Privacy Policy
Last updated: January 2024
Adventure Wales ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
Quick Navigation
1. Information We Collect
Information You Provide
We collect information you provide directly to us, including:
- Account Information: Name, email address, password, phone number
- Booking Information: Participant details, emergency contacts, medical information relevant to activities
- Payment Information: Billing address and payment details (processed securely by our payment processor)
- Communications: Messages you send to us, feedback, reviews, and survey responses
- Profile Information: Preferences, interests, profile photos you choose to add
Information Collected Automatically
- Usage Data: Pages viewed, search queries, clicks, time spent on pages
- Device Information: IP address, browser type, operating system, device identifiers
- Location Data: Approximate location based on IP address (precise location only with your permission)
- Cookies and Similar Technologies: See our Cookie Policy
Information from Third Parties
We may receive information from activity operators, payment processors, analytics providers, and social media platforms (if you choose to connect your accounts).
2. How We Use Your Information
We use your information to:
- Process and manage bookings, payments, and cancellations
- Communicate with you about your bookings and account
- Provide customer support and respond to enquiries
- Send you booking confirmations, updates, and safety information
- Improve and personalize your experience on our platform
- Send marketing communications (with your consent, where required)
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations and enforce our terms
- Conduct analytics and research to improve our services
3. Legal Basis for Processing (GDPR)
Under the UK GDPR, we process your personal data based on:
- Contract Performance: Processing necessary to fulfill bookings and provide services
- Legitimate Interests: Improving our platform, fraud prevention, business analytics
- Legal Obligation: Compliance with tax, accounting, and safety regulations
- Consent: Marketing communications, optional features, and cookies (where required)
- Vital Interests: Emergency situations requiring disclosure of medical information
5. Data Retention
We retain your personal data for:
- Account Data: Until you request deletion or close your account
- Booking Data: 7 years for tax and accounting purposes
- Communications: 3 years from last interaction
- Marketing Data: Until you unsubscribe or withdraw consent
- Legal Claims: As long as necessary to defend or pursue legal claims
6. Your Rights Under GDPR
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we use your data
- Data Portability: Receive your data in a machine-readable format
- Object: Object to processing based on legitimate interests or for marketing
- Withdraw Consent: Withdraw consent for processing at any time
- Lodge a Complaint: File a complaint with the UK Information Commissioner's Office (ICO)
To exercise these rights, contact us at privacy@adventurewales.co.uk.
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of data in transit (SSL/TLS) and at rest
- Regular security audits and vulnerability assessments
- Access controls and authentication requirements
- Employee training on data protection
- Incident response and breach notification procedures
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
9. Children's Privacy
Our services are not directed to children under 16. We do not knowingly collect personal data from children. Parents/guardians make bookings on behalf of children participating in activities.
If you believe we have collected data from a child, contact us immediately at privacy@adventurewales.co.uk.
10. International Data Transfers
Your data may be transferred to and processed in countries outside the UK/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the UK/EU
- Adequacy decisions by the UK/EU for certain countries
- Binding corporate rules and certifications
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Posting the updated policy with a new "Last Updated" date
- Sending an email notification to registered users
- Displaying a prominent notice on our website
Continued use of our services after changes indicates acceptance of the updated policy.
12. Contact Us
For questions about this Privacy Policy or to exercise your rights, contact our Data Protection Officer:
Email: privacy@adventurewales.co.uk
Post:
Data Protection Officer
Adventure Wales
Innovation Centre
Cardiff Bay, CF10 4BZ
Wales, United Kingdom
UK ICO Registration: [Registration Number]