Privacy Policy

When you make an online purchase, our payment provider collects, processes, and tokenises your credit card details (Windcave). This Token is stored securely in our booking system to enable our team to process refunds and booking changes.

If a refund is requested, we will process it back onto the tokenised card on file. We will gain permission from the cardholder before processing any additional charges for the token on file. Tokens are unique to our systems; no credit card information is retained or handled outside of our secure payment provider.

We collect information to provide the best, most accurate & safest service to all our guests. This means that we collect information across many of our departments. This information includes:

Ticket Office & Bookings:

• Personal & contact details to make the correct booking & get in touch for any admin purposes. Credit card details for payment purposes.

Rentals:

• Height – To ensure skis or snowboards are the correct length for your height.

• Weight – To correctly fit ski bindings so they are adequately released in case of an accident (DIN setting). Weight also contributes to snowboard length.

• Age – Firstly to ensure the correct product is sold, secondly to ensure correct DIN settings for skis (DIN setting is lower for small children & seniors).

• Self-assessed ability level - To correctly assign the right equipment.

• Shoe size - To correctly fit ski & snowboard boots.

• Stance - if snowboarding.

• For guests who make deposits to rentals, their credit card details will be 'tokenized'. 'Token Billing' allows for regular billing of a guest's card, under the control of Cardrona, without requiring Cardrona to store sensitive card data or have to ask for credit card details every time of purchase.

Ski Kindy:

• An enrolment form is collected per child on their first day at Ski Kindy. The Ministry of Education requires the enrolment form as we are a fully licensed early childhood education centre. The enrolment form is to ensure we have all the information we need to help your child settle into the centre & have a great day.

Ski School:

• Ages (of children), ability levels & experience to determine what kind of lesson is appropriate. Contact phone numbers, email addresses & credit card details are taken as part of the booking process.

• Self-assessed ability level - To correctly assign the right equipment.

• Whether our guests are skiing, snowboarding, or telemarking.

• Any special lesson requests.

• Any medical notes supplied by guests.

Medical Centre:

Medical information, personal details & accident details – to gather the information required to treat a patient, file ACC claims etc.

Speciality Programmes:

Athlete registration details taken include age, contact details, payment information, programme choice & training/add-on event choices to enrol athletes in the correct programme & take payment. Medical information is taken in case of an emergency on-snow & as a guide for if any medical conditions will affect the athlete’s training.

Events:

Personal & contact details for event entry form, credit card details for payment for entries & lift passes.

Stay:

For guests who would like to make charges against their room during their stay, their credit card details will be ‘tokenised’. ‘Token Billing’ allows for regular billing of a guest’s card, under the control of Cardrona, without requiring Cardrona to store sensitive card data or have to ask for credit card details every time of purchase.

Generally, we collect and use personal information about you to provide a range of products, services and benefits relating to your experience needs. We also collect personal information to assist in identifying ways in which we can serve you better, and to assist our internal administration and operations including accounting, risk management, record keeping, archiving, systems development and testing, and staff training.

Some of the information we collect is for the purpose of improving our interaction with customers. We collect personal information about you, including family members and friends, for purposes in relation to your and their dealings (either directly or indirectly) with Cardrona.

We may collect and update that information over the phone, by letter, fax, email, over the internet, on our website, via webchat, in person or if you participate in our marketing campaigns. We may collect certain information when you visit our websites, even if you don’t book an experience with us. We will collect certain technical information about you when you visit our website. This is likely to include: the internet domain you use, your IP address or another device identifier, your browser type and version (e.g. Chrome or Internet Explorer), the operating system and platform that you are using (e.g.Windows or Mac), the screen resolution of your device the dates and times when you access our website the full URLs of the pages you visit and the websites or links that you use to access our website, login information, details of products or services that are viewed and the length of visits to certain pages of the website. None of this information by itself will be able to tell us who you are, but it can still be considered ‘personal’ information.

We use this information for site management and security purposes (such as troubleshooting and testing) as well as to help us improve our website. We do not try to identify individual users or their usage habits from this data. Raw data logs are retained temporarily as required for security and site management purposes only. We collect this information so we can fulfil our legitimate interests as a business, ensure that our website is fit for purpose, and promote our services appropriately for our customers, including by displaying information that our customers are interested in.

We also rely on our legitimate interest in measuring customer satisfaction and troubleshooting any website issues. Where required by law, we may also seek and rely on your consent.

We may collect and use information from various sources in connection with the marketing and advertising of our services. We may also use data we collect from you (either directly or via our website or advertising) to help us measure the effectiveness of our advertising and to establish what interests you and what doesn't.

Cookies:

We use cookies, which enables us to monitor traffic patterns and serve you more efficiently if you are on one of our websites. A ‘cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as items added to the shopping cart, visited pages or logging-in options.

Cookies are widely used to make websites work or to work more efficiently, and our site relies on cookies to optimize user experience and for features and services to function properly. A cookie does not identify you personally, but it does identify your computer.

Google Analytics:

Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By using this website, you consent to Google's processing of data about you in the manner described in Google’s Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

Social Media:

If you make use of any Cardrona social media features, either on our website, an app or otherwise through a social media provider, we may access information about you via that social media provider in accordance with their policies. When using a social media feature and if you have chosen to include it in your social media account, we may access information such as your name, profile picture, gender, birthday, email address, town or district and any other information you have chosen to make available. Depending on your and your friends' privacy settings, we may access information that you provide to a social media provider regarding your respective locations (“Location Data”) to provide you with relevant content. Please note that your Location Data may also be shared with your friends on a social media provider in accordance with your privacy settings for that social media provider.

In certain situations, we may share your personal information with third parties:

Cookies:

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners, who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Suppliers of travel and other services:

We may provide your personal information to our contractors or related companies for the purposes of, or in connection with, the supply of products and services to you.

Legal requirements:

We may supply personal data to a government authority or regulator where required to comply with a legal requirement (i.e. height & weight for Civil Aviation Authority), for the administration of justice, for the purposes of customs, visas and immigration, or where reasonably required to protect your vital interests or enforce any booking or other contract.

Third-party service suppliers:

We may use third-party service suppliers to process your personal information on our behalf for the purposes described above. When a booking requires it, we may also work with third-party payment service suppliers to facilitate payment. We also work with third-party research providers and advertisement networks to market services on other platforms and involve third-party suppliers for analytical purposes.

Confidentiality agreements will bind all these third parties and will not be allowed to use your personal information for any purposes other than those described above.

We do not share your personal information with third parties for them to use for the purposes of sending you marketing information or for those third parties to use your information for their own purposes.

Medical Information:

ACC –Registering claims. Mountain Safety Council – Anonymous accident data. Written notes – For a patient to take to GP/Physio/Hospital/Ambulance. Sometimes, sensitive information between attending Ski Patrol & Medical Centre will be shared over a mobile phone or at a different radio frequency.

Marketing:

Contact information may be shared with third-party survey providers such as Delighted.com or SurveyMonkey.com. These companies send out guest feedback surveys on our behalf and carry an 'unsubscribe' option should you wish to be removed from the mailing list.

Payment Information:

Credit card or other payment information are not shared at all either internally or externally at Cardrona.

Ticket Office & Bookings:

Hard copy forms from Queenstown & Wanaka offices are transported up the mountain for storage. Ticket Office holds information in filing cabinets behind locked doors for up to 2 years.

Rentals:

Rental information is stored on MyCARD until guest changes their information. It is not stored in hard copy form.

Kindy/ Nursery:

The Cardrona Kindy & Nursery stores hard copies of forms in a filing cabinet in a locked office. Digital copies are on the APT system and in a locked office. The Ministry of Education requires us to keep student information on file for seven years.

Ski School:

Hard copy forms are stored in folders in a locked office for the duration of the respective season. Digital information is stored securely in password-encrypted folders.

Medical Centre:

Hard copies of forms are kept for 15 years as a Ministry of Health requirement in a locked filing cabinet.

Speciality Programmes:

Hard copies of forms are kept for up to 3 years. Digital information is stored securely in password-encrypted folders. Only relevant data is actively stored e.g. returning athletes etc.

Events:

Hard copy forms are destroyed in document destroy bins as soon as relevant information is captured digitally. A digital database collects all data except credit card details for future event communications & cross-promotion opportunities (opt-in from guests required).

General Storage:

As with all information, Cardrona will never rent or sell your personal information. Personally identifiable material is stored on servers or databases, which may involve storing data on storage or computer systems provided by third-party suppliers. None of this is publicly accessible and protected by industry-standard firewalls and password protection systems.

We restrict access to personal information to our employees and contracted third-party providers who need to know that information to process it for us and are subject to strict contractual confidentiality obligations. We extend these privacy policies to our business relationships. We expect the companies we select as our service providers and business partners to honour our privacy policies in the handling of customer personal information.

Email transmission:

Transmission of information over email is not secure, and if you submit any information to us over the internet by email you do so entirely at your own risk. We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by email.

SSL certificate for payments:

We use industry-standard Secure Socket Layer (SSL) technology, which encrypts the payment information you enter via our website. This prevents other computers from impersonating your computer and prevents third parties from reading or changing your information as it travels over the internet.

All hard copies of information are destroyed in Document Destroy bins, which are kept in locked offices in our on-mountain, Wanaka & Queenstown offices. Some departments also shred their forms before placing them in these bins. Digital information is destroyed by deleting or by being updated by guests via their MyCARD profiles.