This privacy policy was updated on 1st April 2021.
Who we are
Our website address is: https://abbotsburytickets.co.uk
What personal data we collect and why we collect it
Comments and reviews
When visitors leave comments or reviews on the site we collect the data shown in the relevant form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Contact forms
Contact forms on the site send the data you provide to Abbotsbury Tourism office staff. This information is not disclosed to a third-party outside of the Abbotsbury Tourism attractions.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, social media feeds, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
We collect anonymised traffic data via Google Analytics. This information includes sources of traffic, search terms, duration on the site, what content visitors look at, and a very generalised location from which they are visiting (the nearest town or city, for instance). The data is not linked back to any specific users. The marketing agency who we work with has access to this data and uses it to improve the website experience.
Who we share your data with
No personal data is shared to any third party. Should you wish to sign up to our newsletter, we will ask for your first and last name, neither of which are obligatory, as well as email address. This data is collected and safely stored by MailChimp, who we use to send out newsletters. Only Abbotsbury Tourism staff and our marketing company, Watershed PR, have access to this information.
Every year, the Dorset Tourism Association have requested that we pass on information about our visitors’ locations (in the form of the postcode provided when an order is made), how much they spend and the date of when they first visited. This information is completely anonymised and solely used for the purposes of gathering information about from where visitors to Dorset originate and improve the general advertising and marketing targeting of Dorset-wide campaigns. The information is summarised into map form, then distributed to members of the Dorset Tourism Association.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.Orders are stored securely on our system and we retain the data for the purposes of reporting and financial accounting. We perform a data audit once a year to clear old orders, which are no longer required, off the system. All payment details are handled securely by Barclaycard and we do not see or store any card information when the order is processed.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments or contact form entries may be checked through an automated spam detection service. Order details are sent to Barclaycard for processing of payments. Anonymised traffic data is sent to Google Analytics for the purposes of improving the website experience.
Recording customer details: how we use your information
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.
As a customer/visitor of Abbotsbury Tourism, you will be asked to provide some basic information and contact details. The following information will be collected:
- the names of all customers or visitors, or if it is a group of people, the name of one member of the group
- a contact phone number for each customer or visitor, or for the lead member of a group of people
- date of visit and arrival time and departure time
The venue/establishment as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.
The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the venue/establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information.
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them.
For example, if another customer at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (for example, this may be all customers who visited on a particular day or time-band, or over a 2-day period).
We will require you to pre-book appointments for visits or to complete a form on arrival.
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing, it will be destroyed by us 21 days after the date of your visit.
However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, date of birth and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.
Your information will always be stored and used in compliance with the relevant data protection legislation.
The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we as a venue/establishment are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of corona virus.
By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.
You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).
You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.
You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).
If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to resolve your issue.
If you are still not satisfied, you can complain to the Information Commissioner’s Office. Their website address is www.ico.org.uk.
Your contact information
Abbotsbury Tourism Ltd, West Yard Barn, West Street, Abbotsbury, Dorset, DT3 4JT.
Additional information
How we protect your data
Our website is hosted on a secure server and we take every measure possible to keep the website safe and secure. We regularly change passwords and update the system on which the website runs in order to patch any potential security risks long before they can be exploited. No card data is stored on our behalf, so you are not at any risk of financial loss in the extremely remote chance that a data breach occurs on this website.
What data breach procedures we have in place
In the highly unlikely event that a data breach occurs, we would inform all users who it affected and suggest that they change their passwords, particularly if they are using the same or similar passwords for other websites. No card details are stored on this website, so you are not at any risk of financial loss in the extremely remote chance that a data breach occurs on this website.
What third parties we receive data from
We receive anonymised location and spend data from other Dorset Tourism Association members.
What automated decision making and/or profiling we do with user data
Although we don’t make use of this at the time being, we are investigating the possibility of matching up orders with email newsletter signups to target certain email campaigns at certain customers of this website. This will only be of benefit to our customers and would, for example, give special offers to our most loyal of customers. You can manage newsletter subscription details easily via MailChimp and anyone placing an order on this website would have to tick a box in order to opt-in to email marketing. By default, customers on this website are not signed up to an email newsletter unless they specifically request to do so.
Industry regulatory disclosure requirements
As we are a private company, we are not required to disclose financial or operating information.