1.1 At Butlin’s we are committed to protecting and respecting your privacy, whilst striving to provide the very best guest experience. We work very hard to keep your information safe and we want our services to be safe and enjoyable for everyone. We follow strict security procedures on how personal information is stored and used and who sees it to help stop any unauthorised person getting hold of it.
2. Identity and Contact Details
2.1 We have a legal duty to protect personal information that we collect under Privacy Legislation such as, the Data Protection Act 2018 (the “DPA”) and the Privacy and Electronic Communications Regulations 2003 (PECR).
2.2 For the purpose of the DPA and PECR, we are the data controller and are located at One Park Lane, Hemel Hempstead, HP2 4YL. If you have any queries relating to this policy, you may also contact us at firstname.lastname@example.org.
3. Personal information we collect from you and how we use it
When you create an account to use our Butlin’s B Serve app, we will ask you to provide information about yourself to create the account. We will also capture further information as you use the app. Details of this information are set out below:
- Name & title
- Email address
- Password (this is stored in an encrypted form)
- Your location using GPS data from your device
- Favourite locations
- Transactional information (items you order, value of order)
- Payment information (this is processed by our online payments processor. We only process encrypted payment information).
Why is the data for items 3.1 collected?
The information collected from you and other applicable sources is needed for us to:
- Validate your identity to enable us to accept & process your booking
- Protect you and Butlin’s from fraud and other illegal activities
- Allow us to fulfil your order
- Administer your Butlin’s Serve account
- Improve and maintain our services and system
Legal Grounds for processing the above data
a) For the performance of a contract to provide you with your order
b) In our Legitimate Interests to:
- Manage our business & improve our customer offerings
- Develop and improve our services
- Protect Butlin’s and customers from fraudulent or illegal activities
3.1 How we use Sensitive Personal Information
We do not normally collect sensitive personal information from you. However, if you make us aware of any special requests, for your order including anything due to specific medical, dietary or religious requirements, we will note these so that we can do our best to meet your request.
Legal Grounds for processing the above data
c) Consent - we will process this data only for the purpose(s) you have consented to and not for any other purpose
4. How we share Personal Information
4.1 We do not share customer personal information with third parties for the purposes of the third-party sending marketing information
4.2 We share our customer personal information collected through Butlin’s B-Serve, as necessary, with the following third parties:
a) Any member of our group, which includes our subsidiaries
b) Selected third parties, such as business partners and service providers where we ask them to provide services which help us to fulfil your orders through the Butlin’s B Serve app. In these cases, the third parties act as Data Processors for us and your information remains in our care and under our control.
c) Prospective buyers of our business or assets
d) Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our guests, staff and assets or when obliged to by court order or similar legal obligation
e) Third parties, such as law firms and law courts, to enforce or apply any contract with you
5. Where we transfer and store Personal Information
6. Retention of Personal Information
6.1 We will keep your personal information for limited and appropriate periods of time only.
7. Your rights in your Personal Information
7.1 You have certain rights in respect of the personal information that we hold about you. Details of these rights are set out below. To exercise any of these rights, please contact us at email@example.com
7.2 We will process all personal data in line with your rights, in each case to the extent required by and in accordance with applicable law only (including in accordance with any applicable time limits and any requirements regarding fees and charges). We will respect your personal information rights in respect of:
a) Access - At your request we will confirm to you whether or not we are processing your personal information and if so, provide you with access to and a copy of such personal information and the other details to which you are entitled
b) Rectification - We will correct any inaccurate personal data and complete any incomplete personal data (including by providing a supplementary statement) that we hold about you
c) Erasure - We will erase your personal information at your request without undue delay, dependent on circumstances and specific exemptions
d) Restriction - We will restrict the processing of your personal information in certain circumstances, if you ask us to do so
e) Data portability - We will provide you or third parties on your behalf with a copy of any personal information that we hold about you which you have provided to us in a structured, commonly used and machine-readable format
f) Objection (including objection to direct marketing) - You have the right to object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing
g) Automated decisions and profiling - We will not make legally binding decisions based on automated processing, including profiling, dependent on circumstances and specific exemptions
8. How we look after your information
8.1 We treat your information with the utmost care and take all appropriate steps to protect it
8.2 We secure access to all transactional areas of our websites and apps using ‘https’ technology
8.3 Access to your personal information is password-protected, and sensitive data is secured and tokenised to ensure it is protected
8.4 We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security
10. Contact and Complaints