The World’s Famous Grotto Limited is committed to protecting the privacy and security of your personal information.
This policy (together with our Terms and Conditions and any other documents referred to on it) describes how we collect and use personal data we collect from you, or that you provide to us. That personal data will be processed by us in accordance with the Data Protection Act 1998 (the Act) and the EU General Data Protection Regulation (GDPR). Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By agreeing to Our Terms and Conditions you are accepting and consenting to the practices described in this policy.
The World’s Famous Grotto Limited– your data controller
For the purpose of the Act and GDPR, The World’s Famous Grotto Limited of 31 Wellington Road, Nantwich, CW5 7ED (registered in England and Wales with company number 8389285) is the data controller in respect of any information relating to an identified or identifiable natural person (Personal Data) processed by us.
As data controller, we determine the purposes for which and the manner in which your Personal Data is, or is to be, processed. In this policy we describe the types of processing we may undertake with respect to your data.
Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
3. Relevant to the purposes we have told you about and limited only to those purposes
4. Accurate and kept up to date
5. Kept only as long as necessary for the purposes we have told you about
6. Kept securely
Information we may collect from you
We may collect and process the following data about you:
Information you give us. This is information about you that you may give to us by:
- Buying tickets online and filling in forms on our site www.worldsfamousgrotto.com (our site); or
- registering to buy tickets or making an enquiry on our site through our Contact Us page; or
- subscribing to our service; or
- undertaking any other activities commonly carried out on our site (including, for example, in the event that you have to notify us of a problem with our site); or
- by corresponding with us by phone, e-mail or otherwise
- The information you give us may include your name, your child(s) name, your date of birth, your child(s) date of birth, title, address, personal e-mail address and telephone number, your child(s) gender, financial and credit card information, personal description and photograph and other information which is necessary for us to supply a service to you.
Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products or services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. In such cases we will inform you when we collect that information if we intend to share the data internally and combine it with other data collected from you. We will also tell you the purposes for which we may share and combine your data. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. We will notify you when we receive information about you from third parties and the purposes for which we intend to use that information.
USES MADE OF THE INFORMATION
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
1. Where we need to perform the service/contract we have entered into with you.
2. Where we need to comply with a legal obligation.
3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
1. Where we need to protect your interests (or someone else’s interests).
2. Where it is needed in the public interest or for official purposes.
We use information held about you in the following ways:
Information you give to us.
We will use this information:
- to carry out our obligations arising from any services or contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box here [ ]
- to notify you about changes to our service;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
Information we collect about you.
We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources.
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
DISCLOSURE OF YOUR INFORMATION
We may have to share your data with third parties, including third-party service providers and other entities in the group.
We require third parties to respect the security of your data and to treat it in accordance with the law.
If we do, you can expect a similar degree of protection in respect of your personal information.
You agree that we have the right to share your personal information with:
- any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006; and
- selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. [We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience];
- Analytics and search engine providers that assist us in the improvement and optimisation of our site;
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If We or substantially all of Our assets are acquired by a third party, in which case personal data held by Us about Our customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply Our terms and conditions of supply and other agreements; or to protect the rights, property, or safety of The World’s Famous Grotto Limited, Our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
HOW LONG WE WILL STORE PERSONAL DATA
We will store your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
On completion, cancellation or termination of [Our services to you] We will retain your Personal Data for a period of six (6) years from the date of completion, cancellation or termination in order to enforce or apply the terms of any contract or other agreements; or to protect the rights, property, or safety of The World’s Famous Grotto Limited, Our customers, or others.
(In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.)
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your buying relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
Right of access to your Personal Data
- you can request a copy of the Personal Data we process relating to you. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. If your request is sent to us electronically we will supply this in a commonly used electronic form, unless you specifically request this in a different format.
- we will supply the data within 1 month of the date of your request free of charge. If your request is complex or numerous we may extend this period by a further period of two months (though we will inform you within one month of the receipt of your request if this is the case and explain why the extension is necessary).
- we reserve the right to charge a reasonable fee if you request additional copies of the information, to cover our administration costs. If access requests are unfounded or excessive we may charge a reasonable fee to provide the data, take the action requested, or refuse to act on the request.
Right to request the correction of your Personal Data
- We will make every effort to ensure that Personal Data is accurate, kept up-to-date and erased or corrected without delay in the event of inaccuracies. However, in the event that you become aware that we hold any inaccurate or incomplete Personal Data, you can send a rectification request for us to correct any inaccurate data or to complete any incomplete data we hold.
- We will respond to a rectification request within 1 month of the date of your request. If your request is complex we may extend this period by a further period of two months.
- If we intend to take no action in respect of a notification request we shall explain this to you along with further information about your rights.
Right to request the erasure of your Personal Data (the “right to be forgotten”)
- This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- We will upon request erase any inaccurate Personal Data without delay unless we need to retain the Personal Data for any of the purposes specified in GDPR.
Right to object to processing of your Personal Data
You may request us to restrict processing of your Personal Data:
- which you believe is being unlawfully processed but where you do not want erasure;
- which you believe we no longer need but which you wish us to retain for the purposes of defending legal claims or other grounds specified in GDPR.
- If you request a data processing restriction we may continue to store the Personal Data, but may only process it:
- with your consent;
- to establish, exercise, or defend legal claims;
- to protect the rights of another individual or legal entity; or
- for important public interest reasons.
Right to object to processing of your Personal Data (legitimate interest and direct marketing)
- You may object to us processing your Personal Data where processing is based on public interests or legitimate interests for direct marketing.
- If you object we will stop processing the Personal Data unless we:
- have a compelling legitimate ground for processing the Personal Data that overrides your interests; or
- need to process the Personal Data to establish, exercise, or defend legal claims.
Right to request the transfer of your Personal Data to another party.
You have the right to request us to:
- supply your Personal Data in a commonly used and machine-readable format so that you may store it for further personal use on a private device;
- transmit the Personal Data to another data controller;
- transmit your Personal Data directly to another data controller to another where technically possible.
However, this portability right only applies under limited circumstances and to a limited subset of Personal Data processed by us.
The right to data portability only applies to Personal Data:
- about you. It does not apply to anonymous data or information that does not concern you.
- which you have provided to us including :
- information that you have knowingly and actively provided, such as name and contact information;
- information generated by and collected from your activities while using our site;
- which is automated and is either based on your consent or is necessary for us to perform our obligations under a contract between us and you.
o It does not apply to Personal Data that we generate as part of our data processing undertaken in accordance with this policy or which is permitted under GDPR.
Right to notification of any breach
- In the unlikely event of a Personal Data breach which is likely to result in a high risk to your rights, we will notify you of the breach without undue delay.
- However, if your Personal Data is encrypted or otherwise unintelligible we will not be required to notify you of a breach.
EXERCISING YOUR RIGHTS:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact [POSITION] in writing or contact us at email@example.com.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.