Privacy Policy
Three Peaks Challenge Ltd logo
Book
Resources Photos Manage Your Booking Login / Register
Book your challenge Contact us

Privacy Policy last updated 1st April 2024.

Privacy & Cookies

Three Peaks Challenge Ltd respects your privacy. This notice explains how we collect, use and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data controller

Three Peaks Challenge Ltd, Trade Fair House 2 West Court, Enterprise Road, Maidstone, Kent, England, ME15 6JD. Company number 06993751.
Contact: threepeakschallenge.uk/contact

Information we collect

  • Booking and event data: names, contact details, emergency contacts, medical declarations, kit preferences and transport arrangements supplied by you or your organiser.
  • Payment information: transaction references from our payment partners (Revolut and UK bank providers). We do not store full card numbers.
  • Communications: emails, live chat messages, telephone notes and feedback surveys that help us manage your booking.
  • Website usage: log data (IP address, browser type, pages visited), cookie identifiers and information about how you interact with our forms and marketing campaigns.

How we use your data

  • To create and manage bookings, allocate guides, arrange transport and share joining instructions.
  • To process payments, issue invoices and detect fraudulent or duplicate transactions.
  • To comply with legal obligations, including health and safety reporting and accounting requirements.
  • To send service messages, satisfaction surveys and (where you opt in) marketing communications about future events.
  • To improve our website through analytics, A/B testing and debugging.

Our lawful bases include contract (for event delivery), legal obligation (for record keeping), legitimate interests (for safety, analytics and service development) and consent (for marketing preferences).

Sharing your data

We share information only with trusted partners who help us run your event, for example:

  • Payment processors (currently Revolut) for card and bank transactions.
  • Communication platforms (such as SendGrid email services) to send booking updates.
  • Accredited guides, vehicle suppliers and accommodation providers who require attendee names, dietary needs or medical considerations.
  • Regulators or emergency services where we are legally obliged to do so.

Partners are bound by contracts that require them to safeguard your data and use it only for the agreed purpose. We do not sell your personal data.

International transfers

Some providers host data within the European Economic Area (EEA) or the United States. Where information leaves the UK we ensure appropriate safeguards are in place, such as UK Addendum Standard Contractual Clauses.

Retention

We retain booking and safety records for seven years after your event to comply with insurance and accounting requirements. Marketing preferences are stored until you opt out. Website logs are typically retained for up to 12 months.

Your rights

You have the right to access, correct, delete or restrict the processing of your data, as well as the right to data portability and to object to processing carried out on the basis of legitimate interests. Where we rely on consent you may withdraw it at any time.

To exercise your rights or raise a concern, please contact us using the details above. You may also complain to the Information Commissioner's Office (ICO) if you are unhappy with our response.

Cookies and similar technologies

Our websites use cookies and pixels to remember preferences, keep you logged in, protect against fraud and measure marketing performance. You can control cookies via your browser settings or through the cookie banner presented on our sites. Some embedded services (for example Google Maps or YouTube) may set their own cookies; please refer to their privacy notices for details.

Updates

We review this notice regularly and will post any changes on this page.