Privacy Notice

We will only collect and use the personal data we need. Where possible, we will make it clear at the point of collection why we are collecting your personal data. If it is not possible to give full details, we will refer you to this Notice on our website. There are many instances when we will collect and process data, these include but are not limited to when you:  

• visit our website using cookies and tracking technologies, 
• when you visit or interact with our social media pages,
• visit one of our parks through CCTV and video surveillance,
• When you interact with an Enforcement Officer in the park,
• book an activity or event or purchase a membership,
• complete a form or survey for us 
• apply to one of our job vacancies, 
• enter one of our competitions,
• host a licensed event at Willen Lake,
• visit our offices, 
• when you interact with us through third parties, 
• ask us a question, report an issue, or make a complaint   

We may collect the following types of personal information: 

Data protection legislation recognises certain categories of personal information as requiring particular care; that data is known as "special category data". Examples of special category data are health information and information regarding race, religious beliefs, and political opinions.  

We only collect special category data personal information where we have a clear reason for doing so, and we have a legal basis. Clear notices will be provided on forms and communications. Only those individuals with a business need to access and process that information will be able to do so. 

We will only use your personal data when we have an appropriate lawful basis to do so, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.  
 
Please note that we may process your personal data without your consent, in compliance with the above rules, where this is required or permitted by law.  

These include, but are not limited to the following purposes: 

We are committed to protecting the privacy of children who engage with The Parks Trust. Where we collect and process personal data relating to children, we do so with particular care and in accordance with the UK General Data Protection Regulation (UK GDPR). 

We do not knowingly collect personal data from children under 13 without parental consent. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you are a parent or guardian and believe we may have collected personal data about your child without proper consent, please contact us at privacy@theparkstrust.com.

Children’s data is stored securely and only accessible to staff who need it to perform their duties. We do not use children’s data for marketing purposes. 

We do not sell your personal data. However, we may share your information with trusted third parties where necessary to operate our services, fulfil our legal obligations, or with your consent. 
 
We may share your personal data with: 

• Service providers and suppliers who support our operations, such as IT hosting companies, payment processors, marketing agencies and platforms, and event organisers. These providers are contractually bound to protect your data and only use it for the purposes we specify.
• Professional advisers including lawyers, accountants, and insurers, where necessary for legal or contractual purposes.
• Regulatory and law enforcement authorities, such as the Information Commissioner’s Office (ICO), Thames Valley Police, or Milton Keynes Council, where required by law or to protect our legal rights.
• •    Partner organisations where you have given consent, for example when participating in joint activities or purchasing a Willen Wonders Card.
• Analytics and advertising partners, who help us improve our website and communications. These partners may use cookies or similar technologies to collect usage data. See Cookies section for more information. 

Where we share your data with third parties outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent legal mechanisms. 

We will only share the minimum amount of personal data necessary for the intended purpose and will ensure that all third parties uphold appropriate data protection standards. 

If you would like more information about the third parties we work with, please contact us at privacy@theparkstrust.com. 

We retain your personal data only as long as necessary for the purposes outlined in this Notice or as required for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. 

If we have not heard from you for more than 5 years (e.g. because you have not attended any of our events or activities or otherwise communicated with us) we will endeavour to contact you to confirm that you wish us to retain your personal data.   

If we do not receive a reply to that communication, then we will usually delete or otherwise anonymise your personal data (and will use all reasonable endeavours to ensure that all our approved service providers shall do likewise). Anonymising your personal data means that we will remove any information that allows you to be recognised. The exception to this is where we are under a legal obligation to retain your personal data past our retention periods, for example for the purposes of an ongoing legal claim.

Automated decision-making, including profiling, refers to decisions made without human involvement that may have legal or similarly significant effects. 

Profiling refers to the use of personal data to evaluate certain aspects about an individual, such as preferences, interests, or behaviour.

We do not make decisions about individuals solely using automated means that have legal or similarly significant effects.  

Under the UK General Data Protection Regulation (UK GDPR), you have the following rights regarding your personal data: 

• Right to access – You have the right to request a copy of the personal data we hold about you.
• Right to rectification – You can ask us to correct or complete any inaccurate or incomplete data.
• Right to erasure – You may request that we delete your personal data, where there is no legal reason for us to continue processing it.
• Right to restrict processing – You can ask us to limit how we use your data in certain circumstances.
• Right to data portability – You have the right to receive your data in a structured, commonly used format and to ask us to transfer it to another organisation.
• Right to object – You can object to our processing of your data where we rely on legitimate interests 
• Right to withdraw consent – Where we rely on your consent to process data, you can withdraw it at any time. 

To exercise any of these rights, please contact our Data Protection Representative by email on privacy@theparkstrust.com or by post to Milton Keynes Parks Trust Limited, Campbell Park Pavillion, 1300 Silbury Boulevard, Campbell Park, Milton Keynes, Buckinghamshire, MK9 4AD. 
 
We will respond to your request within one calendar month. If your request is complex or we receive multiple requests, we may extend this period by up to two months and will inform you of the delay. 

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, destruction, or accidental loss.

We will use technical and organisational measures to safeguard your personal data, for example: 

• access to your account is controlled by a password and username that are unique to you
• multi-factor authentication is used by all employees
• we store your personal data on secure servers
• payment details are encrypted using SSL technology,
• we limit access to our offices to those who we believe are entitled to be there,
• we implement access controls to our information technology,
• we work only with trusted third parties who help us deliver our services,
• we regularly train staff on information security and data protection 

We shall also use all reasonable endeavours to ensure that any agents and service providers to whom we provide any of your personal data will take similar measures to safeguard your personal data.  

We shall review our measures once every year to ensure that they are still adequate to protect your personal data. 

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. 

Our website contains links to and from the websites of our partner networks and advertisers. If you follow a link to any of these websites, they will have their own privacy policies for which we do not accept any responsibility or liability.  

You have the right to make a complaint if you are unhappy about how your personal data is processed. However, we would appreciate the chance to deal with your complaint before you approach the Supervisory Authority, so please contact us in the first instance at privacy@theparkstrust.com. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), Visit www.ico.org.uk for more information. 

We may update this Privacy Notice from time to time. We will notify you of any significant changes by posting the new Notice on our website at willenlake.org.uk/privacy-policy.  

If you have any questions or concerns about this Privacy Notice, please contact us by: 

Email: privacy@theparkstrust.com 
 
Post: 
Data Protection Representative
Milton Keynes Parks Trust Limited 
Campbell Park Pavilion 
1300 Silbury Boulevard 
Campbell Park 
Milton Keynes 
Buckinghamshire 
MK9 4AD