Our privacy commitment
Kathmandu is committed to protecting the privacy of your personal information. We manage your personal information in an open and transparent way.
Kathmandu will only use your personal information when it is necessary for us to deliver you a service or perform other necessary business functions and activities.
Kathmandu will not use or disclose your personal information for purposes unrelated to the services we provide, unless we first obtain your consent.
Where we can, we will allow you to deal with us anonymously or by using a pseudonym. However, in some circumstances, this may not be possible, and Kathmandu may need to collect personal information from you to provide you with a delivery or other service. In some cases, if you do not provide the required personal information we will not be able to provide you with a service.
Our privacy obligations
- Privacy Act 1988 (Cth) (Australia);
- Privacy Act 1993 (NZ) (New Zealand); and
- Data Protection Act 1998 (United Kingdom). Kathmandu is bound by the requirements of these privacy laws, which regulate how we may collect, use, disclose and store personal information/data. These laws also specify how individuals may access and correct personal information/data held about them.
“Personal Information” means information or an opinion about an identified individual (or an individual who is reasonably identifiable), whether true or not, or recorded in a material form or not.
“Personal Data” means data which relates to a living individual who can be identified from the data, including an opinion about the individual.
For example, these types of information/data could include your name, contact details, age and health information.
In this policy ‘we’, ‘us’, ‘our’ and ‘Kathmandu’ refers to (and this policy applies to) Kathmandu Holdings Ltd and all of its subsidiary companies including Milford Group Holdings Ltd, Kathmandu Ltd, Kathmandu Pty Ltd, Kathmandu (U.K.) Ltd.
How and why does Kathmandu collect and hold your personal information?
Kathmandu will only collect personal information about you by lawful and fair means, and not in an unreasonably intrusive manner.
It is Kathmandu’s usual practice to collect personal information [about you (and possibly about your family) directly from you (or from your authorised representative)], when you:
- complete an online form on one of our websites;
- visit and browse our website;
- complete a hard copy form;
- apply for membership of the Summit Club;
- purchase goods or services from us in certain circumstances such as through our website, or if you deal with us by reference to your Summit Club membership, or if you pay other than by cash;
- enter one of our competitions;
- apply for employment with us; or
- contact us by telephone, via mail, email or online.
We may collect personal information about you from a third party or a publicly available source, but only if you have consented to such collection, or would reasonably expect us to collect your personal information in this way.
Kathmandu only collects personal information for purposes that are directly related to our business activities, and only when it is necessary for or directly related to such purposes. We also collect personal information related to employment services, human resource management, and other corporate service functions.
If we receive information about you from a third party and it is not information we need in respect of our business activities, we will destroy or de-identify that information (provided it is lawful to do so).
No one under the age of 13 years is allowed to provide any personal information. Minors under the age of 18 years are prohibited from making purchases, including subscriptions, on our websites.
What kind of personal information does Kathmandu collect and hold?
Any personal information that you provide via our websites or directly (for example, when you apply to become a member of the Summit Club) is collected and managed by Kathmandu.
The types of personal information Kathmandu may collect includes (but is not limited to) your:
- date of birth;
- marital status and family details;
- residential address;
- email address;
- contact telephone numbers;
- identification details (e.g. student, YHA member, over 60s);
- Tax File Number;
- Passport details;
- testimonials or opinions;
- photos of you;
- financial information, such as credit card details;
- statistical information about visits to pages on the site, the duration of individual page view, paths taken by visitors through the site, data on visitors' screen settings and other general information;
- written or verbal contact with Kathmandu, including voice recordings of telephone conversations you have had with our employees; and
- activities, including but not limited to sporting and other lifestyle interests.
The nature of the information collected will depend on the purpose for which it is being collected.
If you provide us with information about any third party, you must obtain that person’s permission to give us the information and inform them that you have given the information to us.
How does Kathmandu use your personal information?
We use your personal information for a variety of reasons including to:
- provide services and products to you;
- answer your inquiries and deliver customer service to you;
- to tell you about other products that we think may be of interest to you;
- maintain and improve customer services;
- administer our Summit Club program;
- facilitate your interaction with us on our website;
- consider any application for employment made by you;
- meet our legal obligations;
- manage and resolve any legal or commercial complaints and issues;
- carry out internal functions including training; and
- conduct marketing research and analysis.
- Whilst you may opt not to provide us with your personal information, you should be aware that without this personal information, we may not be able to provide you with some of the services and/or products you are seeking.
In what circumstances will Kathmandu disclose your personal information?
In the course of conducting our business and providing our products and services to you, we may disclose your personal information.
We only disclose personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or activities. We do not give it to anyone else unless one of the following applies:
- you have consented to the disclosure;
- you would reasonably expect, or have been told, that your information is passed to those individuals, bodies or agencies; or
- it is otherwise required or authorised by law.
If we engage third party agents or contractors, we will take all reasonable steps to ensure that they do not breach privacy requirements in relation to the information, before we share your personal information with them.
Who do we disclose your personal information to?
We may disclose your personal information to:
- another Kathmandu business;
- professional advisers (such as lawyers or auditors);
- payment systems operators and financial institutions;
- third party agents or contractors with whom we contract in the ordinary course of business;
- organisations authorised by Kathmandu to conduct promotional, research or marketing activities;
- upon lawful request from law enforcement agencies or government authorities; and
- any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives.
In all circumstances where your personal information is disclosed, we will take all steps reasonable to ensure that these third parties undertake to protect your privacy.
We are committed to compliance with all laws and requirements relating to the use of your personal information. We will only use or disclose your personal information for direct marketing purposes if you have provided your information for that purpose (and you would expect us to use the information for that purpose), or if you have provided consent for your information to be used in this way.
From time to time, we may contact you with information about products and services offered by us and our related entities and our business partners, which we think may be of interest to you. When we contact you it may be by mail, telephone, email or SMS.
We may also provide targeted marketing to you whether directly or through online advertisement networks such as those operated by Google, based on your viewing activity of our website. For more information, see “Website usage” below.
Where we use or disclose your personal information for the purpose of direct marketing, we will:
- allow you to request not to receive direct marketing communications (also known as ‘opting-out’); and
- comply with your request to ‘opt-out’ of receiving further communications within a reasonable timeframe.
You can opt out of receiving targeted advertising derived from your viewing habits by selecting from your browser’s privacy or security settings to reject, delete or block (as the case may be) the cookies or web beacons used by us in order to conduct such targeted marketing.
Kathmandu will only ever contact you if you have consented to this, and you can ask to be removed from our marketing lists, at any time by contacting us directly.
If you do not wish to be contacted by Kathmandu, please write to our Privacy Contact Officer, Kathmandu, PO Box 1234, Christchurch 8140, New Zealand.
Does Kathmandu disclose your personal information to overseas recipients?
In some circumstances, Kathmandu may disclose your personal information to overseas recipients. If this occurs, we take steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the relevant privacy laws in relation to that information.
We share information between our businesses, located in Australia, New Zealand and the United Kingdom.
Sometimes we use third party platforms and services to process sales, provide web support, send marketing messages, deliver products or otherwise deliver information. These services are hosted and managed by organisations other than ourselves, and some of these services are hosted overseas. We use products and services maintained in Australia, New Zealand, the United Kingdom, Israel, China and the United States.
Your personal information may be stored in a secure and encrypted form overseas (e.g. in data storage and cloud computing facilities operated by us (or by third parties on Kathmandu’s behalf).
Use of Government Identifiers
Kathmandu will not use Government Identifiers, such as Medicare numbers, or a driver's licence number as its own identifier of individuals.
Data quality and Security
We will take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss and from unauthorised access, modification or disclosure.
The personal information that we collect about you is stored on our database server managed by Kathmandu Limited in New Zealand.
We have a range of systems and communication security measures, as well as the secure storage of any hard copy documents. Access to your personal information is restricted to those properly authorised to have access.
Clear accountability for data sets and security sit with the Chief Information Officer and his respective Technology and Infrastructure Manager and Business Systems Manager. They ensure documentation and reviews of applications and data sets happen regularly along with regular audits on data security and roles.
Kathmandu also has policies in place for data retention across all key areas. We keep your personal information for as long as it is required to provide you with the products you requested from us and to comply with legal requirements. If we no longer require your personal information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or de-identify your personal information.
All systems and applications are, where possible, one version behind the latest release from all vendors, and lifecycle management is a KPI of the Business Systems Manager.
Kathmandu data resides across several tier three Data Centres that are PCI and ISO compliant and protected by an outsourced firewall and filtering system that is penetrated tested annually. In order to stay up to speed with changes in technology, the infrastructure team are certified and their professional development is an ongoing commitment.
Our websites are professionally hosted and operate in a secure environment. You should however be aware that there is always an inherent risk in transmitting your personal information via the Internet.
We use Comodo and Cybersource to process online orders. Customers can see their cards being debited in real time, all in an SSL secure environment.
Please do not enter any credit card details when contacting us via email, through our Live Chat function or through our website “Contact Us” form. These functions do not form part of online transactions which use Comodo and Cybersource and therefore your credit card details will not be encrypted in these situations.
We take website and credit card security extremely seriously, and always endeavour to provide a secure safe platform on which to conduct online transactions, all our websites use Comodo SSL. By using this, you guarantee the highest possible encryption levels for online transactions. Each certificate is signed with NIST recommended 2048 bit signatures and provides up to 256 bit encryption of customer data. This encryption scrambles details such as credit card number, billing details and delivery address so that generally, other computers are unable to decipher the information, ensuring privacy and security.
To make sure you are accessing a secure server, check for the unbroken key or closed lock symbol located generally either at the bottom left or top right of your browser window. If it appears, then SSL is active. You can double check this by looking at the URL as well. If SSL is active, then the first characters of that line will read ‘https’ rather than just ‘http’. It is important for you to protect against unauthorised access to your password and to your computer.
Ensure you logout when you have finished visiting our websites especially if you accessed them from a shared computer.
Cookies are pieces of information that a website transfers to your computer for record-keeping purposes. The information collected may be used by Kathmandu to improve your experience on our website. For example, if you wish to make a purchase using our online store, they will collect information about what is in your shopping cart and assist us to maintain that shopping cart during the transaction.
We may also use web beacons, embedded in our website’s web pages, that work in conjunction with cookies to notify us what web pages on our website are visited by a particular IP address (including by reference to domain name), computer or device, the date and time of visit to our site, the duration of individual page views, information downloaded, hyperlinks selected and paths taken by the visitor through the site, the visitor's screen settings and other general information. That information will be collected either by us directly or by a service provider contracted for that purpose. By measuring how you interact with our website in this way, we may provide targeted marketing to you, based on your viewing activity of our website, whether directly or through online advertisement networks such as those operated by Google.
If you are a registered customer or Summit Club member on our website, we will retain information about your account, including contact details, address details and, to the extent that you make orders while logged in or by reference to your Summit Club membership, the status of your orders.
Links to third party sites
Whilst links to third party websites are provided on our website, we are not responsible for the content or practices of these third party websites.
These links are provided for your convenience and do not represent Kathmandu's endorsement of any linked third party website. We recommend that you check the privacy policies of these third parties prior to providing them with your personal information.
No links may be made to this website without our prior written consent. Applications for consent must be made to our Privacy Contact Officer, Kathmandu, PO Box 1234, Christchurch 8140, New Zealand.
How you can access or correct your personal information
You can request access to the personal information we hold about you at any time, and we will
provide you with that information unless we are prevented by law from giving it to you.
If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
You will not be charged for accessing your information, although we might have to charge the reasonable cost of processing your request, including photocopying, administration and postage. We will advise you of any fee payable before we process your request.
If you believe that your personal information is not accurate, complete or up to date, please contact Customer Service in Australia on 1800 333 484, New Zealand on 0800 001 234, United Kingdom on 0800 066 5018, via email to firstname.lastname@example.org address your request to the Privacy Contact Officer, Kathmandu, PO Box 1234, Christchurch 8140, New Zealand.
You are also able to update your personal information online by entering your Summit Club login details when visiting our website:
How you can notify us of a privacy concern or contact our Privacy Contact Officer
- have queries, concerns or complaints about the manner in which your personal information has been collected or handled by Kathmandu; or
- would like to request access to or correction of the personal information we hold about you;
please write to:
Privacy Contact Officer Kathmandu PO Box 1234 Christchurch 8140, New Zealand.
If you consider your privacy concerns have not been resolved satisfactorily by us, or you wish to obtain more information on privacy requirements, you can contact:
Australia Office of the Australian Information Commissioner on 1300 363 992 or visit their website at www.oaic.gov.au
New Zealand Privacy Commissioner (New Zealand) on 0800 803 909 or visit their website at www.privacy.org.nz
United Kingdom Information Commissioner’s Office on 0303 123 1113 or visit their website at www.ico.org.uk