Privacy & Cookie Policy



  • Ellis Brigham Privacy Statement

    Please click here to download our Privacy Statement(.PDF file)

    Ellis Brigham Privacy Policy

    Contents

    Foreword
    Introduction
    General Data Protection Regulation (GDPR)
    - Lawful Basis
    - GDPR Data Inclusions - Personal Data
    - GDPR Data Exclusions - Transactional & Location Data
    - GDPR Data Exclusions - Financial Data
    - Profiling
    - Processing Personal Data
    - Accessibility
    - Subject Access Request (SAR)
    - Right to be Forgotten (RTBF)
    CCTV
    Trustpilot Consumer Recommendations
    Mailing & Telephone Preference Service (MPS & TPS)
    Privacy & Electronic Communications Regulations (2003)
    - Online Shopping
    - Google Certified Shops
    - The Use of Cookies
    - Links to Other Websites
    Social Media & Associated Competition Entries
    Security
    Our Responsibility Commitment
    ICO - Declaration


    Foreword

    Ellis Brigham Holdings Limited and all of its subsidiaries are controlled by the same executive team who have led the company's growth within the outdoor leisure pursuits market, as well as driving its values, ethics and culture. This same executive team are also responsible for all legislative and regulatory demands placed upon the company including the safeguarding and security of our stakeholders' data, namely our customers, past, present and future, a duty that falls to our 'Data Controller'.

    We accept that in transacting with Ellis Brigham, for purchase or return of goods and services, or to simply request further information from us, it's possible that you do so without having first read this Privacy Policy, and that you place this level of trust upon us due to the traditional values we hold for decency, fairness and transparency.

    In upholding these levels, we have compiled this Privacy Policy which sets out our obligations and commitment to you. We also want you to know that you can request to see the data we hold on you, challenge its accuracy or revoke permission by withdrawing your consent at any time.

    Throughout your relationship with us, your personal data remains yours, we are simply fortunate to possess it to help us conduct a supportive and meaningful business relationship which we hope you will continue to value.


    Introduction

    Ellis Brigham operates several limited companies and brands (listed below). All activities within the group combine to form Ellis Brigham Holdings Limited (06837170). They are all registered at; 47 Brunel Avenue, Salford, Manchester M5 4BE. They are; -

    • Ellis Brigham Limited (Co Reg 01951886)
    • Ellis Brigham Mountain Sports Limited (Co Reg 06836989) - www.ellis-brigham.com
    • The Snowboard Asylum Ltd (Co Reg 02889350) - www.snowboard-asylum.com

    All The Snowboard Asylum (TSA) Stores are owned and operated by Ellis Brigham Mountain Sports Ltd. This will also be stated at the purchase points within these stores and also on every till receipt.

    • Outsiders Store Ltd (Co Reg 10761494) - www.outsidersstore.com
      All Outsiders Stores are owned and operated by Ellis Brigham Mountain Sports Ltd. This will also be stated at the purchase points within these stores and also on every till receipt.

    In addition to the above, the company also uses several other trading/brand names which exist solely for the benefit of segmenting and extending the company's reach; they are not separate registered businesses.

    • Vertical Chill - https://www.vertical-chill.com
    • The North Face - Several The North Face stores are operated by Ellis Brigham Mountain Sports Ltd. You will see this stated at the till of these stores and also on every till receipt

    When we refer in this document to, 'We, 'Us' or 'Ellis Brigham' we are including the entire group of companies and their associated brand offerings. When we refer to 'stakeholders', 'data subjects', 'consumers' or 'customers' we are speaking about members of the public who have a direct relationship with us and our products and services and in so doing share their data as a result.


    General Data Protection Regulation (GDPR)

    On 25th May 2018 the Data Protection Bill frequently referred to as GDPR (General Data Protection Regulation) comes into force and replaces the Data Protection Act (1998). At the same time as this occurs in the UK, the rest of Europe will also be introducing GDPR in each of the respective countries.

    There are many similarities between the DPA and GDPR however, there are a few significant differences which bring positive changes to the way personal data is stored and processed. This applies to data held in digital and printed forms where it is used.

    Lawful Basis

    The first of the changes under the new regulations, requires businesses to confirm on what basis they believe they should have access to your personal data, either 'Legitimate Interest' or full 'Consent'.

    At Ellis Brigham we believe that the most transparent and appropriate way for us to serve your needs is with your full 'Consent' which must be given freely and without coercion or restriction on our part.

    At the time you provide your personal data to us we will make it clear to you what you're providing it for e.g. to complete a specific sale, warranty, refund or catalogue sign-up, loyalty scheme or promotional marketing campaign (such as special offers/events/prize draws/surveys etc.). Under this requirement, whatever purpose you initially provide your consent for remains valid for that purpose only. As we continue to serve you, we amalgamate these sources so that we know precisely what we are entitled to use your data for. As consent is the entry basis we have always prescribed to, nothing has changed in that regard.

    GDPR Data Inclusions - Personal Data

    Under the new regulations the emphasis is that you, our customer and 'data subject' are in control of who you provide your personal data to, granting us permission to use it so that we may provide you with the services you choose in support of a commercial relationship with us. Put simply, you are in effect 'loaning' us the access rights to your personal data until you see fit to change this arrangement.

    Personal data, often referred to as personal information, includes things like your name, address, email address, age*, date of birth, telephone number(s) and social media accounts, but it can also include things like your account number(s), or a unique IP address - anything in fact that can link to you as an individual. This all falls under the protection of GDPR.

    *You may find that in some areas we ask you to confirm that you are 13 years of age or over. This is because under the new regulations the UK Information Commissioner's Office (ICO) has deemed 13 years of age to be the point at which a child can provide consent to allow the processing of his/her own personal data. We are also obliged to ask for proof of age when selling certain products, including (but not limited to) knives, multitools, ice axes or fuel.

    GDPR Data Exclusions - Transactional & Location Data

    This is different to personal data and includes things related to your purchase history, namely the method you used to make a purchase from us, such as one of our online websites, or in-store; it might also include when you made this purchase and which of our stores you purchased your goods from. As GDPR's focus is to protect your personal data, this information is not included under the regulations. However, should you ask to see the data we hold in addition to the personal data we retain, we may still show you examples of this, but this is an extension to our obligations and our way of extending the level of trust and transparency.

    GDPR Data Exclusions - Financial Data

    This is the third example of data that passes through our business and it includes credit and debit card information. However, the security of this is controlled through other regulations (namely the Payment Card Industry - Data Security Standards) which exists to further reduce your (and our) personal risk. This data bypasses Ellis Brigham's systems and instead enters a payment gateway to be processed directly between your bank or charge card company, and our financial partner.

    Profiling

    Data profiling is a trusted technique that attributes other assumed or known factors to the personal data that you consent to provide us. The process will add things such as: the typical size of your family, the size and approximate value of your home, the occupation you might have, your age range, your propensity to read certain newspapers or respond to email campaigns.

    By understanding more about you we believe this will help us to improve the service we offer but we don't believe we should do this without your consent. So, over the course of your consent we will occasionally seek your approval for this periodically. Under GDPR you will always be able to see what data we hold on you by serving a 'SAR' a Subject Access Request upon us (details on this follow below).

    Processing Personal Data

    Under the Data Protection Bill once your data is passed to us, therefore by definition we become the 'Data Controller'. This definition is the highest definition placed upon us by the ICO and means that we are charged with utmost level of care when it comes to safeguarding your privacy. 

    To preserve our relationship with you and not cause unnecessary frustration or anxiety to others, Ellis Brigham will from time-to-time work to maintain the quality and relevancy of the data we hold, processing it against nationally-verified suppression files such as change of address data, gone-away and bereavement registers. Whilst we are not obliged to do this, we believe that in order to fulfil our obligations as 'Data Controller', this remains good business practice and provides a duty of care to our customers and their families.

    Accessibility

    Personal, location and transactional data is collected through our businesses systems and is the responsibility of the company's Data Controller within Ellis Brigham Mountain Sports Ltd (within our Privacy Team). You can ask to see or amend what you believe are errors within this data or remove your permission for us to retain it, by reading the steps that we describe next e.g. 'Subject Access Request' & 'Right to be Forgotten'. For anything else, you can always contact our Privacy Team by emailing 'privacy@ellis-brigham.com'.

    Subject Access Request (SAR)

    You can ask to receive a copy of your personal data whenever you choose under a process called a 'Subject Access Request'. Under a 'SAR' we will provide you with a FREE copy of all the personal data we hold on you in a machine-readable format (Microsoft Excel) within 30 days of us being able to successfully validate who you say you are. This is particularly relevant in order to avoid any security breaches or false claims for access to your personal data.

    If we believe your request is complex or numerous we can extend the process for a further two months, but we will explain to you why this has been necessary within the initial 30 days of us validating who you are. If we deem your requests to be manifestly unfounded, excessive or particularly repetitive we are permitted to charge a reasonable administration fee to comply with requests for further copies of the same information. Should these excessive requests continue we are legally entitled to refuse your request, which should you disagree, you are within your rights to contact the Information Commissioner's Office and state your claim. All SAR requests are logged within our systems to manage the individual frequency of each request.

    You can see how to submit a Subject Access Request to our Privacy Team by visiting the SAR/RTBF (Right to be Forgotten) page of any Ellis Brigham website. All our websites are listed in the Introduction of this Privacy Policy.

    Right to be Forgotten (RTBF)

    Should you ever decide to refuse us permission to use your personal data, you can invoke your 'Right to be Forgotten'. In activating this process, we will need to remove all your personal details from our systems. Once removed, this information will not be available to you, or us again, and should you recommence your relationship with us at a future date and provide us with a fresh set of permissions, none of your previous personal data would be available for re-assignment at that stage.

    You can invoke your Right to be Forgotten to our Privacy Team by visiting the SAR/RTBF (Right to be Forgotten) page of any Ellis Brigham website. All our websites are listed in the Introduction of this Privacy Policy).

    N.B. Please note that should you decide to invoke your RTBF, we are still required under other company law to store any transactional data that would have once been connected to you as an individual.

    CCTV

    You will see located around our retail stores CCTV recording equipment. This equipment is there to safeguard you and our property whilst on our premises. It is not used to assign a personal identity to your photographic image and is therefore not governed by GDPR. This information may be legally used by the Police or other law enforcement agencies if called upon as part of any investigation.


    Trustpilot Consumer Recommendations

    Whilst we would welcome feedback on our service from every customer in future we will only seek the views of customers who have taken the active step of opting-in for email marketing communications. Doing so allows us to send them a link asking them to submit feedback on their purchase.


    Mailing & Telephone Preference Service (MPS & TPS)

    Once you have given us your consent to communicate with you, any registration of your personal details on the Direct Marketing Association's Mailing Preference Service (MPS) or Telephone Preference Service (TPS) cease to become valid until you rescind your consent directly with us through any of the methods described above. Ellis Brigham's policy of direct consent remains the only position we will use to communicate with customers.


    Privacy & Electronic Communications Regulations (2003)

    The PECR is derived from European law (European Directive 2002/58/EC) and is also known as the 'E-Privacy Directive'. This regulation supplements the regulations under GDPR with its primary focus addressing personal privacy across passive or active forms of distributed electronic communication e.g. Email, SMS (Text Messaging), website tracking cookies, apps, digital telephony, etc.

    In 2019 this Regulation will be amended and renamed the ePrivacy Regulation (ePR) and will be adopted by Ellis Brigham within this Privacy Policy.

    Online Shopping

    We accept that in this increasingly complex and joined-up world, consumers may not be au fait with the methods used to gather personal data, but as a Data Controller it is our role to make this as transparent as possible and provide you with a pathway to rescind your permission at any time wherever we can.

    Google Certified Shops

    Details regarding your online transaction will be monitored by Google in accordance with their own Certified Shops Privacy Policy. Ellis Brigham have no control over this, but they (Google) may contact you to discuss your shopping experience with us.

    The Use of Cookies

    A cookie is a piece of computer code - a text file - that is made up of a series of letters and numbers and placed on your device each time you visit one of our websites. Although they may sound sinister to some, they're actually very useful as they allow us to greatly improve your, and the other users of your devices', visits to our sites, simply by understanding more about your preferences and interests. Some cookies are essential because without them the website would not appear correctly in your browser.

    The cookie itself does not contain or collect personally identifiable information but instead will remember previous purchases, page visits and account details and will help us to recommend products that suit the users of your devices. These recommendations and preferences are all made automatically and are not associated with any personal information we have previously collected about your interests.
    When you first visit the website you will be asked to accept our cookie policy, and you may also remove any cookies by adjusting the software settings of your browser to either delete the cookies which already exist and/or block new ones from being stored or accessed, (see below for more information).

    All of the cookies we use are solely for the benefit of you, your device users and us. This is how they can be broken down:

    Essential Cookies

    These are session specific cookies and expire after you leave the website. They are essential because without them the website wouldn't work properly. For example, the basket page would forget what you've got in your basket; they are not used for marketing or any tracking purposes, and don't store or retain any superfluous data about your visit to the website.

    Essential cookies we use:

    __atuvc
    _hjIncludedInSample
    _sp_id.f234
    _sp_ses.f234
    ASP.NET_SessionId
    basket
    EBBasketId
    EBBasketTotal
    EBBodyClass
    EBCrumb
    LUser
    order
    pnctest
    sc_fb
    sc_fb_session
    yourAuthCookie

    Performance Cookies

    Our website uses Google Analytics to provide aggregated information about visitors. This data can't be used to personally identify anyone, and allows us to monitor how well our website is working, the effectiveness of our marketing campaigns, and can tell us if there are any problems that we need to address. We also use a customer relationship management (CRM) platform called Freshdesk which powers the Live Chat service on our website. Freshdesk cookies store usage information so that we can help website users who are experiencing problems or need help on the website. These cookies don't gather personal data and can't be used to identify you, unless you choose to provide an email address when using live chat. These cookies are non-essential to your visit and if you disable them your experience on the website won't be affected.

    Non-sssential performance cookies we use:

    Name Domain
    _EDGE_S .bing.com
    _EDGE_V .bing.com
    _RwBf .bing.com
    _SS .bing.com
    _UR .bing.com
    MSCC .bing.com
    MUID .bing.com
    SRCHD .bing.com
    SRCHHPGUSR .bing.com
    SRCHS .bing.com
    SRCHUID .bing.com
    SRCHUSR .bing.com
    __utma .ellis-brigham.com
    __utmb .ellis-brigham.com
    __utmb .ellis-brigham.com
    __utmc .ellis-brigham.com
    __utmt .ellis-brigham.com
    __utmv .ellis-brigham.com
    __utmz .ellis-brigham.com
    _sckey .ellis-brigham.com
    _scsess .ellis-brigham.com
    _uetsid .ellis-brigham.com
    persomi .persomi.com
    CHATSESS chat.freshdesk.com
    sdata chat.freshdesk.com
    sid chat.freshdesk.com
    DV www.google.co.uk
    _gmb_ga_test www.google.com
    OTZ www.google.com

    Marketing and Advertising Cookies

    These cookies are used to deliver targeted adverts or website content based on the products and web pages you've been looking at. In some cases these adverts may be displayed on third party websites (e.g. Facebook). No personally identifiable data will be gathered, and these cookies like the performance cookies are non-essential.

    Non-essential advertising cookies we use:

    Name Domain
    DSID .doubleclick.net
    IDE .doubleclick.net
    c_user .facebook.com
    datr .facebook.com
    fr .facebook.com
    pl .facebook.com
    sb .facebook.com
    xs .facebook.com
    __unam .getsidecar.com
    __unam .getsidecar.com
    _ga .getsidecar.com
    _lo_u .getsidecar.com
    _lo_uid .getsidecar.com
    _lo_v .getsidecar.com
    _vwo_uuid_v2 .getsidecar.com
    1P_JAR .google.com
    AID .google.com
    APISID .google.com
    CONSENT .google.com
    HSID .google.com
    NID .google.com
    S .google.com
    SAPISID .google.com
    SID .google.com
    SIDCC .google.com
    SSID .google.com
    AID .googleadservices.com
    AID .googleadservices.com
    AID .googleadservices.com
    __cfduid .t.trackedlink.net
    analyticsid .www.findthetwenty.com
    wsid .www.findthetwenty.com
    MUIDB bat.bing.com

    Cookie Removal:

    The best way to do this is in your own browser settings, where you can disable cookies entirely or for specific for domains, i.e. websites you visit. We've listed help pages that explain how to do this for the main browsers below:

    Disable cookies in Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en
    Disable cookies in Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
    Disable cookies in Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
    Disable cookies in Safari: https://support.apple.com/kb/ph21411?locale=en_GB


    Links to Other Websites

    Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over any other website  or your personal data privacy (with the exception of www.snowboard-asylum.com, www.vertical-chill.com and www.outsidersstore.com).


    Social Media & Associated Competition Entries

    We run frequent competitions online across Facebook, Instagram and Twitter's social media channels to maintain engagement and interaction with our customers, fans and followers. We also use social media to make announcements about our forthcoming events, product launches and other industry initiatives.

    In the main, these channels are used purely as a broadcast mechanism rather than a means of gathering data except in the case of a competition, where we will gather various elements of your personal data that you have consented to place in a public forum. This may for example include your name, account name/account ID, photographs and posts.

    This personal data is required to form the basis of the 'contract' between us, that is your willingness to enter the competition for fun and for the opportunity to win an associated prize, and for us to be able to make a random selection of the prize draw winner and to notify them of their success. Any personal data collected will be processed and used by us, only to the extent that is required in order to run the competition and to make an announcement to and about the successful entrant. Where this is not Ellis Brigham, this may mean that in some cases we will be required to pass your details to the brand partner responsible for donating prizes, so that they can despatch your prize directly to you. Whenever that is the case we will make it clear who the prize donor/promoter is by providing their company name and address on each promotion, so that you have a free choice whether to consent to entering the competition or not.

    In taking the decision to enter one of our online competitions you accept that in order to fulfil our legal obligations of announcing the winner, we will also publish some elements of your personal information online, either in the forum used for the competition, or on one of our websites, but in so doing, we will not make all the information we have about you public.

    Ellis Brigham abides with the Gambling Act 2005 and follows the British Code of Advertising Practice (BCAP) guidelines on gaming and sales promotions.


    Security

    We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.


    Our Responsibility Commitment

    Ellis Brigham's Data Controller will be responsible for the storing and processing of your data once you've given us your permission to use it and regardless of which of our data collection sources it comes to us from (catalogue/mail order sign-up, email marketing, store promotions, social media etc). At no stage will your personal data find its way into our systems unless you have willingly and freely provided it to us directly.

    In possessing your personal data, we accept that this does not give us the right to abuse its use, and that consequently we will take due consideration of the balance between what we deem to be infringing your privacy and our ability to provide you with timely information, in effect creating a level of 'Privacy by Design'. Should you feel we've got this slightly wrong you can always remove specific permissions such as unsubscribing yourself from any future email activity using the unsubscribe link sent within every email campaign.

    Additionally, should you have registered to receive any of our mail order catalogues but decide these are no longer relevant to you, you can rescind your initial decision by visiting the catalogue sign-up page of the appropriate Ellis Brigham website and amending your preferences.

    Beyond these options (or the SAR/RTBF methods discussed earlier), we will also act in the background in other ways to preserve your personal data privacy. If you have neither opened, forwarded or clicked on an embedded link within any email from us we will automatically remove your email details from our marketing email system after 500 days of inactivity. Furthermore, if your entire commercial relationship with us appears to have ceased over a period of five years, then we will automatically obfuscate (that is, to render useless) your personal data.

    Our Data Controller commits to maintaining your personal privacy throughout amendments to our system infrastructure and any of the commercial relationships we have with our third-party suppliers. These ongoing changes require that we review our Privacy Policy no less than once per annum and update the Policy edition, regardless of changes to the material content.

    The only time we will share your data with anyone other than you, or members of our staff will be if we are required to do so as part of an investigation by law enforcement authorities.

    Any changes we make to this Privacy Policy will be for the benefit of our customers and employees, but no changes will be made that breach our duty of care or any regulation. All changes will be notified in writing directly to you and also on our website.


    ICO - Declaration

    Should you ever feel that we have not met the regulations, Ellis Brigham Holdings Limited operates two businesses that are registered with the Information Commissioner's Office, these are; -

    • Ellis Brigham Mountain Sports Ltd & TSA - ICO Registration Number Z182411X
    • Ellis Brigham Ltd & Vertical Chill - ICO Registration Number: Z549203X