Privacy Policy

Blochaus Climbing Ltd is committed to protecting its members personal data in compliance with The Data Protect Act 2018(DPA) and General Data Protection Regulations (GDPR). This privacy policy sets out how and why Blochaus Climbing Ltd collects, processes and stores your personal data.

Sections:

1. Why we collect your personal data

2. Our legal basis for collecting and processing your data

3.  How your data will be collected

4.  What data we will collect

5.  How we use your data

6.  How we protect your data

7.  Data retention

8.  Third Party Organisations

9.  Your privacy rights

10.  Amendments to our policy

11.  Complaints and relevant authority information

 

1. Why we collect your personal data

Blochaus Climbing Ltd requires your personal information for collection, processing and storing as part of the normal operation of an indoor climbing sports facility, to uphold our legal duty or where it is in our legitimate interest to do so, namely, the proper administration of the facility. The data subject must consent to having their data collected. Blochaus Climbing Ltd will only collect data from those data subjects that have given consent, however, if you do not wish to share our personal information with us, it will affect your ability to use our facilities.

 

2. Legal basis for collecting and processing your data

Our legal basis for collecting and processing your data in all forms noted in this document are the following:

We are required to collect information in the form of a registration agreement, that shows the data subjects consent and understanding of the conditions of use, before participation in facility activities or using the facility unsupervised.

Data collection and processing is necessary for the legitimate interests of Blochaus Climbing Ltd, these being the proper administration, promotion, and provision of the facility to the consenting users.

 

3. How your data will be collected

This section covers the ways in which Blochaus Climbing Ltd will collect data from the data subjects.

3.1. Manually collected data

All personal data that is collected by Blochaus Climbing Ltd will be collected, with consent, directly from you or your parent/guardian, via several routes. These routes include but are not limited to, registration agreements, website usage, correspondence in all forms, facility usage & CCTV.

3.2. Automatically collected data (Cookies)

When you visit any section of our website from an internet device we automatically receive and store cookies information. Cookies provide information about how, when and from where people use a website. Cookies are an essential function of all websites; however, you have the right to limit cookie information that we receive to only essential functionality cookies. This can be done via your browser settings or via our cookie preference section of our website.

 

4. What data we will collect

This section covers what information Blochaus Climbing Ltd will collect from its data subjects with their consent.

4.1. Personal identification information

Blochaus Climbing Ltd will collect personal identification information for the purposes of personal account set up and use of facilities, which includes but is not limited to: Full Name, date of Birth, address (including postcode), email, mobile & landline phone numbers, emergency contact details, photo of account holder (14yrs+) & a signature recording consent to the terms and conditions of use of Blochaus Climbing Ltd. For data subjects under the age of 18, Blochaus Climbing Ltd may also collect information including but not limited to parent or guardian personal contact details, relevant medical conditions, relevant medications, and allergy information. Blochaus Climbing Ltd may also collect paper based personal information when completing incident reports as part of our legal obligation to report any injury or incident

 

4.2. Website interactions, Cookies and Correspondence Data

Blochaus Climbing Ltd may use data from website interactions in the form of cookies and meta-data from contact forms. This data is collected for the purpose of website functionality and for Blochaus Climbing Ltd legitimate interests in monitoring website usage and performance. Data collected may include but is no limited to the data subjects; IP address; geographical location; browser type and version; device operating system; time, duration, and date of interactions with website and personal information provided in contact forms. Blochaus Climbing Ltd may also store data provided voluntarily through any form of correspondence between Blochaus Climbing Ltd and the data subject. Blochaus Climbing Ltd may also use data and content you post for publication on our online presences, as part of our legitimate interests, namely the administration of our operating systems, policies and procedures and duty of care.

4.3. Transactions and account activity

Blochaus Climbing Ltd may use data collected from your activities and interactions with our facilities. This may include but is not limited to purchase history and patterns, changes to your account, billing information and use of facility.

4.4. CCTV Footage

Blochaus Climbing Ltd makes use of CCTV in particular areas of the facility, and records footage with no sound. For more information on our use of CCTV please see the CCTV policy.

 

5. How we will use your data

This section covers how the data collected from data subjects will be used and to what purposes that data is used.

Blochaus Climbing Ltd will use your personal data in the following ways.

5.1. To enable the proper administration of our operating systems including system backups, policies and procedures and facility.

5.2. To monitor and improve our online presence and services

5.3. To uphold our duty of care and legal responsibilities

5.4. To provide the data subject with goods and services at their request, and to fulfil any transactional contracts between the two parties.

5.5. To notify the data subject of relevant information regarding our facilities or of marketing the data subject has consented to receive.

5.6. To directly communicate with the data subject regarding enquiries or important information where necessary.

5.7. To monitor facility, use for legitimate interests of business development or when legally required to.

All data used by Blochaus Climbing Ltd is done so with the upmost respect to the data subjects and is done in the legitimate interests of the proper administration, promotion, and provision of our facility services. Blochaus Climbing Ltd will also use data when it is our legal obligation to do so.

 

6. How we store your data

Blochaus Climbing Ltd stores subject data on secure digital systems, fitted with the appropriate measures to avoid data breaches. These measures include firewalls and data encryption controlled by our operating system app Rock Gym Pro.

Occasionally Blochaus Climbing Ltd may be required to store personal information in paper form, for example, incident reports. All personal information held in paper form will be kept securely on site and accessed by authorised employees only. Blochaus Climbing Ltd employees have access to the data subject’s personal information to an appropriate level, in line with the seniority of the employee. All access to personal data is controlled and monitored, and all employees undergo extensive privacy and data protection training to ensure all Blochaus Climbing Ltd staff protect your information in line with the GDPR regulations. Blochaus Climbing Ltd will undergo regular security system reviews and all undertake all recommended system changes to ensure we are protecting your data to the best of our abilities.

7. Data Retention

Blochaus Climbing Ltd will retain personal data for as long as it is required to provide the services, the data subject, has requested access to when signing the registration waiver. Data may also be retained where it is our legal obligation to do so, for purposes of dispute settlements and for enforcing our facility policies and procedures. In the case of CCTV, footage is stored securely for 6 weeks. In some exceptional circumstances some footage relating to ongoing investigation or incidents will be retained indefinitely.

 

8. Third Party Organisations and International sharing of information

8.1. Third Party Organisations

Blochaus Climbing Ltd is required to share some data with third party organisation in the normal running of an indoor climbing facility, as a data subject, when you consent to Blochaus Climbing Ltd collecting, processing, or storing your data you also consent to your data being shared with the necessary third parties. All third parties adhere to the Data Protect Act 2018 and have privacy policy that is in line with the GDPR regulations.

Third Parties that we share data with are as following:

Rock Gym Pro – Facility account and POS programme, used to identify and check in Blochaus Climbing Ltd data subjects.

Smartwaiver – Provider of registration forms and waivers, works in line with Rock Gym Pro to create the registration system for Blochaus Climbing Ltd.

Stripe – Payment provider used to manage financial transactions between the data subject and Blochaus Climbing Ltd.

Blochaus Climbing Ltd may also share data with National Governing Bodies and award scheme providers such as the ABC or BMC. Blochaus Climbing Ltd will also share information for purposes of necessary business function where it is our legitimate interest to do so. For example, business insures or technical advisors. Blochaus Climbing Ltd will also share information with third party organisations where we have a legal obligation to do so.

8.2 International information sharing

Both Rock Gym Pro and Smartwaiver are companies based outside the UK. The European commission has adopted and approved information sharing with companies based in The United States of America, information shared will be protected by appropriate safeguards and privacy shield certifications approved by the European commission and implemented by Rock Gym Pro and Smartwaiver.

 

9. Your Privacy Rights

The DPA 2018 provides you, the data subject, with rights over the collection, storage, and processing of your personal data.

9.1. Right of Access

You have the right to request a copy of all your personal data stored by Blochaus Climbing Ltd. This request will be carried out in a suitable time frame in all cases providing the rights and freedoms of others are not affected. All requests of this nature must be provided in writing from the data subject or on their behalf by a legitimately appointed person. e.g., legal representation.

9.2 Right of Rectification

You have the right to request any inaccurate or incomplete personal data held by Blochaus Climbing Ltd be updated.

9.3 Right to be forgotten

If circumstances permit, you have the right to request all your personal data stored by Blochaus Climbing Ltd be permanently deleted. This request will be carried out in a suitable time frame in all cases providing there is no legal obligations to retain data, there are no ongoing disputes, and the rights and freedoms of others are not affected.

9.4 Right to restrict processing

If circumstances permit, you have the right to restrict the way that Blochaus Climbing Ltd processes your data.

9.5 Right to object to processing

You have the right to object to certain kinds of processing undertaken by Blochaus Climbing Ltd, for example, direct marketing campaigns.

9.6 Right to portability

You have the right to request your data held by Blochaus Climbing Ltd be transferred to another organisation.

9.7 Right to complain to a supervisory authority

You have the right to complain to a higher authority about Blochaus Climbing Ltd privacy policy. Please see details in section 11.

9.8 Right to withdraw consent 

You have the right to, at any time, withdraw your consent for Blochaus Climbing Ltd to collect, store and process your data. Withdrawal of consent will not affect the lawfulness of any data collected, processed, or stored before consent being withdrawn. With drawing consent will affect your ability to access the facilities or services provided Blochaus Climbing Ltd.

 

10. Amendments to our policy

Blochaus Climbing Ltd Data Protection Officer is responsible for reviewing and updating this policy in line with the latest GDPR laws. Please regularly refer to this document to review any amendments to your privacy policy Blochaus Climbing Ltd may contact you via contact details provided to us about any changes to this policy.            

 

11. Complaints and Relevant authority information

Blochaus Climbing Ltd takes GDPR laws very seriously and strive to protect your personal information to the best of our ability. If you wish to register any complaints or concerns about the information sighted in this policy or how your personal data has been managed, please contact our Data Protection Officer:

Data Protection Officer

Blochaus Climbing Ltd

Unit 1, 34 Wood Street

Openshaw

Manchester

M11 2FB

Supervisory Authority:

It is also part of your privacy rights to be able to take complaints to a supervisory authority if you feel Blochaus Climbing Ltd has not been able to sufficiently manage your complaint:

Information Commissioners Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5A