Active Wear & Outdoor Leisure Limited (AWOL) is registered with Companies House with the company number 02932936 at the address:

1-2 Rosslyn Parade

Uxbridge Road

Hillingdon

Middlesex

UB10 0NP

Trading under the names ‘Ski Bartlett’ and ‘Sputnik’, AWOL acts as the Data Controller responsible for handling your data.

For simplicity throughout this policy, any mentions of ‘we’ and ‘us’ refer to Active Wear & Outdoor Leisure Ltd.

The General Data Protection Regulation lays out various reasons why a company may collect and process your personal data.

Consent

The simplest reason; this is where you allow us to collect your data. For example, if you tick a box to sign up to our email newsletters.  

Contractual Obligations

In certain situations we require your personal data to comply with our contractual obligations. For example, if you order an item for delivery we require your address details to deliver your purchase.

Legal Compliance

When required by law, we may need to collect and process your data. For example, we pass on details of fraudulent activity to the relevant law enforcement.

Legitimate Interests

In specific situations we may require some of your personal details to carry out tasks in both ours and your interest. For example, we require certain information to carry out boot fits and workshop procedures.  

All transaction information passed between merchant sites and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to your servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely assured that nothing you pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.

Once on the Sage Pay system, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data held is extremely secure and Sage Pay is regularly audited by the banks and banking authorities to ensure it remains so.

Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.

Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. Sage Pay is also an active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.

Sage Pay has multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.

All employees at Sage Pay are Criminal Records Bureau (CRB) checked prior to employment and no unauthorized individual has access to or is able to decrypt transaction information or cardholder data. 

• When you create an account with us
• When you use your account to purchase items online
• When you make a purchase as a guest – In this case we only collect the information required for delivery.
• When you purchase an item via phone
• When you contact us by any means with queries, complaints etc. 
• We use a CCTV system for both our and your safety. This system may record your image during your visit. 
• When you update your email preferences with your areas of interest.

• When you create an account or place an order with us with us we require your name, billing/delivery address, email and phone number.
• For our boot fit and workshop forms we require your name and contact information. 
• Workshop forms may also require additional information such as your age, height and weight. 
• Areas of interest, e.g., race, touring, freeride.

We want to provide all of our customers with the best possible experience. In order to achieve this, we do require some of your personal information. 

• To process any orders that you place using our website. If we do not obtain your delivery address, we cannot deliver your item to you. We may also be required to keep your details for a reasonable period after your order to fulfil any contractual obligations such as refunds or warranties. 
• To respond to your queries, requests and complaints. If you email or phone us we keep a record of this information along with other details such as your name to allow us to respond. We may keep a record of these to inform any future communication and demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
• To protect our customers, premises, assets and staff from crime we operate CCTV systems in our store which records and saves images for security. We do this on the basis of our legitimate business interests. If required, we may also share these images with the relevant law enforcement agencies. 
• To process payments and prevent fraudulent transactions. We do this on the basis of our legitimate business interests and to help protect our customers from fraud. 
• With your consent, we will use your personal data and details to keep you informed by email and telephone about relevant information. For example, sales or an item you enquired about coming back into stock. 
• If you update your email preferences with your areas of interest, we use this to tailor our email communications with you to make them more relevant. 
• To share your personal information with our authorised joint processors or our recommended third party partners for us to contact you on their behalf with marketing information about their products and services.

Data security is important. We treat your data with care and respect and take appropriate steps to protect it. Access to all areas of our website is secured using ‘https’ technology.

Your personal preference section is secured behind a password of your choosing. We ask that you choose a secure, effective password and do not disclose it to anyone else.

We will only keep your data for as long as is necessary for the purpose for which it was collected. 

When you place an order, we’ll keep the personal data you provide us for five years in order to comply with our legal and contractual obligations. After this period the order will remain on our system for internal analysis, however the information itself will be anonymised. 

With consent, records of our boot fit appointments and workshop procedures will be kept for five years. This is a sensible life span for a product and allows us to provide you or your insurance with a record and proof of purchase. 

When required, we may share your personal data with trusted third parties. For example, delivery couriers require your name, address and telephone number.

We only provide the information required for them to perform their specific services and we work with them to ensure that your privacy is respected and protected at all times.

If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Courier Companies

When you place an order with us or ask for something to be delivered to you, we pass on your name, address, email and phone number to one of our courier companies. The company we use depends on the item dimensions, your geographic location, and the requested shipping method. The companies we for this are:

• CSM Logistics
• Royal Mail - Privacy Policy
• Interparcel - Privacy Policy
• DHL - Privacy Policy
• Parcelforce - Privacy Policy

IT Companies

We use Visualsoft to build and host our website. This means that they do have access to the information on our system, however this will only ever be used for troubleshooting reasons. Please see their privacy policy for more information.

Touch Retail produce the inventory management system that we use. This system allows us to create user accounts on behalf of the customer which can be used for things such as holding items on reserve or adding a default discount rate. 

We also employ the use of PCA Predict software to allow our customers to auto-complete their addresses. This helps to save time as well as minimise mistakes.

• Visualsoft - Privacy Policy
• Touch Retail - Privacy Policy - see "Terms" tab
• Facebook - Privacy Policy
• Google - Privacy Policy

Direct Marketing Companies

Mailchimp provides the email communication system for our customers. To provide this feature we require your name and email address and email preferences. Mailchimp provides us with reports including open rate, click rate, and geographic distribution of opens. We use this information to improve the quality of our email communications with our customers.

We are always looking for feedback and reviews to help us improve our service. To help us manage this we use Trustpilot. After you have placed an order through our website you will receive an automated email with a request to leave a review of your experience. You are not obliged to leave a review; however, we appreciate all of the reviews we can get – both positive and negative. 

Salesfire provides our website with interactive elements such as sale buttons and overlays. Some features collect personal data for marketing purposes. Elements that collect data for marketing purposes will require customer consent.

• Mailchimp - Privacy Policy
• Trustpilot - Privacy Policy
• Salesfire - Privacy Policy

Multi-Channel Sales

To offer our products to a wider market we also operate eBay and Amazon stores. When you purchase through either of these channels you provide your payment and delivery information to eBay or Amazon which is then copied through to our own system. Please see the relevant privacy policies below:

• eBay - Privacy Policy
• Amazon - Privacy Policy
• Simply Book (Boot Fitting Micro Site) - Privacy Policy

Law Enforcement & Customs Agencies

We do not tolerate any form of fraud. If we become aware that such an activity has taken place, we will not hesitate to pass on your details to the relevant law enforcement. We will also provide whatever assistance we can.

When we send products abroad, we may need provide information to customs agencies. This is usually limited to the clarification of contact details for which we will always contact you about.

You have the right to request:

• Access to the personal data we hold about you and a copy of this information
• The correction of your personal data when incorrect, out of data or incomplete
• That we stop using your personal data for direct marketing (removal from mailing lists)
• That we stop any consent-based processing of your data after you withdraw that consent
• The deletion of all personal data that we hold 

We use cookies to ensure that our websites operate as smoothly as possible and to offer you the best customer experience. You have every right to disable the use of cookies on our website or through your browser, however this will affect the functionality of our websites.

For more information please view our Cookie Policy

Our websites may contain links to other Web Sites ("Linked Sites"). The Linked Sites are not under our control and we are not responsible for the contents of any Linked Site, including without limitation any link contained in a Linked Site, or any changes or updates to a Linked Site. We are not responsible for webcasting or any other form of transmission received from any Linked Site. We providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by us of the site or any association with its operators.