Privacy Policy

This Privacy Policy (the ‘Policy') is brought to you by Whitecap Leisure Limited (referred to in this policy as ‘we’, ‘us’ or ‘our’). Whitecap Leisure Limited is a wholly own subsidiary of Milton Keynes Parks Trust Limited (company number 02519659) We take the privacy of personal data that we may collect from or about you very seriously. We ask that you read this Policy carefully as it contains important information about how we will use your personal data. We may change this Policy from time to time by updating the version of the Policy which appears on our website at https://www.willenlake.org.uk/information/privacy-policy/, therefore it is important that you check our website from time to time. Alternatively if you do not have access to the internet a copy of our current Policy can be requested from us in writing. Any such request should be directed to: “The IT Manager, Whitecap Leisure Limited, c/o Milton Keynes Parks Trust, Campbell Park Pavillion, 1300 Silbury Boulevard, Campbell Park, Milton Keynes, Buckinghamshire, MK9 4AD or alternatively you can email privacy@theparkstrust.com;

This Policy also applies to personal data which is collected on our behalf by third parties such as when you make a booking to attend one of our events or to take part in one of the activities that we organise.

For the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (‘the General Data Protection Regulations’) , Whitecap Leisure Limited ('we' or 'us') is the 'data controller' (i.e. the company who is responsible for, and controls the processing of, your personal data).

Personal data we may collect about you


The type of personal data that we will collect from you may include all or any of the following, namely: your name and title, contact information including postal and email address and postcodes, demographic information such as preferences and interests, and other information relevant to user surveys and/or offers.

For example, we will obtain your personal data when you register to use our website, send us feedback, post material, contact us for any reason, sign up to a service such as to keep up-to-date with Whitecap Leisure news and activities, enter a competition, purchase goods or services, and/or book to attend an event or to take part in an activity that we have organised. We may also obtain sensitive personal data about you if you volunteer such sensitive personal data during the completion of an online form. If you volunteer such information, you will be consenting to our processing it for the purposes set out below.

We may monitor your use of our website through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit, which pages you go to, traffic data, location data and the originating domain name of a user's internet service. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. For further information on our use of cookies, please see below.

We also use Hotjar Limited (who are based in Malta) to collect data concerning the behaviour of people using our website (e.g. which pages they visit and for how long, and which links they click on), the devices they use, and which parts of our website they like or dislike. This enables us to better understand the preferences of the people using our website. The information collected may include IP addresses of our website users (which is only collected in an anonymised form), screen size and device type, browser information, geographical location (country only) and preferred language. Hotjar store this information in a pseudonymised format that does not allow any of our website users to be identified.

A free WIFI service is made available in some parts of the park land owned by us. To use that WIFI you will be required to log in via Purple WIFI Limited. In order to log in you will need to provide Purple WIFI Limited with details of your name, date of birth, post code and email address. Those details are then made available by Purple WIFI Limited to us.  By logging in to our free WIFI service we are also able to track your movements around our parks.

How we use your personal data

We will use your personal data for the purposes described below:

  • to help us identify you and any accounts you hold with us
  • administration
  • research, statistical analysis and behavioural analysis
  • customer profiling and analysing your purchasing preferences
  • marketing—see 'Marketing and opting out', below
  • fraud prevention and detection
  • billing and order fulfilment
  • dealing with order enquiries and supplying purchasing history
  • credit scoring and credit checking—see 'Credit checking', below
  • customising our website and its content to your particular preferences
  • to notify you of any changes to our website or to any of our services that may affect you
  • security vetting
  • improving our services,
  • Payment Processing

The personal data that we collect about you will be shared with Milton Keynes Parks Trust Limited which is our parent company. A copy of their privacy policy can be viewed at https://www.theparkstrust.com/information/privacy-policy/ 

Payments/donations on our website are handled by Windcave. A copy of Windcave’s privacy policy can be viewed here. Please refer to that policy to find out more about how Windcave deal with your personal data and what they do to keep it secure.

If you are booking to attend one of our events or to take part in one of our activities, either via our website, or directly with us either in person or via the post, then we will also obtain personal information from you regarding that booking. We also engage approved third party service providers such as FuseMetrix Group Ltd (Previously Digital Ticketing Services Limited who trade as ‘Digitickets’) to provide ticket sale services on our behalf for events and activities that we run. In operating a ticket sale service we (or our approved third-party service providers acting on our behalf) will obtain and retain details of your name, address and email address as well as details of the number and type of tickets that you purchased and details of the event or activity in question. The reason why we use approved third party service providers to provide ticket sale services on our behalf is because such approved third party service providers are able to operate such a service better than we are able to do so directly, and we believe that the use of such third party service providers in such circumstances provides a benefit to you.

We may also use approved third party service providers to assist us in operating a customer management system on our behalf, engage in direct marketing communications on our behalf and also to analyse information on our behalf (e.g. so as to be able to send marketing communications to people who are likely to be interested in the event, product or services being offered) In particular we use Winners FDD Limited who are a UK based company to assist us in operating a customer management system on our behalf and we send a copy of all our customer data to Winners so that they can do so. We also use The Rocket Science Group, LLC of Atlanta USA who operate ‘MailChimp’ to carry out email marketing campaigns (including sending out e-newsletters) on our behalf.

The reason why we use third party providers to do so is because such third party service providers are better able to undertake these activities than we are, and we believe that the use of such third party service providers provides a benefit to you. If you have given us permission to contact you for the purposes of receiving direct marketing communications we may also provide your personal data to such approved third party service providers for that purpose.

 

Marketing and opting out

If you have given permission, or you have purchased from our website, we may contact you by mail, telephone, SMS, text/picture/video message, fax, email about our products, services, promotions, special offers and charitable causes that may be of interest to you. We refer to those communications in this Policy as ‘direct marketing communications’. If having given such permission or having purchased from our website and you decide that you no longer wish to receive any direct marketing communications from us, you can withdraw your permission at any time. See further 'Your rights', below.

 

Disclosure of your personal data


We may disclose your personal data to:

  • other companies within our group
  • our agents and service providers
  • credit reference agents—see 'Credit checking', below
  • law enforcement agencies in connection with any investigation to help prevent unlawful activity;
  • our approved third party service providers in accordance with the ‘How we use your personal data’ and 'Marketing and opting out' sections above.

 

Keeping your data secure


We will use technical and organisational measures to safeguard your personal data, for example:

  • access to your account is controlled by a password and username that are unique to you
  • we store your personal data on secure servers
  • payment details are encrypted using SSL technology

We shall also use all reasonable endeavours to ensure that any agents and service providers to whom we provide any of your personal data will take similar measures to safeguard your personal data.

We shall review our safeguarding measure once every year to ensure that they are still adequate to protect your personal data.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.

Monitoring


We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance.

Information about other individuals


If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

  • give consent on his/her behalf to the processing of his/her personal data
  • receive on his/her behalf any data protection notices
  • give consent to the transfer of his/her personal data abroad, and
  • give consent to the processing of his/her health information.

If the person you are giving consent for is under 18 years of age then you confirm that you are the parent or legal guardian of that person and have the legal right to give consent on his or her behalf. In certain circumstances we may ask for additional evidence of your right to give consent on behalf of a person who is under 18 years of age.

Time period during which personal data will be kept


If we have not heard from you for more than 5 years (eg. because you have not attended any of our events or activities or otherwise communicated with us) we will endeavour to contact you to confirm that you wish us to retain your personal data. If we do not receive a reply to that communication then we will usually delete or otherwise anonymise your personal data (and will use all reasonable endeavours to ensure that all our approved service providers shall do likewise). Anonymising your personal data means that we will remove any information that allows you to be recognised. The exception to this is where we are entitled under GDPR to retain your personal data. This includes where continuing to hold and use your personal data is necessary for one of the following reasons:
for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;

  • for compliance with a legal obligation to which we are subject;
  • to protect your vital interests or those of another natural person;
  • for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the data concerns a child.

Transfers of data out of the EEA


We may transfer and process your personal data anywhere in the world where we or any of our agents or service providers maintain data processing operations. If we do so we shall also use all reasonable endeavours to ensure that any such agents or service provider takes adequate measures to safeguard your personal data.

To the extent that we or any of our agents or service providers process any of your personal data in a country that has not been designated by the European Commission as providing an adequate level of protection for such data, we will use all reasonable endeavours to provide adequate protection (within the meaning of the General Data Protection Regulations) of any such personal data by ensuring that such data processors have self-certified their compliance with the ‘Privacy Shield’ principles.

In particular we do currently send limited amounts of personal data (namely names and email addresses) to Rocket Science Group, LLC who operate ‘MailChimp’. As Rocket Science Group, LLC is a U.S based organisation we have taken and will continue to take steps to ensure that they have self-certified their compliance with the ‘Privacy Shield’ principles.

How we use cookies


A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. We use cookies on our website to:-

  • keep track of items stored in your shopping basket
  • recognise whenever you visit our website (this speeds up your access to the website as you do not have to log on each time)
  • obtain information about your preferences, online movements and use of the internet
  • carry out research and statistical analysis to help improved our content, products and services and to help us better understand our visitors’ and customers’ requirements and interests
  • target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests
  • make your online experience more efficient and enjoyable.

The information we obtain from our use of cookies will not usually contain your personal data. Although we may obtain information about your computer or other electronic device such as your IP address, your browser and/or other internet log information, this will not usually identify you personally. [In certain circumstances we may collect personal information about you—but only where you voluntarily provide it (e.g. by completing an online form) or where you purchase goods or services from us.

In most cases we will need your consent in order to use cookies on our website. The exception is where the cookie is essential in order for us to provide you with a service you have requested (e.g. to enable you to put items in your shopping basket and use our check-out process).

Consent (notification on home page)


There is a notice on the home page of our website which tells you that we use cookies and which contains a link to this Policy. If you use our website after seeing that notice we will assume that you consent to our use of cookies for the purposes described in this Policy.

What cookies can you receive from our website?

Google Analytics


Google Analytics provides anonymous statistics on website usage. Cookies are used to track the source of a visitor, their session on the website (to associate multiple page views to one visit) and whether they are a new or returning visitor.

Cookie name (s): _ga, _gat
Description: Used to distinguish unique users and for limiting the collection of data on high traffic sites.
Expiry: Expires 2 years after being set/updated (_ga) and 10 mins after being set/updated (_gat).

Add This


The Add This widget provides social media sharing through a range of social networks. It consists of a core group of session’s cookies for bookmarking and another group of third party cookies. The third party cookies are used for target advertising.

The Core Cookies

Cookie name(s): __atuvc, __atuvs, _conv_r, _conv_s, _conv_v, bt2, di2, dt, km_ab_cbp, km_ai, loc, ssc, ssh, sshs, uid, um, user_segment, uvc, vc
Description: Used to distinguish unique users, recording user sharing and social activity, geolocation to help publishers know approximately where people sharing information are located, and managing expiration for other cookies.
Expiry: The longest lasting cookie expires 2 years after it is set/updated. Others expire sooner, e.g. 6 months, 1 month, or as soon as the browser is closed.

Opt-out cookie


To prevent advertising cookies being placed on your computer, Add This can place an Opt-Out cookie (http://www.addthis.com/privacy/opt-out) on the user’s computer. When you opt out, an opt-out cookie will be placed on your computer.

YouTube


YouTube uses cookies to store a user’s preference of video and the ids of the videos they watched. This helps them determine which videos you would be more interested in.

Cookie name(s): PREF, VISITOR_INFO1_LIVE, YSC, __utma, __utmb, __utmc, __utmz
Description: Used to distinguish unique users and sessions and identifies the source of traffic to the site
Expiry: The longest lasting cookie expires 2 years after it is set/updated. Others expire sooner, e.g. 6 months, 1 month, or as soon as the browser is closed.


These cookies appear when you visit a webpage that has an embedded YouTube video. YouTube’s cookies do not store any Personally Identifiable Information (PII).

PHP Session ID


A PHP session is created when certain functionality is in use on the website, allowing the website to uniquely identify one user between page loads. This is essential for the websites operation, and is used for facilities such as logins to the content management system and load balancing.

Cookie name(s): PHPSESSID
Description: Contains an anonymous identifier that can be used by the server to provide a continuous service.
Expiry: Expires when the browser is closed.

 

Cookie Policy Acceptance


New visitors to the site will be shown a banner outlining the site’s use of cookies. Clicking the Continue button will hide the banner and set a cookie so that the banner is not shown again on return visits.

Cookie name(s): accept_cookies
Description: Used to determine whether or not to show the cookie information banner.
Expiry: Expires 3 years after being set.

 

Links to other websites


Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

How to turn off cookies


If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality which would otherwise be available on our website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org.

Your rights


You have the right to request access to personal data that we may process about you. If you wish to exercise this right, you should:

  • put your request in writing addressed to “The IT Manager, Whitecap Leisure Limited, c/o Milton Keynes Parks Trust, Campbell Park Pavillion, 1300 Silbury Boulevard, Campbell Park, Milton Keynes, Buckinghamshire, MK9 4AD” or alternatively you can email privacy@theparkstrust.com;
  • include proof of your identity and address (eg a copy of your driving licence or passport, and a recent utility or credit card bill); and
  • specify the personal data you want access to, including any account or reference numbers where applicable.

In most circumstances we will not make any charge for providing you with this data but are entitled to make a charge where, for example, you ask for the same data on more than one occasion, or where the amount and extent of data that you request is excessive. In those circumstances we will advise you in advance what that charge will be and why we intend to make that charge.

You have the right to require us to correct any inaccuracies in your data free of charge. If you wish to exercise this right, you should:

  • put your request in writing addressed to “The IT Manager, Whitecap Leisure Limited, c/o Milton Keynes Parks Trust, Campbell Park Pavillion, 1300 Silbury Boulevard, Campbell Park, Milton Keynes, Buckinghamshire, MK9 4AD” or alternatively you can email privacy@theparkstrust.com;
  • provide us with enough information to identify you (eg account number, username, registration details); and
  • specify the information that is incorrect and what it should be replaced with.

Before we supply any of the above we shall be entitled to request to see the original version of any copy forms of identity that you have previously sent to us.

You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, you should:

  • put your request in writing addressed to “The IT Manager, Whitecap Leisure Limited, c/o Milton Keynes Parks Trust, Campbell Park Pavillion, 1300 Silbury Boulevard, Campbell Park, Milton Keynes, Buckinghamshire, MK9 4AD”or alternatively you can email privacy@theparkstrust.com;
  • provide us with enough information to identify you (e.g. account number, username, registration details), and

If your objection is not to direct marketing in general, but to direct marketing via a particular channel (eg email or telephone), please specify the channel you are objecting to.

You also have the right to be ‘forgotten’ (which is also known as the right of erasure). If you ask to be forgotten this means that we will erase or anonymise (and will use all reasonable endeavours to ensure that our approved service providers erase or anonymise) all personal data that we or our approved service providers may hold concerning you. Anonymising your personal data means that we will remove any information that allows you to be recognised. If you wish to exercise this right to be forgotten, you should:

  • put your request in writing addressed to “The IT Manager, Whitecap Leisure Limited, c/o Milton Keynes Parks Trust, Campbell Park Pavillion, 1300 Silbury Boulevard, Campbell Park, Milton Keynes, Buckinghamshire, MK9 4AD”or alternatively you can email privacy@theparkstrust.com; and
  • provide us with enough information to identify you (e.g. account number, username, registration details).

You have the right to object to the processing of your personal data where we do not have a compelling legitimate ground to continue otherwise. If you wish to exercise this right, you should:

  • put your request in writing addressed to “The IT Manager, Whitecap Leisure Limited, c/o Milton Keynes Parks Trust, Campbell Park Pavilion, 1300 Silbury Boulevard, Campbell Park, Milton Keynes, Buckinghamshire, MK9 4AD” or alternatively you can email privacy@theparkstrust.com;
  • please identify which process you are objecting to.

You have the right not to be subject to a decision based solely on automated processing, including profiling. If you wish to exercise this right, you should:

  • put your request in writing addressed to “The IT Manager, Whitecap Leisure Limited, c/o Milton Keynes Parks Trust, Campbell Park Pavilion, 1300 Silbury Boulevard, Campbell Park, Milton Keynes, Buckinghamshire, MK9 4AD” or alternatively you can email privacy@theparkstrust.com;

If you exercise any of your rights above we will maintain records of that request and the response we gave. If you exercise the right to be forgotten we will nevertheless record the fact that a person with your surname made that request (and confirming what action we took in response to that request) but will ensure that those records will not contain any other information which allows you to be identified.

Our contact details


We welcome your feedback and questions. If you wish to contact us, please send an email to privacy@theparkstrust.com or you can write to us at Whitecap Leisure Limited, c/o Milton Keynes Parks Trust, Campbell Park Pavillion, 1300 Silbury Boulevard, Campbell Park, Milton Keynes, Buckinghamshire, MK9 4AD or call us on 01908 246599. Our registered office address is Whitecap Leisure Limited, 1300 Silbury Boulevard, Campbell Park, Milton Keynes, Buckinghamshire, MK9 4AD.

We may change this Policy from time to time. You should check our website occasionally to ensure you are aware of the most recent version of our Policy.

Last updated: 23.07.2023