can be intercepted. We cannot guarantee the security of data that you choose to send us electronically. Sending such information is entirely at your own risk.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
Our website is intended for over 18’s only. Any information regarding a Child or Children must only be submitted on request when provided by a parent, guardian or the child where a parent or guardian is present. Any information requested is always kept strictly to a minimum for us to provide our service.
5 – Contact
Mountain Xtra Ltd
Name: D Barnbrook
Business Address: Chancery House, 30 St Johns Road, Woking GU21 7SA
Telephone: 01483 608396
Last change: 25th May 2018