Your privacy is important to us. That's why we're committed to protecting and respecting your personal data in accordance with the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR).
Who are we?
We are Mountain Goat Limited (Company Number: 02862284) and will be what’s known as the ‘Controller’ of the personal data that you provide to us on this website. Our registered office is Victoria Street, Windermere, Cumbria, LA23 1AD.
How and why we collect information from you?
We seek to acquire information about you when you use our website. This includes; when you contact us through our website, when you purchase products and services from our website, or if you register to receive our newsletter service.
Whenever we request personal information from you on our website we will always aim to reasonably explain why we are collecting the information and refer you to this policy for more comprehensive detail. The points where we are requesting your personal information will be highlighted by the following symbol:
Please note, we do not collect or store personal data about you supplied or obtained from any 3rd party sources. Any data we store is only that which we have collected from you directly.
What type of information is collected from you?
Enquiry / contact forms
When you contact us about our products and services we will request personal details such as your name, telephone number, email address, IP address, the pages you have visited on our website and where applicable, the company for whom you work.
When you request to receive our newsletter service we will request personal details such as your name, your email address, IP address, the pages you have visited on our website and where applicable, the company for whom you work.
Online orders / purchases / donations
When you order products and services through our website we will request personal details such as your name, telephone number, email address, IP address, the pages you have visited on our website, billing address, delivery address, credit / debit card details*1 and where applicable, the company for whom you work.
Please note, that when processing e-commerce transactions, if you fail or refuse to provide such information, then we may not be able to fulfil our contractual obligations to you.
*1 If you make a purchase on our website, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online processing of credit/debit card transactions. For further information on this, please read 3rd party representatives working on our behalf or in association with'.
How is your information used?
We may use your information to:
- Respond to your enquiries
- Process online orders that you have placed with us (products, services, or membership)
- Carry out our obligations arising from any contracts entered into by you and us
- Seek your views or comments on the services we provide
- Notify you of changes to our service
- Send you communications which you have requested and that may be of interest to you
How long do we keep your information?
If you purchase any products and services from us, then under UK tax law we are required to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it can be erased on your request. We will hold your personal information on our systems indefinitely for marketing purposes or until you notify us that you no longer wish us to do so, unless your request contradicts our statutory obligations.
Who has access to your information?
As stated before, your privacy is important to us. That's why we will not, under any circumstances, sell or rent your personal information to any third parties. In addition, we will not share your information with third parties for their specific marketing purposes.
3rd party representatives working on our behalf or in association with:
In order to respond to your enquiries, deliver products and services or to send your newsletters, we may need to pass your information to our 3rd party service providers. In all circumstances, we will remain the controller of your data and our 3rd party service providers will be processors of your data.
For example, if you purchase products and services through our website, your payment will be processed by a 3rd party payment processor (SagePay, Stripe, PayPal, WorldPay etc), who specialises in the secure online capture and processing of credit/debit card transactions. Your order would also be delivered by a 3rd party service provider (Royal Mail, Parcel Force, DPD, UPS etc).
For example, if you subscribe to our newsletter service, your personal data may be processed by a 3rd party email processor such as MailChimp who specialise in the delivery of email newsletter services.
When we use third party service providers, we disclose only the personal information that is absolutely necessary in order to deliver the service. We also have contracts in place with all '3rd Party Service Providers' that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Mountain Goat Ltd use Zendesk on its website. This is a chat based software which aims to improve customer’s experience on our website by enabling customers to chat to our employees. IP Addresses, location, email addresses, telephone numbers, names, visitor behaviour and conversations may all be stored on this password protected software. Data will be stored for up to 18 months, this is to assist customers on returning to mountain-goat.com and for analysis purposes, your data will not be passed to third parties. By using and browsing Mountain Goat Ltd’s website, you consent to Zendesk being used in accordance with our policy. If you do not consent, you must refrain from using our website.
When you use Mountain Goat Ltd’s WIFI on any of its premises, including Purple WIFI, or on its buses we may collect data about:
a) your device;
b) the volume of data which you use;
c) the websites and applications which you access; and
d) your usage by access time, frequency and location.
This information will be used for monitoring and research purposes only. Please see Purple WIFI’s policy for further information on Purple WIFI.
We use a third-party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see www.mailchimp.com/legal/privacy . You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our emails or by emailing firstname.lastname@example.org.
Ticket & Booking Data
When you purchase a tour ticket, book a private hire service/short break or purchase any other service through Mountain Goat Ltd in person, via telephone, via letter or online your name, address data, email and contact number will be stored in our booking systems, Zaui and MG Hols.
Zaui software is our tour booking software, run by Zaui Software Ltd, based outside of the EU. Customer details are held and stored securely by Zaui, if you book onto a Mountain Goat Tour by any means your details will be held on Zaui. Please visit www.zaui.com/privacy for more details.
MG Hols is our private hire and short breaks system, run by Nexsoft. Customer details are held and stored securely by MG Hols, if you book a private hire or short break details will be held on MG Hols. Please visit contact us for more details.
This data will be used to carry out our mutual contractual obligations, in small limited circumstances it may be passed onto companies or individuals acting for or delivering services on behalf of Mountain Goat Ltd. Due to auditing purposes this data will be stored for upto 7 years.
Mountain Goat protects your data through safeguards. Including CCTV, locked cabinets, employee only areas and computer systems with passwords.
Restricting marketing communications
It's important that you are aware that you have a choice about whether or not you wish to receive marketing information or service notifications from us.
If you have previously given us consent to process your personal data and send you marketing information, you can withdraw this consent at any time by unsubscribing or contacting us directly. We will aim to cease the delivery of all marketing communications to you immediately on receipt on your objection or un-subscription.
How you can access, update and delete your information?
Accessing your data
You have the right to ask for a copy of the information we hold about you. You can request a copy of this data at any time by contacting us directly. We will, where possible, always supply your personal data in a convenient and transferable format within 30 days.
Updating your data
Your personal data probably changes all of the time, and the accuracy of your information is important to us. Therefore, if your details do change, or the information we hold becomes inaccurate or out of date, please let us know by contacting us directly and we will rectify your data.
Deleting your data
If you would like us to delete or erase your personal information from our systems, then where possible (if not required for statutory or contractual requirements) we will do so within 30 days and provide confirmation that your data has been removed from our systems. To request that your personal data is erased from our systems, please contact us directly.
Transferring your information outside of Europe
In order to complete some forms of communications or service delivery, we may need to pass your information to service suppliers who are registered outside the European Union (“EU”). For example, this may occur if we use the US based newsletter emailing service provider MailChimp.
By submitting your personal data, you’re agreeing to this transfer, storing or processing. When transferring your information outside of the EU, we take steps to ensure that your privacy rights continue to be protected.
Our website is protected with 128 Bit SSL encryption. This means that any information we collect from you via our website is protected and secure. When you are asked for any personal data on our website, you will see a lock icon in your browser, ratifying that your data is secure.
Once we receive your information, we make our best effort to ensure its security on our systems. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
In the unlikely event of our systems and your data being breached, then we will notify you within at least 30 days including full details of what parts of your personal data have been compromised.
In order to better improve our products, services, marketing and website experience, we may analyse your personal information to create a profile of your actions, interests and preferences. Where applicable, we do this so that we can tailor your experience on our website and contact you with more relevant information specific to your needs.
Examples of this may include:
- Profiling your previous points of interest on our website and automatically tailoring the messages and images you see when returning to our website
- Profiling your interests in our products and services and automatically sending you tailored marketing communications or newsletter variants
Please be aware, that at no point is automated profiling used to assess your credibility or eligibility for contractual approvals or legal decision-making.
Use of 'cookies'
Links from us to other websites
In order to provide you with further information or additional reference points, our website may contain links to other websites run by other organisations.
Please be aware, that we cannot be responsible for the protection and privacy of your information which you provide whilst visiting other websites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
If at any point you wish to raise a complaint about how we have handled your personal data, then please contact us directly. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in December 2017.