Protecting your privacy isn’t just a promise — it’s our practice.


We take your privacy seriously and comply with the EU’s General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. Our reputation is built on trust, discretion and word of mouth, values we care deeply about.  We only collect and hold the minimal information necessary to run our courses effectively and we do not share your information with anyone else.  This policy outlines how we collect, use, and protect any information you share with us. We’ve kept it clear and straightforward, with no unnecessary jargon or hidden terms.
 

This policy covers:

 1. Introduction

2. Who we are and how to contact us

3. Personal data we collect

4. How we collect your information

5. Thinkific

6. Lawful basis for processing

7. How we use your information

8. Sharing your data

9. Data retention

10. Data security

11. Photographs and marketing materials

12. Your rights

13.  Data breach

14. Complaints

15. Updates to this policy

 

  1. Introduction

Fresh Tracks Chalet Hosting and Cookery School (“we”, “us”, “our”) is committed to protecting the privacy and security of your personal information.

This policy explains how we collect, use, store, and share your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025. It also outlines your rights and how to contact us regarding your data.

2. Who we are and how to contact us

Fresh Tracks Chalet Hosting and Cookery School
Email: info@freshtrackschaletschool.com
Telephone: 07497 368663
Website: www.freshtrackschaletschool.com
 

3. Personal data we collect

We collect and process personal data from both potential and existing customers as part of our business operations. This may include the following information:

  • Full name

  • Email address

  • Telephone number

  • Home address

  • Date of birth

  • Dietary requirements (which may indicate religious or health preferences)

  • Photographs or video taken during courses or events (used only with consent)

  • Payment and booking information when purchasing a course or service

  • Communications or enquiries sent to us via email, phone, or website forms

4. How we collect your information

We collect your personal data through:

  • Online booking and enquiry forms

  • Course registration and participation

  • Email and telephone communications

  • Marketing sign-up forms or consent forms 

  • Cookies and analytics tools used on our website and Thinkific platform (see our Cookie Policy for more details)
     

5. Thinkific

Our online courses are hosted by Thinkific Labs Inc. (“Thinkific”). Thinkific provides the learning platform that enables us to deliver our courses and manage enrolments.

Your personal data may be stored and processed through Thinkific’s data storage, databases, and the general Thinkific application. Thinkific stores data on secure servers protected by firewalls.

If you make a purchase on our website, payments are processed securely through third-party payment providers such as Stripe. All payment information is encrypted and handled in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). We do not store your payment card details. Transaction data is retained only for as long as necessary to complete the purchase process.

All direct payment gateways used by Thinkific and its partners adhere to PCI-DSS standards managed by the PCI Security Standards Council (including Visa, MasterCard, American Express and Discover). These standards help ensure the secure handling of payment information.

For more information, you can review Thinkific’s Privacy Policy and Terms of Service

6. Lawful basis for processing

Under the UK GDPR and Data (Use and Access) Act 2025, we must have a lawful basis for processing your personal data. We rely on one or more of the following:

  • Contractual Performance: To deliver the courses or services you have booked with us.

  • Consent: When you have given clear permission for specific purposes, such as receiving marketing emails or appearing in photos.

  • Legal Obligation: Where we are required to comply with the law (for example, tax or insurance purposes).

  • Legitimate Interests: To operate and improve our business, communicate effectively with customers, and promote our services, provided your rights are not overridden.

More details on each of the lawful basis’s can be found at the Information Commissioner’s Office (ICO) website.
 

7. How we use your information

We may use your personal data to:

  • Administer bookings, payments, and course participation

  • Communicate with you about upcoming courses or events

  • Send course information and materials

  • Improve our products and services

  • Manage internal records and accounting

  • Send occasional promotional or informational emails (with consent)

  • Use photographs or testimonials for marketing purposes (with consent)
     

8. Sharing your data

 We do not sell or rent your personal data. We only share information when necessary for legitimate business purposes, such as:

  • With partner ski companies or recruitment organisations (only with your consent)

  • With service providers such as Squarespace, Thinkific, Google Analytics, or payment processors, who assist in delivering our services

Please note that our website contains links to other websites and we are not responsible for the privacy practices of such other websites or organisations and/or individual users utilising our systems. All third-party providers are required to handle your data securely and in accordance with data protection laws.

9. Data retention

We only retain your personal data for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. This includes:

  • Orders and transaction records: Up to 7 years, in line with tax and accounting requirements.

  • Marketing communications: Until you unsubscribe or withdraw your consent.

  • Consent records: Kept for as long as necessary to demonstrate compliance with data protection laws.

  • Course photos and videos: Retained for marketing and promotional purposes unless you request deletion.

  • Student and participant records: Retained for administrative, reference, and legal purposes unless you request deletion.

We regularly review our data retention periods to ensure we do not keep personal data longer than necessary. At your written direction, Fresh Tracks Chalet Hosting and Cookery School shall securely delete or anonymise your personal data.
 

10. Data security

Protecting security and privacy is extremely important to us and we make every effort to secure your personal information and maintain confidentiality in accordance with all relevant Data Protection regulations including the EU General Data Protection Regulation (GDPR).

We are committed to ensuring that your information is secure by using password-protected devices belonging to Fresh Tracks Chalet Hosting and Cookery School, encrypted cloud storage (OneDrive and Google Drive), and restricted access systems to protect against unauthorised access, alteration, or disclosure of your data.

11. Photographs and marketing materials

We may take photographs or videos during courses and events for marketing and promotional purposes. We will only use these materials if you have provided consent. You may withdraw this consent at any time by contacting us using the details above.

12. Your rights

Under UK GDPR, you have the following rights regarding your personal data:

  • The right to be informed about how your data is used

  • The right to access the data we hold about you

  • The right to rectification of incorrect or incomplete data

  • The right to erasure (“right to be forgotten”)

  • The right to restrict processing

  • The right to data portability

  • The right to object to processing

  • Rights in relation to automated decision making and profiling

Further information on these rights can be found on the Information Commissioner’s Office (ICO) website.

To exercise any of these rights, please contact us by email at info@freshtrackschaletschool.com. We aim to respond to all valid requests within one month.

13. Data Breach

In the unlikely event of a personal data breach that poses a risk to your rights or freedoms, we will notify you and the Information Commissioner’s Office (ICO) without undue delay, in line with our legal obligations.

14. Complaints

If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve your concern. If you are not satisfied, you can lodge a complaint directly with the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk
Telephone: 0303 123 1113



15. Updates to this policy

We may update this Privacy Policy to reflect changes in our practices, new legislation, or regulatory guidance. The latest version will always be available on our website. Please check periodically to stay informed of any updates.


Updated: 20th October 2025