We regularly collect and use personal data about consumers who visit our attractions or browse our websites. Personal data is any information that can be used to identify you as an individual. The protection of personal data is very important to us and we understand our responsibilities to handle your personal data with care, to keep it secure and to comply with legal requirements.
Please read this Policy carefully, it provides important information about how we use your personal data and explains your legal rights. This Policy is not intended to override the terms of any contract that you have with us (for example, Wifi terms and conditions, annual pass terms, dive experience terms) or any rights you might have available under applicable data protection laws.
We will make changes to this Policy from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will make sure that you are aware of any significant changes by sending an email message to the email address you most recently provided to us or by posting a notice on each relevant website so that you are aware of the impact to the data processing activities before you continue to engage. We encourage you to regularly check back and review this policy so that you will always know what information we collect, how we use it, and who we share it with.
WHO is responsible for looking after your personal data?
Oakwood Leisure Limited and Deep Sea Leisure plc are part of a group of companies operating under the trading name of Aspro Parks company number B-86750619. Aspro Parks registered office address Oquendo 23, Madrid, 28006, Spain operates over 80 attractions in 10 countries. A list of attractions can be found at the bottom of each attractions website. In the UK Aspro Parks operates Oakwood Leisure Limited and Deep Sea Leisure plc.
The entity in Aspro Parks group which was originally responsible for collecting information about you will be the Data Controller. Other entities in the Aspro Parks group may also be Data Controllers where they control the use or processing of such data. There is a single point of contact for Data Controllers in the UK who can be contacted using the details set in section 9 below.
COLLECTION of data
How do we collect your data?
We collect your personal information when you complete our online forms, subscribe to our newsletters or buy products/tickets/passes/retail goods from our website, make bookings over the phone, where you sign up for Wi-Fi at one of our attractions, enter competitions or complete surveys or sign up for products/activities at the attractions or where you contact us with suggestions or questions.
We may also monitor and record telephone calls in order to record your opt in response to receive marketing content when you call us directly.
Where someone has applied for an annual pass/season pass, purchased gift vouchers, dive experience vouchers or entered a competition on your behalf information about you in those circumstances will be provided to us indirectly by a family member or another third person.
We will not knowingly collect any personal data about children for the purpose of marketing without making it clear that such information should only be provided with parental consent, if this is required by applicable laws – so Aspro Parks will only use the personal data of children as far as is permitted by law where the required parental or guardian consent has been obtained.
PURPOSES we use your personal data for and LEGAL BASIS
What we use your personal data for?
ensure that content from our site is presented in the most effective manner for you and for your computer.
provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
carry out our obligations arising from any contracts entered into between you and us.
allow you to participate in interactive features of our service, when you choose to do so.
notify you about changes to our service.
We may also send you marketing materials (where we have appropriate permissions as explained in more detail below under Section 5). This process is likely to include profiling, and more information is provided at Section 6 of this Policy about this. We will also need to use your personal data for purposes associated with our legal and regulatory obligations.
We have to establish a legal ground to use your personal data, so we will make sure that we only use your personal data for the purposes where we are satisfied that:
our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to manage your booking for entry tickets to an attraction), or
our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we are subject to (e.g. to comply with ICO requirements), or
our use of your personal data is necessary to support ‘Legitimate Interests’ that we have as a business (for example, to improve our products, or to carry out analytics across our datasets), provided it is always carried out in a way that is proportionate, and that respects your privacy rights. Where required under separate laws, for example the Privacy and Electronic Communications Regulations, we will also ensure that you have opted in to send you marketing materials – see section 5 below for more details.
Whom do we SHARE your personal data with?
We share your information with other companies in our group.
We also share the data with third parties to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data and include:
Services providers who help manage our IT and back office systems and assist with our customer relationship management activities, in particular Vennersys, CT, The Eword, Facebook
Cloud Service Providers that help us store your information
Our website development agencies , Neuronic, Nation Broadcasting
Our PR agency
Marketing analytics companies that give us insight on who is buying our products in order that we can more effectively sell our products
Payment service providers who process payments on our behalf
Lawyers and insurance companies representing us in event of a claim
Regulatory bodies and law enforcement agencies (if legally required)
Search engine and social media operators that help us understand how to improve our online presence
If you have chosen to opt in to receive marketing information from us we will only use the contact details provided to send you information, this will include promotions, information and special events happening at Aspro Parks Group.
If after you have opted in to receive marketing information from us, you change your mind for any reason, simply click unsubscribe from the email you have received or send an email to the Data Controller (details below) and we will remove your information from our database.
We will not transfer, disclose, sell or distribute your personal information to a third party, unless we have your permission to do so or are required to do so by law. We may however, on occasion, release your information to our appointed marketing agents, who have the ability to use your details only for the purposes of providing you with marketing material regarding events etc. Our marketing agents can only process personal information we provide them on our behalf and in accordance with our instructions and are required to have in place adequate security measures regarding any personal information they hold on our behalf.
‘Automated Decision Making’ refers to a decision which is taken through the automated processing of your personal data alone – this means processing using, for example, software code or an algorithm, which does not involve any human intervention. We do not carry out any automated decision making, however we do carry out profiling using automated processing to tailor marketing materials for a specific customer.
Where we have permissions to send a consumer marketing updates, we may use profiling to ensure that marketing materials are tailored to your preferences and to what we think you will be interested in. In certain circumstances it will be possible to infer certain information about you from the result of profiling, which could include special categories of personal data, but we will not do this unless we have obtained your explicit consent to do so.
Period of Time Personal Data Shall be Stored
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 3 of this Policy.
Where we are required to do so we will retain your personal data to meet legal, regulatory, tax or accounting requirements, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required and we do not have a legal requirement to retain it, we will ensure it is either securely deleted or stored in a way such that it is anonymised and the Personal Data is no longer used by the business.
You have a number of rights in relation to your personal data. You can request details of what information we hold on you and have this information updated at any time. If you would like to make such a request please use the contact details below.
Applicable Rights – The right to request access to personal data; the right of rectification of any mistakes in our files; erasure of records where no longer required; restriction on the processing of your data, objection to the processing of your data; data portability.
To exercise your rights you can contact us as set out in Section 9. Please note the following if you do wish to exercise these rights:
We take the confidentiality of all records containing personal data seriously, and reserve the right to ask you for proof of your identity if you make a request.
We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances.
We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
Local laws, including in the UK, provide for additional exemptions, in particular to the right of access, whereby personal data can be withheld from you in certain circumstances, for example where it is subject to legal privilege.
Contact and complaints
The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is our Data Protection Officer. The Data Protection Officer can be contacted in the following way:
Address Data Controller, Blue Planet Aquarium, Cheshire Oaks, Ellesmere Port,
If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
Links to other websites
We display links to other websites to provide you with additional useful information. These sites are not within our control and therefore we cannot be responsible for the protection and privacy of information you provide when visiting such web sites. You should exercise caution when using such sites and look at the privacy statement applicable to the website in question. We will always endeavour to make sure these links are seen as external and you realise you are no longer viewing our website.