Using your personal Information
We at Attraction Tickets LTD understand and respect the importance of your privacy and we are committed to safeguarding your personal information. In providing our service to you, we must collect personal information from you and make subsequent use of it as detailed below.
We will only collect, process use, share and store your personal information where we are satisfied that we have an appropriate legal basis to do this. In most cases this is because we need to arrange for you to enter into a contract with suppliers for tickets or other services; but it could also be where you have given us your specific consent to the use of your information, to comply with a relevant legal or regulatory obligation that we have, or for our legitimate interests as a commercial organisation. The policy below sets out the legal basis for our use of your personal information in each relevant situation.
We will only collect personal information from you by specifically asking for it:
- When you buy a ticket from us over the telephone or via our internet booking facilities.
- When you register with us for newsletters, email updates, enter competitions or take part in surveys and customer feedback.
- When you write, fax, telephone or email us to make an enquiry.
WHAT INFORMATION WILL WE COLLECT?
We may collect all or some of the following information relating to you or other members of your travelling party:
- names and contact details
- credit/ debit card or other payment details (these are encrypted on entry for your security)
- special requirements such as those relating to any disability or medical condition which may affect the chosen purchase
- dietary restrictions (which may disclose your religious beliefs)
- travel preferences
Some of the information we collect (such as about health or religion) will only be collected on the condition that we have your positive consent to its use. We will seek this consent when necessary. We will update your information whenever we get the opportunity to keep it current, accurate and complete. If you fail to provide us with this information, we may not be able to plan or confirm your booking.
WHAT WILL WE DO WITH IT?
- For the purpose of providing you with our services, we may disclose the information to the providers of the services making up your contracted arrangements (who could be located outside the UK/EEA). Only information necessary for this purpose will be disclosed.
- It may be mandatory (as requested by government authorities) when you buy services to take place overseas to disclose your information for immigration, security and anti-terrorism purposes, or any other purposes which they determine appropriate. Even if not mandatory, we may exercise our discretion to assist where appropriate.
- We may need to disclose our customer list including any personal information relating to you to a third party who acquires or attempts to acquire all or substantially all of the asset/ stock in our company or our website.
- (We may also disclose information to organisations who act as “data processors” on our behalf, or to other organisations who perform business functions on our behalf, some of whom are outside the UK/EEA. These functions include administration, providing services (and contacting you where necessary), customer care, business management and operation, re-organisation/structuring/sale of our business (or our group companies), risk assessment, security and crime prevention/detection, research and analysis, marketing, monitoring, measuring and assessing customer purchasing preferences and trends, dispute resolution, credit checking and debt collection.
- We may from time to time contact you with information about special offers, brochures, new products, forthcoming events or competitions. You will be given the opportunity in every communication we send you to indicate that you do not wish to receive our promotional material. Alternatively, if do not wish to receive such information, you may ask us in writing not to receive it.
- You may indicate your preference to/not to receive direct marketing material in the relevant opt-in/out boxes or be asked the same by our staff at the time you first supplied us with your information (or at the earliest opportunity).
- We collect information relating to customer trends and patterns. This information is often used in its aggregate form. We, including our other brands, may disclose aggregate statistics about enquiries made, visitors, customers and sales in order to describe our services to prospective partners, purchasers, advertisers and other reputable third parties and for other lawful purposes. No personally-identifying information is disclosed.
OUR SECURITY POLICY AND RETENTION OF INFORMATION
We have taken all reasonable steps to have appropriate security measures in place to protect your information. Outside the European Economic Area, controls on data protection may not be as wide as the legal requirements in this country. The transmission of information via the internet is never completely secure. We exclude our liability for personal data lost in transmission to the website.
All sensitive information, including your personal details and credit card information, is kept confidential through the use of a secure socket layer (SSL). This means that information can only be exchanged between you and Attraction Tickets LTD and that no third party can access this data. The padlock symbol on your browser shows which pages are covered by this security system.
We will retain information only for as long as it is needed for its original purpose or to the extent necessary to comply with our legal obligations, resolve disputes, and/or enforce our agreements. Any information no longer required will be deleted or disposed of confidentially and completely. We also have appropriate contractual obligations with our ‘data processors’ to ensure that they comply with the requirements of UK law. However, outside the European Economic Area, controls on data protection may not be as wide as the legal requirements in this country.
WHAT CAN I DO?
If you do not agree to our use of the information as set out above, you should inform us as soon as possible by writing to us at:- Attraction Tickets LTD, 372 Coldharbour Lane, London, SW9 8PL or by calling 0800 223 0324 - but please note the implications if you withdraw your consent to us using your information as described. In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their helpline 0303 123 113 or at www.ico.org.uk. You may ask us in writing for a copy of the information we hold about you (for which we may charge a fee if your request is excessive) and to correct any inaccuracies in your information and in some circumstances to delete or block the information we hold about you; to complete and restrict its use and to port it to another organisation. You have the right to request additional information about the handling of your personal data and to object to the processing of your data in some circumstances. Where we have asked for consent to process your data, you may withdraw this consent. Please note that we may not be able to provide some of these services if your request requires disproportionate effort on our part and any information that we do hold may already have been destroyed in line with our data retention policy (see above). We aim to respond to you within 21 days from the date of request. You have the right to ask in writing not to receive direct marketing material about our products.
To ensure that we carry out your instructions accurately, to help improve our service and in the interest of security, we may monitor and/or record: (1) your telephone calls; and (2) customer transactions and activities on our website. All recordings are and shall remain our sole property.
UPDATES AND CHANGES
Any changes to this Policy will be either posted on our website, made available on request or supplied with your next booking with us. We will strive to ensure our practices comply with the most current available version of this Policy.
LINKS TO OTHER WEBSITES
Our website(s) may contain links to other sites not controlled by us. (1) These sites may send you cookies and collect data and personal information. We are not responsible for the actions, content or privacy policies of those websites to which our website(s) may link. It is your responsibility to check the status of these sites.
Our commitment to GDPR
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to reinforce data protection for everyone within the European Union. It defines new laws based on a set of principles that businesses that handle the personal data of EU citizens must follow.
The major principles of GDPR require that personal data should be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- 4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to the implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
What are we actually doing?
We take data security and privacy of our customers extremely seriously. We are constantly reviewing our systems and processes to ensure we abide by the GDPR principles. This is not limited to, but involves new policies and procedures for the following:
- Internal access and permissions to view/edit data
- Encryption of data in rest, transit and backup
- Customer consent
- Data minimisation and quality
- Customer requests for rectification, portability or deletion
- Network security
- Breach notification
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please call us on 0800 223 0324. You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns