Our GDPR Commitment
Find Out More
Find out more about our walks, courses and events
01st August 2018
Our General Data Protection Regulation (GDPR) commitment
Mountain Walks has always been committed to protecting the data, sensitive information and privacy of all our clients and staff. We do not share any of your data with third-parties and would only do so with your express permission and ensuring you retain full control of your data.
We are committed to protecting your data; we are committed to never using it inappropriately; and we are committed to honesty and transparency when it comes to data and privacy. We fully comply with all GDPR requirements.
We have evaluated all areas related to personal data to be compliant with GDPR and addressed the following key priorities:
- Modify and fine tune our existing management systems, IT best practices, processes and policies to ensure that we are GDPR compliant
- Ensure that our employees, both full-time and contract, are fully aware of the new obligations that GDPR will introduce and ensure that there is accountability and shared responsibility for guaranteeing compliance
- Understanding of the importance of good data practices to our clients are ensuring we are on hand to support them when necessary
Some of the specific initiatives that we have undertaken include:
- Data Review – An extensive review of all personal data we hold, and creating a detailed data roadmap outlining where the data is held, how it is managed and for how long
- Contractual Updates – a full analysis of third parties who process data (such as payment providers, email marketing, booking systems etc) to ensure that we, and our clients, are protected. We have also updated all our business terms and privacy policies to give our clients the assurances required under GDPR
- Process Updates – Updates to policies and procedures to ensure to ensure we have the tools to maintain compliance with GDPR. A full review of our existing polices such as data security and incident response plans has been completed.
- Review of Consents – Review of our existing marketing practices and associated consents to ensure that these are transparent, fair and GDPR-ready
- Medical and Secure Data Review – Medical and personal data must be managed securely and to the highest level in terms of GDPR. We have implemented a new system for collecting and managing your medical and personal details.
We recommend that you seek a similar commitment from any other outdoor adventure provider or related organisation that you work with.
If you would like to speak to us about any aspect of GDPR and how it affects you, then please do not hesitate to contact us.