Ceredigion Leisure Ltd. (trading as Cardigan Island Coastal Farm Park), Cardigan Island Ltd., and Cardigan Island Camping & Caravanning, respect the privacy of their users and are fully committed to protecting their personal information and using it properly. This policy describes how we may collect and use personal information, and the rights and choices available to our visitors and users regarding such information.
Who we are?
For the purpose of the Data Protection Act 1998 (the Act), the data controller of all data gathered by the means and for the reasons entered into below, is:
Ceredigion Leisure Ltd., Llys-yr-ynys, Gwbert, Cardigan, Ceredigion. SA43 1PR
When might we collect information from you?
We may collect personal information which we receive when:
- You visit our premises
- You use our website – cardiganisland.com
- You interact with us on social media
- You contact us by phone
- You contact us by email
- You make a booking for our campsite, either directly or through a third party such as Pitchup.com
- You apply to join our team
What information do we collect?
We may collect the following types of information:
- Your name, address, email address, telephone number(s) and other contact details
- The names and dates of birth of you and other individuals in your party
- Your school/group’s name, school/group’s address and school/group’s telephone number(s)
- Your payment information such as a credit or debit card details and bank account details
- Vehicle information such as registration numbers
- Your future communication preferences
- Your IP address
- Relevant medical details if our first aiders are treating you following an incident
- Other personal information that you voluntarily provide us
When you provide us with information about other people, you must make sure they have seen a copy of this privacy notice and are comfortable with you giving us their information.
How do we use personal information?
We may collect your personal information so that we can:
- Answer your enquiries
- Provide you with services that you request from us
- Create and manage your birthday party booking or group booking
- Process payments for our services
- Verify your identity for security purposes
- Help make our website as useful to you as possible
- Send you information about offers and events which may be of interest to you, but only where you have provided express consent
- Allow you to interact with us using social media
- Carry out polls and surveys
- Deliver advertisements of services, events and offers that might be of interest you, but only where you have provided express consent
- Assist you if you have a medical incident
- Meet our legal obligations
- Make recruiting decisions
Information which does not identify any individual may be used in a general way by us or third parties on our behalf, for purposes such as quality control or the improvement of our services and website.
What legal basis do we have for processing your personal data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for any of the following purposes:
- Providing and managing your access to our site
- Personalising and tailoring your experience on our site
- Supplying our products and/or services to you
- Personalising and tailoring our products and/or services for you
- Communicating with you. This may include responding to emails or calls from you
- Supplying you with information by email and/or post that you have opted-in to (you may unsubscribe or opt-out at any time by using the link in our e-mails or by advising us using our contact form)
- Analysing your use of our site and gathering feedback to enable us to continually improve our Site and your user experience.
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes.
We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
When do we share personal data?
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Your information may need to be passed to other companies in order to carry out our business activities or legal obligations. This includes third-party service providers such as accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; payment processing, printing, advertising, marketing and survey outsourced service providers that assist us in carrying out our business activities.
Where do we store and process personal data?
Our systems and those of our service providers are normally located within the UK or European Economic Area (“EEA”). However, third party service providers such as Survey Monkey, Google Analytics and Google Adwords transfer your data to store and process it in the United States. These companies are certified as compliant with EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield and are therefore considered to have adequate data protection to facilitate the transfer of EU data.
How do we secure personal data?
We are committed to ensuring that your information is secure as far as is reasonably possible to protect it from being inappropriately or accidentally accessed, used shared, destroyed or lost. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. If you believe we have made an error, then please contact us and we will endeavour to correct it.
How long do we keep your personal data for?
We will only retain your personal information for as long as it is needed to carry out a particular purpose or meet a particular obligation. The only exceptions to such periods are where:
- The governing law requires us to hold your Personal Data for a longer period, or delete it sooner.
- You exercise your right to have the Personal Data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under governing law.
Your rights in relation to personal data
GDPR provides you with additional rights beyond your right to be informed and your right to object to direct marketing. You have the right to:
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing or request restriction of processing of your personal data
- Request transfer of your personal data
- Right to withdraw consent.
To exercise any of these rights, please do so by emailing us at firstname.lastname@example.org. We will comply with your request(s) in accordance with the law unless conflicting circumstances arise where data subject rights may be limited, e.g. if fulfilling the data subject request may expose personal data about another person, or if we are requested to delete data which we are required to keep by law.
You may request details of personal information which we hold about you under the Data Protection Act 1998. Such requests will be provided to you in an accessible format, typically within 1 month of the request being received and will be free of charge. However, if your request is particularly complex we may require longer to process your request and a charge may be incurred, but we will always notify and keep you updated on this. We may also need to request specific information from you such as forms of identification. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. If you would like a copy of the information held on you please write to:
Ceredigion Leisure Ltd., Llys-yr-ynys, Gwbert, Cardigan, Ceredigion. SA43 1PR
How to contact us?
If you wish to access and/or request us to make corrections to the Personal Information that you have stored with us, or wish to request a list of what Personal Information (if any) pertaining to you we disclosed to third parties for direct marketing purposes, feel free to send us an email to email@example.com, or use the contact form on our website, and we will respond within a reasonable timeframe and in accordance with any applicable law.
Our site may place and access cookies on your computer or device. A cookie is a small file placed on your computer’s hard drive which helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Most web browsers automatically accept cookies, but you can usually modify your internet browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Linking to other websites/third party content
Our website/social media may contain links to other websites. However, you should note that we do not have any control over these other websites. Therefore once you leave our website using these links, we cannot be held responsible for the protection and privacy of any information you provide whilst using/visiting these sites. Such sites are not governed by this privacy statement.