Information Privacy & Security at Hub Climbing
Why do the waivers at Hub Climbing ask for so much private information?
Completing waivers before entering an indoor climbing gym is a standard in the industry. Gyms would not receive insurance if the waivers are cot completed. The waivers inform guests to the gym of the risks of climbing, and in signing the waivers, guests acknowledge the risks. The personal information collected allows Hub Climbing to ensure that the person completing the waiver is also the person entering the gym. In the case of minors, Hub Climbing is committed to ensuring that the adult completing the waiver for the corresponding minor is either the parent or legal guardian.
What does Hub Climbing do with the waiver information?
When the waiver is completed, a PDF file is created with the information collected, and the guest information is stored in our onsite database. The PDF files are stored offsite at Amazon Cloud. The information is used to create a guest profile with all associated guests interactions, including gym check-ins and payments.
What measures are taken to ensure the information collected in the waiver remains private?
Hub Climbing understands that the waiver information collected is sensitive and private. Therefore, the following measures are taken to ensure the information is secured:
- Hub Climbing uses the climbing gym industry-standard software Rock Gym Pro for collecting and storing guest information. This software is used by hundreds of climbing gyms worldwide. The mature software has been the standard in the industry for over 8 years and is constantly updated to ensure it complies with the latest security features
- The PDF files of the waivers are stored offsite at Amazon Cloud, and can only be accessed through the Rock Gym Pro application
- Waivers that are completed on paper are scanned into the application, and then promptly shredded
- To ensure the server/database cannot be physically removed, the computer is kept behind a locked room
- The server is behind a firewall to ensure it cannot be accessed over the internet, and from the local Hub Climbing WiFi available to guests
- Nightly database backups are encrypted to minimize the backups being used to restore the private information
- Hub Climbing staff sign a privacy agreement, committing staff to not disclose private guest information
- Hub Climbing staff access to Rock Gym Pro is limited to accessing one guest at a time. The ability to generate reports of guest information (which would allow bulk collection of guest data) is limited to the administrator level.
- Hub Climbing staff are given limited access to the front desk computers, to hinder the ability to inadvertently install malicious software on the network
- Anti-virus scans are run nightly on all workstations and servers
What happens to the payment card information provided to Hub Climbing?
When paying with a credit card or Interac card, guests utilize industry-standard Point of Sale (POS) machines. These machines, which are used in hundreds of thousands of businesses, ensure the card information is never stored: the card information is sent encrypted across the Internet directly to the card processor and is never stored on the machine.
When a guest pays for monthly recurring membership payments (EFT), the credit card information is collected by Hub Climbing staff to store offsite in a PCI-compliant server. Rock Gym Pro stores a token in its database in order to collect the credit card information stored offsite. Therefore, the database never stores the card information ensuring ultimate security for the card information.