This privacy notice tells you how we use and look after the personal information you give us. This includes the information you provide when you make a booking with us or use our services, the choices you have about our communications with you and the marketing offers you want to receive. This notice tells you about the privacy rights you have.
1.0 Who we are
1.1 Your information will be held by Activity Advisor Limited trading as Southern Pursuits
.1.2 References to “our website” in this Privacy Notice are to Southern Pursuits.co.uk and other subdomain including but not limited to Event Advisor and Advisorgroup.co.uk
1.3 You may contact our privacy officer at info @ southernpursuits.co.uk or by writing to: Privacy Officer, Activity Advisor Limited 49 Gatwick Road, Crawley, West Sussex RH10 9RD
2.0 What the Data Protection law says
2.1 Activity Advisor can only use the personal information that you share with us if we have a valid lawful reason to do so.
These are the reasons that we use your personal data:
- When we are fulfilling a contract with you (for example, when you are making a booking with us or come to use one of our services)
- When it is our legal duty for business reasons (for example, to keep records of our sales for our accounts)
- When it is our legal duty for operational, health and safety and safeguarding reasons (for example, for our accident reporting procedures and to comply with safeguarding legislation)
- When it is in your vital interests (for example, if we need to share medical or contact information with the emergency services should you have a serious accident whilst playing football or using our services)
- When it is in our legitimate interests (for example, record keeping consistent with operating a leisure business and feedback to help us improve our services)
- When you have consented to it (for example, so that we can send you details of offers or promotions)
3.0 What are the Activity Advisor Limited services?
3.1 We refer to services; we mean the things you can do when you come to visit our activity site at Tulley’s Farm, Turners Hill Road, Turners Hill, Worth, West Sussex RH10 4PE
- Clay Shooting
- Quad Bike Riding
- Rage Off Road Buggies
- Max Kat Driving
- Air Rifle Shooting
- Axe Throwing
- Further onsite activities such as Teambuilding
- Corporate events and meetings
4.0 What personal data to we collect and why?
4.1 When booking services:
- When you purchase services from us, we ask you for your name, your contact telephone number and your email address. We use your information to manage your booking, handle your enquiries and prepare our sites and staff ready for your booking
- If you pay by credit or debit card, we take that information and pass it to a third-party payment processor to complete the payment. We do not store credit or debit card details in our systems.
- If you choose to pay for an ongoing service by credit or debit card, we use a facility provided by a third-party subscription processor to take those future payments when required
- When you arrive for your booking, we take the contact details of participants who are attending the activity. We take their name, DOB, phone number and email address, and we take medical information about each participant. We require this information for Health & Safety purposes and the Zorbing disclaimer.
- Our venues have CCTV and Static Camera placements to help keep you safe on site. There are CCTV notices clearly displayed at the venues. CCTV footage may be passed to law enforcement agencies and used to investigate crimes or anti-social behaviour. CCTV footage is destroyed after 30 days provided there have been no reported incidents which require investigation. If there are incidents requiring investigation the data will be kept for a minimum of 3 years.
4.3 IP Address:
- This is a string of numbers unique to your internet connection that is recorded by our webserver when you request any page or component on the website. We use this to monitor your usage of the website so that we can check which parts of the website are working the best and work out how to improve our service to you.
4.4 For marketing purposes:
- Whenever you contact us, we will ask you whether you would like to receive details of offers and promotions from us. If you consent to this, we will use this information to tailor offers we believe are appropriate to the services you have used.
- Sometimes we put in place filming, photography and/or recording equipment at the Site. We only take pictures of participants who have booked activities or who are using our equipment. You would have previously given your consent to these photographs when you signed our indemnity form on your arrival at our site These photographs are used on Southern Pursuits website as marketing promotions and copies of which are downloadable from our site for your use.
4.12 We do not:
- Use the information you provide to make any automated decisions or profiling that might affect you
- Sell your data.
5.0 What do we do with your personal information?
5.1 Your information is stored in our systems which are based within the European Union.
5.2 We use an international third-party payment processor for credit and debit card payments, who is based in the USA and certified to the EU-US Privacy Shield Framework.
5.3 We use an international third-party subscription processor for scheduled credit and debit card payments, which is based in the USA and certified to the EU-US Privacy Shield Framework.
6.0 How long do we keep your personal information for?
We keep your information only for as long as is necessary for the purpose for which we obtained it.
Information that is no longer needed is destroyed securely.
6.1 When booking services:
- When you book a service with us, we retain that data until the service is fulfilled plus three years to deal with any queries or claims thereafter.
- We keep records of financial transactions for six years to meet our obligations to HMRC.
- In relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that data for as long as that claim could be pursued.
6.2 For marketing purposes:
- If you tell us you wish to receive details of marketing offers and promotions, you have the right to remove or modify this consent at any point. We make it easy for you to change your preferences by reminding you how every time we contact you.
- If we don’t hear from you again or you don’t book a service after two years we remove your data from our marketing database
7.0 Rights over your personal information
8.1 By law, you have the following rights:
- You can ask us what information we hold about you and you can ask us to correct it if it is inaccurate. We will respond to you within 30 days
- You can ask us to give you a copy of the information
- You can ask us to stop using your information if you believe we are not doing so lawfully
- You can ask us to erase your information provided we do not need to keep it for overriding regulatory, contractual, health and safety purposes, or for our legitimate interests such as defending a personal injury claim
8.2 If you would like to request a copy of any information that we currently hold about you, please send your contact details including address to: Privacy Officer, Activity Advisor Limited, 49 Gatwick Road, Crawley, West Sussex Rh10 9RD
8.0 Your right to complain
9.1 If you have a complaint about our use of your information, please do get in touch with us. Let us know the details of your complaint, plus your contact details including address by writing to us at the address below or by emailing firstname.lastname@example.org
9.2 You may also complain to the Information Commissioner’s Office about our use of your personal data. You can contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
9.0 Document Control
9.1 This Privacy Notice will be formally reviewed on an annual basis, as a minimum, or if required changes are identified to address one or more of the following:
A change in business activities, which will or could possibly affect the organisation’s ability to fully comply with GDPR and other related data protection requirements
A change in the way in which the Company manages personal data, or specifically the activities related to data processing which are outsourced to third party data processors
A change in data protection regulations or associated legislative requirements related to the use of third party data processors, or the legal bases for their engagement
An identified shortcoming in the effectiveness of this Procedure for example as a result of a data breach, Supervisory Authority investigation, formal review or an audit finding