For the purpose of the Data Protection Act (1998) and General Data Protection Regulation (2016), our data controller is Trafford City Snow Centre Limited.
We do update this Policy from time to time so please do review this Policy regularly.
The personal data we process may include, but may not be limited to, the following:
Identity - We collect your name, date of birth and gender.
Contact data - We collect your email address, postal address, phone number(s), and other similar contact data.
Payment data - We collect data necessary to process your payment if you make a purchase, such as your payment instrument number (e.g. credit card number), and the security code associated with your payment instrument.
Booking Information - We collect data relating to all advance and historic bookings, such as activity booked, date & time of booking, amount paid and payment method.
Credentials - We collect passwords for your online Chill Factore account, password hints, and similar security information used for authentication and account access.
Measurements - During the ski-fitting process, we collect your approximate height, weight, age and shoe size.
CCTV - We collect personal data in the form of images obtained via the operation of a closed circuit television (‘CCTV’) system which is in place throughout the premises.
Communications with us – We may collect details on what you have said to us, for example letters, phone calls, emails, or social media comments or messages.
Social Media – If you interact with via social media then we collect your username.
Incidents – If an incident occurs, we may record information about it.
Certain pieces of data are classed as ‘sensitive’ and we can only process such data if certain conditions are met. The sensitive data we collect is:
Medical – Whilst we do not routinely collect medical information, under certain circumstances we will collect limited pieces of medical information to ensure you are kept safe whilst with us. For example:
- Before an activity, an instructor may ask you about any relevant medical conditions you think they should be aware of to ensure your safety.
- If first aid is ever required, a first aider may collect medical information relevant to the treatment being provided.
- We always document any first aid treatment given.
- We may also indirectly receive medical data, for example you may choose to write to us informing us of an accident and subsequent treatment.
We may retain some of this information securely, away from other personal data we hold, in order to support our defence of legal claims that may arise.
We process some personal data in order to complete our contract with you:
- Card payment details are required in order for your payments to be made.
- Your identity and the records of the goods / services booked are required in order for us to correctly deliver these to you.
- Email addresses are used to send booking confirmations and other operational messages relevant to the booking.
- Telephone numbers are used to contact you at short notice regarding potential changes to your booking
We process some personal data in order to comply with the law:
- Card payment details are verified to protect against fraud.
- Health & Safety legislation requires us to log accidents.
- CCTV, communications in various formats & payment data may be required to prevent, investigate or report crime.
- Payments records are required for auditing and taxation purposes.
We also process personal data if we deem it necessary to do so for our legitimate interest. This could include some or all of the following activities:
- To help us locate & identify you, your account & your bookings.
- To provide operational communications to you, relevant to your account or to your bookings with us.
- To enhance, modify, personalise or otherwise improve our products & services, and our communications to you.
- To provide direct marketing communications which we think will be of interest to you, where you have consented to receive such information.
- To tailor marketing communications to you based on your profile.
- To allow better commercial modelling and business planning.
- To run competitions and promotions which we think will interest you.
- To better understand how people interact with our website and our other online activities.
- To determine the effectiveness of our promotional campaigns and advertising.
- To help identify & prevent fraud and other illegal activities, and enhance the security of our network & systems.
- To ensure we can provide high levels of customer service and staff training.
- To ensure your safety whilst participating in our activities.
- To help us to establish, exercise, or defend legal claims.
- To effectively manage & communicate with our suppliers.
Other activities may apply, if we deem them to be within our legitimate interest.
Where a data processing activity is not deemed to be within our legitimate interest, part of a contractual obligation or a legal requirement, we will ask you for your consent before processing your data.
We do not use your data for any automated decision making activities. We conduct some profiling activity to help us deliver marketing communications that we think you may be interested in.
Personal data will be held securely within our IT systems or manual filing systems. Details relating to any transactions entered into our payment systems will be encrypted to ensure its safety.
Access to your data within our systems is restricted to employees who need the data in order to perform their role.
We have measures in place to deal with suspected breaches of your data and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We may transfer data that we collect from you to locations outside of the European Economic Area for processing and storing. We will only do so where the country is compliant with EU data protection legislation.
Where applicable, we may disclose your personal information to any member of our group. This includes, where applicable, our subsidiaries, our holding company and its other subsidiaries (if any).
We may also disclose your personal information to third parties without your consent where the law allows or requires us to do so. This may include, but may not be limited to, the following:
- Where we sell any or all of our business and/or our assets to a third party.
- Where we are legally required to disclose your information.
- Where it is required in order to complete our contract with you, such as payment service providers.
- To assist fraud protection and minimise credit risk.
- To aid our defence of a legal claim.
- Where we use third parties to help us run our business, for example marketing agencies, IT and CCTV system providers, insurers, legal advisors, auditors.
We may permit selected third parties to use your data so that you can be provided with information about unrelated goods and services which we consider may be of interest to you. However we will only do this if we have obtained your explicit consent.
We do not reveal information about identifiable individuals to our marketing partners but we may, on occasion, provide them with aggregate statistical information about our visitors.
We will retain your personal information for as long as is necessary and relevant for our legitimate business purposes, or if required by law for as long as is required.
Where we no longer need your personal information, we will dispose of it in a secure manner without notifying you.
Under the data protection legislation you have the right in certain circumstances to:
- Request access to your personal information.
- Request correction of the information that we hold about you.
- Request erasure of personal information.
- Ask us to delete your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party).
- Object to processing of your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information.
- Request the transfer (under certain circumstance) of your personal information to another party.
- Complain to the data protection regulator.
Some rights are restricted, and we may need to redact or remove information where it includes personal data about someone else in order to maintain their privacy.
If you would like to object to (i.e. stop receiving) direct marking then you can unsubscribe by logging into your online account, selecting “Update details” and then checking the “Do not allow emails” box.
You can access your account by following the link on an email we have sent to you, or via the Chill Factore website. In addition, our guest service or call centre teams will update your preferences for you on request.
Whilst this will stop all direct marketing emails we will still send operational emails to you, for example if you make a booking you will receive a booking confirmation email.
If you log into your online account and select “Update details” you will see the name, date of birth, gender and contact data we hold. You can use the online account to correct errors or to erase data.
You can access your account by following the link on an email we have sent to you, or via the Chill Factore website.
If you wish to see a full record of the personal data we hold, then please contact us. You may need to provide proof of identification. We aim to respond to requests without delay and at the latest within one month of receipt.
Information is provided free of charge, however we do reserve the right to charge a reasonable fee when a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information.
- Call us on 0161 749 2222
- Email us at email@example.com
Write to us at Guest Service Team, Chill Factore, Trafford City, Manchester, M41 7JA
If you have a concern about the way we are collecting or using your personal data, or if you suspect misuse or unauthorized access, then please contract us and we will try to resolve the problem promptly.
You can also raise your concern directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/