Privacy Policy
This Privacy Policy describes how we use and process your personal data, provided in a readable and transparent manner. It also tells you what rights you can exercise in relation to your personal data and how you can contact us.
This Privacy Policy might change occasionally. We recommend checking back here once in a while to stay informed. However, if we make significant changes that affect you, we'll let you know directly before they go into effect.
USING YOUR PERSONAL INFORMATION
We at Attraction Tickets LTD understand and respect the importance of your privacy and we are committed to safeguarding your personal information. In providing our service to you, we must collect personal information from you and make subsequent use of it as detailed below.
We will only collect, process, use, share and store your personal information where we are satisfied that we have an appropriate legal basis to do this. In most cases this is because we need to arrange for you to enter into a contract with suppliers for tickets or other services; but it could also be where you have given us your specific consent to the use of your information, to comply with a relevant legal or regulatory obligation that we have, or for our legitimate interests as a commercial organisation. The policy below sets out the legal basis for our use of your personal information in each relevant situation.
You are responsible for ensuring that other members of your travel party are aware of this Privacy Policy and have consented to you acting on their behalf in your dealings with us. If you do not agree to our use of your information, we cannot do business with you or accept your booking.
WHY?
We collect some personal details to streamline your trip planning and reservations. This ensures a smooth experience and helps us deliver the best service possible for you.
With your permission, we'll also use this information to keep you updated on exciting travel deals, special offers, and other products or services that might interest you.
HOW?
We will only collect personal information from you by specifically asking for it:
- When you buy a ticket from us over the telephone or via our internet booking facilities.
- When you register with us for newsletters, email updates, enter competitions or take part in surveys and customer feedback.
- When you have an abandoned basket we may contact you via phone or email to see if you need help completing your purchase.
- When you write, telephone or email us to make an enquiry.
WHAT INFORMATION WILL WE COLLECT?
We may collect all or some of the following information relating to you or other members of your travelling party:
- Name
- Email address
- Telephone number / Mobile number
- Home Address
- Date of birth
- IP Address
- Credit/ debit card or other payment details (these are encrypted on entry for your security)
- Special requirements such as those relating to any disability or medical condition which may affect the chosen purchase
- Dietary restrictions (which may disclose your religious beliefs)
- Travel preferences
Some of the information we collect (such as about health or religion) will only be collected on the condition that we have your explicit consent to its use. We will seek this consent when necessary. We will update your information whenever we get the opportunity to keep it current, accurate and complete. If you fail to provide us with this information, we may not be able to plan or confirm your booking.
COOKIES
If our contact and dealing with you is via our website(s), we may use "cookies". A cookie is a small piece of data sent from our web server to your computer and stored in a text file on your hard drive. Cookies allow us to identify your computer (This can include things like your IP address and browser type) but not you personally. You can set your web browser to refuse cookies. We use cookies to measure site usage and related information. If you are making a purchase, we may also use cookies to keep track of the transaction from one web page to another.
There are two main types of cookies you may encounter on our website:
- First-party cookies: These cookies are placed by us, the owner of the website. They help us remember your preferences, keep you logged in, and improve your overall experience.
- Third-party cookies: These cookies are placed on our website by trusted partners we work with, such as social media platforms, advertisers, and security providers. These cookies are typically used for purposes like advertising or website analytics
And they can either be:
- Session cookies: These cookies are temporary and disappear once you close your browser. They might be used to keep track of items in your shopping cart during a single visit.
- Permanent cookies: These cookies have a set lifespan and remain on your device after you close your browser. We try to limit the lifespan of permanent cookies on our site, but in some cases (like security purposes), a cookie may need a longer duration.
When it comes to the purpose of these cookies, they are divided into five categories:
- Necessary cookies
- Performance cookies
- Functional cookies
- Analytical cookies
- Marketing cookies
You can manage your cookies via the Cookies Settings.
EMAIL PIXELS
In addition to cookies, we may use small images called pixels in our emails (like newsletters). These pixels are tiny, only one pixel in size, and don't store information on your device like cookies do.
When you open an email with a pixel, it lets us know the email was delivered and if you've read it. We can also see what links you click on within the email.
TIKTOK AND META PIXELS
When customers interact with our advertising on TikTok and Meta, we use pixels on our site that enables us to identify customer interaction (such as visiting a page, adding items to their basket and making a purchase). This allows us to measure the effectiveness of our ad campaign performance.
BROWSER PUSH NOTIFICATIONS
Occasionally, we might utilise browser notifications to promote offers and product updates. We may track your engagement with these notifications to improve their quality, content and relevance. You will only receive these is you explicitly accept to do so and you can remove this consent at any time within your browser settings.
PAYMENT AND CARDHOLDER DATA
Our site does not store customer card details, however uses the encrypted stored token with our payment merchant. Any payments using a tokenised card would still be required to go through full 3D authentication.
WHAT WILL WE DO WITH IT?
- For the purpose of providing you with our services, we may disclose the information to the providers of the services making up your contracted arrangements (who could be located outside the UK/EEA). Only information necessary for this purpose will be disclosed.
- It may be mandatory (as requested by government authorities) when you buy services to take place overseas to disclose your information for immigration, security and anti-terrorism purposes, or any other purposes which they determine appropriate. Even if not mandatory, we may exercise our discretion to assist where appropriate.
- We may need to disclose our customer list including any personal information relating to you to a third party who acquires or attempts to acquire all or substantially all of the asset/ stock in our company or our website.
- (We may also disclose information to organisations who act as “data processors” on our behalf, or to other organisations who perform business functions on our behalf, some of whom are outside the UK/EEA. These functions include administration, providing services (and contacting you where necessary), customer care, business management and operation, re-organisation/structuring/sale of our business (or our group companies), risk assessment, security and crime prevention/detection, research and analysis, marketing, monitoring, measuring and assessing customer purchasing preferences and trends, dispute resolution, credit checking and debt collection.
- We may from time to time contact you with information about special offers, brochures, new products, forthcoming events or competitions. You will be given the opportunity in every communication we send you to indicate that you do not wish to receive our promotional material. Alternatively, if do not wish to receive such information, you may ask us in writing not to receive it.
- You may indicate your preference to/not to receive direct marketing material in the relevant opt-in/out boxes or be asked the same by our staff at the time you first supplied us with your information (or at the earliest opportunity).
- We collect information relating to customer trends and patterns. This information is often used in its aggregate form. We, including our other brands, may disclose aggregate statistics about enquiries made, visitors, customers and sales in order to describe our services to prospective partners, purchasers, advertisers and other reputable third parties and for other lawful purposes. No personally-identifying information is disclosed.
OUR SECURITY POLICY
We have taken all reasonable steps to have appropriate security measures in place to protect your information. Outside the European Economic Area, controls on data protection may not be as wide as the legal requirements in this country. The transmission of information via the internet is never completely secure. We exclude our liability for personal data lost in transmission to the website.
All sensitive information, including your personal details and credit card information, is kept confidential through the use of a secure socket layer (SSL). This means that information can only be exchanged between you and Attraction Tickets LTD and that no third party can access this data. The padlock symbol on your browser shows which pages are covered by this security system.
RETENTION OF INFORMATION
We will retain personal data for the minimum period necessary to fulfil the purpose for which it was collected, unless a longer retention period is required by law or for legitimate business purposes.
We consider the following factors when determining retention periods:
- The purpose for which the data was collected
- The legal requirements for retaining the data
- The operational needs of the organisation
- The risks associated with retaining the data, such as the risk of unauthorised access or accidental disclosure
We will retain personal data for the following periods:
Customer data: such as names, addresses, contact information, and travel preferences, will be retained for a period of six (6) years after the last transaction or interaction with us.
Marketing data: such as email addresses and marketing preferences, will be retained for a period of six (6) years after the last interaction with the Company.
Call recordings: we will retain call recordings for a period of two (2) years following the call date.
MONITORING
To ensure that we carry out your instructions accurately, to help improve our service and in the interest of security, we may monitor and/or record: (1) your telephone calls; and (2) customer transactions and activities on our website. All recordings are and shall remain our sole property.
LINKS TO OTHER WEBSITES
Our website(s) may contain links to other sites not controlled by us. (1) These sites may send you cookies and collect data and personal information. We are not responsible for the actions, content or privacy policies of those websites to which our website(s) may link. It is your responsibility to check the status of these sites.
OUR COMMITMENT TO GDPR
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to reinforce data protection for everyone within the European Union. It defines new laws based on a set of principles that businesses that handle the personal data of EU citizens must follow.
The major principles of GDPR require that personal data should be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to the implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
What are we actually doing?
We take data security and privacy of our customers extremely seriously. We are constantly reviewing our systems and processes to ensure we abide by the GDPR principles. This is not limited to, but involves new policies and procedures for the following:
- Internal access and permissions to view/edit data
- Encryption of data in rest, transit and backup
- Customer consent
- Data minimisation and quality
- Customer requests for rectification, portability or deletion
- Network security
- Breach notification
YOUR RIGHTS
We want you to be in control of how your personal data is used by us:
- Access: You can request a free copy of your information by emailing us at [email protected]. However we may charge a reasonable fee to cover our administrative costs of providing the information for: baseless or excessive/repeated requests, or further copies of the same information.
- Correction: If any information we hold is inaccurate, you can ask us to correct it.
- Deletion or Restriction: In some cases, you can request deletion or restriction of your information. However, we may not be able to fulfil this request if it requires unreasonable effort or the information has already been destroyed according to our data retention policy (see above).
- Completion or Portability: You can request to complete or receive your information in a format transferable to another organisation.
- Additional Information: You have the right to ask for more details about how we handle your personal data.
- Objection: You can object to the processing of your data in certain circumstances.
- Consent Withdrawal: If we process your data based on your consent, you can withdraw it at any time.
Fulfilling some requests may be limited if it requires excessive effort on our part. We aim to respond to your requests within 28 days.
Additionally, you can request to opt-out of receiving marketing emails from us.
If you do not agree to our use of the information as set out above, you should inform us as soon as possible by writing to us at:- Attraction Tickets LTD, 372 Coldharbour Lane, London, SW9 8PL, by calling 0808 304 8480 or emailing: [email protected]. Please note the implications if you withdraw your consent to us using your information as described. In the first instance, please talk to us directly so we can resolve any problem or query.
You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their helpline 0303 123 113 or at www.ico.org.uk.