The Mountain Trekking Company Limited Privacy Policy

Last Updated: 20th October 2025

1. Our Commitment and Who We Are

The Mountain Trekking Company Limited (referred to in this document as "The Mountain Company," "we," "our," or "us") takes your privacy very seriously. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and all applicable data protection laws.

This Policy sets out how we collect, use, and protect your personal information (also referred to as "data") when you engage with our services, from browsing our website to booking and travelling with us.

  • About Us: We are a travel operator specialising in adventure holidays, organising treks and tours in Nepal, Pakistan, India and Bhutan.
  • Data Controller: For the purposes of data protection legislation, we are the Data Controller of your personal data.
  • Registration: We are registered with the Information Commissioner’s Office (ICO) in the UK with reference number ZA241051.

Your Agreement: By providing personal information to us, you agree that this Policy will apply to how we handle your personal information and you consent to us collecting, using, and disclosing your personal information as detailed in this Policy.

2. What Personal Information We Collect
The personal information we collect depends on your interaction with us (website visitor, enquirer, or confirmed booker). If you book a trip, we typically collect the following categories of data:

Category of Personal Data

Purpose of Collection

Contact Data

Name, title, address, telephone number, email address (to communicate effectively).

Identification & Travel Data

Passport details (number, date of issue/expiry), passport photos, date of birth, gender (required for permits, visas, security, and accommodation).

Sensitive Data (Special Category)

Medical or psychiatric conditions, allergies, dietary requirements (to ensure the trip is suitable and to adequately look after you in an emergency).

Fitness & Experience Data

Information about your hiking experience, altitude treks, current level of fitness (to assess trip suitability and safety in line with BS8848: 2014).

Emergency Contact Data

Next of kin details (name, relationship, telephone, email) of someone not travelling with you (for use only in an emergency situation).

Financial & Booking Data

Payment status, booking details, travel insurance information (for administration, claims, and emergency use).

Digital Data

IP addresses, browser information, website usage data (for security, system administration, and website improvement).

Employment Data

For trekking trips to Pakistan, a Curriculum Vitae form requiring details such as profession, employment, and travel history (required for the Gilgit-Baltistan trekking permit).

Children’s Personal Data: We generally do not process personal data of children under the age of 16 without the consent of a parent or guardian. We only collect the minimum personal data required for children travelling on a booking (e.g., name, date of birth, passport data) and only with the explicit consent of the person making the booking.

3. How We Collect Your Information
We collect information from you in several ways:

  • Direct Interaction: When you fill out forms on our website (Quick Enquiry, Apply Now), use Live Chat, contact us by phone, email, post, or social media.
  • Incomplete Bookings: We may collect some data if you begin to fill out a booking form on our website but do not complete the process. We use this to follow up and offer assistance with your enquiry.
  • Third Parties: Where a person makes a travel booking on your behalf (e.g., a family member or group leader), we rely on their authority to provide us with your personal data.
  • Publicly Available Sources: For anti-fraud and security screening purposes.

Call Recording: We may record telephone calls for training purposes, monitoring quality assurance, and maintaining a record of service instructions. If you provide payment card details over the phone, the recording will be paused or redacted to ensure your security.

4. How and Why We Use Your Personal Data (Legal Basis)
We process your personal data in reliance on the following legal bases under GDPR:

Purpose of Processing

Legal Basis under UK GDPR

To Manage and Fulfil Your Booking

Contract: Necessary to perform the contract with you (arranging flights, accommodation, permits, etc.).

To Provide Pre-Contract Information

Contract: Necessary to take steps at your request before entering into a contract (e.g., providing quotes, customised advice).

For Personal Safety and Emergency Care

Vital Interests (where necessary to protect your life or health) or Explicit Consent (for processing sensitive medical data required for the trip).

To Meet Legal and Regulatory Requirements

Legal Obligation: Necessary to comply with a legal or regulatory obligation (e.g., accounting, tax, regulatory reporting to the Civil Aviation Authority).

To Handle Complaints and Disputes

Legitimate Interest: Necessary for our legitimate interest in managing and resolving complaints and defending legal claims.

For Marketing and Communication

Consent: You have explicitly opted-in to receive our e-newsletter.

To Improve Our Services

Legitimate Interest: Necessary for our legitimate interest in improving our website, services, and business efficiency.

5. Sharing Your Personal Data with Third Parties
We will only share your personal data with third parties in the ways set out in this Policy. We do not sell, rent out, or trade your personal information.

Service Providers in Destination Countries:

As an international travel operator, we must share certain essential data with our local service providers (e.g., ground agents, guides, hotels, transport operators) in your destination country. This sharing is for:

  1. Logistical Purposes: Arranging your accommodation, transport, and permits.
  2. Personal Safety/Security: Ensuring appropriate care and management in the event of an emergency.

We provide only the minimum data required and use Google Drive for secure sharing. We have agreements in place with our service providers to delete or destroy all your data once your trip is completed.

Other Third-Party Disclosures:

Your personal information may be disclosed if necessary to:

  • External business advisers (e.g., lawyers, accountants).
  • A person making a booking on your behalf.
  • Customs, immigration, and border control agencies.
  • Government agencies, public authorities, and law enforcement officials (where required by law, court order, or to protect against fraud).

6. International Data Transfers
As the provision of our services involves travel outside the UK/EEA to our destination countries (Nepal, Pakistan, India, and Bhutan), we are required to transfer your personal data outside of the UK/EEA.

We take necessary steps to ensure that your personal data is treated securely and in accordance with this Policy. Where we transfer your data to a country that is not deemed to have an adequate level of data protection by the UK government, we put in place safeguards such as Standard Contractual Clauses (SCCs), where possible, or rely on the necessity of the transfer to perform the contract for your travel arrangements.

7. Security and Data Retention
Data Security:

We employ physical, electronic, and procedural safeguards (including encryption, security access, firewalls, and computer security systems) to protect your data. Access is restricted to staff who require it to perform their function.

  • Online Booking Portal: We use Adventure Engine as our third-party data processor. They are PCI compliant and SSL certified, with all user data encrypted and regularly backed up.
  • Website: Our website uses the latest industry-standard Secure Socket Layer (SSL) technology to encrypt information transmitted over the internet.

Data Retention:

We will only keep your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any legal, accounting, or reporting requirements.

  • We retain basic information about bookings and our customers for a minimum of six years for legal claims and tax purposes, in accordance with our legal obligations.
  • Anonymised Data: In some circumstances, we may anonymise your personal data (so it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

8. Marketing and Your Rights
Marketing Preferences:

We will only use your personal information to send electronic marketing materials (e-newsletter) if you have explicitly opted-in to receive it.

  • Opt-Out: You can unsubscribe from our e-newsletter at any time by following the unsubscribe link at the bottom of the email.
  • Email Tracking: Our e-newsletters may use email tracking pixels (single pixel or clear gif technology) to tell us whether an email has been opened and which links have been clicked. This helps us measure the effectiveness of our marketing. If you wish to avoid this tracking, you can adjust your email client settings to block images or unsubscribe.

Cookies:

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Use of Client Images in Marketing and Media:

During your holiday, our staff, clients, or suppliers may occasionally capture photographs and/or videos that include images of our clients. These images and videos may be used in future marketing materials and will be stored both physically and digitally.

If you or your family prefer not to be photographed or filmed, or you do not consent to the use of any such media containing your image for marketing purposes, kindly notify your trip leader and/or the photographer at the commencement of your trip.

In the unlikely event that an image of you or a member of your family is displayed on our website against your express wishes, please contact us at info@themountaincompany.co.uk. We are committed to removing the image immediately upon request.

Your Legal Rights:

Under data protection laws, you have a number of important rights, available to you free of charge. In summary, these include:

  • The right to be informed about how your personal information is used.
  • The right of access (to know what data about you is being held).
  • The right to rectification (to have incomplete or incorrect data corrected).
  • The right to erasure (to request the deletion of your personal information in certain situations).
  • The right to portability (to request that personal data held by us be transported to another service provider).
  • The right to object to certain data uses.
  • The right to restrict processing of your personal information in certain situations.

9. Feedback, Compliants and Contract
If you have any questions, comments, or complaints about this Policy or our handling of your personal information, or wish to exercise any of your rights, please contact us using the details below:

Data Protection Contact Details:

  • Email: info@themountaincompany.co.uk
  • Post: The Mountain Trekking Company Limited, Westcott Farm, Chagford, Newton Abbot, Devon, TQ13 8JF, United Kingdom.

Complaints:

We hope that we can resolve any query or concern you raise about our use of your information. If you are not happy with how we manage your personal data, you have the right to lodge a complaint with the supervisory authority:

  • The UK Supervisory Authority: The Information Commissioner’s Office (ICO). You may be contacted here: ICO Contact Details.