OUR PRIVACY PROMISE
Welcome to Clearwell Caves’ privacy policy, we are committed to protecting and respecting your privacy.
Please read our privacy policy carefully: to make sure that you understand what our privacy policy tells you, and if you have any questions please contact us using the details set out below.
CHANGES TO OUR PRIVACY POLICY
Our privacy policy was last updated on 25 April 2018. We may update our policy at any time, for example to make sure that we continue to collect, use and store your personal information fairly, securely and in accordance with data protection law in the UK. If we decide to materially change this Privacy Policy, the changes will be posted on our website so that you are always informed of the latest version.We suggest that you regularly revisit this update section to make sure that you keep up-to-date with any changes we make.
WHAT IS PERSONAL DATA?
Personal data, or personal information, means any information about you from which you can be identified.
WHEN DOES OUR PRIVACY POLICY APPLY?
Our privacy policy applies when:
- you visit our website using any device, including your mobile phone;
- you buy tickets from us, including using any third party website selling tickets on our behalf;
- you buy products, services or merchandise from us; and
- when you visit Clearwell Caves.
WHO DOES THIS PRIVACY POLICY APPLY TO?
Children: With parental consent we may take and use a child’s photograph, please refer to the Photographs section under the PERSONAL DATA WE COLLECT ABOUT YOU heading of this policy. Otherwise, we do not knowingly collect personal data relating to children, our website is not intended for children and we do not knowingly sell tickets to anyone below the age of 18 years old.
We encourage parents and guardians to supervise their children’s online activities by, for example, adopting parental control tools available from online services and software manufacturers that help provide a child-friendly online environment. These tools can also prevent children from disclosing online their name, address, and other personal information without parental permission.
WHAT DOES OUR PRIVACY POLICY TELL YOU?
Our privacy policy:
- explains how we collect, use and store personal data about you; and
- tells you about your privacy rights and how the law protects you.
Our privacy policy is set out in a layered format so that you can click through to the information you want to find using the headings set out below.
- [WHO WE ARE AND HOW TO CONTACT US]
- [THE PERSONAL DATA WE COLLECT ABOUT YOU]
- [HOW YOUR PERSONAL DATA IS COLLECTED]
- [HOW WE USE YOUR PERSONAL DATA]
- [WHO WE SHARE YOUR PERSONAL DATA WITH]
- [TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE UK]
- [HOW WE KEEP YOUR PERSONAL DATA SECURE]
- [HOW LONG WE KEEP YOUR PERSONAL DATA]
- [YOUR LEGAL RIGHTS]
WHO WE ARE AND HOW TO CONTACT US
References in this privacy policy to “Clearwell Caves”, “we”, “us” or “our” means Clearwell Mine Management Ltd, a company registered in England and Wales.
We are the “data controller”, which means that we are responsible for deciding how we hold and use personal data about you.
If you have any questions about this privacy policy, including any requests to exercise [your legal rights], please contact us using the details set out below.
- Write to us at: Data privacy manager, Clearwell Caves, The Rocks, Clearwell, Coleford, Gloucestershire GL16 8JR
- Email us at: info@clearwellcaves.com]
- Call us on: 01594 832535
If you are contacting us to exercise your legal rights relating to your personal data, please let us know what personal data you are contacting us about, and what you want us to do, or stop doing, with that data.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
THE PERSONAL DATA WE COLLECT ABOUT YOU
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username, password, security question and answer title, date of birth, gender and photograph;
- Contact Data includes postal addresses, billing addresses, email addresses and telephone numbers (including mobile phone numbers);
- Financial Data includes bank account and payment card details;
- Transaction Data includes details about payments and other details of products and services purchased from us;
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website, details of the website from which you visit us and keywords you used, the pages on our website that you visit and in what sequence, and the date and length of your visit.
- Profile Data includes the history of our communications with you, such as ticket purchases, activities and events you attend, your personal interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our websites.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Photographs: From time to time we or other authorised third parties on our behalf may take photographs at Clearwell Caves that include images of our visitors. We believe that it is in our [legitimate interests] to take such photographs and to use them to advertise and promote the Caves and our business in general, for example, on our website, social media sites and pages and in our brochures.
We will only ask for your consent to use your photograph if the photograph we have taken features you, alone or with other people, in the foreground and as the main subject of that photograph, rather than, for example, engaged in an activity in the background of a photograph.
We will also seek consent from the parent or legal guardian before using any photograph of a child (meaning under 16 years of age).
We may edit, modify and use photographs in accordance with the terms of this privacy policy and will not be required to pay you or any third party for the use of any photograph used in accordance with the terms of this privacy policy.
- Other people’s details: Sometimes you may be given the opportunity to submit personal information about other people. For example you may be purchasing tickets to visit Clearwell Caves on behalf of a number of different people. The types of information that you may be given the opportunity to provide about other people may include: their name, age, gender, phone number, postal address and e-mail address. You must obtain permission from other people, or from their parent or guardian if they are aged below 16 years old, before you submit their information to us and provide them with a copy of our privacy policy or direct them to our privacy policy displayed on our website.
HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect data from and about you including through:
- Information you give us: [Personal Data] may be given by you directly when you:
- fill out a contact form or sign-up to our newsletter on our website, http:/www.clearwellcaves.com;
- make a purchase of our products or services or buy tickets from us;
- buy tickets using a third party website who sell tickets on our behalf;
- sign up to receive emails or other marketing communications from us;
- enter a competition, promotion or survey; or
- contact us by post, telephone or email.
- Information we collect about you: When you visit our website and any third party website that sells tickets on our behalf we may automatically collect [Technical Data] about We collect this personal data by using cookies, [server logs] and other similar technologies. [We may also receive Technical Data about you if you visit other websites employing our cookies.] Please see our cookie policy [LINK] for further details].
- Information received from third parties or publicly available sources: We may also receive Identity Data and Contact Data from publicly available sources such as the electoral register and from third parties such as analytics providers, e.g. Google. We may also receive Identity, Contact and Transaction Data from a third party when you purchase our tickets using a third party website selling tickets on our behalf..
WHEN WE WILL USE YOUR PERSONAL DATA
We will only use your personal information when the law allows us to: We need to have a “lawful basis” to use your Personal Data. The types of “lawful basis” that we will rely on to process your personal data are as follows:
- To perform a contract: Where it is necessary to perform a contract we are about to enter into or have entered into with you, for example, to provide tickets or other products and services to you that you have requested;
- It is in our legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and our interests are not overridden by the potential impact on your rights and interests.
“Legitimate Interests” means in the interests of conducting and managing our business to enable us to give you the best products and services and the best and most secure experience, for example to:
- run our business, provide administration and IT services, network security, and to prevent fraud;
- collect and recover money owed to us;
- keep our records updated;
- study how customers use our products/services;
- develop our products/services and grow our business; and
- inform our marketing strategy and promote our business.
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we use your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
You can obtain further information about how we assess our legitimate interests against any potential impact on you by [contacting us]
- To comply with a legal obligation: Where we need to comply with a legal or regulatory obligation, for example, in a legal action.
- Where we have your consent: We will require your prior consent to use Contact Data to send you electronic direct marketing (such as email or text) and we may require your prior consent to use your photograph (please refer to the section about photographs in THE PERSONAL DATA WE COLLECT ABOUT YOU section of this policy).
We may have more than one lawful basis to use your personal data depending on the specific purpose for which we are going to use that data. Please [contact us] if you need details about the specific ground we are relying on to process your personal data.
We will only use your personal data for the purposes for which we collected it: We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is related to the original purpose. If we need to use your personal data for an unrelated purpose, we will let you know and will explain the legal basis which allows us to do so.
Direct Marketing – your choices:
How to Opt-in: You will only receive electronic marketing communications from us (such as emails and texts) if you have requested information from us, for example, by signing-up to our newsletter, or if you have specifically opted-in to receive details about our products, services, events, activities, promotions and special offers which we feel may be of interest to you when we have given you the choice to do so, for example, when you buy tickets from us directly or using a third party website selling tickets on our behalf.
If you wish to be contacted for these purposes please make sure that you tick the appropriate box or boxes when you are given the option to do so, otherwise we will assume that you do not want to be contacted.
We will not pass your information onto third parties for marketing purposes before getting your express consent to do so.
How to Opt-out: Your participation in our marketing activities is voluntary. If you ever want to change your preferences regarding our use of your personal information for marketing purposes, or opt-out altogether from receiving further marketing information, you can use the opt-out or unsubscribe links in any marketing message we send you or you can [contact us] at any time. Where you opt-out of receiving marketing communications from us, we may continue to use your personal data for the other purposes we have explained in the [“HOW WE USE YOUR PERSONAL DATA”] section of this policy.
WHO WE SHARE YOUR PERSONAL DATA WITH
We will only share your personal data with the following third parties or in the following circumstances:
- To our service providers and suppliers: So that we can make certain services and products available to you we may need to share your personal data with some of our service providers and suppliers, such as card processing, IT and marketing service companies to, for example:
- host our website;
- operate certain of the features of our website such as online bookings, ticket sales and the processing of online transactions;
- send marketing communications, run contests and promotions and conduct customer research on our behalf;
- manage and analyse our network status and the responsiveness of our services
- To other third parties: we may also share your personal data with the following third parties or in the following circumstances:
- On a business purchase, sale, transfer or merger: we may disclose your personal data to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them, in which case we may disclose your personal data to such other businesses. If a change happens to our business, then the new owners may only use your personal data in the same way as set out in this privacy policy.
- To our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- To HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
- To comply with or enforce applicable laws or regulations: We may disclose personal data about you to third parties to comply with or enforce applicable laws and regulations. For example where:
- a complaint arises concerning your use of our website, products or services;
- we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person.
Safeguarding your personal data when we share it with other people: We require our suppliers, service providers and other third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our suppliers and service providers to use your personal data for their own purposes or pass your personal data to anyone else without our written consent. We only permit our suppliers and service providers to use your personal data to provide services to us and you, and for no other purpose, and in accordance with our written instructions.
Third party links, advertisers, sponsors and ad-servers: Our website may contain links to other sites that are not covered by this privacy policy and where privacy practices may be different from ours. We do not own or operate these sites. You should consult the privacy policies on such third party sites before submitting any personal information, as we are not responsible for, and have no control over, the manner in which such sites collect, use, disclose, or otherwise process your personal data.
TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE UK
We are based in the European Economic Area (EEA), however, in certain circumstances information that we collect about you may be sent to and held in countries outside the EEA where we work with suppliers or service providers that are either based outside the EEA or have servers based outside the EEA. Countries outside of the EEA protect information differently, and so where your information is transferred by us outside the EEA we will take all necessary steps to ensure that it is adequately protected and used in accordance with this privacy policy.
HOW WE KEEP YOUR PERSONAL DATA SECURE
Unfortunately, the transmission of information via the Internet is not completely secure, however, please be assured that we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
HOW LONG WE KEEP YOUR PERSONAL DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations and requirements.
By law we have to keep certain basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see [Your legal rights] below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
YOUR LEGAL RIGHTS
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
You have the right to:
Request access to your personal data (known as a “data subject access request“): This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to use it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to us using it (see below), where we may have used your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to use of your personal data: You can object where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to using your personal data on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are using your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to use your information which override your rights and freedoms.
Request restriction of processing of your personal data: This enables you to ask us to suspend the use of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract.
Withdraw consent: You can withdraw your consent at any time where we are relying on consent to use your personal data. However, this will not affect the lawfulness of any use carried out before you withdraw your consent.
How to exercise your rights: If you wish to exercise any of the rights set out above, please [contact us]
No fee usually required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond: We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.