Asylum Privacy Policy
At Asylum we take your Privacy very seriously. We use Truevo to process your online booking payments. Truevo are leaders in their field of online payment processing. Our till systems are provided by Epos Now, another reputable leader in the field. We store your data on a secured server, hosted by Storm Internet.
We do not sell or pass on any of your personal details for profit or marketing purposes. News and special offers will be updated through the Website and Social Media sites, we will not contact you directly, unless you have accepted that can send you a marketing emails.
GDPR (General Data Protection Regulation)GDPR is a new Data compliance law coming into EU law on 25th May 2018.
Asylum has applied the best practice of GDPR at our park and on our website
On Account Register you will be asked to provide the following details:-
Unique User Key (Hidden auto generated by the system)Email address.Account passwordFirst Name Last Name Date Of BirthAddress Line 1Address Line 2Address Line 3
Address Line 4
Address LocalityCity CountyPost code Phone When completing a disclaimer you will be asked to add
Emergency Contact Number
Existing Health Medical/Conditions Yes/No
If Yes please describe medical conditions
We will only use this additional information if you have an accident at the park to give you 1st Aid and also to pass the info onto Emergency Services if required.
Microsoft Account SystemThe website uses a Microsoft Account system in the website, to hold the accounts. This system is used is very robust/secure and is used in many websites.
Encryption/DecryptionWe also encrypt/decrypt alot of your account data on the fly.
Site Certificate Our site runs completely over https, which opens a secure encrypted web tunnel from your web browser to our server. The requests and responsese from the website are then transmitted over this tunnel.
Post code lookupWe use an address lookup system called GetAddress.IO we pass in a post code and it returns all addresses in that postcode. This saves time on you typing information in.
You will also be asked to check the following check boxes:-
I allow my information to be used in the booking/disclaimer process and used for my visit at the park. (Mandatory)
This is our legal basis Contract for GDPR. In GDPR you have to outline why we are collecting the information we are. We need this information so that you can book online and visit the park.
We use your booking to make sure we don’t go over capacity at the park. For Health & Safety - we are only allowed so many people on the trampolines at one session at a time. The capacity of a session depends on the type of session. This is all handled by the website.
I have read and confirmed the Privacy Policy. (Mandatory)
This is quite simply that you have read and agreed this notice and you know what your GDPR rights are.
I have read and confirmed Terms And Conditions. (Mandatory)
You have read and agreed our Terms & Conditions of operation
I consent to being a member of the loyalty scheme. (Optional)
By ticking this checkbox, you become a member of our Loyalty scheme.
I consent to receiving marketing emails. (Optional)
By ticking the checkbox, you are agreeing to receive marketing emails. Asylum won’t spam you but from time to time, we may run a fantastic promotion and if you want us to let you know… By ticking (or unticking) this box, you can opt in or out of marketing emails. You can change this in your account at any time.
For GDPR compliance we audit the changes to these checkbox’ and they can be viewed by our Administrators. The aim of this is not for user tracking, but just in case you question why you have received a service when you thought you hadn’t ticked the box.
Please be aware out system will send you Booking confirmation emails, Disclaimer emails, rules and terms and conditions emails when you book. These won’t contain any marketing, they are just information, so you are aware of your booking. When we now send you disclaimers we have removed out the personal information for your security.
Once registered you can edit your account.
You can change your details and password at any time, under my account details.
Party InformationWe do collect extra information when you book a party. This is only used to provide the best party. The extra info is:-
- Any Special requirements including allergies/dietary requirements, so the party food is safe for all guests.
- First name of Birthday Boy/Girl (Optional)
- Surname of Birthday Boy/Girl (Optional)
- Age on Birthday (Optional)
- Gender of Birthday Boy/Girl (Optional)
Forgotten passwordIf you forget your password, then you can go through the forgotten password process when you click login
DisclaimersDisclaimers are linked to your account. Anyone who is participating at the park must have a Disclaimer. You can create a disclaimer for you and your dependents.
You can create Disclaimers at any time, if any information changes, you can create a new Disclaimer.
Disclaimers are valid for 12 months and we can search in our system for you and your dependents Disclaimer.
This is the information we hold on Disclaimers:-
UserID of the owning account (Only if you create a waiver in account)
Email Address - (If you create a Waiver with no account)First NameLast Name Date Of BirthAddress Line 1 Address Line 2Address Line 3Address Line 3 City Country Post codeWaiver Start and Finish Dates
Emergency Contact Number*
Do you have a Life Long Illness?
Existing Health Medical/Conditions Yes/No*
Gender
Ethinicity
If Yes please describe medical conditions**We will only use this additional information if you have an accident at the park to give you 1st Aid and also to pass the info onto Emergency Services if required.
Paper DisclaimersFrom time to time we may have used paper disclaimers, rather than electronic disclaimers. These disclaimers are stored securely, and will be destroyed securily after 19 years.
If our Privacy Policy/Terms and Conditions change over time.On your next login, we will ask you to read and re-confirm that you are happy with them.
At this point you can also join/remove yourself from the Loyalty scheme and email marketing
We audit this change and can view it in our admin area. As part of GDPR we need to know what version of documentation you signed against.
Where else do we use your data?Your hosting is with Storm Internet and this is where you data is stored on our own Cloud Server:-
https://www.storminternet.co.uk/GDPRStatementGPDR requires that we tell you about every system that can use some or part of your data (Data processors).
These Data processors are required to be GDPR compliant:-
Google G SuiteAsylum uses G Suite to send and receive email to and from the park
Google Cloud Services are GDPR compliant.
https://www.google.com/cloud/security/gdpr/Taking PaymentsWe pass information to Emerchant Pay payment gateway for payment. Email address, 1st name, last name and client address. This saves the user from retyping the info. Emerchant Pay are PCI DSS compliant payment provider.
https://www.emerchantpay.com/certifications/Mail Chimp - Mandrill emaiksThe website sends a lot of email, too much for a Google G Suite service so we have to use a different mass email provider.
We use Mandrill an extenstion of Mail Chimp so send our emails
Mail Chimp is GDRP compliant:-
https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulationThe List of Emails the system sends you are:-
- Account register email when staff member booking as a client
- Booking Confirmation email
- Forgotten Password email – which provides the user with a new password. (Can be changed when the user logs in)
- Waiver email.
- Rules email
Mail Chimp - Marketing emailsMail Chimp is an industry standard email system used for mail marketing. We would send any marketing emails via Mail Chimp. Mail Chimp and GDPR
https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulationEPOS NowWhen you visit the park, you will notice that you book in on an EPOS. The EPOS runs the website. This EPOS system is by EPOS Now
We do take payments on the EPOS system, which requires the website to communicate with EPOS Now. The only data that we send to the EPOS is Surname and Booking ID and cost. For payment tracking.
We then take face to face card payments. We don’t pass any of your personal data We use it take card payments only.
Google AnalyticsLike most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see relevant section below).
Google Analytics makes use of cookies, details of which can be found on
Google’s developer guides. For your information our website uses the analytics.js implementation of Google Analytics
Further information on Google Analytics and your privacy:-
https://support.google.com/analytics/answer/6004245Google Analytic Opt out Browser AddinIn order to provide website visitors with more choice on how data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to stop data being sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not affect usage of the website in any other way. A link to further information on the Google Analytics Opt-out Browser Add-on is provided below for your convenience.
Google Analytics opt-out.Google and GDPR:-https://privacy.google.com/businesses/compliance/CCTVWe have CCTV at the park for safety purposes and it is a requirement of our insurance company.
InsuranceIf you have an accident at the park and we need to inform our insurance company then we need to pass your booking and account information to our insurance, plus any CCTV footage too. Plus any treatment/action required at the time of the accident.
How Long do we Keep the Data for?Asylum keeps the account data forever so you can continue to book. However we do anonymise the data as per below:-
Bookings: we will remove the booking from your account after 19 years and associate it with an anonymous user. So that we can’t trace the booking back to you.
Bookings contain Disclaimers. These Disclaimers will be associated with an Anonymous Disclaimer.
Disclaimers will expire after 12 months.
Any Disclaimers that are over 19 years old will be automatically removed from the system.
In GDPR however you do have rights as an individual that overrule the above. These are outlined below:-
the right to rectification;You can edit your account details at any time, by logging into the website and altering the details. You can also alter your consents to the loyalty and email marketing scheme here too.
The only thing you cannot edit is your email address. This is for security. But we can edit it for you. If you need your email address changed, then please email info@asylumskatepark.co.uk from the account registered with the system and we can change it for you. Please allow 72 hours for this request. But under normal circumstances we change it very quickly.
the right to erasure;If you want your account and Disclaimers to be removed from the system then we can do that for you. Please email info@asylumskatepark.co.uk from the account registered and we can start the process of removing you from the system. We will answer the request within 72 hours.
the right to restrict processing;As per above you can remove consents from email and loyalty system.
We can also mark your account as inactive. So that no one can log in or use your account. Please email info@asylumskatepark.co.uk with your request from the account that is registered. Please allow 72 hours for this request.
the right to data portability;You can download your own account information from the My Account area of the system.
If you require any other data then please email the request to
info@asylumskatepark.co.ukWe also have our internal security policy for our staff on how to keep your data secure on electronic devices or any paper based information.
Cookies and PrivacyCookies are small files that are downloaded to your browser from the website.
Asylum use cookies on our website, these cookies though are only used for authentication and to make our website function correctly. Google Analytics uses cookies too. But we don’t use cookies in any malicious way.
The website will not function correctly without using cookies.
Any future developmentIf we develop our systems any further we shall adopt a data protection by design model. We have done from the start and shall continue to do so.
Questions and further contactIf you have any questions or require any further information. Then please contact us below:-
info@asylumskatepark.co.ukor use the contact form at
https://www.asylumskatepark.co.uk/nottinghamshire/contact.aspx?parkid=1 Data AuthorityOur GDPR Data authority is:-
ICO
https://ico.org.ukUnder GDPR you have the right to contact ICO at any time. But if you have any issues then please bring it to our attention first.