This policy applies to the following:
- Current members (adults and adults paying for/responsible for a child membership)
- Individuals buying membership as a gift and using their personal information to register the membership
- Individuals making a party or event booking
- Individuals making a group booking such as a school or community group booking
- Individuals buying day tickets online
- Subscribers to our mailing lists (following a mailing for a reason listed above)
- Individuals who make contact with us through another means: Website or email enquiry/One off shop order
This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
This policy specifically does not apply to employee data or that of volunteers, work experience, interns or contractors working for Pensthorpe Natural Park. We have separate policies and guidance for those individuals.
The privacy and security of your personal information is extremely important to us. Here we explain how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information, knowing we will take good care of it.
We’ll keep this policy updated to show you all the things we do you with your personal data.
You can be assured that we will never sell your personal data to anyone and we are not in the practice of sharing information with any other organisation for any reason, but should that change we will advise you and seek your permission to do so.
Who are “we”?
We are Pensthorpe Natural Park. Under our company umbrella, we also have the following company identities:
• Pensthorpe Conservation Trust Ltd (registered charity no. 1100589);
• Porter and Makins Ltd, our farm business (Company no. 00586007); and
• The Conservation Shop Ltd, which is our trading arm (Company no. 01979520)
The Conservation Shop is our trading business and this is where your data is held. If you have any questions relating to this policy or our use of your personal data, it should be addressed for the attention of the Data Protection Officer at email@example.com or sent to Data Protection Officer, Pensthorpe Natural Park, Pensthorpe, Fakenham, Norfolk, NR21 0LN.
Separately, the Data Protection Officer for all personal data relating to job applicants, employees, former employees, volunteers, interns, work experience students and contractors is the HR manager. We take great care to train our staff in their responsibilities with regard to data protection to keep you safe.
What personal data do we collect?
“Personal data” is any information that relates to an individual who can be identified from that information.
We may collect a number of items of personal data in connection with specific activities such as applying for renewing your membership, booking an event or ordering tickets online. Sometimes you’ll share your data when you make contact to ask us a specific question or we order something special for you in our gift shop and we take your details to call you when it’s arrived. The categories of data are explained in the table below.
“Special categories of personal data” means information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation, sex life and biometric data. It may also include “criminal records data” which means information about an individual’s criminal convictions and offences, and information relating to criminal allegations and proceedings.
How do we use your personal data?
We’ll only use your personal data on relevant lawful grounds as permitted by the General Data Protection Regulation (effective 25th May 2018).
Personal data provided to us will be used for the purposes defined below.
What personal data do we collect
How do we use your data?
|Member||Name, Address, Telephone Number, Email Address, Photo, DOB (optional).||Our Admissions Team will only make contact with you if they have reason to do so, for example if you have left property with us. Our Marketing Team will also add you to the members e-newsletter subscriber list in order to keep you informed of exclusive members news, events and special promotions at Pensthorpe. We would also like to be able to send you special offers to mark your birthday, but sharing your date of birth with us is optional. For those members who do not have email addresses we may post out communications to you from time to time. as a member you can unsubscribe from the member mailing list at any time.|
|Parent/Guardian of Child Member||We will hold your personal data (as above) as the “sponsor” of a child member – we do this for all those under 16 years of age.||Our Admissions Team will only make contact with you if they have reason to do so, for example if you have left something with us. In all other respects, we will contact you in the same way as adult members, as explained above, but we will not contact your child.|
|Child Member||Name, parent’s details (as above), photo, age at date of purchase of membership||Our Admissions Team will never knowingly make contact with a child member. We do not hold their details on file other than their name and that they have children’s membership. Instead, any relevant contact is made via the parent or guardian who set up the child membership.|
|Member by way of Gifted Membership||The gifted members Name and their Address, Telephone Number, Email Address, if provided by you at the time of purchase.||See Member information above. If you have purchased a membership for a family member or friend and left your details with us, instead of those of your family/friend, we will contact you as a member, as explained above.|
|Event / Group Booking Customer||Name, telephone number, email address Details about your event / group and their contact details if different. If the event is a special birthday, for example, we may hold your child’s name and age so we can personalise wishing them a happy birthday on their special day.||We may use this information to contact the group organiser or the group itself to inform them of a specific offer tailored towards there last visit. Our marketing team would like the opportunity to be able to add you to our general e-newsletter subscriber list in order to keep you informed of news, events and special promotions at Pensthorpe. You can unsubscribe from this list at any time.|
|E-Newsletter Subscribers||Name, email address, postcode (optional), DOB (optional).||We will use postcode data to carry out geographically related offers/promotions and to send you special offers to mark your birthday, if you have given us your date of birth. You can unsubscribe from this list at any time.|
|Online ticket purchasers||Name, Address, Telephone Number, Email Address, A user-name and password for your account Or you can choose just to be a “guest purchaser” and we retain no details.||Our Admissions Team would only make contact if a reason occurred where we had to refund the purchased ticket or to notify you if an event had to be cancelled. Our Marketing Team would like the opportunity to be able to add you to the e-newsletter subscriber list in order to keep you informed of news, events and special promotions at Pensthorpe. You can unsubscribe from this list at any time.|
|General paying visitor||We do not hold any data about you if your visit is not pre-booked and you do not require any form of membership.|
|General non-paying visitor to our shop and café only||We do not hold any data about you if your visit is not pre-booked and you do not require any form of membership.|
Whilst we rely upon what we and the law calls our “legitimate purpose” to use your data as described in the table above, to fulfil our contract with you to provide your membership for the year, or to fulfil your group or party booking, when it comes to marketing our wider services to you, we need to ask your permission to do so, if they are outside of the scope of the permissions you have given to us above.
At every opportunity in our transactions with you, we will ask you to confirm to us if you wish to join our mailing list for broader marketing mailings and offers. Our marketing mailing list will never be shared with third parties or sold on and we never transfer your data outside the EU or make automated decisions on your behalf. We will only send you information directly related to Pensthorpe Natural Park.
If you have consented to join our marketing mailing list, you can easily opt out again at any point by unsubscribing on any of the e-newsletters you receive from us.
We do use all categories of data collected to profile our visitors so that we are better able to tailor our offering to suit our wide range of visitors. We do not usually ask third parties to do this on our behalf, but if we do, we will ensure that they can satisfy us that they meet the stringent standards of the data protection legislation at all times and work within our own principles regarding the integrity of the data we hold about you.
Where do we keep your information?
Our supplier of software is Merlin. They specialise in the creation of Retail, Admissions, Membership and Online software with the added convenience of access control systems. Their hosting service comes as standard, with 128 bit SSL secure certification and payments are processed directly by our payment merchant.
We use MailChimp as our e-newsletter processor which includes the collection (e.g., via sign-up forms) and storage of personal data (e.g., within our MailChimp account in order to allow us to create and use distribution lists and send marketing email campaigns) and the transfer of personal data to certain MailChimp’s sub-processors (who, as described in MailChimp’s Data Processing Agreement, perform some critical services, such as helping MailChimp prevent abuse and providing support to our customers).
Payment Card Security
We have an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back.
Our online payment solutions are carried out using a ‘payment gateway’ through Worldpay which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with your bank and the bank passes your payment to us. We do not process or hold your bank details.
Across our site we have CCTV and you may be recorded when you are with us. This is to ensure the safety and security of you as our visitor and for our staff. CCTV is only ever viewed if there is a valid reason to do so, for example if we believe a crime has been committed or there has been an accident or incident that we need to investigate. We will place notices in clear sight where we use CCTV.
How long do we keep your data?
If you hold a membership with us, we will retain your data throughout the membership period and for three months after that lapses to allow us to easily reinstate your data in case you forgot to renew in time – but don’t worry, we will remind you it is due!
If you book a party or group event, we’ll hold your data during the booking and planning period and for three months afterwards to ensure we have delivered the event to your satisfaction. After that time we will write to you to ask if you would like to remain on our marketing database so that we can let you know our news and share offers with you. If you don’t wish to keep in touch, we will delete your details after three months.
What happens if you don’t want us to hold your data?
You can choose to opt out of communications with us at any time, but in certain circumstances we do need to continue to hold and process your data to fulfil our obligations with you, such as to enable us to administer your membership or manage your party or group booking. We keep our data requirements to a minimum and we hope that in this Privacy Notice we have reassured you that your data is safe with us. Should you withdraw permission at any time, certain services may necessarily cease.
Subject Access Rights
You have the right at any time to ask to see the data we hold about you. To do this, please contact the Data Protection Officer at firstname.lastname@example.org or sent to Data Protection Officer, Pensthorpe Natural Park, Pensthorpe, Fakenham, Norfolk, NR21 0LN. We will ask you for certain information to identify yourself so we can be certain we are giving your information only to you. We will respond to any request within one month, or if we are unable to do so, we will write to you within one month and explain any delay.
If you are not happy with what you find, you have the right to insist your data is amended or deleted from our systems.
If at any time you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.
We may need to amend this policy from time to time as systems and processes are updated or replaced. We will ensure that this policy is always available on our website and is always accurate and current.
This is Version 3 released 5th June 2018