Privacy Policy
Effective Date: 23rd October 2025
Last Updated: 23rd October 2025
Marmalade MTB is committed to protecting your privacy and personal information. This policy explains how we collect, use, store, and share your personal data, as well as outlining your legal rights under UK data protection law, specifically the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using the website www.marmalademtb.com (hereafter referred to as ‘this site’), you agree to the practices described in this policy.
1. Who We Are
| Role | Details |
| Data Controller | Sean Howell (Founder/Owner of Marmalade MTB) |
| Contact Email | sean@marmalademtb.com |
| Joint Controllers | Information submitted to this site is managed jointly by Sean Howell and our service provider, GuruHost Hosting (referred to jointly hereafter as ‘we’, ‘us’ or ‘our’). |
For the purposes of this policy, ‘Marmalade MTB’ or ‘we’ refers to Sean Howell. We are the Data Controller responsible for your personal data.
2. The Data We Collect About You
Personal data, or personal information, means any information about an individual from which that person can be identified.
We may collect, use, store, and transfer the following types of personal data:
| Type of Data | Examples of Information Collected |
| Identity Data | Name, date of birth, age, sex, job title. |
| Contact Data | Billing address, delivery address, email address, telephone number. |
| Financial Data | Payment card details (processed securely by third parties, we do not store credit card details ourselves). |
| Technical Data | Internet Protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this site. |
| Usage Data | Information about how you use our website, products, and services, including details of your browsing and shopping activities. |
| Profile Data | Your username and password, purchases or orders made by you, your preferences and interests, your queries and requests. |
| Special Category Data | Personal medical information deemed important for the activity of mountain biking. This is sensitive data and requires explicit consent and careful handling. |
| Marketing and Communications Data | Your preferences in receiving marketing from us and your communication preferences. |
| Activity Data | Information regarding your personal mountain biking experience. |
| Social Media Data | Your interaction with any social media pages managed by Marmalade MTB. |
3. How We Collect Your Data
We use different methods to collect data from and about you, including:
- Direct Interactions: You may give us your Identity, Contact, Financial, and Special Category Data by filling in forms, booking services, purchasing products, or by corresponding with us by post, phone, email, or otherwise.
- Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical and Usage Data using cookies and other similar technologies. (See Section 6 on Cookies).
- Third Parties: We may receive personal data about you from various third parties, such as payment providers (for Financial Data) and analytics providers (for Technical and Usage Data).
4. How We Use Your Data and Our Lawful Basis
We must have a valid legal reason (known as a Lawful Basis) for using your personal data. Below is a summary of the ways we use your personal data and the legal bases we rely on:
| Purpose for Processing | Type of Data Used | Lawful Basis for Processing |
| To process and deliver your order (including managing payments, fees, and charges) | Identity, Contact, Financial, Transaction | Performance of a Contract with you. |
| To register you for an activity or course and ensure your safety | Identity, Contact, Activity, Special Category Data (medical) | Performance of a Contract with you. Explicit Consent for Special Category Data. |
| To manage our relationship with you (including providing customer support, updates, and feedback) | Identity, Contact, Profile, Marketing | Performance of a Contract with you. Legitimate Interests (to keep our records updated). |
| To administer and protect our business and this site (including troubleshooting, data analysis, and system testing) | Identity, Technical | Legitimate Interests (for running our business and preventing fraud). Compliance with a Legal Obligation (for hosting and security). |
| To deliver relevant website content and advertisements to you | Technical, Usage, Profile | Consent (via our cookie banner). |
| To send you marketing communications about our services | Identity, Contact, Marketing | Consent (if you are a new customer). Legitimate Interests (if you are an existing customer and we are marketing similar services). |
Special Note on Medical Data (Special Category Data)
We collect personal medical information only where it is strictly necessary for your safety during a mountain biking activity. We rely on your Explicit Consent to process this highly sensitive data. You have the right to withdraw this consent at any time, but this may mean we cannot safely permit you to participate in the activity, leading to a potential inability to fulfil our contract with you.
5. Who We Share Your Data With
We do not sell, distribute, or lease your personal information to third parties.
We may have to share your personal data with the parties set out below for the purposes mentioned in Section 4:
- Service Providers: Third parties who provide IT, system administration, web hosting (GuruHost Hosting), and payment processing services (e.g., Stripe, PayPal). These providers will only use your information to perform the services for us. We do not store credit card details.
- Professional Advisers: Including lawyers, bankers, auditors, and insurers, who provide legal, banking, or accounting services.
- Regulators and Law Enforcement: The police, regulatory bodies, and other authorities where we are legally required to do so.
- Emergency Contacts: In the event of an accident, we will share relevant medical and identity data with emergency services and medical professionals.
6. Cookies
Our website uses ‘cookies’ to distinguish you from other users. A cookie is a small file that asks permission to be placed on your computer’s hard drive. They help us analyse web traffic and allow the website to tailor its operations to your needs and preferences.
- We use traffic log cookies to identify which pages are being used. This data is only used for statistical analysis and then removed from the system.
- You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline them.
- We use a Cookie Consent tool (usually in the bottom-left corner) to allow you to manage your preferences and withdraw consent at any time.
For more detailed information on the cookies we use and the purposes for which we use them, please refer to our Cookie Policy.
7. Data Security and Storage
We have implemented suitable physical, electronic, and managerial procedures to safeguard and secure your information and prevent it from being accidentally lost, used, or accessed in an unauthorised way.
- All sensitive information, such as passwords, are encrypted before storing them on the server.
- Access to your personal data is limited to those employees, agents, contractors, and third parties who have a business need to know.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Generally, we will keep basic customer information (Identity, Contact, and Transaction Data) for seven years after your last interaction with us to satisfy UK tax and legal requirements.
- We retain Special Category Data (medical) only for the duration of the mountain biking course or activity you booked, plus a maximum of six months thereafter for necessary follow-up or record-keeping, unless a longer retention is required by our insurance provider or law.
- If you unsubscribe from marketing, we will keep your email address on a suppression list to ensure we do not send you emails in the future.
9. Your Legal Rights (Data Subject Rights)
Under UK data protection law, you have specific rights in relation to your personal data. These include the right to:
| Right | Description |
| The Right to be Informed | This policy fulfils our obligation to inform you about our data processing. |
| The Right of Access (Subject Access Request) | You have the right to request a copy of the personal data we hold about you. |
| The Right to Rectification | You have the right to have any incomplete or inaccurate data we hold about you corrected promptly. |
| The Right to Erasure (‘Right to be Forgotten’) | You can ask us to delete or remove personal data where there is no good reason for us to continue processing it. |
| The Right to Restrict Processing | You can ask us to suspend the processing of your personal data in certain circumstances (e.g., if you want us to establish its accuracy). |
| The Right to Data Portability | You can request that we transfer your personal data to another party in a structured, commonly used, machine-readable format. |
| The Right to Object | You have the right to object to processing based on legitimate interests or for direct marketing purposes. |
| Rights in relation to automated decision-making and profiling | We do not use automated decision-making. |
If you wish to exercise any of these rights, please contact us using the details provided in Section 1. We will respond to your request within one month.
10. Links to Other Websites
This website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information you provide whilst visiting such sites, and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.
11. Changes to This Policy
We may change this policy from time to time. The latest version will always be posted on this page with the updated ‘Effective Date’ at the top. You should check this page periodically to ensure that you are happy with any changes.
12. How to Complain
If you have any concerns about our use of your personal information, you can make a complaint to us directly using the contact details in Section 1.
You also have the right to lodge a complaint with the UK’s supervisory authority for data protection, the Information Commissioner’s Office (ICO), if you are unsatisfied with our response or handling of your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
ICO Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk