Privacy, Security & GDPR
At Odyssey SurfSnowStyle we believe in the importance of looking after your information and ensuring you have maximum control over it. Only those within our network with the appropriate access level are able to view your information, and if you ever want to make any changes to what we have please just email or call.
We remain fully committed to the protection of your privacy at all times. The information contained in this policy has been published to inform you of the way in which any personal data (as defined below) you provide us with or we collect from you will be used. Please read this information carefully in order to fully understand how we treat such personal data.
When you access or use our website, you agree to our privacy policy and you consent to our collection, storage, use and disclosure of your personal data for the purpose of processing an order, in accordance with this policy.
Private Information & Transaction Security
No one at Odyssey is able to see any of your credit or debit card information. This information is held by Stripe, our card processing provider. When we provide refunds to your card, we cannot see any of your card information at this time either. In this way it is completely secure.
All card numbers received by Stripe Payments Ltd are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plain text card numbers but can request that cards are sent to a service provider on a static allowlist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services including our API and website. Any cardholder information sent to the banks and any authorisation message coming back is encrypted and secure and cannot be tampered with. Your transaction information and customer card information is secure even from Stripe’s own employees because their systems never display the full card numbers, even on administration screens.
What we do with your info…
The personal data we hold about you may be used in any of the following ways:
- To provide you with the means to create an order, including administration and management of your account.
- To provide you with user support.
- To comply with applicable laws, court orders, government and law enforcement agencies’ requests.
- To send you further information about our services for which we think you may have an interest. This information will be supplied only where you have given consent.
- To provide you with notification about any changes to the Service.
We will never supply your personal data to third parties.
We may at times provide links on our website to third party websites, including without limitation those owned or managed by our partner networks, affiliates or advertisers. These websites have separate privacy policies, and we therefore cannot accept any responsibility for the content. As such, choosing to follow these links is a choice you make at your own risk, and we advise that you check these websites’ individual privacy policies before submitting any personal data.
Your Rights –
You retain the right to request us to refrain from processing your data for the purposes of marketing. To exercise such right, you may reply to any information we send you, detailing your request that we refrain from sending any marketing correspondence, or you can exercise this same right by contacting us, via our website “Contact Us” service. If, at any time, we intend to use your data for marketing purposes, it is standard practice for us to make you aware in advance of using such data.
You retain at all times the right to access / amend / delete any personal data we hold about you providing the request does not contradict any laws. You may exercise this right by contacting us via our website “Contact Us” service. You may also lodge a complaint with the UK data protection regulator, should you be dissatisfied with the way that we handle your personal data.
We will take reasonable steps to maintain appropriate technical and organizational measures to protect the personal data you provide to us against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your personal data.
What information do we have?
Personal data means any information relating to an identifiable person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
We may obtain and use the following personal data about you:
- Data you provide when creating an account, on our website, for the purposes of making a purchase.
- Data and information you submit or upload through our “Contact Us” service
- Details of transactions made by you through the website.
- Responses to optional research surveys we ask you to complete.
- Details of your visits to our website, which includes without limitation; location and traffic data, weblogs, resources you access and other communication data.
Where is it stored and for how long?
We store the personal data you provide us with on our secure servers. In the event of you choosing a password which grants you access to the account created within our website, it remains your responsibility to maintain the confidentiality of this password.
As the transmission of data via the internet cannot be assumed completely secure, we cannot guarantee the security of any of your data transmitted to our website; you are therefore responsible for any risk associated with such transmission. We will however at all times take all reasonable steps to ensure the transmission of your data is executed as securely as possible, and upon receipt of your we will continue at all times to enforce strict security procedures and features in an attempt to prevent any unauthorised access.
We will keep your personal data for the duration of the period required by law. At the point of expiry from the required period, your personal data will be deleted.