The idea and purpose of this Policy is to describe what electronic data we collect, use, share and how we handle it securely to comply with all possible local and international regulations that we, Outr GmbH (“Outr“), may be subject to.
Our Policy is up to date as of 16th June 2018.
1. Information you share with us
When you create a new account on our platform, the following information is directly submitted to us by you in order to process the request:
1.1 Personal details – This includes but is not limited to any information that may be used to identify you as person. For example, this could be your name, email address, physical address, phone number etc.
1.2 Profile information – In addition to the above data, you may share with us your Outr account name, voip account (Skype) ID, social media network IDs like Google, Facebook, LinkedIn etc.
1.3 Other information – We may also receive additional information that is not covered by the above.
2. Information we automatically collect
In order for Outr to offer you the best service and allow you to explore adventures and experiences around the World, we collect or may collect the following bits and pieces:
2.1 Transaction information – Any data that is collected during an online transaction executed on our platform. For example, if you book a surfing experience or register for climbing lesson, we will collect information about the transaction such as price, location and date of the adventure.
2.2 Analytical data – Outr platform is using Google Analytics (GA) which is a web analytics service built to track and report website traffic. This allows us to better understand our user’s web usage patters, for example how they interact with our platform or from which geographical region they come from. Even though GA records or may record your geographical location, type of device, your screen resolution, type of your internet browser or system platform, it is important to know that this data does not personally identify you to us. GA servers may also record your public Internet Protocol (IP) address but Google does not grant access to it.
2.3 Cookies (not the chocolate ones) – Sometimes called web cookies, Internet cookies or browser cookies are tiny bits of information stored on your computer when you access our website by your favorite web browser. Cookies allows us to provide a much more personalized experience when you use our online platform. We may collect strictly necessary cookies that are essential for our website to function properly but also performance cookies used to optimize our platform to make it easier for you to navigate, functional cookies to allow our website to remember your choices and to personalize your experience and 3rd party cookies that may be used by our service partners like Google and Stripe. Most of the latest web browsers like Google Chrome, Mozilla Firefox, Safari and Internet Explorer/Edge allow you to prevent cookies to be collected via security settings. This may however impact your overall user experience or prevent some websites to function properly.
2.4 Contact forms – If you ever need help with your account creation, transaction info or just general help about adventures, we may collect the data you submit to us via our support form or individual emails exchanged with us. This collected data will be stored by our website and sent to us via an email service.
2.5 Reviews – A user review is a review written by a user for an adventure or experience that he experienced. We built our platform from ground up based on user reviews as a client trust is very important for us. We will therefore collect and store your interaction on our website to built trust between all users and operators.
2.6 Email newsletter – You can voluntary join our email newsletter if you would like to receive periodic updates about adventures, experiences or cool places to visit. We absolutely hate spam emails as much as you do so we try to limit the number of emails to absolute minimum (approximately 1x or 2x a month). If you do decide to sign-up for our email newsletter, the email address will be used by MailChimp which is our email marketing service provider. Your email address used for newsletter will not be stored on our website or any internal computers systems. We will keep your email address within MailChimp’s database as long as we continue using MailChimp’s services or until you decide to opt-out. Each email marketing newsletter contains a link to permanently unsubscribe from any future emails. You can also contact us directly via phone or contact form to be manually removed from our mailing lists.
3. How we use the information
Our core idea started about helping the adventure and outdoor community. We believe in fair, moral and ethical practices and we will never sell or share for profit any information that you provide to us or we collect. Period.
The information we obtain is used for variety of purposes, for example, to improve your experience with our platform, to offer new and improved adventure services, to manage your Outr online account, to respond you your customer support requests, to promote eco-friendly projects in countries we operate or to mitigate and investigate illegal activities directed against our platform, users or adventure community in general.
4. EU/EEA General Data Protection Regulation (GDPR) compliance
The GDRP is brand new data protection and privacy law designed to protect individuals residing in the European Union (EU) area. It has taken effect on 25th May 2018 and is composed of 26 definitions. The list below describes some of the most fundamental definitions utilized by this new regulation:
4.1 Data Controller – Data controller determines the purposes for which and the means by which personal data is processed. We, Outr GmbH, is therefore a data controller and this implies that we have to notify all required government authorities before any data is processed, comply with EU data protection principles, provide our users with details about data we hold about them and what we plan on doing with it, implement technical and security measures to protect personal data from being accidentally deleted or stolen, prevent unauthorized access to our internal computer systems and 3rd party online/cloud based services and stop illegal processing.
4.2 Data Processor – Data processor’s main duty is to process personal data only on behalf of the data controller. Outr is using a limited number of 3rd party data processors like US based Google and MailChimp and they fully comply with this legislation.
4.3 Data Protection Officer – A defined role of Data Protection Officer (DPO) is required under the GDPR if an organisation is a public authority if it performs large scale monitoring or if it processes particularly sensitive types of data on a large scale. The DPO is required to have an appropriate level of knowledge and can either be an in-house resource or outsourced to an appropriate service provider. Based on these criteria, Outr GmbH does not require a Data Protection Officer to be appointed.
4.4 Your Rights – We want you to always be in charge of your personal data that you submit to us or we collect via our platform. In order to be fully compliant with GDPR policy, local laws and regulations, you can ask us to provide a copy of this information to you, to inform you about any changes we perform to this data, to object to the data we collect and last but not least, you can ask us to delete (erase) any electronic data or trace about you as a person.
4.5 Your Choices – Our goal is to have a fully open platform where you can access and edit your respective profile, change password, update picture or delete your account if desired so. This can be achieved by logging online to your Outr account.
4.6 Breach Notification – fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant Data Protection Authority (DPA) will be informed within 72 hours. This will be managed in accordance with our Information Security Incident Response Procedure which sets out the overall process of handling information security incidents.
Security is an important factor for Outr platform and our services to be available. Our website and it’s content is hosted within a data center (Media Temple) in the United States. We implement the following list of security features to limit data breach.
5.1 TLS/SSL certificates for all client related end-to-end communication. Your session traffic is is encrypted as it travels from your Internet browser to our web server.
5.2 Our credit card processing gateway is fully protected by Stripe’s Payment Card Industry (PCI) compliant infrastructure. We do not and will never store your credit card information on our servers. Period.
5.3 We try to utilize Two-Factor Authentication (2FA) whenever technically possible. Passwords can be cracked via brute-force attack and 2FA security adds additional layer of security.
5.4 Email forms are used to collect user information submitted to us via a contact form. The data is sent to us via SMTP (Simple Mail Transport Protocol) servers which are protected by Transport Layer Security (TLS) end-to-end encryption. We use Google’s secure servers to receive and store emails and file attachments.
5.5 24/7/365 Distributed Denial of Service (DDOS) prevention. We do our best to keep Outr available if you are browsing our website in the jungle of Costa Rica or when sipping coffee in downtown Zurich.
5.6 Firewalls are crucial hardware and software computer networking devices to filter what devices and users are allowed to connect to our website. Our goal is to keep the bad guys away.
5.7 Backups are necessary part of our security strategy as your data and our site content is precious to all of us. That means it is being backed up periodically during the day.
Outr platform has links to other websites and social media channels. As much as we try to network only with respected and well known websites, we can’t control the remote content. We are therefore not responsible for the 3rd party content, privacy regulations, security, advertising etc.
We update our Policy as often as needed to stay compliant with local laws and regulations in countries where we offer our services. We will always inform our users, agencies and 3rd party partners about any changes and updates via email.
8. Contact us
We would love to hear from you if you have any question about our Policy or if you just want to send us a nice postcard. You can reach us at Outr GmbH, Unterer Batterieweg 73, 4059 Basel, Switzerland or by email at email@example.com.