Daisy
Daisy
Daisy

Privacy Policy

Privacy Policy

At Under 20 Limited ("we", "us", "our"), we regularly collect and use personal data about consumers who visit our attractions or browse our websites. Personal data is any information that can used to identify you as an individual. The protection of your personal data is very important to us, and we understand our responsibilities to handle your personal data with care, to keep it secure and to comply with legal requirements.
The purpose of this privacy policy ("Policy") is to provide a clear explanation of when, why and how we collect and use personal data. We have designed it to be as user friendly as possible, and have labelled sections to make it easy for you to find the information that is most relevant to you.
Please read this Policy carefully. It provides important information about how we use personal data and explains your legal rights. This Policy is not intended to override the terms of any contract that you have with us or any rights you might have available under applicable data protection laws.
We will make changes to this Policy from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will make sure that you are aware of any significant changes by sending an email message to the email address you most recently provided to us or by posting a notice on the website so that you are aware of the impact to the data processing activities before you continue to engage. We encourage you to regularly check back and review this policy so that you will always know what information we collect, how we use it, and who we share it with.
CONTENTS
WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?
WHAT PERSONAL DATA DO WE COLLECT?
WHEN DO WE COLLECT YOUR PERSONAL DATA?
WHAT PURPOSES DO WE USE YOUR PERSONAL DATA FOR AND WHAT IS THE LEGAL BASIS?
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
DIRECT MARKETING
INTERNATIONAL TRANSFERS
PROFILING
APPLICATION FOR A DISABLED REGISTRATION ID CARD
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
WHAT ARE YOUR RIGHTS?
CONTACT AND COMPLAINTS
APPENDIX 1 - LEGAL BASIS FOR PROCESSING
APPENDIX 2 - GLOSSARY
1. WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?
Under 20 Limited registered office is at Squire House, 81/87 High Street, Billericay, Essex, CM12 9AS. Our business is about creating unique, memorable and rewarding visitor experience.
The entity in Under 20 Limited which was originally responsible for collecting information about you will be the Data Controller. Other entities in Under 20 Limited may also be Data Controllers where they control the use or processing of such data. There will be a single point of contact for all Under 20 Limited Controllers who can be contacted using the details set in section 11 below.
2. WHAT PERSONAL DATA DO WE COLLECT?
In relation to potential customers, historic customers and current customers and visitors ("consumers"), we collect the following data:
Information that you provide by filling in forms on our site. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We will also ask you for information when you report a problem with our site.
Completing the form for the disabled access registration ID card.
Details of any concerns if you contact us with a query or issue.
When you complete a survey to tell us how your experience was and how we can improve, although you do not have to respond to them.
Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data.
Your name, address, telephone number and/or email address in order to contact you with details of your booking or in the unlikely event that we need to contact you urgently about your booking.
This includes the collection of contact details such as your name, address, date of birth, telephone number and email address, special categories of personal data details including a consultant or GP letter, a photocopy of your blue badge, a letter from the Department of Work and Pensions (“DWP”), Disability Living Allowance (“DLA”), or Personal Independence Payment (“PIP”), identification details including a headshot of yourself, engagement details including your purchase history, your marketing preferences including interests / marketing list assignments, record of permissions or marketing objections, website data, device data including IP addresses and details about your browsing history, browser type, and session frequency and cookies.
3. WHEN DO WE COLLECT YOUR PERSONAL DATA?
Consumers
We will collect information from you directly when you sign up for a newsletter, when you purchase a ticket or pass, when requesting the form for disabled access or if we collect any special categories of personal data from you in person related to the application or where you contact us with questions or suggestions.
Where someone has applied for a family pass, or entered into a competition on your behalf, information about you in those circumstances will be provided to us indirectly by a family member or another third person.
In emergency circumstances, we will also collect information about you indirectly from other sources where we believe this is necessary to help ensure the security of our attractions. These other sources may include public registers and social media platforms.
We will not knowingly collect any personal data about children for the purpose of marketing without making it clear that such information should only be provided with parental consent, if this is required by applicable laws - so Under 20 Limited will only use the personal data of children as far as is permitted by law where the required parental or guardian consent has been obtained.
4. WHAT PURPOSES DO WE USE YOUR PERSONAL DATA FOR AND WHAT IS THE LEGAL BASIS?
We will use your personal data to:
ensure that content from our site is presented in the most effective manner for you and for your computer.
provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
carry out our obligations arising from any contracts entered into between you and us.
allow you to participate in interactive features of our service, when you choose to do so.
notify you about changes to our service.
We may also send you marketing materials (where we have appropriate permissions as explained in more detail below under Section 6). This process is likely to include profiling, and more information is provided at Section 8 of this Policy about this. We will also need to use your personal data for purposes associated with our legal and regulatory obligations.
We have to establish a legal ground to use your personal data, so we will make sure that we only use your personal data for the purposes set out in this Section 4 where we are satisfied that:
our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to manage your booking for entry tickets to an attraction), or
our use of your personal data based on your consent (e.g. when you apply for a disabled access)
our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we are subject to (e.g. to comply with ICO requirements), or
our use of your personal data is necessary to support 'Legitimate Interests' that we have as a business (for example, to improve our products, or to carry out analytics across our datasets), provided it is always carried out in a way that is proportionate, and that respects your privacy rights. Where required under separate laws, for example the Privacy and Electronic Communications Regulations, we will also ensure that you have opted in to send you marketing materials - see section 6 below for more details.
Before collecting and/or using any special categories of data we will establish an additional lawful ground to those set out above which will allow us to use that information. This additional exemption will typically be:
your explicit consent;
the establishment, exercise or defence by us or third parties of legal claims; or
a specific exemption provided under local laws of EU Member States and other countries implementing the GDPR.
PLEASE NOTE: If we have previously told you that we were relying on consent as the basis of our processing activities, going forward we will not be relying on that legal basis unless we have said that are in this Policy.
PLEASE NOTE: If you provide your consent or explicit consent to allow us to process your personal data or your special categories of data, you can withdraw your consent to such processing at any time. However, you should be aware that if you choose to withdraw your consent we will tell you more about the possible consequences, including if this means that certain services.
5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We share the data with third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data, and include:
service providers, who help manage our IT and back office systems, and assist with our Customer Relationship Management activities.
our website development agency
our PR agency
our media agency
solicitors and other professional services firms (including our auditors).
Also, if we were to sell part of our businesses we would need to transfer your personal data to the purchaser.
6. DIRECT MARKETING
We may use your personal data to send you direct marketing communications. This will be in the form of email, post, SMS or targeted online advertisements.
Where we require explicit opt-in consent for direct marketing in accordance with the Privacy and Electronic Communications Regulations we will ask for your consent. Otherwise, for non-electronic marketing or where we can rely on the Soft opt-in exemption under the Privacy and Electronic Communications Regulations, we will be relying on our Legitimate Interests for the purposes of GDPR as further detailed in section 4.
You have a right to stop receiving direct marketing at any time - you can do this by following the opt-out links in electronic communications (such as emails), or by contacting us using the details in Section 11.
We also use your personal data for customising or personalising advertisements, offers and content made available to you, and analysing the performance of those advertisements, offers and content, as well as your interaction with them. We may also recommend content to you based on information we have collected about you and your viewing habits. This constitutes 'profiling', and more information is provided at Section 8 of this Policy about this.
7. INTERNATIONAL TRANSFERS
No data is shared in this manner.
8. PROFILING
'Automated Decision Making' refers to a decision which is taken through the automated processing of your personal data alone - this means processing using, for example, software code or an algorithm, which does not involve any human intervention. We do not carry out any automated decision making, however we do carry out profiling using automated processing to tailor marketing materials for a specific customer.
Where we have permissions to send a consumer marketing updates, we may use profiling to ensure that marketing materials are tailored to your preferences and to what we think you will be interested in. In certain circumstances it will be possible to infer certain information about you from the result of profiling, which could include special categories of personal data, but we will not do this unless we have obtained your explicit consent to do so.
9. APPLICATION FOR A DISABLED REGISTRATION ID CARD
As part of this request, we will ask you for information so that we can check to see whether you are eligible for a disabled registration ID card and for administration and granting of the disabled registration ID card. The personal information we collect about you is treated slightly differently depending on what type of information it is.
You will have explicitly consented to our use of the personal information relating to your disability and you have the right to withdraw consent (explained above). Depending on what personal information you choose to provide us, we will be collecting the following special categories of data from you:
consultant or GP letter detailing your disability or the individual you are applying for
a photocopy of your blue badge, or the individual you are applying for
a letter from the DWP, DLA, or PIP stating you are entitled to a higher rate or enchanced rate mobility allowance or the individual you are applying for
Other personal information we will collect about you (but that is not special categories of personal data) is:
a photo headshot of yourself or the individual you are applying for
your name, address and contact information or the individual you are applying for
If you have made an application on behalf of a child or another adult, on the basis of a disability, then you will have explicitly consented to our use of the personal information that relates to the other adults or child's disability and you will have the right to withdraw consent (explained above). The information we collect is listed directly above.
As part of the application, you may also submit personal information about yourself (depending on whether you are carrying out the application for yourself or on behalf of another) and that we require in our legitimate interest. This includes the information list directly above
Any personal information that is provided in and during the application process is used only for the purpose of reviewing the application and granting access
10. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 4 of this Policy. In particular, where there has been no interaction from a consumer (e.g. a purchase, email open, newsletter sign up), a record will be archived after 1 year and deleted after 3 years.
Where we are required to do so to meet legal, regulatory, tax or accounting requirements, we will retain your personal data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings.
11. WHAT ARE YOUR RIGHTS?
You have a number of rights in relation to your personal data. In summary, you have the right to request: access to your data; rectification of any mistakes in our files; erasure of records where no longer required; restriction on the processing of your data; objection to the processing of your data; data portability; and various information in relation to any automated decision making and profiling. You also have the right to complain to your supervisory authority.
12. CONTACT AND COMPLAINTS
The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is our Data Protection Officer. The Data Protection Officer can be contacted in the following way:
This email address is being protected from spambots. You need JavaScript enabled to view it.
If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Daisy