Privacy Policy | Canton Climbing Gym – Data Protection & Privacy Practices

Effective Date: April 15, 2025
Last Updated: April 15, 2025

Canton Climbing (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy outlines how we collect, use, store, protect, disclose, and manage personal data, in accordance with ISO/IEC 27701 and applicable privacy regulations. This policy applies to all personal data collected through our website, at our physical locations, or via third-party tools used in service to our business operations.

1. Scope

This Privacy Policy applies to all individuals who interact with Canton Climbing, including:

  • Members and subscription holders
  • Day-pass users and walk-in guests
  • Event participants
  • Newsletter and marketing email subscribers
  • Website visitors
  • Anyone submitting inquiries or data through digital or physical forms

This policy governs all personal data processed by us, regardless of the method of collection (online, offline, or third-party systems).

2. Data We Collect

We collect the following categories of personal information:

Identity & Contact Data

  • Full name
  • Date of birth or age
  • Mailing address
  • Email address
  • Phone number
  • Emergency contact information
  • Government-issued ID (if required for age or waiver verification)

Technical & Usage Data

  • IP address
  • Browser type and version
  • Device and operating system
  • Time zone setting and location
  • Website navigation data (clicks, page visits, bounce rates)
  • Referral sources and user flow

Transactional Data

  • Purchase and payment history
  • Waiver agreement acknowledgment
  • Event and reservation history

Health and Safety Information (Limited)

  • Voluntarily provided relevant health disclosures for safety purposes (e.g., injuries or allergies)
  • Consent to participate in physical activity where required

Marketing Preferences

  • Email opt-in or opt-out status
  • Participation in promotions or surveys

3. Legal Basis for Processing

We process personal data based on:

  • Consent – You have explicitly agreed to the processing for one or more purposes (e.g., email newsletters).
  • Contractual Obligation – To fulfill our contractual responsibilities, including waivers and memberships.
  • Legal Compliance – To meet legal and regulatory obligations, such as age verification or health and safety laws.
  • Legitimate Interest – To enhance safety, improve services, prevent fraud, and manage our operations efficiently, provided it does not override your data rights.

4. Purpose of Data Collection

We use personal data for the following Privacy Policy:

  • Service Fulfillment – To manage access, memberships, bookings, purchases, and event registrations.
  • Communication – To notify you of schedule changes, account status, or relevant facility information.
  • Marketing – To send updates, promotions, and information about upcoming events if consented.
  • Safety & Legal – To verify identity, obtain waivers, and comply with health and safety protocols.
  • Website Functionality – To improve user experience, ensure security, and analyze usage patterns.

5. Data Sharing and Disclosure

We do not sell personal information Privacy Policy.

We may share your data with:

  • Authorized Employees and Instructors – Only those with a need to know based on job role.
  • Third-Party Service Providers – For booking software, email marketing platforms (e.g., Mailchimp), payment processors, and waiver platforms.
  • Legal or Regulatory Authorities – When required to comply with legal obligations or court orders.
  • Emergency Responders – In cases involving injury or safety concerns.

Each third-party processor is bound by data processing agreements requiring confidentiality, data integrity, and compliance with this policy.

6. Data Security

We implement physical, administrative, and technical safeguards to protect your data from Privacy Policy:

  • Unauthorized access
  • Disclosure
  • Alteration
  • Destruction

Security measures include but are not limited to:

  • Encrypted storage of personal information
  • HTTPS and SSL web security
  • Restricted access to sensitive data
  • Regular security audits and updates

7. Data Retention

We retain personal data only as long as necessary to Privacy Policy:

  • Provide services
  • Meet legal, tax, and insurance requirements
  • Comply with relevant industry standards

Retention periods vary by data type. For example:

  • Waivers and liability forms: minimum of 7 years
  • Email subscriptions: until opt-out or unsubscribe
  • Booking and purchase history: 5 years
  • Website analytics: anonymized after 12 months

Data will be securely deleted or anonymized when no longer necessary.

8. Your Rights

You have the following rights regarding your personal data Privacy Policy:

  • Right to Access – Request a copy of your personal data.
  • Right to Rectification – Request correction of inaccurate or incomplete data.
  • Right to Deletion – Request that we delete your personal data where there is no legal basis for retention.
  • Right to Restrict Processing – Request limitations on how we use your data.
  • Right to Object – Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent – At any time, without affecting the legality of prior processing.
  • Right to Lodge a Complaint – With a data protection authority or supervisory body.

To exercise your rights, email us at [email protected]. We may request proof of identity before fulfilling any request.

9. Cookies and Analytics

We use cookies and third-party analytics tools (e.g., Google Analytics) toPrivacy Policy:

  • Improve site performance and loading times
  • Monitor user behavior for UI/UX optimization
  • Measure marketing campaign effectiveness

You can opt out of cookies through your browser settings. Disabling cookies may limit certain website features.

10. Email Communications

By subscribing to our newsletter or signing up through our website, you consent to receive periodic emails. You may unsubscribe at any time using the “unsubscribe” link in our emails or by contacting us directly.

Your email is never shared with third parties for promotional use.

11. Children’s Privacy

We do not knowingly collect personal data from children under the age of 13 without verifiable parental or guardian consent. Parents may contact us to review, update, or delete their child’s data.

12. CCTV and In-Facility Monitoring

We use closed-circuit television (CCTV) for the purposes of:

  • Ensuring facility safety and security
  • Preventing unauthorized access or theft
  • Assisting in incident investigations

Footage is stored securely and only accessible to authorized personnel. It is automatically deleted after a retention period of 30 days unless needed for investigation or legal purposes.

13. Changes to This Privacy Policy

We may update this policy periodically. Any updates will be posted on this page with a new “Last Updated” date. Significant changes will be communicated via email (if applicable) or onsite notices.

14. Contact Us

If you have questions or wish to make a request under this policy:

Canton Climbing
Email: [email protected]
Website: https://cantonclimbing.com