Privacy Policy


Who we are

Our website address is: http://arcguiding.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

We request a variety of personal data from guests employing our guiding services and use various digital and hardcopy contact forms to collect it. This data includes name, address, age (or birthday), medical conditions, contact phone number and email address. This information is vital for maximising the safety of our guests, staff and general public whilst operating our guiding services. It is also collected for the purposes of detecting fraud. The information is essential for a booking to be confirmed and, depending on circumstances and activities, additional personal information may be requested. This information is held securely in both digital and occasionally hardcopy format and is held only with the guests consent. Copies of this information can be obtained by the guest, or emergency services or law enforcement personnel when requested and in a reasonable timeframe. By confirming a booking and signing our Terms and Conditions, guests consent to this use of their data in this way.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Certain metrics on your browsing behaviour are collected by this website, in line with industry norms. These anonymous data may include the length of time you spend interacting with pages, your search terms and your IP address, amongst others. This data is collected in order to improve the design of the website and also help detect and guard against automated malicious programs.

Who we share your data with

Anyone who connects/likes/follows/subscribes to our various social media pages (eg: Facebook, Twitter, etc) enters into a separate agreement with that organisation and users who do so are entitled to manage their own engagement with these platforms as they wish.

The browsing behaviour of visitors specifically on this website  is shared with Google and collected internally by Arc Guiding, for the purposes of marketing and effective website design. Some analytics data may also be shared with our web developer ‘Yellow Cherry Digital’.

Our web host ‘Inch Hosting’ also has reasonable access to any data stored on this site.

We do not process card payments directly through this site and we request that guests do not transmit sensitive financial data (eg: card numbers) to us either through this site or by email. Any card transactions are channeled through Paypal, with whom customers also enter into a separate and direct relationship at time of payment.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Malcolm O’Reilly, Arc Guiding, 1 School Road, Dulnain Bridge, Grantown-on-Spey, Inverness shire, Scotland PH26 3NX

Additional information

How we protect your data

Any personal information you submit as a paying guest using our guiding services is held in a secure and encrypted cloud storage service. Hardcopies are only generated when essential for guiding operations and are then kept securely with guiding staff at all times.  Only thoroughly trained and assessed staff, with a reasonable need to see this data are permitted to access and hold it. Hardcopies are then destroyed when that booked activity has been delivered.

What data breach procedures we have in place

Arc Guiding does not require paying guests or website users to create an account, except solely for the purposes of commenting on articles, etc. This alone significantly reduces the risk of sensitive data being compromised. Where sensitive personal information is collected, it is done via digital or downloadable/paper contact forms. Digital forms are encrypted via the HTTPS standard. Downloadable/paper forms are transmitted via secure email, by post, or in person. In the event of a breach, all affected guests/registered website users will be contacted directly and informed of what information has been compromised, so they can take their own remedial steps. Arc Guiding undertakes to regularly review its own data security procedures and infrastructure, in order to comply with legal standards.

What third parties we receive data from

This website is regularly and automatically updated via the WordPress platform and its curated collection of software vendors. Some software on this website is supplied and monitored by external vendors, separate from WordPress.

What automated decision making and/or profiling we do with user data

We do not engage in automated decision making, marketing or profiling using visitors/customers data.

Industry regulatory disclosure requirements

Arc Guiding and this website undertake to abide by the GDPR (General Data Protection Regulations) rules.