We are committed to protecting and respecting Your Privacy and Your Personal Data. The aim of this page is to explain how we may gather and use information about you through your interactions with us. All use of such information is governed by the principles and practices set out in this policy.
For the purpose of the Data Protection Legislation, We are the Data Controller (ICO registration number: ZA559362).
For all matters relating to privacy and data protection, please contact us by sending an email to firstname.lastname@example.org or by telephone on 01739 795640.
We are a member of the British Holiday and Home Park Association (BH&HPA).
We reserve the right to make reasonable changes to any of the Terms at any time. Any changes We do make will be posted on this page and, where appropriate, notified to You by email, or, when You next log in, the new Terms may be displayed on-screen and You may be required to read and accept them to continue.
2. What Personal Data is collected & how?
A. Personal data submitted voluntarily by you to us
2.1 In order for Us to provide You with Our Services, We collect various types of Personal Data. We are committed to ensuring that the information We collect and use is appropriate, relevant and proportionate for the stated purpose. Some types of Personal Data may be voluntarily provided by You which is to be shared with Us (and Our Service Providers as applicable) in respect of Yourself (or in respect of one or more other individuals where lawful authority is granted to You by those other individuals) which shall include as follows:
|What Personal Data is processed?||Source: Where is it collected from/ via?||What is the ‘purpose’ of processing? & What is the lawful basis (Article 6 for processing?||What is the ‘purpose’ of processing? & What is the lawful basis (Article 9 for processing?||Retention: For how long is it held?|
|Contact details including: name, email, phone number.|
|Customer at the time of booking|
Via the GemaPark website
Orally, via telephone.
|In order to (1) answer queries and (2) confirm online booking for your holiday. We will be relying on Article 6(1)(b) Contract.||We may need to collect data about you which infers a condition about your health such as allergies or data regarding accessibility when you make a booking at our Holiday Park. We will be relying on the exemptions set out in Article 9(2)(c) GDPR which are defined at Clause 9.||We will keep your personal data for 7 years to fulfil our HMRC obligations. Afterwards, we will anonymise your data and keep only statistics to help us with our business planning.|
2.2 Some of the information collected in the table above is essential for Us to provide You with Our Services but it is Your choice whether You provide all the information We request. Not providing information may affect Our ability to provide all of Our Services to You.
2.4 We may from time to time offer a range of additional services. We may need to collect additional information about You as part of this. This may include but is not limited to introducing useful third party products and services to you, promotions, prize draws, competitions and surveys. Additional notices about the information that We collect and how We will use it will be provided to You at the point that You are invited to make use of these additional services.
2.5 Where We state that We rely on consent under Article 6(1)(a) to process Your Personal Data for a particular purpose as per column 3 of the table at Clause 2.1, You have the right to withdraw Your consent at any time. This will not affect the lawfulness of processing carried out by Us which was based on consent before its withdrawal.
B. Personal data automatically collected by us
- Your visits to the Site and the Content that You download;
- Your IP address;
- Your geographical location;
- Your browser type and version;
- Your operating system;
- Your referral source;
- Your length of visit;
- Your page views and Site navigation and exit;
2.7 We agree to adhere to all Data Protection Legislation and will take appropriate technical and organisational security measures against the unauthorised or unlawful processing of Your Personal Data and against accidental loss or destruction of, or damage to, Your Personal Data.
2.8 We shall process Personal Data listed in the table at Clause 2.1 only to the extent, and in such a manner, as is necessary for the sole purpose of fulfilling Our Services (including making improvements to Our Services). For the avoidance of doubt, We are the exclusive owner (or lawful licensee) of the Site as well as the Content.
C. Financial personal data
2.9 We strive to always protect your personal payment information. We do not hold your payment card details on Our server.
2.10 Each monetary transaction made via the Site or the App shall be processed by third-party payment processing partners who are Service Providers – SagePay, PaymentSense, or PayPal. You will be required to provide them with Your Personal Data including financial data. You are subject to their terms and conditions.
2.11 To make and complete a financial purchase or to receive a payment, the policies of the Service Provider shall apply.
3. How is Your Personal Data used?
3.1 We will process the Personal Data You provide in a manner that is compatible with the Data Protection Legislation.
3.2 We will try Our best to keep Your Personal Data accurate and up-to-date and We shall not keep it for longer than is necessary. Our aim is not to be intrusive and We undertake not to ask You irrelevant or unnecessary questions. Moreover, the information You provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
3.3 Non-marketing communications
You acknowledge that, Your Personal Data may be used by Us to contact You when necessary in connection with Your use of the Site to access Our Services as follows:
|What Type of Non-Marketing Communication?||Method of presentation/ sending?||Legal Basis for processing?|
|Confirmation of Booking, Billing, Information about Arrival, Information about Holiday details, visitor information during your stay and post-departure communication.||· Email,|
· Postal Letter,
· Telephone Call,
· Instant messaging.
|We do not need Your explicit consent for this as the “processing is necessary for the performance of a contract” under Article 6(1)(b) GDPR.|
3.4 Marketing communications
From time to time and with Your permission, We may contact You and send you Marketing Communications that We believe may be of interest to You which shall be of the type (and via the method(s)) referred to in the table below). By looking at Your participation profile as well as any additional information which You have agreed can be shared with Us, We can identify news, offers and services that are most likely to be most relevant and will meet Your needs. When We send You a Marketing Communication, We may monitor whether You have opened the communication and clicked on any included links. This will enable Us to track and analyse Your level of engagement/ interest in the communication We are sending to You and will provide Us with further insight into what type of communications are of most interest to You.
|What Type of Marketing Communication?||Method of presentation/ sending?||Legal Basis for processing?||How can you opt out of continuing to receive direct marketing communications?|
|Our newsletter of offers regarding upcoming promotions, services or surveys||· Email,|
· Postal Letter
· Instant messaging
|We will only send You these where You have provided Us with specific consent for this specific purpose as permitted under Article 6(1)(a) GDPR|
We will only send You these using the lawful basis under Article 6(1)(f) GDPR where You have purchased from Us and have not opted out of, or objected to, receiving Marketing Communications.
|If you have consented to marketing, you are able to opt out on every communication by unsubscribing.|
If you are a customer, you are able to Opt Out of marketing at the point of sale and on every consequent email by using the unsubscribe option.
3.5 If You agree to receiving any of the above Marketing Communications but later change Your mind, You can opt out at any point, by amending Your account preferences on the Site. Alternatively, You can use the ‘unsubscribe’ link at the end of any electronic communication received by You or simply respond to Our prompt in all of Our communications to You. If you opt out of Our communications, We will retain Your Personal Data on our suppression list so that We comply with Your wishes not to be contacted again.
3.6 Legitimate interests to process your personal data
3.8 Social media plugins
On Our Site, We have included social media plugins that you can use to share certain content over social networks. To protect your privacy, the social media sharing on the website does not rely on third party scripts from the social media providers. We have done this to help the speed of the website and ensure that no data is gathered without your permission.
4. Who has access to Your Personal Data?
4.1 We have a legitimate interest in sharing Your Personal Data with Service Providers who We engage to provide some of Our business and daily operational functions on Our behalf. Consequently, We need to disclose Your Personal Data to them for the sole purpose of fulfilling Our Services only (including making improvements to Our Services) and not for the purposes of those Service Providers sending Marketing Communications to You. We limit the Personal Data that We share to the minimum required to provide the Services and the Service Provider will only be able to use the Personal Data for the specific purposes for which it was shared with them by Us. We do not need Your express consent for this as We rely on legitimate interests under Article 6(1)(f) GDPR in addition to the fact that the “processing is necessary for the performance of a contract” under Article 6(1)(b) GDPR.
4.2 Disclosure of Your Personal Data in Compliance with Laws or by way of a Legal/Statutory Obligation
You should be aware that We may release Your Personal Data when We believe it is necessary to comply with laws or regulations, to assist law enforcement, to enforce the terms under which You transact or communicate with Us, or to protect Our rights, property or safety of or those of a Customer or other third parties. We may need to process Personal Data about You to comply with a legal or statutory obligation including but not limited to:
(a) accounting, auditing, compliance and administration practices; and,
(b) the maintenance of amendments to consents and to create suppression lists to ensure a Customer who objects to processing are excluded from the relevant processing activity in the future.
4.3 Transfer of Your Personal Data (to third party Data Processors)
From time to time, We may transfer Your Personal Data to a related company, agent or contractor (also known as Service Providers and third party Data Processors) in order to perform certain business services for Us, improve Our Services or to assist our security, credit risk or fraud protection activities and as permitted by Data Protection Legislation from time to time.
|Name of Service Provider||Processing Activity?||Where is the data transferred to? & what level of protection is given to it?|
4.4 Transfer of Your Personal Data to Service Providers (or Partner Organisations) who are independent Data Controllers
From time to time, We may transfer Your Personal Data to a related company, agent or contractor (also known as an independent Data Controller) e.g. where We introduce You to a complimentary service. From time to time, We may transfer Your Personal Data to a related company, agent or contractor (also known as a Joint Data Controller) e.g. where We collaborate on a joint project together.
We maintain a Facebook Page. In this instance, Facebook is considered to be a Joint Data Controller with Us.
|Name of Data Controller? Are they joint or independent?||What Personal Data is transferred/ shared?||Purpose of Sharing?||What is the lawful basis for processing i.e. sharing the Personal Data (as applicable from Article 6 and/ or Article 9)?|
|Third-party payment processing partners, solicitors, accountants, other professional services such as healthcare and emergency services|
These are independent Data Controllers
|· Contact Details|
· Payment details
· Health Details
|· To arrange payment|
· To enable us to run our business efficiently and legally
|We are relying on contract as our legal basis according to Article 6(1)(b)|
Where we need to contact healthcare of the emergency services, to process special category data, we will be relying on Article 9(2)(c) GDPR defined at Clause 9
|Facebook (through the use of our page) is a Joint Controller with us.||Name, contact details and any other personal identifiable details as is placed on Facebook by the Data Subject and made accessible to the Data Controller.||So that the Data Subject can be a part of the Facebook Page community. More information can be found on Facebook here.||We are relying on your consent set out in Article 6(1)(a) GDPR|
Where our customers share their own special category data, we will be relying on Article 9(2)(e) GDPR where the data is manifestly made public (We are defining ‘public’ as in the Facebook Audience and this is in accordance with Facebook’s terms and conditions)
4.5 Transfer of Personal Data in the Event of the Sale of Polmanter Ltd trading as Polmanter Touring Park or its Assets
4.6 Other Websites or Applications and their Privacy Policies and Cookie Policies
The Site may contain links to other websites or applications. We are not responsible for the privacy practices or the content of such websites or applications or for the privacy policies, cookie policies and practices of other third parties, so You should be careful to read and understand those policies independently.
5. How do We protect Your Personal Data and for how long?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. Security on our touring park
To protect our customers, premises, assets and Partners from crime, detect crime & assist law enforcement (where necessary), and to ensure health and safety at all times, we operate CCTV systems and automated Number Plate Recognition (ANPR) on our facilities and car parks which record images for security.
If we discover any criminal activity or alleged criminal activity through our use of CCTV and ANPR, we will process this data for the purposes of preventing or detecting unlawful acts.
The Legal basis for our use of this information is in our Legitimate Interests to ensure the safety of guests and employees at our touring park and to assist with law enforcement. We may also use the footage to exercise & defend our legal rights.
8. Your rights under Data Protection Legislation
8.1 You have a number of rights that You can exercise free of charge and on request in certain circumstances, however, if Your requests are obviously unfounded or excessive, We reserve the right to charge a reasonable fee or to refuse to act. You have the right:
- to be informed about the collection and use of Your personal data;
- to access Your Personal Data and supplementary information;
- to have inaccurate Personal Data corrected, or completed (if it is incomplete);
- to have Your Personal Data erased;
- to restrict Our processing of Your Personal Data
- to receive a copy of any Personal Data You have provided to Us, in a machine-readable format, or have this information sent to a third party (portability);
- to object at any time to processing of Your Personal Data for direct marketing purposes;
- to object in certain other situations to the continued processing of Your Personal Data.
For more information on these rights and when you can exercise them, see the Information Commissioner’s Guide.
8.2 If You wish to exercise any of these rights, please send an email to email@example.com. We will respond to You within one month from when We receive Your request, unless the complexity and number of requests We receive means that we need more time. If We do need more time (up to two further months), We will tell You why within the first month.
9. Complaints or queries
We try to meet the highest standards when collecting and using Personal Data. For this reason, We take any complaints We receive about this very seriously. We encourage You to bring it to Our attention. We are happy to provide any additional information or explanation needed in respect of Our processing activities upon request. If You are still not happy with the way in which Your Personal Data is being processed by Us, You also have the right to lodge a complaint with the Information Commissioner’s Office if you are in the UK, or with the supervisory authority of the European Member State where You work, normally live or where the alleged infringement of data protection laws occurred. The Information Commissioner’s Office can be contacted here.
10. Definitions & Interpretations
Content: the content including all Intellectual Property Rights therein residing on the Site (which may or may not include Personal Data).
Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Article 4(7));
Data Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller (Article 4(8));
Data Protection Legislation: means, as applicable to either Party:
- the General Data Protection Regulation 27 April 2016;
- the Data Protection Act 2018;
- the Privacy and Electronic Communications (EC Directive) Regulations 2003;
- any other applicable law relating to the Processing, privacy and/or use of Personal Data, as applicable to either Party;
- any laws which implement any such laws; and,
- any laws that replace, extend, re-enact, consolidate or amend any of the foregoing.
Data Subject Access Request or ‘DSAR’: refers to right of access as further described in the list at Clause 7.
Electronic Mail: includes but is not limited to email, text, video, voicemail, picture and answerphone messages (including push notifications).
General Data Protection Regulation or GDPR: the General Data Protection Regulation ((EU) 2016/679). Personal data is subject to the legal safeguards specified in the Data Protection Legislation including the GDPR.
Intellectual Property Rights: patents, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Marketing Communication(s): refers to any communication whether by an Electronic Mail method or otherwise that We send to You (either directly or via a Service Provider) which may include but are not necessarily limited to relevant newsletters and magazines, information about opportunities, products, services and events and relevant information.
Non-Marketing Communication(s): refers to any communication which is functional/ administrative only as distinct from Marketing Communications.
Partner Organisation: refers to an organisation who may offer a service that You may be interested in. We may provide you with information about this organisation, but we will not share your Personal Data with them without your consent.
Personal Data: has the meaning set out in the Data Protection Legislation.
Service Provider(s): refers to third party Data Processors or Data Controllers (as distinct from Partner Organisations) with whom We work with from time to time as a necessary part of providing Our Services and with whom We may need to share Your Personal Data.
Services: refers to Our Services We may provide to You.
Special Category Data: is defined under Article 9 of the GDPR as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Customer: refers to the person using the Site