Last updated: January 27, 2019
- Current, past and prospective customers
We take data protection to heart and we make sure to safeguard our customer’s information by implementing technical and operational measures to ensure their data is protected under the GDPR.
The purpose of this document is to describe how 10Adventures Inc., views personal data and the way we protect it throughout the business.
These policies apply to all systems, people and processes that are part of our information systems, including employees, suppliers, contributors and other third parties who have access to our systems.
The General Data Protection Regulation
The General Data Protection Regulation (GDPR) is the legislation that most influences 10Adventures’ data protection policies. Significant fines can be administered under the GDPR, which is intended to secure the individual information of nationals of the European Union. 10Adventures’ policies are consistent with the GDPR, as well as other important legislation, and they are clear and verifiable.
The most relevant GDPR policies are the following:
Personal data is defined as:
any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Principles Related To The Processing of Personal Data
As per GDPR regulation, 2016 version, there are 7 principles involving personal data and how companies manage this data. These are as follows, as per Chapter II, Article 5.1
1. Personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
2. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).
10Adventures Inc. complies with these principles by employing business workflows that use metadata to search, discover, classify, label, protect and apply actions at all levels of personal data. Also, Operational Security Procedures define support for and provide the specific guidelines for all teams involved including IT Support, Customer Support or Line of Business
Information We Collect
We collect information from potential clients and business contacts. This could happen when you provide information voluntarily, such as when you download a resource from our website or submit a request for further information or for a proposal, or otherwise make your information available to us.
Information we collect includes the following:
- First and last name
- Personal emails
- Phone number
- State and Country of residence
- Credit card & billing information
We may combine your information with other publicly available information and use it to improve and personalize our services, content, and advertising.
How We Use Information
- From the moment you sign-up to one of our services we gather consent to the collect, use and disclosure of such personal information as specified in this Privacy Statement.
We may use your personal information or account information for any of the following purposes:
- To provide the Site and Services to you and to other users of the Site and Services;
- To improve the quality of the Site and Services through polls, surveys and other similar feedback gathering activities conducted by Provider and/or third parties;
- To create, manage and control your account information, and to verify access rights to the Site and Services;
- To communicate with you, including without limitation for the purpose of providing you with information about the Services, or informing you of changes or additions to the Services or of the availability of any other services or features we provide;
- To assess service levels, monitor traffic patterns and gauge popularity of different features and service options of the Site and/or Services;
- To protect against fraud or error, and to respond to claims of any violation of our rights or those of any third parties;
- To respond to your requests for customer service;
- To protect the rights, property or personal safety of you, us, our users and the public; and
- As required to comply with applicable laws or as authorized by applicable laws.
- In addition, from time to time we may disclose or allow access to your personal information outside Canada where it may be subject to the lawful access requirements of the jurisdiction in which it is stored or able to be accessed. If you have any questions about our use of service providers outside of Canada, you may contact Richard Campbell, Founder of 10Adventures.com Inc, owner of 10Hikes.com by email at [email protected]
- We may occasionally communicate with you regarding our products, services, news and events. You have the option to not receive this information. We provide an opt-out function within all email communications of this nature, and/or will cease to communicate with you for this purpose if you contact us and tell us not to communicate this information to you. The only communications from us that you may not “opt-out” of are those required to communicate announcements related to the Services, including information specific to your Account, planned Services suspensions and outages. We will attempt to minimize this type of communication to you.
10Adventures uses “cookies” (small files that the site places on your hard drive for identification purposes) and similar technologies. A cookie file can contain information such as a user ID to track pages visited. These files are used for site registration and customization the next time you visit the Site.
Our Team’s Responsibilities
Any staff member of 10Adventures Inc, who is involved in the collection, storage or processing of personal data has the following responsibilities under the legislation:
- to obtain and process personal data fairly.
- to keep such data only for explicit and lawful purposes.
- to disclose such data only in ways consistent with these purposes.
- to keep such data safe and secure.
- to keep such data accurate, complete and up-to-date.
- to ensure that such data is adequate, relevant and not excessive.
- to retain such data for no longer than is necessary for the explicit purpose.
We take commercially reasonable steps to protect your information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction both during transmission and once it is received. However, no transmission over the Internet and no data storage method can be guaranteed to be secure 100% of the time.
10Adventures cannot ensure or warrant the security of any information you transmit to 10Adventures or guarantee that your end user data may not be accessed, disclosed, altered, or destroyed by breach of any of our industry standard physical, technical, or managerial and operational measures. In particular, email sent to us may not be secure, and as such, you should take care in deciding what information you send to us via email.
If you have any questions about the security of your personal information, you can contact us at [email protected]
Your Data Subject Rights
The data subject (“an identified or identifiable natural person”) also has rights under the GDPR. These consist of:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Each of these rights must be supported by appropriate procedures that allow the required action to be taken within the timetables stated in the GDPR. These timetables are shown below:
|Data Subject Request Type||Deadline|
|The right to be informed||When data is collected (if supplied by data subject) or within one month
(if not supplied by data subject)
|The right of access||One month|
|The right of correction||One month|
|The right of erasure||Without undue delay|
|The right to restrict processing||Without undue delay|
|The right to data portability||One month|
|The right to object||On reception of objection|
|Rights in relation to automated decision
making and profiling
You have the right to access your personal information. Upon request, 10Adventures will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by emailing [email protected]
We will respond to your email requests within the timetable above, for physical mail requests we will respond in a timeframe of 30 business days.
Third Party Transfers Of Personal Data
10Adventures does not intend to transfer your personal information to third parties without your consent, except under limited conditions, which are explained below. If you choose to provide us with your personal information, we may transfer that information to a third-party only when/if necessary.
We may use and/or share your Personal Information with, and you authorize us to use and/or share this information with, third-party vendors under contract who help with our business operations or are included in the list of third-party software you disclose with us to provide our Services. We employ these companies and people to perform tasks on our behalf and need to share your information with them to provide products and services to you.
These service providers are authorized to use your personal information only as necessary to provide products and services on our behalf, we ensure Data Processing Agreements are signed with our service providers as an additional step to protect your information. These products and services may include our website hosting company, cloud computing infrastructure providers or other technology providers.
In certain situations, we may also be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may further disclose your personal information as required by law such as to comply with a subpoena or other legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Transfers of personal data outside the European Union must be carefully reviewed prior to the transfer taking place to ensure that they fall within the limits imposed by the GDPR.
Changes to this Privacy Notice
10Adventures reserves the right to change, modify or update this Notice to reflect changes to our privacy practices. Notice of any material changes to our privacy practices will be posted to this Site before such material changes become effective. You are advised to visit this page regularly for the latest information on our privacy practices.
Use of information we collect is subject to the Notice in effect at the time such information is collected.
If you have questions or concerns about this Privacy Notice or our policies, please contact us at: [email protected], or mail us at;
PO Box 81095 Lake Bonavista
Calgary, Ab T2J 7C9