Kathmandu (U.K.) Limited together with any group companies (“we” “us” “our”) are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.kathmandu.co.uk you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection legislation), the data controller is Kathmandu (U.K.) Limited a company registered in England and Wales. Our company registration number is 04818360 and our registered office is at Russell House, Oxford Road, Bournemouth, Dorset, BH8 8EX.
Information we may collect from you
We may collect and process the following data about you:
• Information you give us. You may give us information about you by filling in forms on our site www.kathmandu.co.uk or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site, register as a Summit club member, search for a product, place an order on our site, enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include your name, address, email address and phone number, financial and credit card information.
• If you subscribe to a mailing list that we maintain (including an email subscription list), you can ask us to remove you from that list at any time by using the “unsubscribe” facility referred to in our message to you, or sending us an email with your details via Contact Us. We will comply with that request as soon as we reasonably can. However you should understand that sometimes we may have begun distributing a mail-out before we can process that request, and in those circumstances you might still receive that mail-out.
• Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
• Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
• Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
• Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them.
Uses made of the Information
We use information held about you in the following ways:
Information you give to us. We will use this information:
• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
• to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
• to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (email) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (the registration form);
• to notify you about changes to our service; and
• to ensure that content from our site is presented in the most effective manner for you and for your computer.
Information we collect about you. We will use this information:
• to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our service, when you choose to do so;
• as part of our efforts to keep our site safe and secure;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
• to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
• Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
• Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience; and
• Analytics and search engine providers that assist us in the improvement and optimisation of our site.
We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
• If Kathmandu (U.K.) Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of website use; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
In addition to the third parties mentioned above, we may disclose your information to third parties for the following legitimate interests of our ultimate holding company, Kathmandu Holdings Limited, and each of its subsidiary companies:
• to staff members in order to facilitate the provision of goods or services to you;
• to our affiliated entities to support internal administration;
• IT software providers that host our website and store data on our behalf; and
to a prospective buyer of some or all of our business or assets, in which case personal data including personal data will also be one of the transferred assets.
We may disclose personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our website terms and conditions and other agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We will not sell or distribute personal data to other organisations without your approval.
Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. Please check before you submit your information to these websites.
Where we store your personal data
We may also transfer data to other jurisdictions outside the European Economic Area (‘EEA’), such as Australia and the United States, but before we do we will ensure that there is a lawful basis to do so for example by ensuring the organisations we work with are participants in the EU/US Privacy Shield or have Binding Corporate Rules in place or we’ve implemented standard contractual clauses approved by the European Commission with them.
We use Comodo GeoTrust and Cybersource to process online orders. Customers can see their cards being debited in real time, all in an SSL secure environment.
Please do not enter any credit card details when contacting us via email, through our Live Chat function or through our website “Contact Us” form. These functions do not form part of online transactions which use Comodo and Cybersource and therefore your credit card details will not be encrypted in these situations.
All card transactions are processed by Cybersource’s global payment service and routinely subject to fraud management checks, to help protect our customers and reduce our exposure to fraud. Orders which meet pre-defined criteria will be held for approval before the funds are withdrawn from a customer’s account and the order subsequently released. A pre-authorisation amount may be put in place by the card issuing bank until the order is confirmed and the payment is settled for Kathmandu. We will aim to contact you as soon as possible if your order is held for review, so that we can verify your payment details and clarify any discrepancies. Orders will be accepted once we are satisfied the transaction can be confirmed as legitimate. We reserve the right to reject any order where the customer is unable to verify their payment method or respond to any reasonable concerns. This adds an additional layer of protection and reassurance for our customers but may result in a delay in order completion if we are unable to contact you. We take website and credit card security extremely seriously, and always endeavour to provide a secure safe platform on which to conduct online transactions, kathmandu.co.uk uses Geo Trust SSL. By using this you guarantee the highest possible encryption levels for online transactions. Each certificate is signed with NIST recommended 2048 bit signatures and provides up to 256 bit encryption of customer data. This encryption scrambles details such as credit card number, billing details and delivery address so that generally, other computers are unable to decipher the information, ensuring privacy and security.
To make sure you are accessing a secure server, check for the unbroken key or closed lock symbol located generally either at the bottom left or top right of your browser window. If it appears, then SSL is active. You can double check this by looking at the URL as well. If SSL is active, then the first characters of that line will read ‘https’ rather than just ‘http’. It is important for you to protect against unauthorized access to your password and to your computer.
Ensure you logout when you have finished visiting, kathmandu.co.uk, especially if you access it from a shared computer.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes.
Data protection legislation gives you the right to object to the processing of your personal data in certain circumstances or withdraw your consent to the processing of your personal data where this has been provided. You also have the right to access information held about you and for this to be provided in an intelligible form. If you would like a copy of some or all of your personal information, please send an email to [email protected] In certain circumstances we reserve the right to charge a reasonable fee to comply with your request.
You can also ask us to undertake the following:
• update or amend your personal data if you feel this is inaccurate;
• remove your personal data from our database entirely;
• send you copies of your personal data in a commonly used format and transfer your information to another entity where you have supplied this to us, and we process this electronically with your consent or where necessary for the performance of a contract; or
• restrict the use of your personal data.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Data protection legislation may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you or to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Please send any requests relating to the above to our Privacy Officer at [email protected] specifying your name and the action you would like us to undertake.
Right to withdraw consent
Where you have provided your consent to the collection, processing and transfer of your personal data, you have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, please contact us at [email protected]
This is in addition to your right to contact the Information Commissioners Office if you are unsatisfied with our response to any issues you raise at https://ico.org.uk/global/contact-us/.