Privacy Policy and GDPR

The information we collect and how we use it.

ThemeParkBeds.com is committed to protecting your privacy and this Privacy Policy sets out what information we collect, how we collect it, and what we do with it.

Jurisdiction

All agreements will be made in England and are governed by English law and are subject to the exclusive jurisdiction of the English Courts.

Information you provide

We may store the information that you provide to us. This information is collected when you request information from us, contact us (and vice versa) or make a booking with us. This could include information that you supply to us through questionnaires, surveys, e-mails, on-line transmissions and other means (both on-line and off-line). We will update your information whenever we get the opportunity to keep it current, accurate and complete.

Use of "cookies" and links to other websites

If our contact and dealing with you is via our website(s), we may use "cookies". A cookie is a small piece of data sent from our web server to your computer and stored in a text file on your hard drive. Cookies allow us to identify your computer but not you personally. You can set your web browser to refuse cookies. If you are browsing, a cookie is used to help us measure the number of visits, time spent, page views, and other data relating to our website. If you are making a purchase, we may also use cookies to keep track of the transaction from one web page to another. Cookies also help us to personalise our web pages.

Our website(s) may contain links to other sites not controlled by us. These sites may send you cookies and collect data and personal information. We are not responsible for the actions, content or the privacy policies of those websites to which our website(s) may link. It is your responsibility to check the status of these sites.

The use of cookies is commonplace and practical; most websites use them. By indicating how and when users consult a site, cookies help us to focus on the interests of our users more effectively.

Our use of your information

We may use the information we collect for advertising, promotion and other sales and marketing purposes. For instance, we may send you e-mail updates, newsletters, offers and other advertising and marketing materials. These materials may promote our products or the products of others.

We may also disclose your information to our service providers (which could be located outside the UK/EEA) for the purpose of providing you with our services. Only information necessary for this purpose will be disclosed to them. It may be a mandatory requirement (imposed by governments at the point(s) of departure and/or destination) to disclose the information for security purposes, or any other purposes which they determine appropriate. We may also disclose the information to companies who act as "data processors" on our behalf. These purposes include administration, providing services (and contacting you where necessary), customer care, improving our service, business management and operation, risk assessment, security and crime prevention/detection, research and analysis, marketing, monitoring, assessing customer purchasing preferences, dispute resolution, credit checking and debt collection.

Direct marketing material

We may share your information with our group companies and other carefully selected third parties who may contact you for direct marketing purposes and for research purposes. For example, we (on their behalf) or they may contact you with travel information, offers of goods and services, forthcoming events or competitions considered to be of interest to you.

Your rights

You have the right to ask in writing for a copy of the information we hold about you (for which we may charge a fee) and to correct any inaccuracies in your information. You also have the right to ask in writing not to receive direct marketing material about our products.

Requests regarding the discontinuance of marketing communications from us to you can be made at [email protected]. Once properly notified by you, we will take steps to stop such sending marketing materials.

Aggregated customer information

We collect information relating to customer trends and patterns. This information is often used in its aggregate form. We, including our group companies, may disclose aggregate statistics about enquiries made, visitors, customers and sales in order to describe our services to prospective partners, purchasers, advertisers and other reputable third parties and for other lawful purposes. No personally identifying information is disclosed.

Monitoring

To ensure that we carry out your instructions accurately, to help improve our service, and in the interest of security, we may monitor and/or record: (1) your telephone calls; and (2) transactions and activities on our website. All recordings are and shall remain our sole property.

Security statement
How do we protect the information?

We have taken all reasonable steps to have in place appropriate measures to protect your information, including technical, contractual, administrative, and physical security steps.

Changes to this policy

We reserve the right to modify or supplement this Privacy Policy statement at any time. Any changes to this Policy will be posted on our website. We will strive to ensure our practices comply with the most current available version of this Policy. Your continued use of the Site following the posting of changes to this Privacy Policy will mean that you accept those changes. This Privacy Policy was last updated: May 2014

Our commitment to GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to reinforce data protection for everyone within the European Union. It defines new laws based on a set of principles that businesses which handle personal data of EU citizens must follow.

The major principles of GDPR require that personal data should be:

1. Processed lawfully, fairly and in a transparent manner in relation to individuals.

2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.

3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.

6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

What are we actually doing?

We take data security and privacy of our customers extremely seriously. We are constantly reviewing our systems and processes to ensure we abide by the GDPR principles.  This is not limited to, but involves new policies and procedures for the following:

1. Internal access and permissions to view/edit data

2. Encryption of data in rest, transit and backup

3. Customer consent

4. Data minimisation and quality

5. Customer requests for rectification, portability or deletion

6. Network security

7. Breech notification

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to [email protected].  You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns