Kent Country Parks birthday parties privacy notice
This notice explains what personal data (information) we hold about you, how we collect, how we use and how we may share information about you. We are required to give you this information under data protection law.
Who we are
The Kent Country Parks service is owned and run by Kent County Council. Kent County Council provides a range of statutory and other services to local people and businesses and needs to collect, use and process personal data to deliver these services. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘data controller’ of that personal information for the purposes of those laws. Our Data Protection Officer is Benjamin Watts.
Personal information we collect and use
When we collect and use your personal information we will comply with the Data Protection Principles. In order to collect personal data this must be provided to us via our online booking platform. Information provided to us in relation to a team building booking in any other format, including written or verbal information will be transferred to our online booking platform in order to administer your booking. The online booking platform is accessed through the Kent Country Parks website and notification about cookies is provided. The booking platform is hosted by a third party.
In order for you to book a birthday party with us we collect the following personal data via our online booking platform when you provide it to us:
- Which party activity you would like, the number of children attending, the name and age of the birthday child, special dietary requirements of any party guests
- Your contact details (e.g. name, email address, telephone number and country of residence)
- If you are booking on behalf of another person we will also require their contact details (e.g. name, email address, telephone number and country of residence)
- Financial information (e.g. debit / credit card information to make a payment for the service to be provided).
The following optional information may be provided to us in order to set up an account:
- A password.
We use your personal information to:
- Arrange your birthday party booking and to send you a booking confirmation via email, facilitate the provision of the correct party at the point of provision to you, arrange any necessary special catering requirements, contact you to advise of any changes to your booking after this has been confirmed.
- To arrange payment for and/or refunds of your booking (in accordance with our Terms and Conditions) via WorldPay or via KeyIVR.
If you optionally set up an account with us this will allow you to manage your personal information, delete your account with us, view and amend your past, current and future bookings if applicable and to make new bookings (in accordance with our Terms and Conditions).
If you set up an account with us, and give us the relevant opt-in consent, we use your personal information to:
- Send you marketing information about relevant Kent Country Parks events or services we think may be of interest to you
- Send newsletters, annual reports and other relevant information about Kent Country Parks that we think may be of interest to you.
How long your personal data will be kept
We will hold your personal information securely and retain it for 3 and a half years in accordance with Kent County Council’s Retention Schedule.
Reasons we collect and use your personal information
The provision of your personal information is required from you to enable us to facilitate your birthday party booking.
If you do not provide your personal information, we will be unable to arrange for you to book and pay for your birthday party.
When you accept the terms and conditions of your purchase you enter into a contract with us. We rely on ‘processing is necessary for the Performance of a Contract to which the data subject is a party’ as being the lawful basis on which we collect and use your personal information.
We rely on Articles 6(1)(b) – Performance of a Contract.
Our booking platform is provided by a third-party supplier and used to capture and manage your booking details to arrange the provision of your birthday party. All customer data is stored using industry standard encryption including back-ups. The data is managed by Field Dynamics who are accredited to manage customer data to industry standards (ISO27001) and take credit or debit card payments (PCI-DSS). The third-party is able to access personal data in the course of supporting, maintaining and developing the booking system on our behalf. They are contractually bound through G Cloud 8 Framework Agreement RM1557Viii GET17001 to ensure compliance with the Data Protection and specifically that data accessed in the course of their work is not accessed unnecessarily, retained or misused. Data is not retained by the third party after the end of the contractual arrangement with them.
Who we share your personal information with
All our staff are employed directly by Kent County Council and are trained to handle your information correctly and protect your privacy. Your personal information including health data will only be shared with other Kent Country Parks staff. Your personal information, excluding health data, will only be shared with other Kent County Council staff, Kent County Council departments or commissioned providers of local authority services (call centre and payment services) as required to facilitate your volunteering or where required to by law and with sound legal basis.
This data sharing enables you to book a Kent Country Parks birthday party.
Under GDPR you have rights which you can exercise free of charge which allow you to:
- know what we are doing with your information and why we are doing it
- ask to see what information we hold about you (subject access request)
- ask us to correct any mistakes in the information we hold about you
- object to direct marketing
- make a complaint to the Information Commissioners Office
- withdraw consent at any time (if applicable)
Depending on our reason for using your information you may also be entitled to:
- ask us to delete information we hold about you
- have your information transferred electronically to yourself or to another organisation
- object to decisions being made that significantly affect you
- object to how we are using your information
- stop us using your information in certain ways.
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note: your request may delay or prevent us providing season ticket facilities to you.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under GDPR.
If you would like to exercise a right, please contact the Information Resilience and Transparency Team at firstname.lastname@example.org.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Please contact the Information Resilience and Transparency Team at email@example.com to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.
You can contact our Data Protection Officer, Benjamin Watts, at firstname.lastname@example.org, or write to: Data Protection Officer, Sessions House, Maidstone, Kent ME14 1XQ.
GDPR also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted on 03031 231113.
Read our corporate privacy statement.