Cheshire Outdoors

Privacy Policy

Cheshire Outdoors Group

PRIVACY POLICY

Who we are

We are The Cheshire Outdoors Group, which provides outdoor activities, entertainment, events and other services. We are based at Blakemere Village, Sandiway, Cheshire CW8 2EB.

Cheshire Outdoors Group consists of the following Registered Companies:

  • Cheshire Outdoors Ltd
  • Cheshire Falconry Ltd
  • Cheshire Segway Ltd
  • Forest Explorers Ltd
  • Cheshire Bushcraft Ltd

Cheshire Outdoors Group operates under the following Trading Names:

  • Cheshire Outdoors
  • Cheshire Falconry
  • Cheshire Segway
  • Cheshire Woodland Weddings
  • Cheshire Bushcraft
  • Cheshire Cycle Hire
  • Cheshire Cycle Repair
  • Magical Woodland
  • Cheshire Outdoors Corporate Events
  • Cheshire Woodland Wellbeing

At Cheshire Outdoors Group (“we”, “us”, “our”), we regularly collect and use personal data about consumers who visit our centre or events, or browse our websites. Personal data is any information that can used to identify you as an individual. The protection of your personal data is very important to us, and we understand our responsibilities to handle your personal data with care, to keep it secure and to comply with legal requirements.

The purpose of this privacy policy (“Policy”) is to provide a clear explanation of when, why and how we collect and use personal data.

Please read this Policy carefully. It provides important information about how we use personal data and explains your legal rights. This Policy is not intended to override the terms of any contract that you have with us (for example, Private Event, Activity or or Experience) or any rights you might have available under applicable data protection laws.

We will make changes to this Policy from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will make sure that you are aware of any significant by posting a notice on each relevant website so that you are aware of the impact to the data processing activities before you continue to engage. We encourage you to regularly check back and review this policy so that you will always know what information we collect, how we use it, and who we share it with.

Personal data we collect

In relation to potential customers, historic customers and current customers and event visitors (“consumers”), we collect the following data:

• Information that you provide by filling in forms on our websites. This includes posting material or requesting further services. We will also ask you for information when you report a problem.

  • Details of any concerns if you contact us with a query or issue.
  • Details of transactions you carry out through our site and of the fulfilment of your bookings including your credit/debit card details.
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
  • Your name, address, telephone number and/or email address in order to contact you with details of your booking or in the unlikely event that we need to contact you urgently about your booking.

This includes the collection of contact details such as your name, address, date of birth, telephone number and email address, identification details including images of yourself, engagement details including your purchase history and visit history, your marketing preferences including interests / marketing list assignments, record of permissions or marketing objections, website data, device data including IP addresses and details about your browsing history, browser type, and session frequency and cookies.

Our location has Closed Circuit Television (CCTV) and you may be recorded when you visit.

CCTV is used to provide security and protect our staff, customers and other visitors and the Cheshire Outdoors Group. CCTV will only be viewed when necessary (for example, to detect or prevent crime) and footage is stored for a set period of time, after which it is recorded over. We comply with the Information Commissioner’s Office CCTV Code of Practice and we put up notices so you know when CCTV is used.

Our use of Website Cookies

This website uses cookies to better the user’s experience while visiting the website. If you would prefer not to have any cookies saved to your device whilst visiting this website, please disable cookies in your browser settings.

What are cookies?

Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and website usage. This allows the website, through its server to provide the users with a tailored experience within this website.

Users are advised that if they wish to deny the use and saving of cookies from this website onto their computer hard drive, they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.

Website Visitor Tracking

This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computer’s hard drive to track and monitor your engagement and usage of the website but will not store, save or collect personal information.

Specifically, we use:

  • Google Analytics – which helps us understand what pages you visit, how long you spend on those pages and where in the world you are from. It does not enable us to identify you personally.
  • Facebook Pixel – which helps us serve digital advertising to you via the Facebook platform if you have already visited our website.

Downloads & Media Files

Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available, users are advised to verify their authenticity using third party anti-virus software or similar applications.

We accept no responsibility for third party downloads and downloads provided by external third-party websites and advise users to verify their authenticity using third party anti-virus software or similar applications.

PURPOSES we USE your personal data for

We will use your personal data to:

  • ensure that content from our site is presented in the most effective manner for you and for your computer.
  • provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • carry out our obligations arising from any contracts entered into between you and us.
  • notify you about changes to our service.

We may also send you marketing materials where we have appropriate permissions. We will also need to use your personal data for purposes associated with our legal and regulatory obligations.

We have to establish a legal ground to use your personal data, so we will make sure that we only use your personal data for the purposes set out in this Policy where we are satisfied that:

  • our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to manage your booking for entry tickets to an activity), or
  • our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we are subject to (e.g. to comply with ICO requirements), or
  • our use of your personal data is necessary to support ‘Legitimate Interests’ that we have as a business (for example, to improve our products, or to carry out analytics across our datasets), provided it is always carried out in a way that is proportionate, and that respects your privacy rights. Where required under separate laws, for example the Privacy and Electronic Communications Regulations, we will also ensure that you have opted in to send you marketing materials.

Before collecting and/or using any special categories of data we will establish an additional lawful ground to those set out above which will allow us to use that information. This additional exemption will typically be:

  • your explicit consent;
  • the establishment, exercise or defence by us or third parties of legal claims; or
  • a specific exemption provided under GDPR.

Who do we SHARE your personal data with?

As flagged above, we share data with third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data, and include:

  • service providers, who help manage our IT and back office systems, and assist with our Customer Relationship Management activities, in particular reCoded Solutions Ltd and Intelligent Monitoring Systems Limited
  • booking agent partners, Smart Entertainment Ltd and WebTicketManager Ltd who provide us with secure access to their systems via online platforms to enable us to:
    • Track sales transactions for Experiences
    • Track voucher purchases
    • Monitor experience session capacities and Diary for bookings
    • Resolve customer enquiries
  • our social media agency, Social Tap Ltd
  • We are compliant with PCI-DSS (Payment Card Industry Data Security Standard), we ensure that our IT systems do not directly collect or store your payment card information, such as the full 16-digit number on the front of the card or the security code on the back.
    • Our online payment solutions are carried out using a ‘payment gateway’ (such as WorldPay) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us. This means that your payment card information is handled by the bank and not processed or held by us.
  • our regulators, which includes the ICO
  • solicitors and other professional services firms

Direct Marketing

We may use your personal data to send you direct marketing communications about our activities, events, experiences or our related services.  This will be in the form of email, post, SMS or targeted online advertisements.

Where we require explicit opt-in consent for direct marketing in accordance with the Privacy and Electronic Communications Regulations we will ask for your consent. Otherwise, for non-electronic marketing or where we can rely on the soft opt-in exemption under the Privacy and Electronic Communications Regulations, we will be relying on our Legitimate Interests for the purposes of GDPR.

You have a right to stop receiving direct marketing at any time – you can do this by following the opt-out links in electronic communications (such as emails), or by contacting us.

We also use your personal data for customising or personalising advertisements, offers and content made available to you based on your visits to and/or usage of our websites or other  platforms or services, and analysing the performance of those advertisements, offers and content, as well as your interaction with them. We may also recommend content to you based on information we have collected about you and your viewing habits.

External Website Links & Third Parties

Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text/banner/ image links to other websites).

Shortened URLs

URL shortening is a technique used on the web to shorten URLs (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks similar to this (for example, http://bit.ly/zyVUBo).

Users should take care before clicking on shortened URL links and verify their authenticity before proceeding.

We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should, therefore, note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Policy & Usage

We adopt a social media Policy to ensure our business, and our staff conduct themselves appropriately online. While we may have official profiles on social media platforms, users are advised to verify the authenticity of such profiles before engaging with or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.

There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page.

How long do we keep your personal data?

We will retain your personal data for as long as is reasonably necessary for the purposes listed in this Policy. In particular, where there has been no interaction from a consumer (e.g. a purchase etc.), a record will be archived after 1 year and deleted after 3 years.

Where we are required to do so to meet legal, regulatory, tax or accounting requirements, we will retain your personal data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings.

We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required and we do not have a legal requirement to retain it, we will ensure it is either securely deleted or stored in a way such that it is anonymised and the Personal Data is no longer used by the business.

What are your rights?

You have a number of rights in relation to your personal data. In summary, you have the right to request: access to your data; rectification of any mistakes in our files; erasure of records where no longer required; restriction on the processing of your data; objection to the processing of your data; and data portability.

RIGHTS – WHAT THIS MEANS

Access – You can ask us to:

  • confirm whether we are processing your personal data;
  • give you a copy of that data;
  • provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out automated decision making or profiling, to the extent that information has not already been provided to you in this Policy.

Rectification – You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.

Erasure / Right to be Forgotten – You can ask us to erase your personal data, but only where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • it follows a successful right to object (see ‘Objection’ below); or
  • it has been processed unlawfully; or
  • it is necessary to comply with a legal obligation which we are subject to.

We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims, in relation to the freedom of expression or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. In the context of marketing, please note that we will maintain a suppression list if you have opted out from receiving marketing content to ensure that you do not receive any further communications.

Restriction – You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

  • its accuracy is contested (see ‘Rectification’ below), to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal data following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Portability – You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but in each case only where: the processing is based on your consent or the performance of a contract with you; and the processing is carried out by automated means.

Objection – You can object to any processing of your personal data which has our ‘Legitimate Interests’ as its legal basis, if you believe your fundamental rights and freedoms outweigh our Legitimate Interests. Once you have objected, we have an opportunity to demonstrate that we have compelling Legitimate Interests which override your rights, however this does not apply as far as the objections refers to the use of personal data for direct marketing purposes.

To exercise your rights you can contact us. Please note the following if you do wish to exercise these rights:

  • We take the confidentiality of all records containing personal data seriously and reserve the right to ask you for proof of your identity if you make a request.
  • We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances.
  • We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
  • Local laws, including in the UK, provide for additional exemptions, in particular to the right of access, whereby personal data can be withheld from you in certain circumstances, for example where it is subject to legal privilege.

Contact and complaints

The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is our Data Protection Officer. The Data Protection Officer can be contacted in the following way:

info@cheshireoutdoors.uk or call us on 01606 882223.

If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.