Please read this Policy carefully. It provides important information about how we use your personal data and explains your legal rights. This Policy does not override the terms of any contract that you have with us (for example, ticket terms and conditions) or any rights you might have available under the relevant data protection laws.
Who we are
We are Foxlake Adventures C.I.C. Through our subsidiary companies, we are known under the name of Foxlake and operate numerous watersports activity sites across the UK.
Our core principles about your data:
User privacy and data protection are your rights
We have a duty of care when collecting, holding and processing your data
We will never sell or otherwise distribute or make public your personal information.
Our Commitment to Legislation
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
UK Data Protection Act 2018 (DPA)
EU General Data Protection Regulation 2018 (GDPR).
This site’s compliance with the above legislation means that it is likely compliant with the data protection and user privacy legislation set out by many other countries as well.
What personal data we collect and why we collect it
How your information is collected
We will mainly collect personal information about you through direct interactions with you. You may give us your personal information by filling in forms or by corresponding or engaging with us through our website or by face-to-face communication, post, phone, email, social media or any other means of communication. This includes personal information you provide when you: (i) purchase or use our services; (ii) register an account with us; (iii) subscribe to our newsletters / mailing list or any other services / products; (iv) request marketing materials to be sent to you; (v) enter a competition, promotion or survey; or (vi) provide us with any feedback or other communications.
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. See our Cookies Policy for more details.
We may also collect information about you from other entities in our group, from our business partners and from various other third party service providers, such as analytics providers, search information providers, fraud prevention and credit reference agencies and providers of IT / technical services, payment services and/or delivery services.
It is important that the personal information we hold about you is accurate and up to date. Please let us know if your personal information changes at any time during your relationship with us.
How we use your information
We will only use your personal information where we have a lawful basis for doing so. Most commonly, we will use your personal information in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for the purposes of our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those legitimate interests.
Where we need to comply with any legal obligation or regulatory requirement.
We may also use consent as a lawful basis for providing you with marketing communications.
The table below sets out the main ways we plan to use your personal information and which of the relevant lawful grounds for processing we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data.
Please note that we may also process sensitive personal information about you (e.g. information on physical and/or mental health) in circumstances where: (i) you have provided your explicit consent; (ii) the processing relates to information which has been manifestly made public by you; (iii) the processing is necessary for reasons of substantial public interest; (iv) the processing is necessary for the establishment, exercise or defence of legal claims; or (v) the processing is otherwise permitted in accordance with the GDPR and/or the Data Protection Act 2018.
If you have provided us with your details, you will only receive marketing materials, email newsletters or email promotions from us in circumstances where you have provided an opt-in consent which confirms that you want to receive such marketing from us.
If you choose to join our email newsletter, the email address that you submit to us will be used within MailChimp who provide us with email marketing services, and who we consider to be a third party data processor.
Opting out of marketing
You have the right to object at any time to the processing of your personal information for direct marketing purposes. If you object to such processing, we will cease to process your personal information for direct marketing purposes.
You can ask us to stop sending you marketing materials at any time by: (i) following the Unsubscribe links on any marketing communication, email message or email newsletter sent to you; or (ii) contacting us by email at the email address provided at the foot of our website home pages.
Site Visit Tracking
We use both session and persistent cookies on our sites. See our Cookies Policy for more details.
Like most websites, this site uses Google Analytics (GA) as a third party processor to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although data such as your geographical location, device, internet browser and operating system is recorded, none of this information personally identifies you to us. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within our websites.
When making a booking on our website, we utilise the third parties of Fuse Metrix Group Ltd as our payment gateways for online bookings. They process all payment data on our websites and we only have limited access to that data.
Who we share your data with
We may need to share your information with various third parties which provide services to us or act on our behalf in connection with the operation of our business. In particular, your information may be disclosed to the following categories of third parties:
Other companies within our corporate group.
Professional advisers (including legal advisers and financial advisers), auditors, insurers, bankers, and financial organisations.
Third party service providers which provide services to us in connection with the operation of our business, including but not limited to: payment processing services, IT and system administration services and other technical services; data analytics services; marketing services; fraud prevention and credit reference services; logistics and delivery services.
HM Revenue & Customs and/or any other public authority or regulatory authority in circumstances where we are required to disclose personal information by law.
We require all third party service providers to respect the security of your personal information and to treat it in accordance with the law. We do not permit our third party service providers to use your personal information for their own purposes and only permit them to process your information for specified purposes and in accordance with our instructions.
International data transfers
Please note that there may be instances where it may be necessary for us to transfer your information outside the European Economic Area, e.g. if we use third party service providers from another country. In these circumstances we shall put in place suitable safeguards to ensure that your information is held securely. If you require further information about the safeguards put in place you can request it from us by contacting us by email at the email address stated at the foot of our website home pages.
How long we retain your data
We will retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
What rights you have over your data
You have a number of rights in relation to your personal data. In summary, you have the right to request: access to your data; rectification of any mistakes in our files; erasure of records where no longer required; restriction on the processing of your data; objection to the processing of your data; data portability; and various information in relation to any automated decision making and profiling or the basis for international transfers. You also have the right to complain to your supervisory authority.
These are defined in more detail as follows:
Right of Access
You can ask us to:
confirm whether we are processing your personal data;
give you a copy of that data;
provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out automated decision making or profiling, to the extent that information has not already been provided to you in this Policy.
Right of Rectification
You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.
Right to be Forgotten
You can ask us to erase your personal data, but only where:
it is no longer needed for the purposes for which it was collected; or
you have withdrawn your consent (where the data processing was based on consent); or
it follows a successful right to object; or
it has been processed unlawfully; or
it is necessary to comply with a legal obligation which we are subject to.
We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims, in relation to the freedom of expression or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. In the context of marketing, please note that we will maintain a suppression list if you have opted out from receiving marketing content to ensure that you do not receive any further communications.
Right to Restrict
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
its accuracy is contested, to allow us to verify its accuracy; or
the processing is unlawful, but you do not want it erased; or
it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where:
we have your consent; or
to establish, exercise or defend legal claims; or
to protect the rights of another natural or legal person.
Right to Portability
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but in each case only where: the processing is based on your consent or the performance of a contract with you; and the processing is carried out by automated means.
Right to Object
You can object to any processing of your personal data which has our ‘Legitimate Interests’ as its legal basis if you believe your fundamental rights and freedoms outweigh our Legitimate Interests. Once you have objected, we have an opportunity to demonstrate that we have compelling Legitimate Interests which override your rights, however this does not apply as far as the objections refers to the use of personal data for direct marketing purposes.
How to exercise your rights
To exercise your rights, you can contact us as set out below. Please note the following if you do wish to exercise these rights:
Identity. We take the confidentiality of all records containing personal data seriously and reserve the right to ask you for proof of your identity if you make a request.
Fees. We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances.
Timescales. We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
Exemptions. Local laws, including in the UK, provide for additional exemptions, in particular to the right of access, whereby personal data can be withheld from you in certain circumstances, for example where it is subject to legal privilege.
For any data protection questions, please contact -
Data Protection Officer
c/o Wild Shore Dundee
West Victoria Dock Road
Dundee DD1 3JP