Privacy Policy

Last Updated: June 15, 2023

Welcome to MatchCritique.com. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our mountain excursion services.

1. Information We Collect

1.1 Personal Information

We may collect the following personal information when you register for an account, book an excursion, or interact with our website:

• Name, email address, phone number, and postal address
• Date of birth and gender (for excursion safety and planning purposes)
• Emergency contact information
• Health information relevant to mountain activities (such as medical conditions, allergies, or fitness level)
• Payment information (credit card details, billing address)
• Profile pictures and user preferences

1.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device, including:

• IP address, browser type, operating system
• Pages you view, time spent on pages, links clicked
• Referral source and geographic location (country/city level)
• Device information (type, ID, and settings)

1.3 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. These technologies help us analyze website traffic, personalize content, and improve your experience. You can control cookies through your browser settings, although blocking certain cookies may limit your ability to use some features of our website.

2. How We Use Your Information

We use your information for the following purposes:

• To provide and manage our mountain excursion services, including booking, itinerary planning, and safety preparations
• To process payments and billing
• To communicate with you about bookings, services, updates, and promotional offers
• To personalize your experience and deliver content relevant to your interests
• To improve our website, services, and customer experience
• To ensure the safety and security of our excursion participants
• To comply with legal obligations and resolve disputes
• To prevent fraud and protect our rights and the rights of our users

3. Legal Basis for Processing (GDPR Compliance)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary for the performance of our contract with you (e.g., booking and providing excursion services)
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, preventing fraud, and ensuring safety, provided these interests are not overridden by your rights and freedoms
• Legal Obligation: Processing necessary to comply with legal requirements
• Consent: Processing based on your specific consent, such as for marketing communications

For health-related information, which is considered special category data under GDPR, we process this information with your explicit consent and for the protection of your vital interests during mountain excursions.

4. Information Sharing and Disclosure

We may share your information with:

• Service Providers: Third-party vendors who help us operate our business (payment processors, cloud service providers, IT support)
• Mountain Guides and Excursion Partners: Local guides and service providers who assist in delivering our excursion services
• Emergency Services: In case of emergencies during excursions, we may share relevant information with rescue services or medical providers
• Legal Requirements: When required by law, court order, or governmental regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate safeguards for your data

We do not sell your personal information to third parties. Any third parties with whom we share your information are contractually obligated to use it only for the purposes specified and to provide adequate protection for your data.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

• The duration of our ongoing relationship with you
• Legal obligations to retain data for certain periods
• Statutes of limitations under applicable law
• Operational necessity and legitimate business interests

When we no longer need to process your information, we will either delete or anonymize it, or if deletion is not possible, securely store and isolate it from further processing.

6. Your Rights

Depending on your location, you may have various rights regarding your personal information, including:

• Access: The right to know what personal information we have about you
• Rectification: The right to correct inaccurate information
• Erasure: The right to request deletion of your information in certain circumstances
• Restriction: The right to request limited processing of your information
• Data Portability: The right to receive your information in a structured, commonly used format
• Objection: The right to object to certain processing activities
• Withdraw Consent: The right to withdraw any consent you have provided
• Complaint: The right to lodge a complaint with a supervisory authority

To exercise your rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within the timeframe required by applicable law.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, accidental loss, alteration, or destruction. These measures include:

• Encryption of sensitive data in transit and at rest
• Secure network infrastructure with firewalls and intrusion detection
• Regular security assessments and vulnerability testing
• Access controls and authentication procedures
• Staff training on data protection and security practices

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

8. International Data Transfers

As a mountain excursion service, we may operate in multiple countries and transfer your information across international borders. When we transfer personal data outside the European Economic Area (EEA) or other regions with data protection laws, we ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for transfers within our corporate group
• Adequacy decisions for countries recognized as providing adequate protection

By using our services, you acknowledge that your information may be transferred to and processed in countries other than your country of residence.

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information. If you believe we may have collected information from a child, please contact us.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically. If we make material changes, we will provide appropriate notice, such as a prominent website notice or an email notification.

11. Governing Law

This Privacy Policy is governed by and construed in accordance with applicable data protection laws, including but not limited to the GDPR for users in the European Union.