Effective Date: October 29, 2020
TYPES OF PERSONAL INFORMATION WE COLLECT
When we use the term “Personal Information” we mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a natural person or household, such as a real name, postal address, e-mail address, telephone number, payment information, pass or lift ticket ID number, profile photographs and location information. Information that is de-identified, aggregated, or anonymized will not be considered Personal Information. Publicly available information that is made available from federal, state, or local government records, also may not be Personal Information.
When visiting our Sites, interacting with us (e.g., filling in a webform, over the phone, by email) or providing information at any of our Locations, we collect the following types of Personal Information:
- Identification data (e.g., first name, last name, postal address, phone number, email address, height, weight, birthdate, skier type);
- Payment details or methods and transaction information (e.g., when you purchase lift tickets, event tickets, or goods, or book accommodations online);
- Location data (e.g., the location where you stay or ski, the location of an event at one of our Locations that you attend, location data sent by your device, the runs that you ski or ride, or the ski lifts that you ride);
- Connection (e.g., IP address) and device information (e.g. device type and operating system);
- Data regarding your use of our Sites (e.g., date and time of visits, viewing information, pages viewed, keystroke activity, time spent on pages, scroll activity, click/touch information, content you provide, such as through email or messages, and mouse movements);
- Information relating to your preferences and activities (e.g., vertical distance by day; calories burned; time spent skiing or riding; individuals with whom you form groups for skiing or riding, as reflected in your use of our applications; frequency with which you use or visit various facilities, services, programs, or Locations; events attended;
- Details of ski-related accidents and other incidents;
- An assessment of your skiing/riding ability;
- Photographs and video of you at our Locations or that you otherwise submit; and
- Demographic information (e.g. household information, number of children, age ranges, gender) .
HOW WE COLLECT PERSONAL INFORMATION
Personal Information may be collected directly from you (e.g., when you fill out a webform on one of our Sites or a paper form at one of our Locations). Other sources enable us to obtain the Personal Information about you such as when:
- a third party provides information about you (e.g., someone orders a gift card online and wants to send it directly to you, he/she must provide us with your name and address; and travel agents or other business partners with whom we have joint marketing or service providing arrangements with, such as Expedia);
- your electronic communications devices, such as smartphones, tablets, or computers, automatically submit information about you;
- technology implemented at our Locations provides us with information (e.g., when your ski pass is scanned at a chairlift);
- we are provided information from other business partners;
- you are at one of our Locations, and we take photographs or videos of you; and
- such information is available from public sources.
In addition to the above, we may combine information you have provided to us on our Sites with information you have provided to us offline, including information you have provided to us at one of our Locations, and we may store this information together in your customer profile. For example, we may combine data automatically collected when you use your season ski pass, attend an event, rent equipment at one of our Locations, or otherwise visit one of our Locations, or data you provide to us when you stay at one of our hotels or resorts, with your customer profile. This enables us to provide the best experience possible when you visit our Locations.
WHY WE COLLECT AND USE PERSONAL INFORMATION
We use your Personal Information for the following purposes, all of which relate to the relationship between you and us, and the services we provide:
- to provide you or the person of your choice with the services and/or products you requested (e.g., passes, reservations);
- to perform transactions, in particular to check your identity or the identity of the person you designated, as well as for billing and shipping purposes;and
- to provide you and/or the person you designated with after-sale support in case you encounter any difficulties following your transaction with us.
We also may process your Personal Information for the purposes listed below, which are necessary for us to pursue our legitimate interests and provide you with quality services and products:
- to administer our systems, debug, and improve the performance and accessibility of our Sites and Locations;
- to monitor and optimize the use of our facilities (e.g., when you scan your pass and ride one of our chairlifts, we use such information for monitoring the use of our chairlifts; improvement of facilities based on number of attendees at events);
- to better understand your use of our products, services, programs, and events; and
- to improve our Sites, Locations and, more generally, our products, services, programs, and events.
In addition, we may also process your Personal Information:
- to provide you with marketing communications, recommendations and special offers regarding our products and services, as well as products and services of third parties which might be of interest to you; and
- to combine your data and implement profiling activities in order to better understand your needs, expectations and preferences and provide you with personalized content and targeted advertising accordingly.
We may also use and disclose your Personal Information for secondary purposes closely related to the purposes above, in circumstances where you would reasonably expect such use or disclosure to occur.
WITH WHOM WE SHARE PERSONAL INFORMATION
Under limited circumstances we may disclose the Personal Information we collect to third parties for all or part of the above-mentioned purposes. Examples of those circumstances are described below, along with some of the steps we take to limit the manner in which your Personal Information is used.
Service Providers. We may share your Personal Information with companies that provide support services to us (such as credit card processors, mailing houses, web hosts, application developers, event co-sponsors, concessionaires, or providers of online reservation services) or that help us market our products and services (such as email or text messaging vendors[BHFS4] ). These companies may need Personal Information about you in order to perform their functions. These companies are only authorized to use the Personal Information we share with them for the purpose of delivering the service we work with them to provide. In addition, we only disclose the Personal Information they need to provide the specific service or function.
Ski Pass Partners. MCP Resorts sometimes enters into contractual relationships with other resorts that we do not own. We enter those relationships so that our customers can access skiing or other resort services at those resorts. To facilitate those services we may share Personal Information about you with the other resort company so that they can provide the service and validate your ski pass and identity. We share Personal Information pursuant to written contracts with the partner resorts and limit the Personal Information to what is needed for the specific purpose.
In Special Circumstances. In certain special cases, we may disclose your Personal Information when we have reason to believe that disclosing this Personal Information is necessary to identify or contact you, or to provide you with emergency medical services, or bring legal action against someone who may be causing injury to you, MCP Resorts or someone else. We may disclose your Personal Information to a person who is seeking the Personal Information as your agent. We may disclose your Personal Information when we believe the law requires it, in response to any demand by law enforcement authorities in connection with a criminal investigation, in response to civil or administrative authorities in connection with a pending civil case, governmental authorities or administrative investigation, or in connection with an investigation conducted by MCP Resorts.
COOKIES AND TECHNOLOGY; THIRD-PARTY ADVERTISERS
Web Beacons. A web beacon is an electronic file on a web page that allows us to count and recognize users who have visited that page. Among other things, a web beacon can be used in HTML-formatted email to determine responses to our communications and measure their effectiveness. For instance, if you get an email from us and click on a link in that email to go to our Sites. You can generally avoid web beacons in email by turning off HTML display and displaying only the text portion of your email.
Web Server Logs. Web server logs are records of activity created by the computer that delivers the webpages you request to your browser. For example, a web server log may record the search term you entered or the link you clicked to bring you the webpage. The web server log also may record Personal Information about your browser, such as your IP address and the cookies set on your web browser by the server.
LINKS TO THIRD PARTY WEBSITES
We do not knowingly collect Personal Information on our Sites from children under the age of 13 without the prior consent of the child’s parent or guardian. If you believe that a child under age 13 (or other age applicable in a different jurisdiction) has provided Personal Information to us without the consent of a parent or guardian, please notify us at email@example.com as soon as possible so their data may be deleted.
CALIFORNIA RESIDENT PRIVACY RIGHTS
Under the California Consumer Privacy Act (“CCPA”), California residents have certain rights regarding the Personal Information that businesses have about them. This includes the right to request access or deletion of your Personal Information, as well as the right to direct a business to stop selling your Personal Information.
Right to Notice. You have the right to be properly notified of the following:
Right to Access Your Information: You have the right to request the following covering the 12 months preceding your request:
- The specific pieces of Personal Information we have collected about you
- The categories of Personal Information that we have collected about you
- The categories of sources from which we collected the Personal Information
- The purpose for collecting or selling the Personal Information
- The categories of Personal Information that we have disclosed about you, the purpose for disclosing such Personal Information and the categories of third parties with whom we disclosed such Personal Information
- The categories of Personal Information that we have sold about you, as well as the categories of third parties to whom we sold such Personal Information
Right to Opt-Out of Sale: While we do not sell Personal Information in exchange for any monetary consideration, we do share Personal Information for other benefits that could be deemed a “sale,” as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). We support the CCPA and wish to provide you with control over how your Personal Information is collected and shared. You have the right to direct us to not sell your Personal Information. If you would like to exercise your right to request opt-out of sale, please email firstname.lastname@example.org.
We do not knowingly sell the Personal Information of minors under 16 years of age without affirmative authorization.
Please note that we may still use aggregated and de-identified Personal Information that does not identify you or any individual; we may also retain Personal Information as needed in order to comply with legal obligations, enforce agreements, and resolve disputes.
Right to Deletion: You have the right to request that we delete any Personal Information about you that we have collected from you. Please note that there are exceptions where we do not have to fulfill a request to delete Personal Information, such as when the deletion of Personal Information would create problems with the completion of a transaction or compliance with a legal obligation.
Right to Non-Discrimination: We will not discriminate against you (e.g., through denying goods or services, or providing a different level or quality of goods or services) for exercising any of the rights afforded to you.
How to Exercise Your Rights: To exercise your rights described above, please submit a verifiable consumer request to us by calling us at 505-587-2240 or via email at email@example.com.
Verifiable Consumer Requests: Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may only make a verifiable consumer request for access to your Personal Information twice within a 12-month period. The verifiable consumer request must: 1) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative of that person; and 2) Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it. We cannot respond to your request to exercise your access and/or deletion rights if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password-protected account sufficiently verified when the request relates to Personal Information associated with that specific account. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format: We attempt to respond to a verifiable consumer request within 45 days after we receive it. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing within 45 days after we receive your initial request. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period prior to the date we receive the verifiable consumer request. The response we provide will also provide the reasons we cannot comply with a request, if applicable. For access requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the Personal Information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Do Not Track (DNT): Our Sites do not respond to DNT signals. However, some third party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.
California’s Shine the Light law. California residents with an established business relationship with us can request information once a year about sharing their Personal Information with third parties for the third parties’ direct marketing purposes. If you would like to request more information under the California Shine the Light law, and if you are a California resident, you can contact us by calling us at 505-587-2240 or via email at firstname.lastname@example.org.
MCP is a US-based organization that is headquartered in the United States. Our data processing activities primarily occur in the United States. You acknowledge that any personal data we collect will be transferred to, processed, and stored in the United States. You further acknowledge that the United States has standards for the processing and storage of personal data that may not be equivalent to those in the country where you reside and/or are a citizen, and you consent to our collection, transfer, processing, and storage of your personal data in the United States.
EU USER’S RIGHTS WITH RESPECT TO PERSONAL INFORMATION
Depending on your local law, you may have certain rights with respect to your Personal Information, including the right to object to, restrict and/or withdraw your consent to the processing of your Personal Information, the right to access your Personal Information, and the ability to receive a machine-readable copy of your Personal Information. You may also have the right to ensure that we correct or delete any inaccurate or out of date Personal Information which we have about you.
If you believe that any Personal Information which we have about you is inaccurate or out of date and you would like us to correct or delete it, or you wish to exercise any other of your rights or have any questions or concerns about your Personal Information, please contact us at 505-587-2240 or via email at email@example.com.
If you have a complaint about how we handle your Personal Information or respond to your request, you may be able to complain to your data protection authority. MCP asks that you kindly contact us first, so that we have an opportunity to resolve your complaint.
DATA SECURITY AND RETENTION
MCP Resorts has implemented physical, technological, and organizational safeguards and security measures designed to protect against the loss, misuse, or unauthorized access or disclosure of your Personal Information under our control. We also take measures to protect the Personal Information we disclose to third parties, for example by entering into contractual agreements stipulating the confidentiality of the Personal Information and the purposes for which it is to be used. Please be aware though that, despite our efforts, no security measures are perfect or impenetrable. You can help us by protecting and keeping your passwords safe at all times, and not using the same password for different applications or sites. You also can protect yourself and help us reduce the risk of fraud by promptly notifying us if you suspect that your credit card, other resort-specific payment product, user name, or password is lost, stolen or used without permission.
HOW TO CONTACT US