Redpoint Bristol (hereinafter referred to as the “Redpoint”,
“Centre”, “we’, “us”) – is
committed to protecting your privacy. At all times we aim to respect any
personal information you share with us, or that we receive from others, and
to treat it with care & keep it safe. This Privacy Notice
(“Notice”) sets out our data processing practices and your
rights and options regarding the ways in which your personal information is
used and collected (including through our website – www.redpointbristol.co.uk
).

This Notice contains important information about your personal rights to
privacy. The provision of your personal information to us is voluntary.
However, without providing us with your personal information, your use of
our services or your interaction with us may be impaired. For example, you
may be unable to sign up as a member, or make an online booking.


1. How we collect personal information about you

a. When you give it to us directly

For example, personal information that you submit through our website by
making a booking to use our facilities, registering as a member or signing
up for our email updates regarding services & events; or personal
information that you give to us when you communicate with us by email,
phone or letter.

b. When we obtain it indirectly

For example, your personal information may be shared with us by third
parties including, for example, the Association of British Climbing
Walls(“ABC”), an organisation established to promote safe
management practices in climbing walls of which we are a member; third
party service providers; analytics providers and search information
providers. To the extent we have not done so already, we will notify you
when we receive personal information about you from them and tell you how
and why we intend to use that personal information.

c. When it is available publicly

Your personal information may be available to us from external publicly
available sources. For example, depending on your privacy settings for
social media services, we may access information from those accounts or
services (for example, when you choose to interact with us via Facebook,
tagging our centre/facilities in a photo, or sharing pictures of yourself
using our centre, etc.).

d. When you visit our website

When you visit our website, we automatically collect the following types of
personal information:

(a) Technical information, including the internet protocol (IP) address
used to connect your device to the internet, browser type and version, time
zone setting, browser plug-in types and versions and operating systems and
platforms.

(b) Information about your visit to the websites, including the uniform
resource locator (URL) clickstream to, through and from the website
(including date and time), services you viewed or searched for, page
response times, download errors, length of visits to certain pages,
referral sources, page interaction information (such as scrolling and
clicks) and methods used to browse away from the page.

We collect and use your personal information by using cookies on our
website – please see our

Cookie Notice.

In general, we may combine your personal information from these different
sources set out above, for the purposes set out in this Notice.


2. What personal information do we use?

We may collect, store and otherwise process the following kinds of personal
information:

a. your name and contact details including postal address, telephone
number, email address, emergency contact details and, where applicable,
social media identity;

b. your date of birth and gender;

c. your financial information, such as bank details and/ or credit/ debit
card details,

d. information about your computer/ mobile device and your visits to and
use of this website, including, for example, your IP address and
geographical location;

e. personal descriptions and images/photographs;

f. details of your qualifications/ experience;

and/ or any other personal information which we obtain as per section 1.

Do we process special categories of data?

The EU General Data Protection Regulation (“GDPR”) recognises
certain categories of personal information as sensitive and therefore
requiring more protection, for example information about your health,
ethnicity and religious beliefs.

In certain situations, we may collect and/or use these special categories
of data (for example, information on climbers’ medical conditions
relevant to their use of our facilities & services). We will only
process these special categories of data if there is a valid reason for
doing so and where the GDPR allows us to do so.


3. How and why will we use your personal information?

Your personal information, however provided to us, will be used for the
purposes specified in this Notice. In particular, we may use your personal
information:

a. to register you as a member of Redpoint Bristol;

b. to allow you to make a booking to use our facilities;

c. to otherwise provide you with services, products or information you have
requested;

d. to provide further information about our work, services or activities
(where you have provided your consent to receive such information);

e. to assist you with certification schemes, such as NICAS;

f. to answer your questions/ requests and communicate with you in general;

g. to allow you to apply for a job or volunteer role with us;

h. to manage relationships with our partners and service providers;

i. to analyse and improve our work, services, activities, products or
information (including our website), or for our internal records;

j. to keep our facilities safe and secure;

k. to run/administer the activities of the Centre, including our website,
and ensure that content is presented in the most effective manner for you
and for your device;

l. to audit and/ or administer our accounts;

m. to satisfy legal obligations which are binding on us, e.g. in relation
to regulatory, government and/or law enforcement bodies with whom we may
work (for example, requirements relating to the payment of tax or
anti-money laundering), and other contractual obligations pertaining to the
provision of the services of our centre (e.g. insurance).

n. for the prevention of fraud or misuse of services; and/or

o. for the establishment, defence and/ or enforcement of legal claims.


4. Lawful bases

The GDPR requires us to rely on one or more lawful bases to use your
personal information. We consider the grounds listed below to be relevant:

a. Where you have provided your consent for us to use your personal
information in a certain way (for example, we may ask for your consent to
use your personal information to send you email updates regarding work,
events, services and/or activities which we consider may be of interest to
you, or to collect special categories of your personal information. Special
categories of personal information are explained in section 2 above).

b. Where necessary so that we can comply with a legal obligation to which
we are subject (for example, where we are obliged to share your personal
information with regulatory bodies which govern our work and services).

c. Where necessary for the performance of a contract to which you are a
party or to take steps at your request prior to entering a contract (for
example, to provide you access to our facilities in return for your booking
fee).

d. Where it is in your/someone else’s vital interests (for example,
in case of medical emergency suffered by a climber).

e. Where there is a legitimate interest in us doing so.

The GDPR allows us to collect and process your personal information if it
is reasonably necessary to achieve our or others’ legitimate
interests (as long as that processing is fair, balanced and does not unduly
impact your rights as an individual).

In broad terms, our “legitimate interests” means the interests
of running of the Centre as a commercial entity and ensuring the best
possible user experience.

When we process your personal information to achieve such legitimate
interests, we consider and balance any potential impact on you (both
positive and negative), and on your rights under data protection laws. We
will not use your personal information for activities where our interests
are overridden by the impact on you, for example where use would be
excessively intrusive (unless, for instance, we are otherwise required or
permitted to by law).


5. Communications for marketing/promotional purposes

We may use your contact details to provide you with information about our
work, events, services and/or activities which we consider may be of
interest to you (for example, about services you previously used, or events
involving our, or other climbing centre’s, facilities).

Where we do this via email, SMS or telephone (where you are registered with
the Telephone Preference Service), we will not do so without your prior
consent (unless allowed to do so via applicable law).

Where you have provided us with your consent previously but do not wish to
be contacted by us about our work, events, services and/or activities in
the future, please let us know by email at info@redpointbristol.co.uk. You
can opt out of receiving emails from us at any time by clicking the
“unsubscribe” link at the bottom of our emails.


6. Children’s personal information

When we process children’s personal information, where required we
will not do so without their consent or, where required, the consent of a
parent/guardian. We will always have in place appropriate safeguards to
ensure that children’s personal information is handled with due care.


7. How long do we keep your personal information?

The length of time we keep your personal data depends on what it is and
whether we have an ongoing legitimate interest to retain it (for example,
to provide you with a service you’ve requested or to comply with
applicable legal, tax or accounting requirements).

Our insurance requires us to keep information that may be relevant to
future claims. As such we keep the majority of data indefinitely. If
requested, as is detailed below, your information can be removed from the
general database and stored separately.

If you request to receive no further contact from us, we may keep some
basic information about you on our suppression list in order to comply with
your request and avoid sending you unwanted materials in the future.


8. Will we share your personal information?

We do not share, sell or rent your personal information to third parties
for marketing purposes. However, in general we may disclose your personal
information to selected third parties in order to achieve the purposes set
out in this Notice.

These parties may include (but are not limited to):

a. The ABC and the ABC Training Trust (NICAS);

b. local government agencies;

c. funding bodies such as Sport England and NGB (the BMC);

d. awarding bodies such as Mountain Training;

e. other members of the ABC;

f. healthcare professionals;

g. providers of equipment;

h. suppliers and sub-contractors for the performance of any contract we
enter into with them, for example, climbing facility-waiver storage
providers (Rock Gym Pro) or IT service providers such as website hosts or
cloud storage providers;

i. professional service providers such as accountants and lawyers;

j. parties assisting us with research to monitor the impact/effectiveness
of our work, events, services and activities; and

k. regulatory authorities, such as tax authorities;

In particular, we reserve the right to disclose your personal information
to third parties:

  • in the event that we sell or buy any business or assets, in which
    case we will disclose your personal information to the
    (prospective) seller or buyer of such business or assets;

  • if substantially all of our assets are acquired by a third party,
    personal information held by us may be one of the transferred
    assets;

  • if we are under any legal or regulatory duty to do so; and/or

  • to protect the rights, property or safety of the Wall, its
    personnel, users, visitors or others.


9. Security/storage of and access to your personal information

Redpoint Bristol is committed to keeping your personal information safe and
secure and we have appropriate and proportionate security policies and
organisational and technical measures in place to help protect your
information.

Your personal information is only accessible by appropriately trained
staff, volunteers and contractors, and stored on secure servers which have
features to prevent unauthorised access.


10. International Data Transfers

Transfers of personal data within the European Economic Area
(“EEA”) are subject to the same level of data protection law as
under the GDPR, and as a UK based organisation many of our agencies and/or
suppliers are based in the EEA. However, there may be occasions where we
use agencies and/or suppliers to process personal information on our behalf
that are based outside the EEA resulting in the personal information we
collect from you being stored in a location outside the EEA.

One example of such a supplier is Rock Gym Pro – our reception
entry/point of sale system. This system involves the storage of climbing
facility waivers (the documents you complete prior to climbing at Redpoint
Bristol) on secure offsite servers located in the US. Rock Gym Pro is
certified under the EU – US Privacy Shield Framework for personal
data transfers (

https://www.rockgympro.com/gdpr/

).

Please note that some countries outside of the EEA have a lower standard of
protection for personal information, including lower security requirements
and fewer rights for individuals. Where your personal information is
transferred, stored and/or otherwise processed outside the EEA in a country
that does not offer an equivalent standard of protection to the EEA, we
will take all reasonable steps necessary to ensure that the recipient
implements appropriate safeguards (such as by entering into standard
contractual clauses which have been approved by the European Commission)
designed to protect your personal information and to ensure that your
personal information is treated securely and in accordance with this
Notice.

Unfortunately, no transmission of your personal information over the
internet can be guaranteed to be 100% secure – however, once we have
received your personal information, we will use strict procedures and
security features to try and prevent unauthorised access.


11. Exercising your Rights

It’s your personal data and you have certain rights relating to it.
Where we rely on your consent to use your personal information, you have
the right to withdraw that consent at any time. This includes the right to
ask us to stop using your personal information for marketing or fundraising
purposes or to unsubscribe from our email list at any time. Just follow the
unsubscribe instructions contained in the relevant communication or send
your request to info@redpointbristol.co.uk

You also have the following rights:

a. Right of access – you can write to us to ask for confirmation of
what personal information we hold on you and to request a copy of that
personal information. Provided we are satisfied that you are entitled to
see the personal information requested and we have successfully confirmed
your identity, we will provide you with your personal information subject
to any exemptions that apply.

b. Right of erasure – at your request we will delete your personal
information from our records as far as we are required to do so (our
insurance company may require us to keep certain information indefinitely
for legal security). In many cases we would propose to suppress further
communications with you, rather than delete it.

c. Right of rectification – if you believe our records of your
personal information are inaccurate, you have the right to ask for those
records to be updated. You can also ask us to check the personal
information we hold about you if you are unsure whether it is accurate/up
to date.

d. Right to restrict processing – you have the right to ask for
processing of your personal information to be restricted if there is
disagreement about its accuracy or legitimate usage.

e. Right to object – you have the right to object to processing where
we are (i) processing your personal information on the basis of the
legitimate interests basis (see section 4), (ii) using your personal
information for direct marketing or (iii) using your information for
statistical purposes.

f. Right to data portability – to the extent required by the GDPR,
where we are processing your personal information (that you have provided
to us) either (i) by relying on your consent or (ii) because such
processing is necessary for the performance of a contract to which you are
party or to take steps at your request prior to entering into a contact,
and in either case we are processing using automated means (i.e. with no
human involvement), you may ask us to provide the personal information to
you – or another service provider – in a machine-readable
format.

g. Rights related to automated decision-making – you have the right
not to be subject to a decision based solely on automated processing of
your personal information which produces legal or similarly significant
effects on you, unless such a decision (i) is necessary to enter
into/perform a contract between you and us/another organisation; (ii) is
authorised by EU or Member State law to which the Centre is subject (as
long as that law offers you sufficient protection); or (iii) is based on
your explicit consent.

Please note that some of these rights only apply in limited circumstances.
For more information, we suggest that you contact us using the details in
paragraph 14 below.

We encourage you to raise any concerns or complaints you have about the way
we use your personal information by contacting us using the details
provided in section 14 below. You are further entitled to make a complaint
to the Information Commissioner’s Office – www.ico.org.uk. For further
information on how to exercise this right, please contact us using the
details below.


12. Links and third parties

We link our website directly to other sites. This Notice does not cover
external websites and we are not responsible for the privacy practices or
content of those sites. We encourage you to read the privacy policies of
any external websites you visit via links on our website.


13. Changes to this Notice

We may update this Notice from time to time. We will notify you of
significant changes by contacting you directly where reasonably possible.
This Notice was last updated on 8th November 2018.


13. Links and third parties

We link our website directly to other sites. This Notice does not cover
external websites and we are not responsible for the privacy practices or
content of those sites. We encourage you to read the privacy policies of
any external websites you visit via links on our website.


14. How to contact us

Please let us know if you have any questions or concerns about this Notice
or about the way in which Redpoint Bristol processes your personal
information by contacting us at the channels below.

0117 33 22 222

info@redpointbristol.co.uk