GARA ROCKCommitted to ensuring that your privacy is protected
Last updated date: October 2022
Customer Privacy Policy
We are Away Resorts Limited and, together with our affiliated group companies* (“the Group”, “we”, “us”, “our”), we own and operate holiday parks and holiday properties across the United Kingdom under the Away Resorts brand. Some of our Group companies previously traded under the Aria Resorts brand**.
We are located at Maylands Building, 200 Maylands Avenue, Hemel Hempstead, HP2 7TG.
This Privacy Policy sets out how we, as data controllers, inform you of how we collect and process your personal data, whether via our website or mobile app, in connection with a holiday booking or other interactions you may have with us.
We understand and take seriously, our data protection responsibilities to protect personal information that we process under Privacy Legislation such as, the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003, as updated or amended from time to time (together “the regulations”).
For the purpose of this Privacy Policy, Away Resorts Limited will be your primary contact point for any queries relating to this Policy, or to exercise your rights under the regulations. See Your Rights section below.
If you are a member of staff, employee or contractor, this Policy does not apply, please contact us on peopleoperations@awayresorts.co.uk for further information on how we process your data.
This Privacy Policy applies to you if you are:
- Browsing our online channels
- Making enquiries about holidays, events, activities, conferences or other services we offer
- Visiting our Resort, restaurants or other accommodations or making a booking for a holiday, event, activity, conferences or other services we offer
- Supplying goods or services to our Resort
- Entering / completing competitions, surveys or questionnaires
- Receiving marketing communications
- A referral from one of our Partners or Affiliates
|
Interactions with us |
Information collected |
Purpose of the information |
Lawful Basis for processing |
|
Using our website or online channels |
|
|
|
|
Browsing our website or app |
Information about your computer, for example browser, network location, connection information, IP address and for account customers, unique ID. |
Improving content, website functionality and customer experience through personalisation on our website. This then enables us to communicate with you. |
Legitimate business interests |
|
Please see our Cookie Policy here. |
|||
|
Making enquiries about our holidays, events, conferences, activities or other services we offer |
|
|
|
|
Searching for a holiday |
Number of people on break; type of room you wish to stay at; arrival / departure dates; number and type of accommodation required; any special requirements. |
To provide availability and pricing details in relation to your search, by email or phone. We cannot fulfil your request / accept booking without this information. |
Performance of contract |
|
Event, conference, activity or general Customer service enquiry |
Your name; email address; contact details; hotel or event details as appropriate. |
To respond to your enquiry by email, phone or other requested method. |
To respond to your enquiry based on your consent |
|
Requesting brochures and promotional information |
Full name; email address; phone number and postal address. |
Sending brochures and other promotional communications by email, text and post depending on your preferences and digital marketing advertisements. You can withdraw your consent at any time. In some selected instances this may take up to 28 days to action. |
Consent |
|
Making a booking for holidays, events, activities, conferences and visiting our Hotel, restaurants or other facilities |
|
|
|
|
Booking a holiday or break |
Contact details: name; email address; postal address; phone number of main booker as a minimum. |
All of the information we request is needed in order to book, communicate with you and provide the break you requested. |
Performance of contract |
|
Other guest related information: date of birth; details of other guests; special requirements. |
Details of any specific requirements or disabilities are provided by you to us with your consent in order to provide the special arrangements during your break (including in relation to medical care). |
Performance of contract / Consent (special category data) |
|
|
Booking related information: arrival / departure dates, type of accommodation; special requirements; insurance requirements; other extras; events, activities or reservations. |
All of the information we request is needed in order to book and provide the break you requested. |
Performance of contract |
|
|
Payment details: debit / credit cards. |
To pay for the booking, activity, event or reservation. |
Performance of contract |
|
|
Main booker email address. |
From time to time the Main booker email addresses may be used for feedback or marketing purposes, unless you have opted out at the point of booking. |
Legitimate business interests |
|
|
Booking and taking part in events, activities and conferences |
Company name; individual names; contact details; date of event or activity; delegate numbers. |
This information is required in order to provide the event or activity requested. We will contact lead/main bookers or delegates by email, phone or text with information about the event or activity and to request feedback. |
Performance of contract |
|
Information such as accommodation type; activities; dietary requirements or special requirements. |
This information is required to ensure the safety of guests and staff while involved in events, activities and conferences. |
Legitimate business interests |
|
|
Medical information relevant to the event, activity or conference. |
To ensure the safety of customers and guests. |
Consent |
|
|
Pre-registration of guests and vehicles on your break |
Details of party members are required but these can be reviewed and updated at any time up to arrival. |
To provide for the safety and security of everyone on our accommodation and to ensure we can identify all our guests for example, any missing children. |
Legitimate business interests (to ensure the safety of guests and employees in our accomodation) |
|
Names of all members of your party; email addresses (where available and consented) for all members of your party. |
Details provided will be used to personalise communications to you by email or other methods, about your break and request feedback about the booking. You should also ensure that, where appropriate, the guest understands how their personal data may be used by us. |
Legitimate business interests (to inform and receive feedback about our conferences, events and activities) |
|
|
Date of birth of all children in your party, if under 18 years together with adults name and contact details; date of birth is optional if over 18 years. |
To provide for the safety and security of everyone on our accommodation and to ensure we can identify all our guests for example, any missing children. |
To comply with Health and Safety legislation. |
|
|
Bike make and serial number; vehicle registration number and make. |
To provide for the security on our accommodations. |
Legitimate business interests (to ensure the safety of guests and employees in our accomodations) |
|
|
Restaurant bookings and deliveries |
Full Name; contact details; accommodation information; date, time of reservation; order details (where applicable). |
This information is used to process, send you information by email or other method, fulfill and where applicable, deliver your order as requested. |
Performance of contract |
|
Food allergies. |
Where provided we use information about allergens to ensure we comply with these restrictions during order preparation. |
To comply with Health and Safety legislation (where applicable) |
|
|
Payment details (where applicable). |
To pay for delivery. |
Performance of contract |
|
|
Booking Spa Treatments |
Full name; age; contact details; accommodation details; medical information relevant to treatments. |
This information is used to provide the treatments requested, communicate with you by email or other method and ensure you are safe to receive the treatment. |
Performance of contract. To comply with Health and Safety legislation (where applicable) |
|
Payment details: debit / credit cards. |
To pay for treatments. |
Performance of contract |
|
|
Transactions while at our Hotel |
Outlet information; purchase details; total transaction value; transaction date and time; your name and accommodation information (optional information). |
We use this information to understand the patterns of transactions and to be able to use this information to improve the range of services and facilities available to you whilst on a break. |
Legitimate business interests (to review, develop and enhance our services) |
|
Payment details: debit / credit cards. |
To pay for purchases |
Performance of contract |
|
|
Security measures whilst at the Hotel |
CCTV and ANPR are in place to monitor and maintain safety of all guests and employees. |
We use CCTV and ANPR systems to assist in monitoring and maintaining safety and to prevent and detect crime. |
Legitimate Business Interests (for the safety of guests and employees). To assist with law enforcement (in rare occassions) |
|
Where necessary this footage may also be shared with the authorities for law enforcement purposes. |
This footage may also be used to exercise and defend our legal rights |
||
|
Visiting guest services (to report an issue, fault or complaint) |
Full name; contact details; accommodation information; nature of enquiry. |
This information is used to resolve the enquiry, communicate with you by email or other method, or progress a complaint as appropriate. |
Legitimate business interests (to provide customer service). We may also be required to use this information to exercise and defend our legal rights |
|
Contacting the Contact Centre (before, during or after your break) |
Full name; address (if necessary) contact details; accommodation information; date of stay; nature of the enquiry. |
This information is used to resolve the enquiry, communicate with you by phone or other method, or progress a complaint as appropriate. |
Legitimate business interests (to provide customer service). We may also be required to use this information to exercise and defend our legal rights |
|
Medical Assistance or receiving treatment at our Hotel for illness, injury or accidents |
Full Name; date of birth; accommodation information; date, contact details; medical condition or injury; accident information and medical notes/advice provided. |
This information is recorded to comply with Health and Safety legislation. We are required to keep a record of accidents, injuries and medical treatments. |
Required by law and in order to exercise and defend our legal rights |
|
Incidents at the Hotel (Security incidents and maintenance issues) |
Full name of individuals involved; date of birth; accommodation details; date of incident; description of incident. |
Use to resolve the issue and respond to any complaints or claims. |
Legitimate business interests and to defend our legal rights |
|
Using guest Wi-Fi |
The following information is collected: IP address and MAC address. |
The information is used to provide the Wi-Fi service to you. |
Performance of contract |
|
Supplying goods or services to our Hotel |
|
|
|
|
Supply of goods and services to our Hotel |
Company name; representative name; contact details; vehicle details; photo (if required); other identification documentation (if required); financial or invoice details (if required). |
This information is needed in relation to your contract with us and to communicate with you by email or other method about the deliveries. |
Performance of our contract with you (to supply goods and services) |
|
Competitions, surveys and questionnaires |
|
|
|
|
Completing our feedback questionnaires for holidays; events, activities or conferences |
Full name; contact details; accommodation details; your opinions related to the questions. |
We use this information to collect feedback to improve our services and communicate with you on any issues you may have had. |
Legitimate business interests (to improve our products and services and to ensure that you have the best possible experience when you visit our Hotel) |
|
General surveys or questionnaires (if we are looking to offer a new service, activity or product) |
Full name; contact details; your opinions related to the survey; accommodation details if you have booked a holiday with us. |
We use this information to gather feedback to evaluate whether it is something worth being implemented in our Hotel to improve services and the guest experience. |
Legitimate business interests (to improve our products and services and to ensure that you have the best possible experience when you take part in an event, activity or conference) |
|
Enter a competition or promotion |
Name; email address; postal address and phone number; consent to receive marketing. |
Administration of the competition and to contact you if you have been successful. Send marketing communications (unless unconsented). |
Legitimate business interests to run and manage competitions and promotion of services. You can withdraw your consent at any time |
|
Receiving marketing communications |
|
|
|
|
Receive marketing or promotional communications |
The digital communications we send to you, whether you open them and click on any links contained within them. |
We use this information to identify the information that is of interest to you in order to tailor communications to you. Please see our Cookie Policy. |
Legitimate business interests. (You can unsubscribe at any time) |
|
Referrals from Partners and Affiliates |
|
|
|
|
Referrals of your interest from our third party Affiliates or Partners |
Email address; name; holiday preferences |
This information is used to register your interest in the promotion, discount or offer. Please note: Their Privacy Policies will apply when you access their websites. |
Consent / Performance of contract (depending on your relationship with our affiliate or Partner) |
|
Other sources |
|
|
|
|
Other sources |
Lifestyle data for example: demographics, attitudes and consumption preferences |
From time to time, we supplement information we hold about you with data from consent-based publicly available sources in order to enhance the qualilty of our data. This allows us to improve our products, services and communications with our customers. |
Legitimate Business Interests |
Marketing and other communication activities
We want to make sure that you hear about our exciting news, offers, activities and investment in our facilities, so to do this we may provide you with information through online digital services, social media platforms, or by direct marketing (e.g. phone, email, text, post), unless you have asked us not to do so.
For our customers who have booked a holiday, event, activity or conference with us, we use Legitimate Business Interests as the lawful basis, to keep you updated about our products and services, unless you have asked us not to. We make sure you have the option to opt out of our communications when received. This applies when you enquire with us about holidays or enter a competition or quiz, we will ask you about your marketing preferences and tell you how you can opt out.
We collect information relating to your booking history with us, for example the type of accommodation and activities you prefer. The main reason we use this information is to build a profile or picture of the things you like and dislike. We do this, safe in the knowledge that when we send you personalised, timely and relevant communications, you can unsubscribe at any time.
The second reason we collect this information, is to understand how our customers use and interact with our Resorts. For example, the range of activities we offer, the opening times of play areas or location of our services. This is important for us, to be able to continually improve the holiday experience for our customers.
We also personalise service messages we send you prior to your stay with us to provide you with information relevant to your booking. For example, if you are attending a conference, we will not update you about the children’s activities on that site. Where relevant, we may also use the information you provide about your guests to personalise the content of these service messages.
Opting out
We want our customers to be happy about the information we send to you and ensure that you can easily opt out of communications through the channel the communication was received and/or by using additional options described below:
- By clicking “unsubscribe” or by updating your preferences via the links at the bottom of any email you receive
- Typing ‘STOP’ on text messages
- By letting our team know during any phone call
- By filling in our online form
- By telephone on 0330 053 7000
- By emailing us at enquiries@awayresorts.co.uk
- By post to STOP MARKETING, Away Resorts, IMEX Building, 575-599 Maxted Road, Hemel Hempstead, Hertfordshire, HP2 7DX
- By returning the form issued with our direct mailings
Linked Websites
Our website may contain links to third party websites from time to time. Care has been taken to ensure that any sites listed are reputable and relevant. Once you use these links we do not have control over their use of your personal data. Please do check the privacy notices applicable to external sites.
Cookies
You can manage your cookie preferences using the pop-up consent banner. Please see our Cookie Policy for more information on how we use Cookies on our website.
Sharing of data
Your personal information may be shared with other companies within our Group for administrative purposes and in order to provide our range of services to you.
We do not sell your personal data to third parties.
We may share your personal information with a purchaser or potential purchaser of our business. In these circumstances we will comply with the data protection regulations.
We may also need to share your data with third parties to provide you with the services you are requesting or when we are required to by law, for example:
-Third parties
- Legal and governmental agencies
- Social media where you directly tag us or link to our products or services
-Social media and online advertising partners
We work together with a range of partners who advertise our Resorts and services to you on their platforms, generally, with your consent.
-Data Processors
We use a range of Data Processors (suppliers) to provide our services to you, for example:
- Professional service companies such as our data cleansing and direct mail providers
- IT, web hosting and software vendors
- Companies which provide our payment services
Data Processors only process your information according to our instructions. They are not entitled to process it for their own purposes.
Other ways we may use your data
We may aggregate or in some cases, anonymise personal information and use it for purposes including data analysis, developing new products and services, research, testing of IT systems and improving our website and app. When the data is aggregated or anonymised the detail relating to an individual is not identifiable.
Where is your data stored?
Our Group operations are based in the UK. However, your data may occasionally be processed and held by third parties outside the UK or European Economic Area (EEA). In these circumstances, we have appropriate contractual and technical safeguards in place to ensure your information is protected in accordance with the data protection regulations.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Payments using our websites
Our website payment processing uses industry standard 128-bit SSL certificates and encrypted transmission of information. No cardholder information is ever passed unencrypted.
On Resort - CCTV
CCTV systems are operated for the protection of our guests, employees and premises from criminal activities and the Legal basis for processing this data is to provide security and to assist with law enforcement. Where required, we may also use the recordings to defend our legal rights.
Data Retention
We retain data for different time periods depending on the purpose for which it was collected and any legal or business requirements.
At the end of that retention period, your data will either be deleted, archived or anonymised and may be used for statistical analysis and business planning.
Your rights
Under the data protection regulations, you have a number of rights:
- The access to your personal information
- The correction of any inaccuracies in your personal data or addition of relevant details where the personal data we hold is incomplete
- The erasure of your personal data, where we have no good reason to keep it
- To withdraw your consent where we rely on consent to process your data
- In some circumstances, an objection to the way we use your personal data
- In some circumstances, limiting the use your personal data
- In some circumstances, the request for data portability
When you contact us in relation to your rights we may request further information to allow us to verify your identity.
To exercise your rights, please contact us on privacy@awayresorts.co.uk or by post addressed to Privacy Team, Away Resorts Limited, Maylands Building, 200 Maylands Avenue, Hemel Hempstead, HP2 7TG.
We will make every attempt to ensure you are satisfied with our handling of your data queries and aim to respond as soon as practicable or within one month.
However, you do have the right to complain to the Information Commissioners Office (ICO) on http://ico.org.uk/ if you are not satisfied.
Changes to this policy
We may update this policy from time to time, so please check this page from time to time for any updates. The last updated date is indicated at the top of this Notice.
*Affiliated Group Companies
The Away Resorts Limited group includes; Golden Sands Holiday Camp (Rhyl) Limited; St Ives Bay Holiday Park Limited; Mill Rythe Limited; Sandy Balls Estate Limited; Boston West Holiday Park Limited; Riverhead Commercial Services Limited; Tattershall Lakes Limited; Mersea Island Holiday Park Limited; Whitecliff Bay Holiday Park Limited; Barmouth Bay Holiday Park Limited; AG Retallack Limited**; AG Newperran Limited**; Newquay View Resort Limited**; Bude Holiday Resort Limited**; Rookley Hold Limited**; Coastal Park Hold Limited**; AG Gara Rock Limited**; AG Swanage Limited**; Essential Vivendi Limited**; AG (Moffat) Limited**; AG (Glendevon) Limited**; East Fleet Holiday Park Limited; Away Resorts (Transport) Limited; AG Gara Rock Limited**
**Previously trading as Aria Resorts