Introduction and Aim
At Global Adventure your protection is paramount and we will not misuse, sell, or exploit any information provided to us and we do all we possibly can including physical, electronic, and managerial procedures to ensure your data stays safe. The majority of the information you give us is for the express purpose of keeping all customers safe inside the building.
Reasons/purposes for processing information
GDPR legislation states six lawful bases for processing personal information. These are the only justifications for doing so. They are:
1. necessary to enter into or to perform a contract
2. necessary for compliance with a legal obligation
3. necessary to protect ‘vital interests’
4. necessary for the public interest
5. necessary for a legitimate interest
6. with the consent of the data subject.
In line with this, Global Adventure will store or process data for a number of reasons including:
• Financial obligations for customers, staff and suppliers
• Photos, names, dates of birth to allow the business to run smoothly and to help ensure child safety
• Contractual obligations including staff, customer and supplier contracts to ensure we are legally compliant (point 1 above)
• To inform customers, with their consent, of special offers and events that are taking place at Global Adventure
• CCTV images for the prevention and detection of crime and to protect the children who come to Global Adventure
• The following legitimate purposes: accounting, billing and audit, and administrative and legal purposes, statistical and marketing analysis, customer surveys and to help us in any future dealings with you, for example by identifying your requirements and preferences (point 5 above).
Specifically, the information collected at reception or online is as follows:
• Telephone Number (for adults only)
• D.O.B (for children only)
Other than the email address, this information is for the security of all customers within the building so that if required they can be identified as well as enabling the business to run efficiently. The email address will only be used to communicate an event you have booked, special offers or events that Global Adventure believes you would legitimately be interested in.
As a data subject, you have the following rights under the GDPR, which this Policy and our use of personal data have been designed to uphold:
1. The right to be informed about our collection and use of personal data.
2. The right of access to the personal data we hold about you.
3. The right to rectification if any personal data we hold about you that is inaccurate or incomplete.
4. The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you. We only hold your personal data for a limited time, normally 3 years after inactive use, unless dictated differently by law such as staff or financial records.
5. The right to restrict (i.e. prevent) the processing of your personal data.
6. The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation).
7. The right to object to us using your personal data for particular purposes.
8. Rights with respect to automated decision making and profiling.
If you have any cause for complaint about our use of your personal data, please contact us using the details provided at the foot of this policy and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. For further information about your rights, please contact the Information Commissioner’s Office (ICO) or your local Citizens Advice Bureau.
We take very strong precautions to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction and as part of this Global Adventure has conducted a full risk assessment of all the data it processes to ensure their CUSTOMERS, STAFF and SUPPLIERS data all remains as safe as possible. If your data is involved in a data breach for any reason, in particular any data that could identify customers, staff or suppliers personally you will be informed in line with the data breach guidelines as dictated by the Information Commissioner Office, see www.ico.org.uk. For any data breach we will inform the ICO within 72 hours of being aware of any breach and follow our procedures after that, in line with the ICO guidance.
Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. They enable Global Adventure to provide features such as remembering aspects of your last booking search to make subsequent searches faster. Cookies can be deleted from your hard drive if you wish. Most web browsers automatically accept cookies, but you can change your browser settings to prevent that. Even without a cookie you can use most of the features on the website. Our cookies do not contain any personally identifying data.
CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance.
We do not keep any digital information on site, it is all secured by 3rd party companies.
Can You Access Your Data? Global Adventure has an open policy regarding the maintenance of information we hold and use. Please contact us at anytime via firstname.lastname@example.org.
If you have any cause for complaint about our use of your personal data, please contact us. We will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office (ICO). See www.ico.org.uk