West Midland Safari Park Ltd. (“We”) are committed to protecting and respecting your privacy.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is West Midland Safari Park Ltd, Spring Grove, Bewdley, Worcestershire, DY12 1LF.
West Midland Safari Park Ltd owns and operates the following websites :
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
- Contact and general information that you provide by filling in an online enquiry or feedback forms on our websites.
- Contact and address details when you purchase a product in order to confirm the transaction, send you a product and/or update you with details of your booking, or in the unlikely event that we need to contact you urgently about your booking.
- Certain products that we oﬀer may require more detailed data to be collected and processed, for example; Special Events, VIP Experiences and Corporate bookings. This may include information such as additional names, ages and dietary arrangements.
- Marketing and Communications data, such as your name, address and email, if you choose to opt-in to receive marketing material from us.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our websites including, but not limited to; traﬃc data, IP address, weblogs and other communication data.
- If you contact us, we may also keep a record of that correspondence.
CHILDREN UNDER THE AGE OF 16
We do not intend to collect information from or market to children under the age of 16 years. If you sign up to receive marketing materials from us we will proceed on the basis that you are over 16.
Children under the age of 13 years will not be able to register for any activities, trails or competitions, without consent from an adult who holds parental responsibility. That person will then be designated the contact for communication of any information, updates and/or prizes.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our marketing department. This is statistical data about your browsing actions and patterns, and does not identify any individual. Your IP address may also be used to diagnose problems with our server, monitor visitor traﬃc patterns and site usage to help us develop and improve our site further.
We use ‘cookies’ to enhance your experience on our websites. Cookies are small data files that are sent to your browser and stored temporarily on your computer to help retain the information that you have entered whilst you browse our websites.
A cookie will typically contain the name of the domain from which the cookie has come and the ‘lifetime’ of the cookie. Cookies do not give us your personal information, they provide us with non-personal information such as remembering your browser settings, what types of software you are using etc. so that we can work with the websites to make them as easy to use as possible for you and all our visitors.
Certain cookies sent to your browser will help us to save you time. For example, if you’re halfway through an online purchase our cookies will allow you to browse other areas of our websites and then return to your purchase.
Please note that if you choose not to receive cookies then some areas of our websites may fail to function as intended so degrading your user experience.
WHERE WE STORE YOUR PERSONAL DATA
The information you provide to us is stored on our secure servers. All payment transactions will be encrypted using SSL technology and are handled by a certified 3rd Party. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We will never ask you for that password.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
- To ensure that content from our websites is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To notify you about changes to our service.
- To allow you to participate in interactive features of our service when you choose to do so.
If you visit our websites, you may subsequently see banner advertisements from us whilst browsing other websites. These adverts are placed by us by approved, specialist media providers. These adverts may be targeted at you based on cookies placed on your computer or other devices when you visit our websites.
If you are active on Social Media you may also see our adverts on your Social Media channels. We may make use of existing profiling tools provided by Social Media companies to try and ensure you are seeing adverts from us that may be of interest to you. We may also utilise the existing data we hold on you in combination with these existing social media tools to make our marketing more targeted.
This can include passing certain data onto Social Media companies (they cannot pass this data onto any other third parties or use this to contact you in any way) who are based outside the European Economic Area (EEA).
Countries outside of the European Economic Area (EEA) do not always oﬀer the same levels of protection with your personal data, so European law has restricted transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
If none of the above safeguards is available, we will request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We work with multiple ticketing partners who oﬀer our products and services at reduced prices. If you are purchasing one of our products using a ticketing or promotional partner in order to provide these services, securely fulfil transactions and provide you with relevant booking communications we may need to share your data with the relevant partner.
Our ticketing partners are not permitted to send you marketing material unless you give them explicit consent to do so and we only allow our partners to handle your data when they conform to appropriate data protection and security controls.
OPTING-OUT OF RECEIVING MARKETING
If you have chosen not to opt-in to receive marketing material from us, or since opting in have decided to opt-out, we will only contact you regarding any products you may have purchased from us and when we consider it to be in our legitimate interest to contact you about said products.
This may include:
- Sending e-tickets and a record of your purchase to you via email.
- When a situation has arisen that could directly impact the delivery of a booked product or experience. For instance, if weather meant we had to close West Midland Safari Park, we would endeavour to inform you of this via SMS, email or a telephone call. This contact data would be extracted from our e-ticketing system; such information is recorded at point of purchase as it’s necessary for the fulfilment of all bookings and transactions.
- If you are an Annual Pass holder and have therefore entered into a contract with us for a set period. We may contact you with advice on how to make the most of your pass and membership and update you when your pass is due for renewal.
- Emailing you to ask you to complete a feedback survey so we can study how our customers use our products and services and improve our offering accordingly. We will only ask you to feedback on the product you have purchased and you are not obliged to complete the survey we send you.
- If you have been directly involved in any photo, video or media opportunities and provided your details.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If West Midland Safari Park Ltd. or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
We will not sell your data or share personal data with third party organisations for marketing purposes, but we do use third parties to outsource functions when we do not have the in-house capacity or capability required, such as the use of a mailing house for mailings, fulfilment of an electronic booking or service and analytical services that enable us to target our communications to you more eﬀectively. In such cases, we will only use reputable and well-vetted firms and have contracts and processes in place that ensure the safe and confidential processing of personal data at all times. We may also disclose personal information where required or otherwise permitted by law.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes on our behalf and in accordance with our instructions.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In order to comply with legal and tax obligations, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for at least six years after they cease being customers.
In some circumstances you can ask us to delete your data: see ‘your rights’ for further information.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
A reminder of all your rights under GDPR:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to the processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you (two forms of identification) to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.