General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) came into force within the EU on 25th May 2018. The aim of the GDPR is to give greater protection to the data (information) relating to any individual (subsequently referred to as "your information").
The EU GDPR does not apply in the UK since the Brexit transition period ended, on 31st December 2020. However, the GDPR has been incorporated into UK data protection law as the UK GDPR. This means that, in practice, there is little change to the core data protection principles, rights and obligations under the new regime of the UK GDPR. Furthermore, since my services are offered to individuals living within the European Economic Area (EEA), the EU GDPR still applies directly to me. The following GDPR Statement of Operation therefore remains unchanged post-Brexit.
GDPR Statement of Operation
How do I operate?
I operate as a sole trader registered as working from my home address. I provide year-round guided hill walking, mountain skills courses, and guided hiking experiences for individuals and small groups in the Highlands of Scotland. Your booking for an activity is made with me.
What information do I ask you for?
When booking an activity with me, you will be asked for certain information. This includes (but may not be limited to, and may change from time to time without prior notification) your contact details, contact details for someone of your choosing who can be contacted in the event of an emergency occurring, a medical declaration, and details of any previous experience you may have in relation to the activity which you have booked.
Why is this information needed?
Primarily, this information is needed so that the activity can be delivered efficiently, and with an awareness of any factors which might affect your ability to take part.
Your mobile telephone number may be needed to contact you if, for example, you do not arrive at the agreed meeting place at the expected time.
An emergency contact is required in case an emergency situation arises.
Medical information is required for awareness purposes. Disclosure of medical information will not necessarily affect whether or not you can take part in an activity, but it is important that I am aware of any relevant current or recent medical conditions so that these can be taken into account when planning your time with me. In the event of an emergency occurring, medical information may be shared with Mountain Rescue personnel, other emergency services, and / or medical professionals.
How is your information stored?
Prior to the activity taking place, your information will typically be held in electronic format, stored on and accessed only via my secure business laptop and / or smartphone. A paper copy may be held securely at my home address if, for example, you choose to return your completed participation form to me in the post.
To assist with the delivery of the activity, it is necessary to carry a copy of your information “on the hill”. This would be in electronic format, stored on and accessed only via my secure business smartphone, or a paper copy. In either format, your information remains on my person throughout the activity.
My wife, Ellen Thornell, has access to my electronic equipment, digital files, and paper files, in case of emergency.
What happens to your information after the activity has taken place?
Your information will be kept securely at my home address for six years from the end of the financial year in which the activity took place. After this time, if your information is not required for insurance or legal purposes, it will be destroyed. This will include deletion of all electronic files and shredding of any paper records.
Date of last revision: 14th January 2025
Registered with the Information Commissioner’s Office: Reference: ZA430364; Expiry date: 19th June 2025.
