Published: 20th April 2018
Farmer Palmer’s Farm Park (“us”, “we”, or “our”) operates www.farmerpalmers.co.uk, as well as an Annual Pass Online Purchasing System, Annual Pass Database, Birthday Party Booking System and Database, and CMS (the “Service”)
This page informs you of our policies regarding what types of Personal Data we collect from you, how it is used by us, how we share it with others, how you can manage the Personal Data we hold and how you can contact us.
We use your Personal Data for providing and improving the Service. By using the Service and expressing consent when requested, you agree to the collection and use of information in accordance with this policy.
While using and engaging with the Service, we collect certain personally identifiable information (“Personal Data”) which is necessary, relevant and suitable for the purpose you are providing it for. Some of this information is aggregated or encrypted and does not identify you personally, but provides us with information about how you use and engage with the Service.
Personally identifiable information may include, but is not limited to:
- Name (including title)
- Phone number
- Email address
- The date and time you used the Service.
- The pages you visited and amount of time visited for.
- IP address
- The browser and device you used.
- The url from which you accessed the Service.
- Any information within correspondence you send to us.
- Photographs for Annual Pass Identification
- Your image or car number plate via CCTV
- Spouse and Child Data
If you supply Personal Data on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and has given you consent to do so.
When may we collect your personal data
- When you visit any of our websites, and use your account to buy products and services, or redeem vouchers from the Service on the phone, in a shop or online.
- When you make an online purchase
- When you create an account with us.
- When you purchase a product or service in store or by phone but don’t have (or don’t use) an account.
- When you engage with us on social media.
- When you contact us by any means with queries, complaints etc.
- When you ask us to email you information about a product or service.
- When you enter prize draws or competitions.
- When you choose to complete any surveys we send you.
- When you comment on or review our products and services.
- When you fill in any forms. For example, if an accident happens
- When you’ve given a third party permission to share with us the information they hold about you.
- When you use our car parks and till points which usually have CCTV systems operated for the security of both customers and employees. These systems may record your image during your visit
We only use your Personal Data for the purpose for which it has been collected for, and in particular for the following reasons:
- To understand your needs and provide you with a better experience.
- To share with the employees of this Service to help with enquiries and respond to your correspondence.
- To fulfil and complete orders, purchases and other transactions made through this Service.
- Used for statistical analysis for management purposes in order to administer, market or improve the Service.
- Internal record keeping and administrative purposes to ensure we operate our business in an efficient and effective manner.
- Contact you from time to time about promotions, events, products, services or information which we think may be of interest to you (don’t worry we won’t bombard you, we prefer quality over quantity).
You will always have the option not to receive marketing communications from us and we will only contact you if you have given us your consent to do so. You can withdraw your consent or object at any time by contacting us at email@example.com, or in relation to marketing messages you receive, by using the unsubscribe options included in those messages.
We will never share, sell or rent your Personal Data to any third parties.
You have the right, at any time, to ask for a copy, transfer, update or correct any information we hold about you. If you wish to do this, please contact us at firstname.lastname@example.org.
Your Personal Data is retained for as long as necessary to fulfil the purposes of the Service. Any Personal Data submitted through this Service, is stored by the Service host’s secure UK based data centre. The Service is also protected by multiple managed Anti-Malware Firewalls and encrypted by 2048 bit Secure Socket Layer (SSL) certificate. Data is backed-up daily by the Service host and retained for one month before deletion.
The only exceptions to the periods mentioned above are where:
- The governing law requires us to hold your Personal Data for a longer period, or delete it sooner.
- You exercise your right to have the Personal Data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under governing law.
Third Party Data Retention
We use selected third party companies to provide software that does hold your data. These are InfusionSoft (for Direct Email Marketing), EZ Facility (for Annual Pass Management) and Apricot Penguin (for Birthday Party Bookings). All activities/functions performed by these third parties are under the direct instruction of Farmer Palmer’s, and they in turn have their own Privacy Policies.
We recommend you read their Privacy Policies in addition to this one.
These can be found here:
- InfusionSoft: https://www.infusionsoft.com/legal/privacy-policy
- EZ Facility: http://www.ezfacility.co.uk/privacy-policy
- Apricot Penguin: currently being updated, April 2018
You have the ‘right to be forgotten’. If you would like us at anytime to delete your Personal Data we will gladly do so, simply email us at email@example.com. We will delete all the Personal Data we hold about you and anything else that is associated with you. However, please note that if you use any of our services which require you to provide Personal Data, deleting our records may mean that you will need to resubmit it to continue using such services.
Please keep in mind that some information may remain in our records after deletion. We may use any aggregated/encrypted data derived from or incorporating your Personal Data after you update or delete it, but not in a manner that would identify you personally.
External Payment Providers
Our external payment gateways are processed by:
- Sage Pay Europe Limited (Birthday Party Payments).
- EZ Facility through Paysafe Holdings UK Limited (Annual Pass Payments).
These gateways provide us with online payment platforms that allows us to handle services offered by us.
Our external payment providers complete your purchase, then store your credit card data. Data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All Direct Payment Gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We recommend you read each of these external payment providers privacy policies to learn more on how they store your data:
- EZ Facilitys: https://www.ezfacility.com/privacy-policy
- Paysafe Holdings UK Limited: https://www.paysafe.com/legal-and-compliance/privacy-policy/
- Sage Pay Europe Limited: https://www.sagepay.co.uk/policies/privacy-policy
Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.
- Statistical analysis
- To understand user behaviour
- To administer the Service
- To record your geographic location in order to display relative information
- To tailor the information presented to a user based on their preferences, and to improve user experience.
By default, the majority of popular web browsers automatically permit websites to deploy Cookies onto your device. To delete or disable Cookies on your preferred browser, we recommend reading this advice posted by Google https://support.google.com/accounts/answer/61416?hl=en. Please note, disabling Cookies may impair your experience of the Service.
For more information on the Cookie Law in the UK, we recommend visiting the Information Commissioner’s Office (ICO) website: https://www.cookielaw.org/ where you can find the latest information, guidelines and advice on the Cookie Law.
If you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter, or giving us a ‘+1’ via Google Plus, those social networks will record that you have done so and may set a Cookie for this purpose.
In some cases, where a page includes content from a social network, such as a Twitter feed, or Facebook comments box, those services may set a Cookie even where you do not click a button. As is the case for all Cookies, we cannot access those set by social networks, just as those social networks cannot access Cookies we set ourselves.
We collect information that your browser sends whenever you visit the Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of the Service that you visit, the time and date of your visit, the time spent on those pages and other statistics. The data collected does not include personally identifiable information and is used, as described above, for statistical analysis, to understand user behaviour, and to administer the site.
The Service uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). The information generated by the Cookie about your use of the Service (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Service, compiling reports on activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
The Service uses InfusionSoft, a Customer Relationship Management (CRM) system and marketing automation software provided by Infusion Software, Inc. InfusionSoft provides the Service with web-based sales and marketing automation software that includes email, e-commerce and affiliate functionality.
We may employ third party companies and individuals to facilitate the Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how the Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Children’s Online Privacy Protection Act Compliance
The Service is designed for children aged 0-8 years and their families.
Only children aged over the age of 13 are able to provide their own consent. Therefore the Service obtains consent from the parents/guardians of the child.
It is the sole responsibility of parents and guardians to monitor their children’s use of the Service.
The Service may collect the following child data via parents/guardians who use the Service:
- Date of Birth and Age
- Behavioural data i.e. if the child has attended a birthday party
- Photograph for Annual Pass Identification
The Service may use Child Data for the following purposes:
- To communicate with parents/guardians regarding a Child’s Annual Pass
- To direct market to parents/guardians regarding Services/Products relevant to the Child e.g. birthday parties, activity sheets etc.
Children will have the same rights as adults over their personal data, these rights are stated above. Child data will be handled, processed and stored under the same conditions as adult data, as laid out in this document.
The security of your Personal Data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure.
We have put in place various security procedures as set out in this policy. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to user information. We use SSL to encrypt data input before it is submitted, and our database is hosted in a secure data centre.
While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
If the Service is breached, we will notify all affected users within 72 hours of becoming aware of the breach, where feasible. A breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data. A breach can include:
- Access by an unauthorised third party
- Deliberate or accidental action (or inaction) by a controller or processor
- Sending Personal Data to an incorrect recipient
- Computing devices containing personal data being lost or stolen
- Alteration of Personal Data without permission
- Loss of availability of Personal Data.
The notification process of a breach will depending on the type of breach.
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Farmer Palmer’s Farm Park
Company Registration No. 3427509
If you have any specific data protection concerns or complaint, you can address it to Emma Shaw on firstname.lastname@example.org
If you are unhappy, you have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office, the data protection regulator in the UK, are below:
Information Commissioner’s Office
0303 123 1113