Privacy Policy
Stump Cross Privacy Policy
Thank you for taking the time to read our privacy notice. The aim of this Policy is to explain how Stump Cross Limited collects and processes your personal data when you visit our website, visit our attractions or use our services as a customer or a member of the public.
It is important that you read this privacy notice carefully. It provides information about how we use personal data and explains your legal rights. If you have any questions you can contact us on the details given at the end of this Policy.
We will make changes to this Policy from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will make sure that you are aware of any significant changes by sending an email message to the email address you most recently provided to us or by posting a notice on our website so that you are aware of the impact to the data processing activities before you continue to engage. We encourage you to regularly check back and review this policy so that you will always know what information we collect, how we use it, and who we share it with.
1. IMPORTANT INFORMATION ABOUT WHO WE ARE AND WHAT WE DO
Stump Cross Limited is a limited company which provides visitor attractions including underground caves located in the Yorkshire Dales National Park in the United Kingdom.
Stump Cross Limited’s main purpose is to provide visitor attractions to members of the public. These include:
· Underground caves underneath the Yorkshire Dales,
· A café, bistro and private dining areas,
· A cinema,
· Access to the grounds including camping pitches,
· Crowdfunding campaigns including competitions,
· A Gift shop,
· Online merchandising,
· Online virtual web tours.
Stump Cross Limited is the data controller and responsible for personal data collected when fulfilling the main purposes of business as stated above.
Stump Cross Limited is a company registered in the UK with a Company Number 04836148.
We have registered our activities with the Information Commissioner’s Office (ICO) in the UK and our ICO registration number is ZB277237. Details about the Stump Cross Limited data protection registration can be found via the ICO’s website: https://ico.org.uk/ESDWebPages/Search
If you have any questions about this privacy notice or our data protection practices, please contact us via the contact details below.
CONTACT DETAILS
Contact name: Oliver Bowerman
Company Director
Stump Cross Limited, Greenhow Hill, Pateley Bridge, Yorkshire, HG3 5JL
Email: enquiries@stumpcrosscaverns.co.uk
Telephone: + 44 (0) 1756 752780
Areas for the Policy to cover and questions arising
2. INFORMATION ABOUT THE DATA WE COLLECT ABOUT YOU
Personal data means any information about an individual from which that person can be identified, or any information about an identifiable individual. It does not include data which cannot be connected to an identifiable individual which is anonymous data.
There are different types of personal data about you which we might collect use, store or transfer. In addition to these specific categories of data, we might in relation to any interaction collect a range of other data about data subjects, for the purposes outlined below. We have grouped these together as follows, and provided some illustrations of the type of personal data which might fall into each grouping:
a) Identity Data could include your first name, maiden name, last name, username or similar
identifier, marital status, title, date of birth or gender and would be collected to make bookings to Stump Cross Limited’s visitor attractions and/or to utilise other Stump Cross Limited’s services.
b) Contact Data could include your home or work address, email address, telephone numbers or another unique identifier for use with electronic communication and would be collected to make bookings to Stump Cross Limited’s visitor attractions and/or to utilise other Stump Cross Limited’s services.
c) Financial Data could include bank account and payment card details used to make bookings to Stump Cross Limited’s visitor attractions and/or to purchase other Stump Cross Limited’s services.
d) Transaction Data could include details about payments and financial transactions to and from you and other details necessary for the fulfilment of bookings including credit and debit card details.
e) Technical Data could include your internet protocol (IP) address, your login data, browser type and version, operating system and platform, and information about other technology on the devices you use to access the Stump Cross Limited website, online events, etc.
f) Profile Data could include your interests, preferences, feedback and survey responses following visits to Stump Cross Limited’s visitor attractions or using Stump Cross Limited’s services.
g) Usage Data could include information about how you came to and leave our website, and how you use our website, products and services.
h) Aggregated Data such as statistical, research, survey or demographic data for any purpose. Aggregated Data could be derived from your personal data but this data will not directly or indirectly link to you as an identifiable individual. For example, we may collect aggregate about coach parties, cinema booking or private dining bookings or from customer satisfaction surveys following visits to our attractions. However, if we combine or connect Aggregated Data with your personal data so that it can be linked directly or indirectly to you, we treat the combined data as personal data which will only be used in accordance with this privacy notice.
i) Special category data is not routinely collected except for dietary information (i.e. health data) which is required to supply refreshments for pre-booked events such as the use of the private dining facilities; and physical health conditions which is required for access to some of the visitor attractions such as the underground caves. We do not collect any information about criminal convictions. If we needed such information we will ensure that we have a lawful basis for our processing of it.
3. WHY COLLECT YOUR PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you (such as to fulfil the terms of accessing Stump Cross Limited’s visitor attractions or buying merchandise), and if you decide not to provide that data when requested, we may not be able to carry out our business functions, perform the contract we have or are trying to enter into with you (for example, to provide you with a booking for a visit to the underground caves), or proceed with some other activity. In this case, we will inform you of the consequences at the time, but these may include being unable to complete any commercial or contractual activity that you may have asked us to undertake.
4. HOW WE COLLECT YOUR PERSONAL DATA
We use different methods to collect data from and about you including through:
Direct. You may give us your identity, contact and financial data when you purchase a ticket or pass to a Stump Cross Limited’s attractions, when completing an online booking form, when you stay at Stump Cross Limited (e.g. using the camping pitches), when you buy products and services from us or correspond with us about any other matters via the Stump Cross Limited website, by post, phone, email or other means. This includes personal data you provide when you or:
· ask for information about Stump Cross Limited’s services;
· agree to become a customer of Stump Cross Limited;
· respond to a survey that we are running;
· request communications to be sent to you; or
· give us feedback or contact us.
Automated technologies or interactions. As you interact with the Stump Cross Limited website, our digital systems will automatically collect technical data and usage data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.
User Generated Data. We may generate transaction, usage, marketing and communications data about you, by way of records of the direct and automated interactions that you have with us or our website.
Third parties. We will receive personal data about you from various third parties as set out below:
· analytics providers e.g. Google Analytics;
· content management system providers;
· social media – Facebook, Instagram and Twitter.
5. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data for the purpose for which we collected it.
We will use your personal data to:
· ensure that content from our site is presented in the most effective manner for you and for your computer.
· provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
· carry out our obligations arising from any contracts entered into between you and us.
· allow you to participate in interactive features of our service, when you choose to do so.
· notify you about changes to our service.
We may also send you marketing materials where we have appropriate permissions (your consent). We will also need to use your personal data for purposes associated with our legal and regulatory obligations.
We have to establish a legal ground to use your personal data, so we will make sure that we only use your personal data for the purposes set out in Table 1 where we are satisfied that:
· our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to manage your booking for entry tickets to an attraction), or
· our use of your personal data based on your consent (e.g. when you supply dietary information for private dining bookings)
· our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we are subject to (e.g. to comply with ICO requirements), or
· our use of your personal data is necessary to support 'Legitimate Interests' that we have as a business (for example, to improve our products, or to carry out analytics across our datasets), provided it is always carried out in a way that is proportionate, and that respects your privacy rights.
· our use of your personal data is with consent including where required under separate laws, for example the Privacy and Electronic Communications Regulations, we will also ensure that you have opted in before we send you marketing materials.
Before collecting and/or using any special categories of data we will establish an additional lawful ground to those set out above which will allow us to use that information. This additional exemption will typically be your explicit consent.
The list of purposes that Stump Cross Limited uses, the type of data used and the lawful basis, as defined in legislation, is detailed in Table 1.
Table 1: How Stump Cross Limited uses your personal data analysed by purpose, type of data and lawful bases
Purpose for using the data |
Type of data used for purpose (see list of data types in section 2 of this policy) |
Lawful basis for processing |
To identify future customers for repeat visits to Stump Cross Limited’s attractions and/or purchasing of merchandise |
a) Identity data b) Contact data h) marketing and communications data including preferences |
· Consent
|
To set and deliver Stump Cross Limited’s visitor attraction services: · To administer event bookings including visits to the caves, cinema, café, private dining, campsite · To administer online bookings and merchandise order · Manage payments, fees and charges · Collect fees owed Stump Cross Limited |
a) Identity data b) Contact data c) Financial data d) Transaction data
|
· Legitimate interest · Performance of a contract
|
To manage our relationship with you which may include: · To notify you about changes to the Stump Cross Limited Privacy Policy & Notice · Ask you to participate in a research project and/or surveys |
a) Identity data b) Contact data f) Profile data h) Marketing and communications data including preferences |
· Necessary for legitimate interests e.g. to research members and customers about Stump Cross Limited’s performance and service provision |
To fulfil crowdfunding and competition administration |
a) Identity data b) Contact data c) Financial data d) Transaction data
|
· Necessary to comply with a regulatory obligation e.g. ASA competition rules · Necessary to comply with a contract |
To satisfy external audit and/or legal requirements and standards |
a) Identity data b) Contact data c) Financial data d) Transaction data
|
· Necessary to comply with a legal obligation · Necessary for legitimate interests e.g. demonstrate adherence to any legal and/or regulatory requirements |
To administer and protect Stump Cross Limited as an organisation including website and digital infrastructure e.g. testing and checking systems, maintenance of the website, etc. |
a) Identity data b) Contact data e) Technical data |
· Necessary for legitimate interests e.g. to ensure adequate and robust administrative and IT services |
To deliver relevant website content including information about Stump Cross Limited’s services, events and other activities |
e) Technical data g) Usage data |
· Necessary for legitimate interests e.g. to sell Stump Cross Limited’s products and services |
To use data analytics to measure and improve Stump Cross Limited’s website performance and customer communications |
e) Technical data g) Usage data |
· Necessary for legitimate interests e.g. to measure website traffic and engagement with Stump Cross Limited |
To issue communications such as newsletters and email and direct marketing communications from Stump Cross Limited |
a) Identity data b) Contact data f) Profile data h) Marketing and communications data including preferences |
· Necessary for legitimate interests e.g. to communicate with customers · Informed consent e.g. direct marketing activities such as email and direct marketing |
To make suggestions to further engagement with you as a member and/or customer of Stump Cross Limited |
a) Identity data b) Contact data f) Profile data h) Marketing and communications data including preferences |
· Necessary for legitimate interests e.g. to communicate with customers · Informed consent e.g. direct marketing activities such as email and direct marketing |
6. HOW WE SHARE YOUR PERSONAL DATA
We may share your personal data with the parties set out below for the purposes set out in Table 1.
Third Parties, including:
· service providers, who help manage our IT and back office systems, and assist with our Customer Relationship Management activities, in particular Craven Digital, Easyview Platform, Dropbox, Shopifystore, Stripe, Google Calendar, Instagram, Twitter and Facebook.
· our competition supplier, Crowdfunder
· our CCTV provider, Easy View
· our website development supplier, Wordpress
· external professionals appointed to provide advice and recommendations on areas connected with their expertise e.g. auditors, IT service suppliers
· our regulators, which include the ICO, as well as other regulators and law enforcement agencies in the E.U. and around the world.
Stump Cross: please confirm if this list is complete with all third party suppliers listed
We will only share personal data with a third party to the minimum extent necessary for the lawful purposes. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes, to the minimum extent necessary and in accordance with our instructions.
7. DIRECT MARKETING
We may use your personal data to send you direct marketing communications about our attractions, experiences, competitions or our related services. This will be in the form of email, post, SMS or targeted online advertisements.
Where we require explicit opt-in consent for direct marketing in accordance with the Privacy and Electronic Communications Regulations we will ask for your consent.
You have a right to stop receiving direct marketing at any time - you can do this by following the opt-out links and boxes in our electronic and direct marketing communications. You can also contact us at any time to instruct us to stop sending you marketing materials by using the contact details in Section 1.
We also use your personal data for customising offers and content made available to you based on your visits to and/or usage of our visitor attractions or our website as well as your interaction with them.
8. WHAT INTERNATIONAL TRANSFERS WE UNDERTAKE AND HOW THESE ARE MANAGED
Stump Cross Limited is based in the UK and its main service providers are based either in the UK or in countries in the European Union (EU). Both destinations are covered by the so called “Adequacy Decisions”, which means that they both provide a level of legislative protection deemed adequate.
On occasion it might also be necessary for Stump Cross Limited to make a transfer of your personal data to a country which are not covered by an Adequacy Decision, such as the US.
In those circumstances (including the limited circumstances identified above) we ensure that adequate safeguards are in place which will be appropriately documented in a formal agreement using appropriate safeguards.
9. DATA SECURITY FOR YOUR PERSONAL DATA
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those Stump Cross Limited staff, service suppliers and other third parties who have a reason for needing your personal data e.g. to deliver a Stump Cross Limited service to you. They will only process your personal data on Stump Cross Limited’s instructions and they are subject to a duty of confidentiality.
The data security measures that we have in place include:
· On-going support from a specialist IT company ensuring Stump Cross Limited’s security is up-to-date,
· Encrypting documents and servers Having robust back-up procedures.
The above procedures are supported by appropriate policies setting out the procedures we undertake. Despite all of our precautions however, no data can be guaranteed to be 100% secure. So, whilst we strive to protect your personal information, we cannot guarantee the security of any information which you send to us and you must understand that you do so at your own risk.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach, in a timely manner, where we are legally required to do so. We will endeavour to work with you and them to minimise the impact of the breach.
10. RETAINING YOUR DATA
We will only keep your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period if we reasonably believe there is a specific need, e.g. prospect of litigation, in respect to our relationship with you.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required and we do not have a legal requirement to retain it, we will ensure it is either securely deleted or stored in a way such that it is anonymised and the personal data is no longer used by Stump Cross Limited.
To determine the appropriate retention period for personal data, we consider the data minimisation principle and balance the need for retention and the need for minimisation.
The actual retention periods for the different types of personal information that we hold is detailed in Table 2.
Table 2: Stump Cross Limited’s current data retention periods
Stump Cross Limited’s Administrative & Customer Data - Record Type
|
Retention period |
Reason |
General
|
|
|
General correspondence |
3 years |
For reference purposes |
Emails |
5 years |
For reference purposes |
Visitor Attraction Bookings
|
|
|
Visitor attraction booking forms e.g., for the caves, café, private dining, camping park, cinema, etc |
2 years from the date of the event |
To respond to any queries plus financial audit requirements |
Dietary and health information for in-person visitors to the Stump Cross attractions |
One month after the event |
For reference should there be any post-event dietary queries |
Visitor Attraction Attendance |
|
|
Photographs from visitors to the Stump Cross Limited visitor attractions |
Indefinitely |
Marketing and archival purposes |
CCTV recordings from cameras on site at the Stump Cross Limited visitor attractions |
Indefinitely |
For security and reference purposes
|
Delegate lists for daily visitors to attractions |
1 day |
For on-the-day reference purposes |
Competitions |
|
|
Donors, crowdsource participants and competition entrants |
7 years |
For administration of the competitions and any queries received during or after the completion of a competition |
Research and surveys |
|
|
Identifiable research responses
|
1 year after the research results have been collected |
For statistical analysis and historic purposes |
Non-Identifiable research responses
|
1 year |
Reference purposes |
Governance
|
|
|
Legal advice |
Indefinitely
|
Historical archive purposes
|
Governance records e.g. establishment records |
Indefinitely |
Historical reference |
Contracts e.g. licence agreements
|
Retain for the period of the contract plus an additional 24 months |
To respond to any queries |
Database
|
|
|
Customer records |
Indefinitely |
For marketing requirements |
Accounting & Financial records |
6 years from the end of the last company financial year which they relate to, or longer if: they show a transaction that covers more than one of the company’s accounting periods; the company has bought something that it expects to last more than 6 years, like equipment or machinery; a Company Tax Return is late; or HMRC has started a compliance check into the Company’s tax return
|
UK legal requirement: https://www.gov.uk/running-a-limited-company/company-and-accounting-records
|
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research, survey or statistical purposes, in which case we may retain this aggregate data for an indefinite period as the data will no longer be identifiable.
11. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data including the right to receive a copy of the personal data we hold about you. Your legal rights are detailed in Table 3.
Table 3: Your legal rights
Your legal right |
What this means |
Subject access |
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here. |
Rectification |
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here. |
Erasure /right to be forgotten |
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here. |
Restriction |
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here. |
Objection |
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests. You can read more about this right here. |
Portability |
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here. |
We will need to request specific information from you to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We aim to respond to all legitimate requests within one month of the confirmation of the identity of the request. There may be occasions when request take Stump Cross Limited longer to fulfil e.g. if a request is complex or involves a significant amount of data. If this applies we will notify you and keep you updated.
Contact to exercise rights and to make a complaint
The primary point of contact for all issues arising from this Policy, including requests to exercise your rights is via: enquiries@stumpcrosscaverns.co.uk. Or by contacting us by telephone or post using the contact details provided in Section 1 of this policy.
You also have the right to make a complaint at any time to the Information Commissioner’s Office, the UK’s supervisory authority for data protection issues: see: https://ico.org.uk/ for more details.
This privacy notice was last updated on 1.2.22. The Privacy Notice & Policy may be updated from time to time and an updated version will be published on the Stump Cross Limited website
Version |
Description |
|
v1.0 |
Date Live: |
01/05/2023 |
Version Notes: |
|
|
Approved by: |
Stump Cross Limited |
|
|
|
|
V2.0 |
Date Live: |
|
Version Notes: |
|
|
Reviewed by: |
|
|
Approved by: |
|
DigiTickets Privacy Policy
Who we are
In this privacy policy references to "we", "us" and "our" are to Stump Cross. References to "our Website" or "the Website" are to stumpcross.digitickets.co.uk.
Information collected and its use
The information we collect via the Website may include:
- Any personal details you knowingly provide us with through forms and our email, such as name, address, telephone number etc.
- In order to effectively process credit or debit card transactions it may be necessary for the bank or card processing agency to verify your personal details for authorisation outside the European Economic Area (EEA). Such information will not be transferred out of the EEA for any other purpose.
- Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates on products and offers).
- Your IP Address, this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website. This information is used to monitor your usage of the Website.
- Information about your device such as your web browser, screen resolution and operating system. This information is used to ensure we continue to support the different devices used by our customers.
- Data recorded by the Website which allows us to recognise you and your preferred settings, this saves you from re-entering information on return visits to the site. Such data is recorded locally on your computer through the use of cookies. Most browsers can be programmed to reject, or warn you before downloading cookies, information regarding this may be found in your browsers 'help' facility.
We do not store any credit card details.
What we do with your information
Any personal information we collect from this website will be used in accordance with the Data Protection Act 1998 and other applicable laws. The details we collect will be used:
- To process your order, to provide after sales service (we may pass your details to another organisation to supply/deliver products or services you have purchased and/or to provide after-sales service);
- In certain cases we may use your email address to send you information on our other products and services. In such a case you will be offered the option to opt in/out before completing your purchase.
We may need to pass the information we collect to other companies for administrative purposes. We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use the Website and issuing our e-mails for us. Third parties will not be allowed to use your personal information for their own purposes.
Cookie Policy
Like many websites we use cookies to store and then retrieve small bits of information on your computer when you visit. This information is used to make the site work as you expect it to. It is not personally identifiable to you, but it can be used to give you a more personalised web experience.
Some of the information stored is put there by other companies whose software we have added to the site, and this can also impact your experience of other websites you may visit after leaving ours.
If you continue to use this site without taking action to prevent the storage of this information, you are effectively agreeing to this use.
If you want to learn more about the general uses of cookies, including how to stop them being stored by your computer, please visit Cookiepedia - all about cookies.
Below is a list of the different types of cookies used on this site, and an explanation of what they are used for. If you would like any more information, please get in touch.
Cookie |
Name |
Expiration Time |
Purpose |
Shopping Basket |
PHPSESSID |
24 minutes |
This cookie is used to keep track of what items are in a user's shopping basket. |
Cookie Consent |
dtAnalyticsConsent |
1 year |
This cookie is used to monitor the users consent for analytical cookies on our site. No user data is collected without this being enabled. |
Google Analytics |
_ga |
2 years |
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. |
_gid |
24 hours |
||
_gat_tracker-name |
1 minute |
||
Microsoft Clarity |
_clck |
1 year |
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site and how they interact with the website. |
_clsk |
1 year |
||
CLID |
1 year |
||
ANONCHK |
1 year |
||
MR |
1 year |
||
MUID |
1 year |
||
SM |
1 year |
||
New Relic |
__cfduid |
1 year |
This cookie is used to collect information about visitor's experience of the site in terms of performance. This helps us to monitor that our systems are working quickly and effectively, and to identify any problematic areas. |
Your Rights
You have the right to request a copy of any information that we currently hold about you. In order to receive such information please send your contact details including address to the following address:
Stump Cross
tbc
Other websites
This privacy policy only covers this website. Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.