Watermouth Castle, part of the Escapade Group ltd, family of attractions is committed to maintaining the trust and confidence of visitors to our website and attractions. In this Privacy Notice, we’ve provided lots of detailed information on when and why we collect your personal information, how we use it and what you should do if you have any concerns.
It’s likely we will need to amend this policy from time to time and if this is the case, the changes to the previous policy will be made clear.
Types of data we collect and how we use it:
As part of the registration process for our monthly e-newsletter, or when you sign up as a Hobbledown or Watermouth Castle member, we collect personal information. We use that information to tell you about special events, offers or exciting changes happening at our sites. We never rent or trade email lists with other organisations and businesses. We may occasionally ask you to complete surveys but you do not have to reply to these.
We use third-party providers (Fusemetrix and SMTP2GO), to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. You can unsubscribe to mailings at any time by clicking the unsubscribe link at the bottom of any of our emails or by emailing us at email@example.com
TICKETING AND MEMBERSHIP DATA
When you purchase tickets, merchandise, membership, experiences, gift vouchers or other products sold through our website or on-site epos systems: your name, photograph, date of birth, address data, email and contact number will be stored in our commercial booking and CRM software, Fusemetrix. We may also collect and process data that you provide by filling in any forms on our website either to request more information or to report a problem.
You have the option to subscribe or unsubscribe to our marketing correspondence anytime you wish, either through the unsubscribe links on the emails or by emailing your request to firstname.lastname@example.org.
Purchasing admission or membership products with us constitutes agreement on your part of our terms and conditions relating to conduct and participation at the relevant site as well as any specific product conditions.
When you book a party, register on-line or enter personally identifying information, your details are transmitted across the internet securely using high-grade SSL encryption. Furthermore, as required by the UK Data Protection Acts of 1984 and 1998, we follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access.
There may be occasions where we have a legitimate interest in contacting you regarding your purchase with us eg. Changes in opening times and we will do so either via phone or email. Further details on this can be found in the section entitled ‘Legitimate Interest’.
We do not store any credit/debit card details.
The only personal data which will be shared will be information relating to payment of services, this may include information about your method of payment and bookings, to the credit or debit card company that issued the card with which you made your booking.
The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes set out in this policy or for other purposes approved by you.
Our security procedures mean that we may request proof of identity before we are able to disclose sensitive information to you. In the circumstances set out in this policy where Escapade Group or any of its trading brands passes your information to a third party, we will ensure that the security measures that such party has in place in relation to the processing of your data are at least as stringent as those employed Escapade Group. This does not apply where we are required by law to pass your information to a third party. We will retain your information for a reasonable period or as long as the law requires.
LINKS TO OTHER WEBSITES
Our website may contain links to and from other websites, including social media. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these notices. Please check these notices carefully before you submit any personal data to these websites.
Watermouth Castle uses website cookies to enhance your online experience and to improve our service to you. We have chosen the Cookies we use carefully and have taken steps to ensure that your privacy is protected and respected at all times. All Cookies are used in accordance with current UK and EU GDPR regulations.
Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. They enable us to provide features such as remembering aspects of your last booking search to make subsequent searches faster. Cookies can be deleted from your hard drive if you wish. Most web browsers automatically accept cookies, but you can change your browser settings to prevent that. Even without a cookie you can use most of the features on the web site. Our cookies do not contain any personally identifying data.
Before we place any Cookies on your computer or device, you will be presented with a pop-up message requesting your consent to set those Cookies. However, you may, if you wish, deny consent to the placing of Cookies by refusing to accept their placement, although please be aware that certain features of the website may not function fully or as intended.
For more on Cookies: https://www.aboutcookies.org/
When someone visits www.watermouthcastle.com we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers or those of our commercial software suppliers: Fusemetrix https://www.fusemetrix.com/ or Cloudline https://www.cloudlineapp.com/.
HOW WE DEFINE CONSENT TO USE YOUR DATA
In specific situations, we can collect and process your data with your consent. Example:
- When looking for a booking on a website but leaving the website without completing the booking, this triggers an email with details of your online shopping basket. Within this email is an option to opt out of further membership correspondence.
- If you tick a box to receive email newsletters.
In certain circumstances, we need your personal data to comply with our contractual obligations.
- If you set up a direct debit for annual membership.
- Book a birthday party or school visit.
If the law requires us to, we may need to collect and process your data.
- We can pass on details of people involved in fraud and other criminal activity.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
- Sending of the introduction email to ensure all members are aware of Terms and conditions.
- As part of your membership we will supply you with current offers, promotions or changes in operating times.
- We will use your admission history to offer you promotions and offers which may be relevance to you.
- We will also use your address details to send you direct marketing information by post, telling you about offers and activities that we think might interest you.
In specific situations we may be required to share information to facilitate treatment to support health and safety.
- If you had an accident within one of our sites, we may be required to disclose information to the emergency services.
When we collect your personal Data
- When you visit any of our websites, and use your account to buy products and services.
- When you make an online purchase.
- When you become a member on your first visit to one of our centres.
- When you engage with us on social media.
- When you contact us by any means with queries, complaints etc.
- When you ask one of our team to email you information about a product or service, like a birthday party booking or private hire.
- When you enter prize draws or competitions.
- When you book any kind of event with us.
- When you choose to complete any surveys we send you.
- When you comment on or review our products and services.
- When you access our on-site wifi service
What Sort of personal data we collect
- When you first join our membership at your first visit to an Escapade Group attraction you have an account set with us: your name, gender, date of birth, address, email and telephone number. We will also hold photographs of members to verify them to the membership set up and prevent fraudulent sharing of the passes.
- Details of your interactions with us through head office, in store, or online.
- We collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you made or booked.
- Details of your visits to our websites or apps, and which site you came from to ours.
- Personal details which help us to recommend offers of interest.
- Your comments and activities we may have provided to you ie Birthday Parties.
- Your image may be recorded on CCTV when you visit one of our attractions.
- To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered. Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
How and why we use your personal data
We want to give you the best possible customer experience, by amalgamating all information we hold on you we are able to offer you promotions, products and services that are most likely to interest you. In the case of annual pass members, we’ll also offer you relevant rewards. Data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.
Here’s how we’ll use your personal data and why:
- To process any orders that you make by using our websites, or in an attraction.
- To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
- To protect our business from fraud and other illegal activities.
- To protect our customers, premises, assets and team members from crime, we operate CCTV systems in our attractions and car parks which record images for security. We do this on the basis of our legitimate business interests.
- To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
- If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim is to protect the individuals we interact with from criminal activities.
- With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text, telephone and through our head office about relevant offers and activities including tailored special offers, discounts, promotions, events, competitions and so on.
Of course, you are free to opt out of hearing from us by any of these channels at any time.
- To send you relevant, personalized communications by post in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest.
You are free to opt out of hearing from us by post at any time.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
- To administer any of our prize draws or competitions which you enter based on your consent given at the time of entering.
- To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.
- To comply with our contractual or legal obligations to share data with law enforcement. For example, when a court order is submitted to share data with law enforcement agencies or a court of law
- To send you survey and feedback requests to help improve our services and facilities. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
Of course, you are free to opt out of receiving these requests from us at any time by updating your preferences in your online account.
- To build a rich picture of who you are and what you like, and to inform our business decisions, we’ll combine data captured from your visits to our attractions and data from publicly-available lists as we have described in the section ‘What Sort of Personal Data do we collect?’ We’ll do this on the basis of our legitimate business interest.
For example, by combining this data, this will help us personalise your experience and decide which inspiration or content to share with you.
- To process your booking/appointment requests (for example with a birthday party booking or special event booking)
Combining your data for personalised direct marketing
We want to bring you offers and promotions that are most relevant to your interests and particular age group of children. To help us form a better, overall understanding of you as a customer, we combine your personal data gathered from membership with your visit history at any of the Escapade Group attractions across the UK.
How we protect your personal data
We will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites using ‘https’ technology as well as individual password credentials to login to these systems.
Where we have given you a password to access certain areas of the Website (ie your customer or membership accounts) you are responsible for keeping this confidential and we ask that you do not share this password.
How long will we keep your personal data
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. When you first join an Escapade Group attraction as a member we will keep your membership data for up to 5 years from the date of your last visit or transaction with us.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
When you place an order, we’ll keep the personal data you give us for seven years so we can comply with our legal and contractual obligations
When you book a birthday party, we’ll keep the personal data you give us for seven years so we can comply with our legal and contractual obligations.
Accident or Insurance claim
If your data is taken as part of an incident or accident at any of the Escapade Group attractions we will keep your details for 21 years.
In the case of an Insurance claim or a claim for damages against the company we will keep relevant data for 21 years.
This section sets out the appropriate actions and procedures which Escapade Group follows in respect of the use of CCTV (closed circuit television) surveillance systems (“CCTV Systems”) at our premises.
Please note that all premises are monitored by CCTV 24 hours a day. Escapade Group Ltd and its trading businesses reserves the right for its employees and contractors to review footage as required and by entering onto our sites you consent to your image being recorded and reviewed and waive any and all claims in relation to same. Recorded CCTV footage will be stored securely and retained in compliance with the Data Protection Act 1998. Each of the Escapade Group attractions is registered as a Data Controller with the ICO.
In drawing up this policy, due account has been taken of the following:
- The Act and any other relevant Data Protection legislation;
- The CCTV Code of Practice produced by the Information Commissioner (“Code of Practice”); and
- The Human Rights Act 1998.
This policy will cover all employees and persons providing a service to Escapade Group attractions, visitors and all other persons whose image(s) may be captured by our CCTV Systems.
In processing CCTV surveillance data, our staff will consider carefully the type of personal data being processed and in particular whether there is any personal data which falls within the definition of “sensitive personal data” or “special category personal data” as defined in the Act. Such data includes:
- Ethnic origin or race;
- Political opinion;
- Religious and philosophical beliefs;
- Trade Union membership;
- Health – mental or physical;
- Sexual life or sexual orientation
- Genetic data; and
- Biometric data for the purpose of uniquely identifying a natural person.
We will also ensure that the personal data is only processed in accordance with the following requirements:
- It will be processed fairly, lawfully and in a transparent manner;
- It will only be collected for specified, explicit and legitimate purposes and not further processed in any manner incompatible with those purposes;
- It will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- It will be accurate and, where necessary, kept up to date;
- It will not be kept for longer than is necessary for the purposes for which the personal data are processed; and
- It will be processed in a manner that ensures appropriate security of the personal data.
Initial Assessment Procedures
The purpose of the use of the CCTV Systems and the collection and processing of CCTV images is for the prevention or detection of crime or disorder, apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings), interest of public and employee Health and Safety, protection of public health and the protection of the Our property and assets.
Location of the Cameras
The location of the equipment is carefully considered, because the way in which images are captured needs to comply with the Act.
All cameras are located in prominent positions within public and staff view and do not infringe on sensitive areas. All CCTV surveillance is automatically recorded and any breach of this location policy will be detected via controlled access to the CCTV System and auditing of the CCTV System.
Quality of the Images
The images produced by the equipment will as far as possible be of a quality that is effective for the purpose(s) for which they are intended. Upon installation, all equipment is tested to ensure that only the designated areas are monitored and suitable quality pictures are available in live and play back mode. All CCTV equipment is maintained under contract.
Processing the images
Images which are not required for the purpose(s) for which the equipment is being used will not be retained for longer than is necessary. While images are retained, it is essential that their integrity be maintained, whether it is to ensure their evidential value or to protect the rights of people whose images may have been recorded. Access to and security of the images is controlled in accordance with the requirements of the Act.
All images are digitally recorded and stored securely within the system’s hard drives. Images are stored for a minimum of 14 days, and stored for no more than 31 days.
Where the images are required for evidential purposes or disciplinary proceedings, a copy file will be moved to an access controlled confidential location on the network and held until completion of the investigation. Viewing of images within the system is controlled by a person nominated to act on behalf Escapade Group Ltd. Only persons trained in the use of the equipment and authorised can access data.
Access to and disclosure of images to third parties
Access to, and disclosure of, the images recorded by our CCTV System and similar surveillance equipment is restricted and carefully controlled. This ensures that the rights of individuals are preserved and the continuity of evidence remains intact should the images be required for evidential purposes e.g. a police enquiry or an investigation being undertaken as part of an internal procedure.
Access to the medium on which the images are displayed and recorded is restricted to authorised staff and third parties as authorised from time to time for specific purposes. Access to and disclosure of images is permitted only if it supports the purpose for which such images were collected.
Access to images by individuals
The Act gives any individual the right to request access to CCTV images which contain their personal data.
Individuals who request access to images must submit this formally in writing, with sufficient details to identify the section of footage with which they are concerned and to enable Escapade Group ltd to satisfy itself that the person making the request is the data subject of that specific recording. Upon receipt of the request Escapade Group Ltd will determine whether disclosure is appropriate and whether there is a duty of care to protect the images of any third parties. If the duty of care cannot be discharged then the request can be refused.
A written response will be made to the individual, giving the decision (and if the request has been refused, giving reasons) within 21 days of receipt of the request.
The Information Commissioner’s Office has the power to bring enforcement actions against companies where it considers that there’s been a breach of one or more of the Data Protection principles.
If you have any complaints relating to this CCTV policy or our use of your personal data, please contact us: The Data Protection Officer – email@example.com
What are your rights over your personal data?
An overview of your different rights
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- Review by a team member of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
You have the right to request a copy of any information about you that Escapade Group holds at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please email firstname.lastname@example.org
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to email@example.com. For the purpose of this Privacy Notice the Data Controller is Escapade Group LTD, Horton Lane, Epsom, England, KT19 8PT