1 Your Information
Please ensure that when making an order the information you provide is correct and complete. If you wish to make any changes to the information you have provided then please inform Wingham Wildlife Park of these immediately. However Wingham Wildlife Park reserves the right not to act on any requested changes unless it would be unreasonable not to act.
1.1 Direct Marketing
We will only contact you by email if you actively consent to this. By consenting to Wingham Wildlife Park emails or opting in to email communications, you grant us permission to use your email address to send you email marketing communication. At any stage you may choose to opt out of such communications.
If you have provided us with your postal address or telephone number we may contact you by post or telephone about our work, unless you have told us that you don’t want to receive this. Before making such calls we will always screen against the Telephone Preference Service (TPS) or, where sending letters, we will always screen against the Mail Preference Service.
Where you are registered with the TPS we will only make calls to you if you have specifically consented to receiving calls from Wingham Wildlife Park or if we need to contact you in reference to a purchase, for example if there has been a problem in processing a payment. Likewise we will only write to you if you are registered with the Mail Preference Service if you have specifically consented to receiving letters from Wingham Wildlife Park.
1.2 Third parties
Wingham Wildlife Park will not sell your data. We will not share your data for marketing purposes unless you have actively consented to this. However, in some circumstances we may need to share your details with a third party for processing. This could be if we run an event in partnership with another organisation and they need your details in order to fulfil your tickets or experience. For example, if you are taking part in a running event with us, we may need to share your details to be able to send your race pack to you. We may also use a third party to process your personal details if we need to send your data to a mailing house in order to fulfil a postal mailing to you, this could include sending you a letter about your membership.
1.3 Enhancing your supporter experience
We may use profiling and screening techniques to ensure that the communications we send you are relevant to you. This allows us to provide an improved experience for our supporters.
When building a profile of our supporters we may analyse geographic and demographic information, as well as your online behaviour and purchase history, to better understand your interests so we can contact you with relevant messages. An example of this would be looking at your location so we can share information about relevant events in your area.
You can opt out of your data being used in this way by emailing email@example.com.
1.4 Your choice
You always have a choice as to whether and how you want to receive communications about our work, products and services and ways you can get involved. If you do not want us to use your contact details to contact you in the future you can opt out of this when we collect your details or at a later time.
If you ever want to change your contact preferences, or opt out of communications, you can do this at any time by clicking the unsubscribe link at the bottom of any email from us
1.5 Legal basis for processing your personal data
In some circumstances we will collect and process your personal information using the legitimate interest legal processing basis.
Sometimes, we will need to process your data as it is part of a contract which you have entered into. For instance, if you have booked an event or animal experience with us, then we will need to contact you and take payment to enable us to provide the relevant services under the agreement with you.
However in most circumstances, we will rely on your consent when using your personal data. An example of this would be when we request your consent to receive marketing emails from Wingham Wildlife Park.
We hold your information for only as long as necessary for the purpose needed. For example if you have a season ticket with us, we will keep your details for a minimum of 12 months after your membership expires to allow us to process a renewal discount the following year, unless you decide prior to this not to renew your membership and wish for your details to be removed.
1.7 Under 18s
On some occasions we may collect and manage data of under 18’s. We will always aim to manage this data in a way which is appropriate to the age of the child and will only keep this data for the purpose in which it was collected. Children’s data is usually only collected if you hold a Wingham Wildlife Park membership.
We will always try to seek consent from the parent or guardian of the child before collecting and processing this information.
1.8 Keeping your data secure
We always ensure that we have the necessary controls in place to protect the personal data you provide us with.
We carry out regular audits of who has access to data so that we can ensure that your information is only accessed by trained staff.
Wingham Wildlife Park makes every effort to maintain customer confidentiality when securing an online payment. This includes ensuring the security of your credit card details and other personal information. We don’t store your card details on any Wingham Wildlife Park system. All of your personal information is encrypted as it travels over the internet. When you make a booking, you enter a secure internet site (indicated by the letters https:// in the address bar and or a padlock displayed in your web browser). When you make a payment you enter your card details directly into our payment provider’s secure web page. To protect you against credit card fraud (where someone has discovered your credit card details but do not have your card), you will be asked to enter the unique security code printed on the back of your payment card.
Sometimes we use external companies to collect or process your personal data on behalf of Wingham Wildlife Park. We carry out thorough checks on any companies we work with and have a contract in place with each of these companies to ensure that they process your information in line with our expectations.
Some of our suppliers may run their operations outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
If requested we may need to supply your information to the police, regulatory bodies or legal advisors.
We will not share your data with any other third parties unless you have given your explicit consent for us to do so.
1.9 Your right to your personal information
Under the General Data Protection Regulation you have the right to request a copy of the personal information we hold about you. You also have the right to request that we erase any personal information we hold, where WIngham Wildlife Park has no compelling reason to continue processing this data.
If you wish to request this information please contact firstname.lastname@example.org.
We use ‘cookies’ to enhance your experience on our website. Cookies mean that the Wingham Wildlife Park website will remember you for a particular purpose and for a particular length of time.
When you’re accessing our website, your device may provide us with information about the device you’re using, this could include the type of device, what operating system you’re using and may report any details of a website or app crash. Your device manufacturer or operating system provider will be able to provide you with more details about the information your device makes available to us.
3. Google Analytics
We use Google Analytics to help us understand how visitors are using and engaging with our website and apps. This allows us to make improvements to our web services and your online experience.
The Google Analytics tracking tool uses a number of cookies to collect information and report website usage statistics and does so without personally identifying individual visitors to Google or Wingham Wildlife Park.
The information generated by the cookie about your use of Wingham Wildlife Park’s website will be transmitted and stored by Google on servers in the United States.
In addition to reporting website usage statistics, we use Google Analytics in conjunction with additional advertising cookies. We use these cookies to select advertising based on what’s relevant to you, to measure interactions with the ads we display and to improve reporting on campaign performance.
The additional advertising cookies we use include:
Remarketing with Google Analytics
Google Display Network Impression Reporting
Google Analytics Demographics and Interest Reporting
Other integrated services
Wingham Wildlife Park will not merge personally-identifiable information with anonymous information gathered from these analytics systems unless there is prior notice and affirmative consent via opt-in from the user. When using any of these tracking tools Wingham Wildlife Park does not identify users or facilitate the merging of personally identifiable information with non-personally identifiable information collected.
If you wish to opt-out of Google Analytics tracking please visit and install the Google Analytics Opt-out Browser Add-on here: https://tools.google.com/dlpage/gaoptout/
Information we get from other organisations when you give them permission to share your details, or your information is available publically.
GoCardless have their own set of privacy policies, which apply only to customers purchasing a season ticket through our direct debit option.
Who is GoCardless?
GoCardless provides services that help merchants process payments for their goods or services. The controller for the personal data involved when you use GoCardless, visit GoCardless’s website or communicate with GoCardless, or transact with a merchant using GoCardless’s payment services, is:
Sutton Yard, 65 Goswell Road
London, EC1V 7EN
Contact GoCardless’s Data Protection Officer or exercise your data protection rights (including your right to object) Merchants who use GoCardless’s payment services are also data controllers.
What personal data do GoCardless collect?
GoCardless collect personal data when you set up and make or have a payment collected using GoCardless’s services.
- Identification and contact information, such as your name, home address, and email address. Where required by law or financial institutions, GoCardless also collect a government identifier.
- Financial information, such as your bank account number, sort code, account holder name, and other information you provide to GoCardless or give us consent to access directly from your bank. Using tools on GoCardless’s website, like Truelayer, you can choose whether to let GoCardless access personal data directly from your bank account so that GoCardless can verify that you are the owner of the account. This includes your balance and personal details registered to your bank account.
- Transaction information, such as the names of the transacting parties, a description of the transactions, the payment amounts, billing and shipping information, and the devices and payment methods used to complete the transactions.
- Device and connection information, such as the type of device you use to access GoCardless’s services, operating system and version, device identifiers, network information, IP address and location derived from it.
- Payer verification information. If GoCardless’s banking partner or GoCardless’s own fraud alerts flag a potentially fraudulent payment or account, GoCardless will use identity verification and screening agencies like Onfido or Lexis Nexis and other publicly available data to confirm the payer’s identity and clear the alert or stop the payment or chargeback.
Using personal data to provide GoCardless’s services
GoCardless use personal data where it is necessary to provide the services you request.
- To provide payment services, GoCardless use the identification, contact and financial information of merchants and payers. GoCardless use transaction information to deliver key features of the services, such as displaying transaction history.
- GoCardless use personal data to communicate with you, like sending payment notifications, alerting you to changes in the service, or providing customer support.
- GoCardless use personal data to prevent fraudulent or unauthorised use of GoCardless’s services. GoCardless verify the identity of merchants and in some cases payers, evaluate the authenticity of payments, and may block transactions GoCardless believe to be fraudulent or violate GoCardless’s terms. To do this, GoCardless rely on software that makes automatic decisions:
Technology helps GoCardless make automatic decisions based on the information GoCardless collect about you or a transaction. GoCardless routinely test GoCardless’s software to improve the accuracy of these decisions and to prevent unintended bias. These decisions can have significant effects for you, such as:
- Preventing access to GoCardless’s services, if GoCardless determine there is a high likelihood that it would violate GoCardless’s regulatory requirements, for example, if the identification you provide does not match public records, identity verification or credit reference information.
- Cancelling transactions, if GoCardless determine there is a high likelihood that there are insufficient funds to cover it or that it is fraudulent, for example, because the payment is made from a location that does not match GoCardless’s records.
- Cancelling the service, if GoCardless determine that it is being used in violation of GoCardless’s terms, for example, if any of the activities you conduct appear on GoCardless’s list of restricted activities.
Using personal data for GoCardless’s legitimate interests
GoCardless use personal data for GoCardless’s legitimate business interests. When GoCardless do, GoCardless make sure GoCardless understand and work to minimise its privacy impact. For example, GoCardless limit the data to what is necessary, control access to the data, and where GoCardless can, aggregate or de-identify the data.
- GoCardless use personal data to develop and improve GoCardless’s products and services. For example, GoCardless might use data to:
-- create or refine models for detecting unauthorised transactions and improving the speed at which transactions are processed
-- analyse how people engage with GoCardless’s website and services so that GoCardless can develop new products or features.
- Where GoCardless determine that a payment is likely to clear, by using personal data to analyse the likelihood that payers have sufficient funds, GoCardless may advance payments to merchants and partners to process transactions more quickly.
- GoCardless use personal data to promote GoCardless’s services, communicate news and industry updates, and host or participate in events.
- Where GoCardless believe it is necessary to protect GoCardless’s legal rights and interests and the interests of others, GoCardless use personal data in connection with legal claims, compliance, regulatory and audit functions, and in connection with the acquisition, merger or sale of a business.
Using personal data where required by law and payment schemes
GoCardless use personal data to comply with the requirements of law and the payment schemes GoCardless operate under, and as required in other exceptional circumstances.
- GoCardless must conduct due diligence on GoCardless’s merchants and where necessary, payers, and prevent money laundering or other illegal activities. GoCardless verify the identities of prospective and current merchants and their employees and beneficial owners, and screen them for sanctions, politically exposed persons, criminal activity and adverse media. GoCardless conduct background checks where required by law.
To collect sensitive data like criminal activity, GoCardless rely on the "substantial public interest conditions" in data protection law (for example, Schedule 1 of the UK Data Protection Act 2018).
- Under exceptional circumstances, GoCardless may be required by law to provide personal data to law enforcement agencies, courts or others in connection with claims and other litigation.
How is personal data shared?
- GoCardless share personal data with financial institutions and the merchants and payers in a transaction to provide GoCardless’s payment services.
- GoCardless works with partners who integrate GoCardless’s payment services into their applications. When you make a payment through a partner integration, or when you set up a GoCardless account with one of GoCardless’s partners, your personal data will be shared with the partner to provide the integrated services.
- GoCardless share data with GoCardless companies in countries where GoCardless offer the GoCardless payment services, who use it to provide and market GoCardless’s services in those countries, governed by this privacy notice.
- If ownership or control of all or part of GoCardless’s business or assets changes, GoCardless may transfer personal data to the new owner. If the owner will use the data for purposes other than those disclosed here, they will take the steps required by law to ensure such purposes remain lawful.
- GoCardless work with service providers who have access to personal data when they provide GoCardless with services, like technical infrastructure, web and app development, and marketing, analytics and survey tools. GoCardless impose strict restrictions on how service providers store, use and share data on GoCardless’s behalf. GoCardless also work with companies who provide identity verification, background screening, due diligence, consulting and other regulatory services for GoCardless.
- In exceptional circumstances, GoCardless share personal data with government agencies and other third parties if GoCardless believe it is reasonably necessary to comply with law, regulation, legal process or governmental request; to enforce GoCardless’s agreements, policies and terms; to protect the security of GoCardless’s services; to protect GoCardless and GoCardless’s merchants, payers or the public from harm or illegal activities; or to respond to an emergency.
GoCardless’ services are offered from GoCardless’s United Kingdom headquarters. Personal data may also be stored and accessed by service providers located in other countries in the European Union. Some of GoCardless’s service providers are located in the United States or other countries that do not provide the same standard of data protection as the EU.
When GoCardless work with a service provider, GoCardless look for a legal mechanism that requires them to protect data to EU standards. For example, the service provider has signed on to the EU-US Privacy Shield, operates under EU-approved binding corporate rules, or is in a country the EU recognises as having adequate data protection laws. Where no other legal mechanism exists, GoCardless enact the EU-approved standard contractual data protection clauses in GoCardless’s contracts.
Our services are available in a number of countries around the world. If you use our services to pay a merchant in another country, personal data will be transferred as necessary to complete this transaction.
Your rights and choices
Most of the data GoCardless collect and the purposes GoCardless use it for are necessary for GoCardless to operate and improve our services or comply with our obligations as a payment provider. GoCardless tell you in the service where you can make a choice or grant consent. When you grant consent, you may withdraw it at any time to stop any further processing. You can also ask GoCardless at any time not to send or to carry out profiling for direct marketing, or to stop using certain kinds of cookies.
You may have certain rights under data protection law. These include the right to ask GoCardless for a copy of your personal data, to correct, delete or restrict processing of it, and to obtain personal data in a format you can share with a new provider. You may have the right to object to processing. These rights may be limited in some situations – for example, where GoCardless can demonstrate that GoCardless have a legal requirement to process your data.
Exercise your data protection rights
If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live or work, or where you believe a breach may have occurred.
How long do GoCardless keep personal data?
GoCardless keeps personal data for as long as necessary to provide our services and process payments for our merchants. GoCardless also keep personal data for other legitimate business purposes, such as complying with our legal obligations, resolving disputes, preventing fraud, and enforcing our agreements. Because these needs can vary for different data types used for different purposes, retention times will also vary. Here are some of the factors GoCardless have considered to set retention times:
- How long do GoCardless need the personal data to develop, maintain and improve our services, keep our systems secure, execute chargebacks, prevent fraudulent transactions, and store appropriate business and financial records.
- Have you asked GoCardless to stop using your data or withdrawn your consent? GoCardless will process the data for only a short period after this to implement your request. If needed, GoCardless will also keep a record of your request so that GoCardless can make sure it is respected in the future.
- Are GoCardless subject to a legal, regulatory or contractual obligation to keep the data? For example, GoCardless’re required to keep transaction data and other information that helps GoCardless carry out required checks, for periods of time that vary according to the underlying payments scheme. GoCardless may also need to comply with government orders to preserve data relevant to an investigation or retain data for the purposes of litigation
5. More Information
For more information contact us.
6. Updates to this policy
We may make changes to this policy. If we do make any significant changes to the way we collect and process your personal information we will make this clear on the Wingham Wildlife Park website, or by contacting you directly.