GDPR Compliance Statement

Last updated: May 20, 2026

Our Commitment to Data Protection

Breeze Hike Ltd is committed to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines our approach to data protection and your rights under these regulations.

Data Controller

Breeze Hike Ltd is the data controller responsible for your personal information.

Company Registration: [Registration Number]
Registered Office: Unit 7, The Green Business Centre, 42 Meadow Lane, Keswick, Cumbria CA12 4HQ, United Kingdom
Contact Email: [email protected]

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so:

1. Consent

Where you have given clear consent for us to process your personal data for specific purposes, such as:

  • Sending marketing communications
  • Using cookies (beyond strictly necessary ones)
  • Processing special category data (dietary requirements, accessibility needs)

2. Contract Performance

Processing necessary to fulfill our contract with you, including:

  • Booking confirmations and management
  • Providing pre-hike preparation materials
  • Delivering the hiking experience
  • Sending post-hike impact reports

3. Legal Obligation

Processing required to comply with legal requirements, such as:

  • Tax and accounting records
  • Health and safety obligations
  • Responding to legal requests

4. Legitimate Interests

Processing necessary for our legitimate business interests, including:

  • Improving our services and website functionality
  • Ensuring trail sustainability through data analysis
  • Fraud prevention and security
  • Direct marketing to existing customers (with opt-out option)

Your Rights Under GDPR

1. Right to Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge.

2. Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

3. Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • It is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the lawful basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Note: We may retain certain information where required by law (e.g., tax records).

4. Right to Restriction of Processing

You can request that we limit how we use your data when:

  • You contest the accuracy of the data
  • Processing is unlawful but you don't want erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

5. Right to Data Portability

You can request your data in a structured, commonly used format and have it transmitted to another controller when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

6. Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.

7. Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of these rights:

  1. Send an email to [email protected] with "GDPR Request" in the subject line
  2. Clearly state which right you wish to exercise
  3. Provide sufficient information to identify you (we may request additional verification)

We will respond within one month. If your request is complex or we receive multiple requests, we may extend this by two months and will notify you.

Data Protection Principles

We ensure all personal data is:

  • Processed lawfully, fairly, and transparently
  • Collected for specified, explicit, and legitimate purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and kept up to date
  • Kept only as long as necessary
  • Processed securely with appropriate safeguards

Data Security Measures

We implement appropriate technical and organizational measures, including:

  • SSL/TLS encryption for data transmission
  • Secure password policies and access controls
  • Regular security audits and updates
  • Staff training on data protection
  • Incident response procedures
  • Third-party processor agreements with GDPR-compliant vendors

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the ICO within 72 hours of becoming aware
  • Notify affected individuals without undue delay if there is a high risk
  • Document all breaches, regardless of notification requirements

International Data Transfers

If we transfer your data outside the UK/EEA, we ensure adequate protection through:

  • European Commission-approved Standard Contractual Clauses
  • Transfers to countries with adequacy decisions
  • Other approved safeguards as necessary

Third-Party Processors

We work with carefully selected third-party processors who are GDPR-compliant and bound by data processing agreements. These include:

  • Email service providers
  • Payment processors
  • Website hosting services
  • Analytics providers

All processors are required to implement appropriate security measures and process data only on our instructions.

Children's Data

We do not knowingly process data of children under 16 without parental consent. If booking for a minor, the adult booking must provide consent and relevant information.

Withdrawal of Consent

Where processing is based on consent, you can withdraw it at any time by:

  • Clicking unsubscribe links in marketing emails
  • Adjusting cookie preferences in our cookie banner
  • Contacting us at [email protected]

Withdrawal does not affect the lawfulness of processing before withdrawal.

Complaints

If you believe we have not complied with GDPR, you can lodge a complaint with:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Phone: 0303 123 1113
Website: ico.org.uk

We encourage you to contact us first so we can address your concerns directly.

Policy Updates

We review this statement regularly to ensure ongoing compliance. Material changes will be communicated via email to registered users and posted on our website.

Contact Our Data Protection Team

For any data protection inquiries:

Email: [email protected]
Subject Line: GDPR / Data Protection Inquiry
Postal Address: Breeze Hike Ltd, Unit 7, The Green Business Centre, 42 Meadow Lane, Keswick, Cumbria CA12 4HQ, United Kingdom