We hope that the following sections will answer any questions that you may have, but if not please do not hesitate to contact us: firstname.lastname@example.org or 020 8573 2076
Active Wear & Outdoor Leisure Limited (AWOL) is registered with Companies House with the company number 02932936 at the address:
1-2 Rosslyn Parade
Trading under the names ‘Ski Bartlett’ and ‘Sputnik’, AWOL acts as the Data Controller responsible for handling your data.
For simplicity throughout this policy, any mentions of ‘we’ and ‘us’ refer to Active Wear & Outdoor Leisure Ltd.
The General Data Protection Regulation lays out various reasons why a company may collect and process your personal data.
The simplest reason; this is where you allow us to collect your data. For example, if you tick a box to sign up to our email newsletters.
In certain situations we require your personal data to comply with our contractual obligations. For example, if you order an item for delivery we require your address details to deliver your purchase.
When required by law, we may need to collect and process your data. For example, we pass on details of fraudulent activity to the relevant law enforcement.
In specific situations we may require some of your personal details to carry out tasks in both ours and your interest. For example, we require certain information to carry out boot fits and workshop procedures.
All transaction information passed between merchant sites and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to your servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely assured that nothing you pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Once on the Sage Pay system, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data held is extremely secure and Sage Pay is regularly audited by the banks and banking authorities to ensure it remains so.
Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.
Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. Sage Pay is also an active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.
Sage Pay has multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.
All employees at Sage Pay are Criminal Records Bureau (CRB) checked prior to employment and no unauthorized individual has access to or is able to decrypt transaction information or cardholder data.
We want to provide all of our customers with the best possible experience. In order to achieve this, we do require some of your personal information.
Data security is important. We treat your data with care and respect and take appropriate steps to protect it. Access to all areas of our website is secured using ‘https’ technology.
Your personal preference section is secured behind a password of your choosing. We ask that you choose a secure, effective password and do not disclose it to anyone else.
We will only keep your data for as long as is necessary for the purpose for which it was collected.
When you place an order, we’ll keep the personal data you provide us for five years in order to comply with our legal and contractual obligations. After this period the order will remain on our system for internal analysis, however the information itself will be anonymised.
With consent, records of our boot fit appointments and workshop procedures will be kept for five years. This is a sensible life span for a product and allows us to provide you or your insurance with a record and proof of purchase.
When required, we may share your personal data with trusted third parties. For example, delivery couriers require your name, address and telephone number.
We only provide the information required for them to perform their specific services and we work with them to ensure that your privacy is respected and protected at all times.
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
When you place an order with us or ask for something to be delivered to you, we pass on your name, address, email and phone number to one of our courier companies. The company we use depends on the item dimensions, your geographic location, and the requested shipping method. The companies we for this are:
The email newsletters for the Sputnik website are also managed through Visualsoft. This requires your name, email address and email preferences. We may also use information from your previous orders to make our emails more relevant to you.
Touch Retail produce the inventory management system that we use. This system allows us to create user accounts on behalf of the customer which can be used for things such as holding items on reserve or adding a default discount rate.
We also employ the use of PCA Predict software to allow our customers to auto-complete their addresses. This helps to save time as well as minimize mistakes.
Direct Marketing Companies
Mailchimp provides the email communication system for our Ski Bartlett customers. To provide this feature we require your name and email address and email preferences. Mailchimp provides us with reports including open rate, click rate, and geographic distribution of opens. We use this information to improve the quality of our email communications with our customers.
We are always looking for feedback and reviews to help us improve our service. To help us manage this we use Trustpilot. After you have placed an order through our website you will receive an automated email with a request to leave a review of your experience. You are not obliged to leave a review; however, we appreciate all of the reviews we can get – both positive and negative.
To offer our products to a wider market we also operate eBay and Amazon stores. When you purchase through either of these channels you provide your payment and delivery information to eBay or Amazon which is then copied through to our own system. Please see the relevant privacy policies below:
Law Enforcement & Customs Agencies
We do not tolerate any form of fraud. If we become aware that such an activity has taken place, we will not hesitate to pass on your details to the relevant law enforcement. We will also provide whatever assistance we can.
When we send products abroad, we may need provide information to customs agencies. This is usually limited to the clarification of contact details for which we will always contact you about.
You have the right to request:
Our websites may contain links to other Web Sites ("Linked Sites"). The Linked Sites are not under our control and we are not responsible for the contents of any Linked Site, including without limitation any link contained in a Linked Site, or any changes or updates to a Linked Site. We are not responsible for webcasting or any other form of transmission received from any Linked Site. We providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by us of the site or any association with its operators.