We do not sell or pass on any of your personal details for profit or marketing purposes. News and special offers will be updated through the Website and Social Media sites, we will not contact you directly, unless you have accepted that can send you a marketing emails.
GDPR (General Data Protection Regulation)
GDPR is a new Data compliance law coming into EU law on 25th May 2018.
Asylum has applied the best practice of GDPR at our park and on our website
On Account Register you will be asked to provide the following details:-
Unique User Key (Hidden auto generated by the system)
First Name Last Name
Date Of Birth
Address Line 1
Address Line 2
Address Line 3
Address Line 4
When completing a disclaimer you will be asked to add
Emergency Contact Number
Existing Health Medical/Conditions Yes/No
If Yes please describe medical conditions
We will only use this additional information if you have an accident at the park to give you 1st Aid and also to pass the info onto Emergency Services if required.
Microsoft Account System
The website uses a Microsoft Account system in the website, to hold the accounts. This system is used is very robust/secure and is used in many websites.
We also encrypt/decrypt alot of your account data on the fly.
Our site runs completely over https, which opens a secure encrypted web tunnel from your web browser to our server. The requests and responsese from the website are then transmitted over this tunnel.
Post code lookup
We use an address lookup system called GetAddress.IO we pass in a post code and it returns all addresses in that postcode. This saves time on you typing information in.
You will also be asked to check the following check boxes:-
I allow my information to be used in the booking/disclaimer process and used for my visit at the park. (Mandatory)
This is our legal basis Contract for GDPR. In GDPR you have to outline why we are collecting the information we are. We need this information so that you can book online and visit the park.
We use your booking to make sure we don’t go over capacity at the park. For Health & Safety - we are only allowed so many people on the trampolines at one session at a time. The capacity of a session depends on the type of session. This is all handled by the website.
This is quite simply that you have read and agreed this notice and you know what your GDPR rights are.
I have read and confirmed Terms And Conditions. (Mandatory)
You have read and agreed our Terms & Conditions of operation
I consent to being a member of the loyalty scheme. (Optional)
By ticking this checkbox, you become a member of our Loyalty scheme.
I consent to receiving marketing emails. (Optional)
By ticking the checkbox, you are agreeing to receive marketing emails. Asylum won’t spam you but from time to time, we may run a fantastic promotion and if you want us to let you know… By ticking (or unticking) this box, you can opt in or out of marketing emails. You can change this in your account at any time.
For GDPR compliance we audit the changes to these checkbox’ and they can be viewed by our Administrators. The aim of this is not for user tracking, but just in case you question why you have received a service when you thought you hadn’t ticked the box.
Please be aware out system will send you Booking confirmation emails, Disclaimer emails, rules and terms and conditions emails when you book. These won’t contain any marketing, they are just information, so you are aware of your booking. When we now send you disclaimers we have removed out the personal information for your security.
Once registered you can edit your account.
You can change your details and password at any time, under my account details.
We do collect extra information when you book a party. This is only used to provide the best party. The extra info is:-
- Any Special requirements including allergies/dietary requirements, so the party food is safe for all guests.
- First name of Birthday Boy/Girl (Optional)
- Surname of Birthday Boy/Girl (Optional)
- Age on Birthday (Optional)
- Gender of Birthday Boy/Girl (Optional)
If you forget your password, then you can go through the forgotten password process when you click login
Disclaimers are linked to your account. Anyone who is participating at the park must have a Disclaimer. You can create a disclaimer for you and your dependents.
You can create Disclaimers at any time, if any information changes, you can create a new Disclaimer.
Disclaimers are valid for 12 months and we can search in our system for you and your dependents Disclaimer.
This is the information we hold on Disclaimers:-
UserID of the owning account (Only if you create a waiver in account)
Email Address - (If you create a Waiver with no account)
Date Of Birth
Address Line 1
Address Line 2
Address Line 3
Address Line 3
Waiver Start and Finish Dates
Emergency Contact Number*
Existing Health Medical/Conditions Yes/No*
If Yes please describe medical conditions**We will only use this additional information if you have an accident at the park to give you 1st Aid and also to pass the info onto Emergency Services if required.Paper Disclaimers
From time to time we may have used paper disclaimers, rather than electronic disclaimers. These disclaimers are stored securely, and will be destroyed securily after 19 years.
On your next login, we will ask you to read and re-confirm that you are happy with them.
At this point you can also join/remove yourself from the Loyalty scheme and email marketing
We audit this change and can view it in our admin area. As part of GDPR we need to know what version of documentation you signed against.
Where else do we use your data?
Your hosting is with Storm Internet and this is where you data is stored on our own Cloud Server:-
GPDR requires that we tell you about every system that can use some or part of your data (Data processors).
These Data processors are required to be GDPR compliant:-
Google G Suite
Asylum uses G Suite to send and receive email to and from the park
Google Cloud Services are GDPR compliant.
We pass information to Worldpay payment gateway for payment. Email address, 1st name, last name and client address. This saves the user from retyping the info. Worldpay are PCI DSS compliant payment provider. https://www.worldpay.com/uk/pci-dss-overviewMail Chimp - Mandrill emaiksThe website sends a lot of email, too much for a Google G Suite service so we have to use a different mass email provider.
We use Mandrill an extenstion of Mail Chimp so send our emails
Mail Chimp is GDRP compliant:-
https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulationThe List of Emails the system sends you are:-
Mail Chimp - Marketing emails
- Account register email when staff member booking as a client
- Booking Confirmation email
- Forgotten Password email – which provides the user with a new password. (Can be changed when the user logs in)
- Waiver email.
- Rules email
Mail Chimp is an industry standard email system used for mail marketing. We would send any marketing emails via Mail Chimp. Mail Chimp and GDPR
When you visit the park, you will notice that you book in on an EPOS. The EPOS runs the website. This EPOS system is by EPOS Now
We do take payments on the EPOS system, which requires the website to communicate with EPOS Now. The only data that we send to the EPOS is Surname and Booking ID and cost. For payment tracking.
We then take face to face card payments. We don’t pass any of your personal data We use it take card payments only.
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Further information on Google Analytics and your privacy:-https://support.google.com/analytics/answer/6004245Google Analytic Opt out Browser Addin
We have CCTV at the park for safety purposes and it is a requirement of our insurance company.
If you have an accident at the park and we need to inform our insurance company then we need to pass your booking and account information to our insurance, plus any CCTV footage too. Plus any treatment/action required at the time of the accident.
How Long do we Keep the Data for?
Asylum keeps the account data forever so you can continue to book. However we do anonymise the data as per below:-
Bookings: we will remove the booking from your account after 19 years and associate it with an anonymous user. So that we can’t trace the booking back to you.
Bookings contain Disclaimers. These Disclaimers will be associated with an Anonymous Disclaimer.
Disclaimers will expire after 12 months.
Any Disclaimers that are over 19 years old will be automatically removed from the system.
In GDPR however you do have rights as an individual that overrule the above. These are outlined below:-
the right to rectification;
You can edit your account details at any time, by logging into the website and altering the details. You can also alter your consents to the loyalty and email marketing scheme here too.
The only thing you cannot edit is your email address. This is for security. But we can edit it for you. If you need your email address changed, then please email firstname.lastname@example.org from the account registered with the system and we can change it for you. Please allow 72 hours for this request. But under normal circumstances we change it very quickly.
the right to erasure;
If you want your account and Disclaimers to be removed from the system then we can do that for you. Please email email@example.com from the account registered and we can start the process of removing you from the system. We will answer the request within 72 hours.
the right to restrict processing;
As per above you can remove consents from email and loyalty system.
We can also mark your account as inactive. So that no one can log in or use your account. Please email firstname.lastname@example.org with your request from the account that is registered. Please allow 72 hours for this request.
the right to data portability;
You can download your own account information from the My Account area of the system.
If you require any other data then please email the request to email@example.comWe also have our internal security policy for our staff on how to keep your data secure on electronic devices or any paper based information.
Cookies and Privacy
Cookies are small files that are downloaded to your browser from the website.
The website will not function correctly without using cookies.
Any future development
If we develop our systems any further we shall adopt a data protection by design model. We have done from the start and shall continue to do so.
Questions and further contact
If you have any questions or require any further information. Then please contact us below:-firstname.lastname@example.org
or use the contact form at https://www.asylumskatepark.co.uk/nottinghamshire/contact.aspx?parkid=1 Data Authority
Our GDPR Data authority is:-
Under GDPR you have the right to contact ICO at any time. But if you have any issues then please bring it to our attention first.