Rock & Sun (a trading name of Freedom Adventures Ltd.), are committed to ensuring that your privacy is protected. We have taken all the necessary steps to ensure that the General Data Protection Regulation (in effect since 25/05/2018) is adhered to.
- Visitors to our website, and those of whom sign up to receiving our newsletter
- Customers who book a course/holiday
- Customers who purchase a gift voucher, or products from our e-shop
- Debtors and creditors
The kind of information we collect may include name, gender, age, contact information including address, telephone number and email address and information relevant to organise the climbing course/holiday, such as travel arrangements, and medical conditions. We do not store credit/debit card details. The information we gather may be used in several ways, depending on the original basis of collection.
Following the GDPR Rock & Sun are allowed to use and share data only on a lawful basis, for one of these reasons:
- Consent the individual has given clear consent to process their personal data for a specific purpose
- Contract the processing is necessary for a contract with the individual, or because they have asked to take specific steps before entering into a contract
- Legal Obligation the processing is necessary to comply with the law (not including contractual obligations)
- Vital interests the processing is necessary to protect someone’s life
- Public task the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law
- Legitimate interests the processing is necessary for legitimate interests or the legitimate interest of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Rock & Sun uses your personal information on the lawful basis of:
Customer: Consent, contract, legitimate interests
Staff: Consent, contract, legitimate interests
Debtors/creditors: Contract, consent, legal obligation, legitimate interests
Appropriate personal data will be passed on to the relevant suppliers of your arrangements and any other third party so that your course or holiday can be provided. The information may also be provided to government / public authorities such as customs or immigration if required by them, or as required by law. Certain information may also be passed on to security or credit checking companies. We only provide third parties with the personal data they require in order to deliver their services. Other than in relation to government / public authorities (over whom we have no control), we will take appropriate steps which are intended to ensure that anyone to whom we pass your personal data for any reason agrees to keep it secure, only uses it for the purposes of providing their services and does not collect any personal data from you in the course performing their services. If we cannot pass personal data to the relevant suppliers or any other third party as applicable, whether in the EEA or not, we will be unable to fulfil your booking. In making your booking, you consent to personal data being passed on to the relevant suppliers and other third parties.
Your personal data may be stored, used and otherwise processed within the UK and/or any other country(ies) of the European Economic Area (EEA). EEA countries are all member states of the European Union together with Norway, Iceland and Liechtenstein. We may also store, use or otherwise process personal data outside the EEA. Data protection laws may not be as strong outside the EEA as they are in the EEA. Personal data will not be transferred to a country outside the EEA unless (1) the country to which it is transferred is one which the European Commission considers to provide an adequate level of data protection or (2) the personal data is transferred to a United States company which has signed up to the Safe Harbour scheme or (3) the personal data is transferred to a company which is required by our contract with them only to deal with the data in accordance with our instructions and to maintain appropriate security to protect the personal data which we are satisfied they have or (4) we are obliged to provide the personal data to a government / public authority in order to provide your holiday.
We will not store and use your personal data for future marketing purposes (for example, sending you a newsletter) unless you asked us to do so. Our newsletter is compiled by our Office Manager who has access to the email addresses of all those who have requested the newsletter. Recipients can at all times unsubscribe from the newsletter.
The Rock & Sun website is secured with an SSL Certificate. The SSL Certificate secures all of the data as it is passed from the visitors of our website’s browsers to the Rock & Sun website’s server.
We use google analytics to collect data about traffic to the Rock & Sun website. If you wish to opt-out of Google Analytic tracking please visit and install the Google Analytics Opt-out Browser Add-on.
Our website contains links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
At Rock & Sun we take appropriate technical and organisational measures which are intended to prevent unauthorised or unlawful processing of personal data and we endeavour to ensure that all individuals who have given us their personal information are aware of these rights. We only use your data for the purpose with which it was given and we do not pass any information on to a third party without your consent. We retain data for as long as it is needed for a specific purpose otherwise it is deleted from our systems after five years. In accordance with the GDPR, individuals can contact Rock & Sun at any time to have their information removed or to ask for more clarification about what information we hold and why. Please do so by sending an email to firstname.lastname@example.org.
If we don’t respond to your request to your satisfaction you have the right to report your concern about our information rights practices with the Information Commissioner’s Office (ICO), https://ico.org.uk/for-the-public/raising-concerns/ +44 (0)303 123 1113.