1. Interpretation

The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

2. What this Policy Covers

• The data controller is Great Himalaya Trail, referred to in this policy as “we” or “us”. “You” means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
• We are committed to doing the right thing when it comes to how we collect, use and protect
  your personal data. That’s why we’ve developed this privacy and cookies policy (“Policy”), which:
  • sets out the types of personal data that we collect;
  • explains how and why we collect and use your personal data;
  • explains when and why we will share personal data within Great Himalaya Trail and with other organisations; and
  • explains the rights and choices you have when it comes to your personal data.
• This Policy applies to you if you use our services (referred to in this Policy as “our Services”). Using our Services means shopping with us over the phone, or online or otherwise using any of the websites (“our Websites”) or mobile applications (“our Mobile Apps”) where this Policy is posted. This Policy also applies if you contact us or we contact you about our Services.
• Our Websites or Mobile Apps may contain links to other websites operated by other organisations that have their own privacy policies. Please make sure you read the terms and conditions and privacy policy carefully before providing any personal data on a website as we do not accept any responsibility or liability for websites of other organisations.

3. Who we are?

The data controller officer for Great Himalaya Trail is Mr Robin Boustead (robin {at} greathimalayatrail.com),
who can be contacted at any time regarding this Policy.

4. What information do we collect?

This section tells you what personal data we may collect from you when you use our website and what other personal data we may receive from other sources. When you shop with us online or browse our Websites or use our Mobile Apps, we may collect:

• Your personal details, including your postal and billing addresses, email addresses, phone numbers and date of birth and title.
• Your account login details, such as your username and the password that you have chosen.
• Information about your online purchases (for example, what you have bought, when and where you bought it and how you paid for it).
• Information about your online browsing behaviour on our Websites and Mobile Apps and information about when you click on one of our adverts (including those shown on other organisations’ websites).
• Information about any devices you have used to access our website (including the make, model and operating system, IP address, browser type and mobile device identifiers).

Other sources of personal data we may collect.
We may also use personal data from other sources, such as specialist companies that supply information, online media channels, our Retail Partners and public registers. For example, Facebook and Instagram likes and interactions that will help us to:

• review and improve the accuracy of the data we hold; and
• improve and measure the effectiveness of our marketing communications, including online advertising.

5. How do we use personal information?

This section explains in detail how and why we use personal data. We use personal data to make your shopping experience easier, faster and allow greater access for you to our range of products. This means that processing your personal data allows us to:

• Process your orders and refunds
  – so that we can manage your customer accounts, provide you with the goods and services you want to buy and help you with any orders and refunds you may ask for.
• Manage and improve our day-to-day operations including this website and mobile apps – We use cookies and similar technologies on our Websites and Mobile Apps to improve your customer experience. Some cookies are necessary so you should not disable these if you want to be able to use all the features of our Websites and Mobile Apps. You can disable other cookies but this may affect your customer experience.
• Help to develop and improve our product range, services, information technology systems, know-how and the way we communicate with you – we rely on the use of personal data to carry out market research and internal research and development, and to improve our information technology systems (including security) and our product range, services and stores.
• Detect and prevent fraud or other crime – it is important for us to monitor how our Website and Mobile Apps are used to detect and prevent fraud, other crimes and the misuse of services.
• Personalise your shopping experience by using your online browsing behaviour to help us better understand you as a customer and provide you with personalised offers and services.
• Provide you with relevant marketing communications (including by email, post or online advertising), relating to our products and services. You can change your marketing choices when you register with us, and at any time after that.
• Contact you and interact with you about our products, for example by email or post or by responding to social media posts that you have directed at us.

6. What legal basis do we have for processing your personal data?

In relation to the headings mentioned in the section above (“how and why we use your personal data”), our legal basis for processing your personal data is:

• Make our Services available to you – Contractual Necessity for purchase & transaction data, contact details, profile details, delivery/collection details. We will not be able to provide you with your products or services if you do not provide us this data. Legitimate Interests following fulfilment of your order for other personal data in that section.
• Manage and improve our day-to-day operations – Legitimate Interests.
• Personalise your GHT experience – Legitimate Interests.
• Contact and interact with you – Legitimate Interests.

Where we have mentioned above our use of your personal data is based on our “legitimate interests”, these are:

• to service our customers’ needs, including delivering our products and services;
• to promote and market our products and services;
• to understand our customers including their patterns, behaviours as well as their likes and dislikes;
• to protect and support our business, colleagues, customers and shareholders;
• to prevent and detect anti-social behaviour, fraud and other crime;
• to test and develop new products and services as well as improve existing ones.

7. When do we share personal data?

This section explains how and why we share personal data with Retail Partners and Service Providers.
When we share personal data with these companies we require them to keep it safe, and they must not use your personal data for their own marketing purposes.
Retail partners
We work with a number of Retail Partners who sell our products through their own-managed channels.
We only share personal data that enable our Retail Partners to provide their services (for example, your name and contact details so that they can deliver your items).
Service Providers
We work with carefully selected Service Providers that carry out certain functions on our behalf (technology services, storing, combining and analysing data, processing payments, legal and professional services, delivering orders). We only share personal data that enable our Service Providers to provide their services. Some Service Providers operate online media channels and place relevant online advertising for our products and services.We may also share personal data:

• if the law or a public authority says we must share the personal data or for the administration of justice;
• if we need to share personal data in order to establish, exercise or defend our legal rights (including preventing fraud);
• where we restructure, sell or transfer our business (or a part of it), for example in connection with a takeover or merger.

8. Where do we store and process personal data?

We apply physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data:

• We protect the security of your information while it is being transmitted by encrypting it;
• We use computer safeguards such as firewalls and data encryption to keep this data safe;
• We only authorise access to employees and trusted partners who need it to carry out their responsibilities;
• We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out penetration testing;
• We will ask for proof of identity before we share your personal data with you; and
• We will reveal only the last four digits of your payment card number when confirming an order.

Whilst we take appropriate technical and organisational measures to safeguard your personal data, it is important that you keep your login details and devices protected from unauthorised access.

9. How long do we keep your personal data for?

We will not keep your personal data longer than we need to. How long this is depends on several factors, including:

• Why we collected it in the first place (e.g., to ensure payment authority, supply your order and provide ongoing service);
• Whether we are required by Nepal law to keep your transaction records for a certain period — after that all records will be destroyed;
• Other legal/regulatory reasons to keep a transaction history and your personal information; and
• Whether we need it to protect you or us.

10. Use of cookies and other technologies

We and our partners use cookies and similar technologies, such as tags and pixels (“Cookies”), to personalise and improve your customer experience as you use our Websites and Mobile Apps and to provide you with relevant online advertising. This section provides more information about Cookies, including how we use them and how you can exercise your choices about our use of Cookies.
How we use Cookies
Cookies are small text files containing a unique identifier, which are stored on your computer or mobile device so that your device can be recognised when you are using a particular website or mobile app. They can be used only for the duration of your visit or they can be used to measure how you interact with services and content over time. Cookies help to provide important features and functionality on our Websites and Mobile Apps, and to improve your customer experience. When you consent to Cookies on our Services, these may be used to do the following:

• Improve the way our Websites and Mobile Apps work – remember your preferences and the contents of your shopping basket when you return.
• Improve performance – understand how our Websites and Mobile Apps are being used (mostly aggregated and anonymous data).
• Deliver relevant online advertising – help deliver adverts most relevant to you on our Websites and other organisations’ websites and social media.
• Measure effectiveness – tell us if you have seen a specific advert and measure the effectiveness of our marketing communications.

11. Your rights in relation to personal data

You have the right to see the personal data we hold about you (a Subject Access Request). If you would like a copy of the personal data we hold about you, please write to Great Himalaya Trail (email: robin {@} greathimalayatrail.com).In relation to your personal data, you also have the right to:

• Have inaccurate information corrected.
• Object to our use of it. You may make a general objection or an objection in relation to direct marketing — we will stop using your personal data for direct marketing purposes if you object.
• Restrict our use of it. (e.g., where accuracy is disputed or the data has been unlawfully processed but you do not want deletion.)
• Have us delete it. (e.g., where we no longer need it, you withdraw consent and we have no other grounds to process it, or we have unlawfully processed it.)
• Complain to the data protection regulator. You can complain to the EU Data Protection Supervisor (EDPS) — see their website for details.