We know it may seem like a lot of information, but we want you to be appropriately informed about your rights, how we use your data, and how we combine data across Bourne Leisure to build a picture of you.
We hope the following sections will answer any questions you may have, but if not, please do get in touch.
We may update this notice from time to time. If there is any significant change, we will let you know, but you’re welcome to come back and check it whenever you wish.
2. Who are Bourne Leisure LTD?
Our business is organised into three main brands and business units:
Haven Holidays which owns and operates thirty-six family holiday parks, providing caravans for sale, touring and camping (including facilities) in the UK, in predominantly coastal locations.
Butlins Skyline LTD which owns and operates three large seaside resorts in the UK, also providing caravans for sale at certain resorts.
Warner Leisure Hotels which owns and operates fifteen country and coastal properties around the UK, offering short adult only breaks.
Evergreen Finance Limited an entity that offers finance and insurance products to our caravan owners.
For simplicity throughout this notice, ‘we’ and ‘us’ means Bourne Leisure LTD, its brands and its business units.
We have a legal duty to protect personal information that we collect under Privacy Legislation such as, the Data Protection Act 2018 (the “DPA”) and the Privacy and Electronic Communications Regulations 2003, (PECR).
For the purpose of the DPA and PECR, we are the data controller and are located at One Park Lane, Hemel Hempstead, HP2 4YL. If you have any queries relating to this policy, you may contact us at firstname.lastname@example.org.
3. The Legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process personal data, including:
In certain circumstances, we can collect and process your data with your consent.
For example, when you tick a box to tell us you would like to receive news and offers from us.
In certain circumstances, we can collect and process your personal data to comply with contractual obligations.
For example, if you book a holiday with us, we’ll collect your personal information to enable us to book your holiday and communicate with you about all the details.
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity affecting Bourne Leisure LTD to law enforcement.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will use your booking history to send you or make available personalised offers.
We also combine the booking history of many customers to identify trends and ensure we can keep up with demand or develop new products/services.
We may also use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.
4. When do we collect your personal information?
We may collect and use various types of personal information about visitors to our websites and guests who book a holiday with us or buy a holiday home from us, including:
- When you create an account with us.
- When you engage with us on social media.
- When you engage with one of our contact centres, we may record audio.
- When you download or install one of our applications.
- When you join one of our loyalty programmes (such as Warner Club).
- When you contact us with a query or make a complaint.
- When you ask us to email you about a holiday or service.
- When you enter prize draws or competitions.
- When you book an appointment or attend an event provided by a 3rd party supplier e.g. a big weekend or a bowls event.
- When you choose to complete a survey that we send you.
- When you leave reviews or comment on our services.
- If you fill in any forms e.g. booking an activity or when going to a spa.
- If an accident or incident takes place.
- When you book a break through one of our partners e.g. Saga, family fund or The Sun.
- When you give a third-party permission to share with us any information they hold about you.
- When you use our car parks and resort facilities, we usually have CCTV, ANPR and Body worn cameras in operation for the safety and security of both our guests and our Team Members. These systems may record your image during your visit.
5. What types of personal data do we collect?
- Telephone Number
- Age and DOB (including children’s or additional parties)
- Online Identifiers (e.g. IP Address, Social Media identifiers)
- Booking reference
- Health & Medical information
- Proof of identity (e.g. passport & driving license)
- Financial information (e.g. bank/credit/debit details)
- Biometric (e.g. Photography/CCTV/Body worn camera, ANPR and Poolview)
- Third party letting information
6. How and why do we use your personal data?
- To process any bookings that you make or services that you purchase using our websites, apps or on site. If we don’t collect your personal data during checkout, we won’t be able to process your booking, fulfil our contract with you and comply with our legal obligations.
For example, your details may need to be passed to a third party to supply or deliver the booking or service that you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on.
- To respond to your queries, refund requests and complaints. Handling the information, you provide enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our services based on your experience. To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent logins from unexpected locations.
- To protect our customers, premises, assets and Partners from crime, and to ensure health and safety at all times, we operate CCTV systems on our facilities and car parks which record images for security. We do this on the basis of our legitimate business interests.
- We may sometimes receive requests from TV and other companies to film/photograph on resort. We also take our own Butlin's promotional films and photographs on the parks throughout the year.
- To process payments and to prevent fraudulent transactions. We do this based on our legitimate business interests. This also helps to protect our customers from fraud.
- If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim is to protect the individuals we interact with from criminal activities.
- We may record conversations with you for training and monitoring purposes.
- With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text, telephone and through our contact centres about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on.
Of course, you are free to opt out of hearing from us by any of these channels at any time.
- To send you relevant, personalised communications by post in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest.
You are free to opt out of hearing from us by post at any time.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, and legally required information relating to your bookings. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
- To display the most interesting content to you on our websites or apps, we’ll use data we hold about your favourite types of holiday or services. We do so on the basis of your con-sent to receive app notifications and/or for our website to place cookies or similar technology on your device.
For example, we might display a list of holidays you’ve recently looked at, or offer you recommendations based on your purchase history and any other data you’ve shared with us.
- To administer any of our prize draws or competitions which you enter, based on your consent, given at the time of entering.
- To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.
For example, we’ll record your browser’s Session ID to help us understand more when you leave us online feedback about any problems you’re having on our website.
- To comply with our contractual or legal obligations to share data with law enforcement and other authorities.
For example, when a court order is submitted to share data with Government functions & law enforcement agencies or a court of law e.g. HM Revenue or DWP.
- To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
- To build a rich picture of who you are and what you like, and to inform our business decisions, we’ll combine data captured from across the group, third parties and data from publicly-available lists e.g. the electoral roll, credit reference agencies (where applicable and demographic information. As we have described in the section 'What sort of personal data do we collect?' we’ll do this on the basis of our legitimate business interest.
For example, by combining this data, this will help us personalise your experience and decide which inspiration or content to share with you. We also use anonymised data from customer booking histories to identify trends in different areas of the country. This may then guide which types of news and offers we send to different locations.
7. Combining your data for personalised direct marketing
We want to bring you news and offers that are most relevant to your interests at particular times. To help us form a better, overall understanding of you as a customer, we combine your personal data gathered across Bourne Leisure LTD as described above, for example your shopping history at both Haven Holidays and Warner Leisure Hotels. For this purpose, we also combine the data that we collect directly from you with data that we obtain from third parties to whom you have given your consent to pass that data onto us.
We may also use something called “Facebook custom audiences” to deliver advertisements to our website customers, based on email addresses that we collect from you. When we use this, we do not share any of your personal information with Facebook (including your shopping history). Instead, the tool enables us to convert your email address into a unique number that Facebook can then match with the numbers generated from its own customers email addresses. You may learn more about Facebook custom audiences by visiting https://www.facebook.com/business/help/341425252616329?id=2469097953376494 and about how to opt out of receiving advertisements based on your email address by reading section 14 below, titled ‘How can you stop the use of your personal data for direct marketing?’
8. Who do we share your personal data with?
We sometimes share your personal data with trusted third parties. Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is always respected and protected.
- If we stop using their services, any of your data held by them will either be deleted, returned or rendered anonymous.
Examples of the kind of third parties we may work with are:
- IT companies who support our website, applications and other business systems.
- Direct marketing companies who help us manage our electronic and postal communications with you.
- Data Insight and Market research agencies.
- Social Media channels to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Policy for details.
- Payment service providers that enable us to fulfil transactions with you.
- Partnerships we work with e.g. RBS Rewards schemes
- For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
- We may, from time to time, expand, reduce or sell our business and therefore may share data with Prospective buyers of our business or assets. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
- Activity providers
- Where you are attending an event organised by a third party at our Resorts, we may share booking details with them to allow the event to be planned effectively. This includes: Spring Harvest breaks, ESF breaks, Status Quo Fan club breaks. Our legal basis for the sharing of this data is our contractual obligation to our partners.
- If you take out holiday insurance as part of your holiday, we will pass on details of your booking to our insurers, Towergate and their underwriters. This will allow them to administer your policy and any claim.
For further information please contact our Data Protection Officer.
9. Security on our Resorts
The following are operated in our resorts to assist with monitoring & maintaining resort safety, to prevent & detect crime & assist law enforcement (where necessary):
- Automated Number Plate Recognition (ANPR)
- Body Worn Cameras (BWC) - the security team will always inform you before turning their BWC’s on
- Pool view, some sites may operate drowning prevention technology
These systems are operated for the protection of our guest, employees & premises from criminal activities.
If we discover any criminal activity or alleged criminal activity through our use of CCTV, we will process this data for the purposes of preventing or detecting unlawful acts.
The Legal basis for our use of this information is in our Legitimate Interests to ensure the safety of guests and employees at resorts and to assist with law enforcement. We may also use the footage to exercise & defend our legal rights.
10. How we use Sensitive Personal Information
We do not normally collect sensitive personal information from you as part of the booking process. However, if you make us aware of any special requests, for your booking including anything due to specific medical, dietary or religious requirements, we will note these so that we can do our best to meet your request. We will not process this data for any other purpose.
If you book onsite activities (including, but not limited to, sports, outdoor activities and spa treatments), we ask for information about your health including any existing conditions relevant to the activity and details of who to contact in the event of an emergency.
The information is collected for the following purposes:
- To provide the activities and treatments you want and to ensure you can safely take part
- To ensure we are able to contact someone in an emergency
The legal basis for our use of this data is your consent and to fulfil our contract with you. You have the right to object to us processing this data at any time and our right to process data is not overridden by your interests, fundamental rights and freedoms.
11. Where We Transfer and Store Personal Information
The personal information that we collect from our website visitors and guests may be transferred to, and stored at, destinations outside the European Economic Area, (the "EEA”). To safeguard your personal information and to make sure that it is properly protected we have put in place contractual safeguards with our Data Processors.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
12. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. This period will be determined based on any business and/or legal requirements.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
If you need further information, please contact us at email@example.com
13. Your Rights in Your Personal Information
You have certain rights in respect of the personal information that we hold about you. Details of these rights are set out below. To exercise any of these rights, please contact us at firstname.lastname@example.org.
We will process all personal data in line with your rights, in each case to the extent required by and in accordance with applicable law only (including in accordance with any applicable time limits and any requirements regarding fees and charges). We will respect your personal information rights. For more information on your rights, please see https://ico.org.uk/your-data-matters.
14. How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that division.
If you have an account, log in into your account and change your preferences.
In our apps, you can manage your preferences and opt out from one or all the different push notifications by selecting or deselecting the relevant options in the ‘Settings’ section.
If you do not wish to see advertising on social media, you can also manage this within your social media platform settings.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
15. Cookies and other tracking technology
Our website uses “cookies” and other tracking technologies which are placed and stored on your computers’ hard drives, or in their browser memories, if you agree, when you visit our website. These are used for various purposes, including distinguishing you from other web-site visitors.
You can manage all cookies using your browser settings or using a service such as http://www.aboutads.info/choices and http://www.youronlinechoices.eu/ . You can manage your preferences for the Facebook pixel through Facebook settings. See our Cookies Policy for more information.
16. How do we protect your personal data?
We treat your information with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal information is password-protected, and sensitive data is secured and tokenised to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
18. Any questions?
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you: