Privacy Policy

ActiVenture Privacy Policy

Last Updated: November 2025

1. Our Commitment to Your Privacy

Welcome to ActiVenture (ActiVenture.co.uk, “we”, “us”, “our”). We are specialists in ski holidays, resorts, and accommodation, and we are committed to protecting the privacy and security of your personal data.

This Privacy Policy explains in detail how we collect, use, store, share, and protect your personal information when you use our website, enquire about our holidays, or make a booking with us. We value your trust, and this policy is designed to be clear, transparent, and fully compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purpose of this legislation, the data controller is [Your Legal Company Name, e.g., ActiVenture Ltd.], registered in England and Wales under company number [Your Company Number].

We are registered as a data controller with the Information Commissioner’s Office (ICO).

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing any questions related to this policy. If you have any questions, concerns, or requests, please contact them using the details in Section 15.

2. The Information We Collect About You

We collect and process various types of personal data to provide our services. This data is grouped as follows:

• Identity Data: Includes first name, last name, title, date of birth, and gender. We may also require this for other members of your party.
• Contact Data: Includes your billing address, email address, and telephone numbers.
• Booking & Travel Data: Includes details of the holiday you are booking (resort, accommodation, dates), travel details (such as passport information, next of kin, and emergency contacts), ski pass requirements, ski hire needs, and lesson ability.
• Financial Data: Includes bank account and payment card details. Please note, we do not store your full payment card details. These are processed securely by our third-party payment gateway [e.g., Stripe, PayPal].
• Technical Data: Includes your Internet Protocol (IP) address, browser type and version, time zone setting, operating system, and platform you use to access our website.
• Usage Data: Includes information about how you use our website, such as which pages you visit, the time you spend on them, and the links you click.
• Marketing & Communications Data: Includes your preferences for receiving marketing communications from us and our third parties.
• Special Category (Sensitive) Data: This includes information about your health, medical conditions, or dietary requirements. We only collect this data when it is strictly necessary to ensure your safety and well-being on holiday (e.g., to inform a chalet chef of a food allergy) or to fulfil a specific booking requirement (e.g., to book an adaptive ski lesson).

3. How We Collect Your Data

We use different methods to collect data from and about you:

• Direct Interactions: You provide us with your data when you:
  • Make a booking enquiry by phone, email, or through our website.
  • Complete a booking.
  • Subscribe to our newsletter or other marketing.
  • Create an account on our website.
  • Request a brochure or quote.
  • Enter a competition or promotion.
  • Give us feedback or complete a survey.
• Automated Technologies: As you interact with our website, we automatically collect Technical and Usage Data. We collect this data by using cookies, server logs, and other similar technologies. For full details, please see our [Link to Cookie Policy].
• Third Parties: We may receive data about you from other sources, such as:
  • The lead passenger (“Party Leader”) on a booking who provides details for other members of the group. By providing this information, the Party Leader confirms they have the consent of all other individuals to do so.
  • Our partners, such as accommodation providers or transfer companies, who may need to share information with us.
  • Analytics providers (e.g., Google) and advertising networks.

4. Our Legal Basis for Using Your Data

Under UK GDPR, we are only permitted to process your personal data if we have a valid legal basis to do so. We rely on the following:

1. Performance of a Contract: Where we need to process your data to fulfil our contractual obligations to you. This includes everything from providing a quote to processing your booking and arranging your holiday components.
2. Legitimate Interest: Where it is necessary for our business interests (or those of a third party), and your interests and fundamental rights do not override those interests. This includes activities like improving our website, preventing fraud, and (in some cases) direct marketing.
3. Consent: Where you have given us your clear, specific, and unambiguous consent to use your data for a particular purpose (e.g., subscribing to our marketing newsletter).
4. Legal Obligation: Where we are required to process your data to comply with the law (e.g., for financial auditing or to assist law enforcement).

For Special Category (Sensitive) Data (e.g., health or dietary information), our legal basis is always your Explicit Consent, which we will ask for at the time of collection.

Here is a detailed breakdown of our processing activities:

Purpose / Activity	Type of Data	Legal Basis for Processing
To process your enquiry and provide a quote	Identity, Contact, Booking	Performance of a Contract (to take steps at your request)
To register you as a new customer / manage your account	Identity, Contact, Technical	Performance of a Contract
To process and deliver your holiday booking	Identity, Contact, Booking, Financial, Travel, Special Category	1. Performance of a Contract 2. Explicit Consent (for Special Category data)
To manage payments and refunds	Identity, Contact, Financial, Booking	Performance of a Contract
To send you service communications (booking confirmation, travel updates)	Identity, Contact, Booking	Performance of a Contract
To manage our relationship with you (e.g., asking for a review)	Identity, Contact, Marketing	Legitimate Interest (to improve our service)
To send you marketing newsletters, deals, and updates	Identity, Contact, Marketing	Consent (you can unsubscribe at any time)
To improve our website, services, and marketing	Technical, Usage	Legitimate Interest (to grow our business and improve our offering)
To comply with legal or regulatory obligations	All relevant data	Legal Obligation

5. Who We Share Your Data With

We will never sell your personal data.

To provide your holiday, we must share your data with relevant third-party suppliers. We only share the minimum information necessary for them to provide their service. This includes:

• Accommodation Providers: Catered chalets, hotels, and apartment owners.
• Transport Operators: Airlines, transfer companies, and car hire providers.
• Resort Partners: Ski pass offices, ski hire shops, and ski schools.
• Our Technology Partners: Including our website host, booking system provider, email provider, and analytics providers (e.g., Google Analytics).
• Payment Processors: To securely process your payments.
• Legal & Regulatory Bodies: Such as HMRC, the police, or other authorities where we are legally required to do so.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow them to use your data for their own marketing purposes.

6. International Data Transfers

Your ski holiday is likely outside the UK. Therefore, to provide your holiday, we must transfer your personal data to our suppliers outside the UK.

• Transfers to the EEA: When we transfer data to countries in the European Economic Area (e.g., France, Austria, Italy), this is permitted as the UK government has an “adequacy decision” recognising that EEA data protection laws are equivalent to our own.
• Transfers to other countries (e.g., Switzerland, USA, Canada): When we transfer data to suppliers in these countries, we ensure your data is protected by using appropriate legal safeguards. These include:
  • Transferring to countries that have an “adequacy decision” from the UK government (e.c., Switzerland, Canada).
  • Using specific contracts approved by the UK government, known as Standard Contractual Clauses (SCCs).
  • For transfers to the US, using the UK-US Data Privacy Framework.

By making a booking, you acknowledge that your data will be transferred internationally to these suppliers for the purpose of performing our contract with you.

7. How We Protect Your Data

We have put in place robust technical and organisational security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorised way.

These measures include:

• SSL Encryption: Our website uses HTTPS, so all data you send to us is encrypted.
• Access Control: Access to your personal data is restricted to employees, agents, and suppliers who have a “need-to-know.”
• Staff Training: All our staff are trained on their data protection responsibilities.
• Breach Procedures: We have procedures to deal with any suspected data breach and will notify you and the ICO if we are legally required to do so.

8. How Long We Keep Your Data

We will only retain your personal data for as long as it is necessary to fulfil the purposes we collected it for.

• Booking Data: We are legally required to keep your booking and financial data for six years after your holiday for tax and accounting purposes.
• Enquiry Data: If you enquire but do not book, we will typically delete your data after two years.
• Marketing Data: We will keep your data for marketing purposes only as long as we have your consent. If you unsubscribe, we will delete your data from our marketing lists (though we may retain a “suppression list” to ensure we don’t contact you again).

After these periods, your data will be securely and permanently deleted or anonymised.

9. Your Legal Rights

Under UK data protection law, you have specific rights over your personal data:

• The right to be informed: This Privacy Policy is designed to fulfil this right.
• The right of access: You can request a copy of the personal data we hold about you (a “Subject Access Request”).
• The right to rectification: You can ask us to correct any inaccurate or incomplete data.
• The right to erasure: You can ask us to delete your data (the “right to be forgotten”). Please note: this right is not absolute and we may be legally required to retain it, e.g., for tax purposes.
• The right to restrict processing: You can ask us to pause processing your data in certain circumstances.
• The right to data portability: You can ask us to provide your data in a machine-readable format to you or another service provider.
• The right to object: You can object to us processing your data, particularly for direct marketing.
• Rights related to automated decision-making: We do not use your data for any automated decision-making or profiling that has a legal or significant effect on you.

To exercise any of these rights, please contact our DPO at [privacy@activenture.co.uk]. We may need to verify your identity before we can process your request.

10. Our Cookie Policy

Our website uses cookies to distinguish you from other users. This helps us provide you with a good experience and improve our site. For a detailed explanation of the cookies we use and why, please see our full [Link to Cookie Policy].

11. Children’s Data

Our holidays are often for families, so we necessarily collect data on children. We will only collect this data from the lead passenger (parent or guardian) who is making the booking and has the authority to consent on their behalf. We only collect the minimum information necessary (e.g., name, date of birth for ski passes, dietary needs) to provide the holiday. We do not market to children.

12. Links to Other Websites

Our website may include links to third-party websites (e.g., resort tourist offices, ski schools). Clicking on those links may allow third parties to collect data about you. We do not control these websites and are not responsible for their privacy statements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the “Last Updated” date will be amended. For significant changes, we may also notify you by email.

14. How to Make a Complaint

We hope that we can resolve any query or concern you may have. Please contact our DPO first using the details below.

However, if you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.

• Website: https://ico.org.uk/make-a-complaint/
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• Helpline: 0303 123 1113

15. Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact our Data Protection Officer:

Post: Data Protection Officer, ActiVenture, [Your Company’s Registered Address]

Email: [privacy@activenture.co.uk]