Privacy Policy
Privacy Policy
Privacy Policy
1. Introduction
World Heritage Ltd. and our other associated trading companies (“We”) respect your data and are committed to protecting and respecting your privacy.
World Heritage Ltd. owns and runs the following attractions and websites:
- The Dinosaur Museum – www.thedinosaurmuseum.com
- The Tutankhamun Exhibition – www.tutankhamun-exhibition.co.uk
- The Teddy Bear Museum – www.teddybearmuseum.co.uk
- Terracotta Warriors - www.terracottawarriors.co.uk
- Mummies Exhibition – www.mummiesexhibition.co.uk
- www.greatdaysout.org
- www.goldsaverpass.co.uk
- www.world-heritage.org.uk
This website is owned and run by World Heritage Ltd.
The official address for World Heritage Ltd is Heritage House, 25 High West Street, Dorchester, Dorset DT1 1UK
In the event that additional business branches are added or removed this Privacy Policy will be updated accordingly.
We are committed to protecting your data and privacy in accordance with our obligations as established under government data protection legislation. The current data protection law is found in the Data Protection Act 1998 and other UK legislation. After 25th May 2018 the EU General Data Protection Regulation and related legislation will come into effect.
This privacy policy explains what information we collect about you and how it will be used. We are committed to respecting any data you share with us and keeping it safe.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Please be aware that this privacy policy does not cover links to third-party websites, plug-ins and applications that may be in use across World Heritage Ltd. websites and which do not fall under our control. We use such links to improve your experience of our websites and always try to make such links clear, so you know that you have left our websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2. How and what Information we may collect on you
You are in control of what information we collect about you. By submitting your information on any of our websites you consent to the use of that information as set out in this policy. However, if you choose not to share your information some areas of our websites may not be accessible or useable.
We collect data and information in the following ways:
2a. Information that you provide us, including:
- Information you actively provide when using our website including when you purchase a product or complete an online enquiry or booking form. For example, when you purchase tickets or a Gold Saver Pass we will ask for your personal information in order to for us to process your purchase. This information is likely to include identity data (may include your first name, last name, username, title, date of birth and gender), contact data (may include your billing address, delivery address, email address and telephone numbers) and financial data (may include your bank account and payment card details). Certain products that we offer may require us to record more detailed data to be collected and processed. E.g. special bookings, VIP Tours and corporate bookings.
- If you contact us by post, email or telephone, we may keep a record of any correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to these.
- Marketing and Communications data, such as your name and email address, if you choose to opt-in to receive marketing material from us.
- Contact and Identity data should you choose to enter into any competitions or prize-draws.
2b. Information that is automatically collected by our websites
We use passive means to collect information such as tracking what pages you visit on our sites. This information is used by our websites to determine how visitors use our sites. This then feeds into the development of the sites as we aim to make them more enjoyable and easy to use. Such collected data may include:
Cookies
We use ‘cookies’ to enhance your experience on our websites. Cookies are small data files that are sent to your browser and stored temporarily on your computer to help retain the information that you have entered whilst you browse our sites.
A cookie will typically contain the name of the domain from which the cookie has come and the ‘lifetime’ of the cookie. Cookies do not give us your personal information, they provide us with non-personal information such as remembering your browser settings, what types of software you are using etc., so that we can work with the sites to make them as easy to use as possible for you and all our visitors.
Certain cookies sent to your browser will help us to save you time. For example, if you’re halfway through an online purchase our cookies will allow you to browse other areas of our websites and then return to your purchase.
Most browsers automatically accept cookies but you can both delete existing cookies from your browser and, by editing your browser options, choose not to receive cookies in future. Please visit www.allaboutcookies.org for more information on this.
Please note that if you choose not to receive cookies then some areas of our websites may fail to function as intended so degrading your user experience.
IP Addresses
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns, and does not identify any individual. Your IP address may also be used to diagnose problems with our server, monitor visitor traffic patterns and site usage to help us develop and improve our sites further.
2c. Sensitive Data
Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, criminal history, information about your health and genetic and biometric data. Usually we don’t record any sensitive data. However, in some circumstances we may need to collect sensitive information relating to your health or dietary requirements (which may also relate to your religious beliefs). However, we would only request this information where this is required and relevant to your booking, for example, if you are registering to take part in an experience in which your health may affect how we deliver the product.
3. How we use your personal data
- We will only ever use your data when legally permitted. The most common uses of your personal data are:
- When we need to perform the contract between us. Such as emailing you an e-ticket and details of your purchase.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- When you have given us consent to process your personal data in order to send marketing information to you.
4. Administration and other non-marketing uses of data
We will use the information you enter onto our websites for administration purposes and any other purposes made clear in the data entry forms themselves, or referenced within our terms and conditions.
4a. Third Parties and disclosure of your personal data
Disclosure of your data to others may be necessary to ensure the smooth provision to you of the products, services and information you request.
We will not sell your data or share personal data with third party organisations for marketing purposes, but we do use third parties to outsource functions when we do not have the in-house capacity or capability required, such as the use of a mailing house for mailings, fulfilment of an electronic booking or service and analytical services that enable us to target our communications to you more effectively. In such cases we will only use reputable and well vetted firms and have contracts and processes in place that ensure the safe and confidential processing of personal data at all times. We may also disclose personal information where required or otherwise permitted by law.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
4b. Online Advertising
If you visit our websites, you may subsequently see banner advertisements from us whilst browsing other websites. These adverts are placed by us by approved, specialist media providers. These adverts may be targeted at you based on cookies placed on your computer or other devices when you visit our websites.
If you are active on Social Media you may also see our adverts on your Social Media channels. We may make use of existing profiling tools provided by Social Media companies to try and ensure you are seeing adverts from us that may be of interest to you. We may also utilise existing data we hold on you in combination with these existing social media tools to make our marketing more targeted.
This can include passing certain data onto Social Media companies (they cannot pass this data onto any other third parties or use this to contact you in anyway) who are based outside the European Economic Area (EEA).
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection with your personal data, so European law has restricted transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
If none of the above safeguards is available, we will request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
4c. Ticketing Partners
World Heritage Ltd. work with a selection of ticketing partners who offer our products and services at reduced prices. If you’re are purchasing one of our products using a ticketing or promotional partner in order to provide these services, securely fulfil transactions and provide you with relevant booking communications we may need to share your data with the relevant partner.
Our current ticketing partners include but are not limited to:
- Picniq
- City Cruises Poole
Some of these partnership tickets can be booked via our websites (City Cruises Poole); in these instances our partners will only receive anonymised data in order to help us process orders and payments. However, with those partners whom sell tickets on their own websites we may be required to share identifiable personal data in order for us to process bookings and payments correctly. When purchasing tickets from websites not owned or operated by us we would recommend checking the relevant partner’s privacy policy.
Our ticketing partners are not able to send you marketing material unless you give them explicit consent to do so and we only allow our partners to handle your data when they conform to appropriate data protection and security controls.
4d. Online Tickets
Booking your tickets/products and purchasing online is quick, easy, convenient and safe. We make every effort to maintain customer confidentiality when securing an online payment. This includes ensuring the security of your credit card details and other personal information. All of your personal information is encrypted as it travels over the Internet. When you make a payment you enter your card details directly into our payment providers’ secure web page. To protect you against credit card fraud (where someone has discovered your credit card details but do not have your card), you will be asked to enter the unique security code printed on the back of your payment card.
Details of your transaction may be kept in our e-ticketing provider system so that we can retain a record of the contract entered in to between ourselves and you as a customer who has purchased one of our products. These records may also be accessed by approved third parties who assist us in the delivery of our products and may be asked to investigate any potential issues with your booking or transaction. If requested records may also be given to professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services as well as HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances. Such bodies will not be able to retain your data, contact you or pass this on to other third party organisations.
4e. Online Competitions
World Heritage Ltd. will run online competitions intermittently on the website, via its Social Media channels or through on park activity. All and any competitions will be supported by documented Terms and Conditions which will specify what information will be collected and how it might be used – for instance to contact winners about receiving their prizes. Any personal information that is collected from this type of activity will be deleted once the competition entry date has closed, relevant winners have been contacted and all prizes or similar correspondence have been completed, unless you have opted into marketing communications. Personal information provided will not be used for marketing purposes unless specifically authorised to do so.
4f. Surveys
We occasionally email surveys to visitors who have purchased tickets via our websites in order that we can improve the experience for future guests and return visitors. Electronic Surveys are automatically sent to all visitors after the date of their original booking. Completing any surveys you are sent is not mandatory.
Surveys are hosted and stored securely by a third party service provider (Survey Monkey). For more information on Survey Monkey’s Privacy Policy please go to www.surveymonkey.co.uk/mp/legal/privacy-policy/. We regularly audit and restrict who has access to our Survey Monkey account in order to ensure that only those with a good reason have access.
4g. Statistical Data
We try to ensure that our websites offer visitors exactly what they are looking for. As already referenced, to help us achieve this goal we and our appointed marketing companies may collect and analyse anonymous data collected by cookies and Google Analytics about how visitors use the websites. We may also collect Internet Protocol addresses to help diagnose problems with our servers and for system administration, but we don’t link these addresses to any person’s name or identity.
4h. When we might contact you if you don’t opt-in to receive marketing
If you have chosen not to opt-in to receive marketing material from us, or since opting in have decided to opt-out, we will only contact you regarding any products you may have purchased from us and when we consider it to be in our legitimate interest to contact you about said products.
This may include:
- Sending e-tickets and a record of your purchase to you via email.
- If you are a Gold Saver Pass holder and have therefore entered into a contract with us for a set period. We may contact you with advice on how to make the most of your pass and membership and update you when your pass is due for renewal.
- Emailing you to ask you to complete a feedback survey so we can study how our customers use our products and services and improve our offering accordingly. We will only ask you to feedback on the product you have purchased and you are not obliged to complete the survey we send you.
- If you have been directly involved in any photo, video or media opportunities and provided your details.
5. Direct Marketing
You will usually receive marketing communications from us if you have:
(i) opted into receive marketing communications from us during a purchase; or
(ii) if you signed up to our newsletter on any of our websites
(iii) in each case, you have not opted out of receiving marketing communication.
(iv) if you request to receive marketing material over the phone, at a event (e.g. business trade show) or directly to our Guest Services teams on a visit. Verbal requests will be logged, password protected and uploaded to our secure database provider.
The data you give us about yourself will enable us to give you updates via email, phone or postal services using the contact details you provide, on promotions and services we offer that we think may be of use to you or to involve you in market research. How and why we might contact you will be clearly explained whenever you opt-in to receive marketing from us. To improve our picture of your interests we may link the data you give us with any data we have gathered (via cookies) about your use of our websites.
We do not currently share your data with any third parties for marketing processes and will get your express opt-in consent before we share your personal data with any third party for marketing purposes. However, from time to time we may upload email data to Facebook in order for us to target you with products and services you might be interested in. We will not pass on your personal details to any other organisation without your permission unless they are directly involved in the running/maintenance of our websites or are an outsource function on behalf of the business. Your data will only be used for the purpose of informing and marketing World Heritage Ltd.
You can ask us to stop sending you marketing messages at any time by following the opt-out (unsubscribe) links on any marketing message sent to you or by emailing info@world-heritage.org.uk confirming you wish to stop receiving marketing messages. Please note that if you opt-out of receiving our marketing communications we may still store data relating to you and any purchases you have made and may contact you directly about your bookings.
5a. Children under the age of 16
We do not intend to collect information from and market to children under the age of 16 years. Children under the age of 16 years will not be able to participate in competitions nor sign up to receive marketing communications from us. If you sign up to receive marketing materials from us we will proceed on the basis that you are over 16.
6. Image Rights
When you’re within our business premises your image may be captured. We have CCTV in operation across our sites. CCTV footage is routinely only stored for a limited time; we will only retain footage for longer than this is if it relates to an ongoing investigation.
We are a venue for filming and photography which covers business purposes and third party media companies. Your image maybe captured as and when this type of activity takes place, unless you notify a member of our staff on the day of your visit to confirm you do not wish to be captured on camera. When we choose to explicitly feature individuals (adults and children) we will gain your permission prior to using the images.
If you consent to having your photo taken and used for marketing or PR purposes we will hold your name, image and age (if applicable) on file for future re-use as well as a copy of a photo permission form by which you will have given written consent that we may use the image for marketing purposes.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In order to comply with legal and tax obligations we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for at least six years after they cease being customers.
In some circumstances you can ask us to delete your data: see below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. Your Rights to your data
Under the EU General Data Protection Regulation you have the right to request a copy of the personal information we hold about you. You also have the right to request that we erase any personal information we hold, where we have no compelling reason to continue processing this data.
A reminder of all your rights under GDPR:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please email us at info@world-heritage.org.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you (two forms of identification) to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. Changes to this policy
Because we are constantly improving our websites there may be developments in how we use your data. All such developments will be promptly notified to you in this policy. Your continued use of our websites will signify that you agree to any such changes.
11. Contact Us
If you have any queries regarding this policy, the use of your data or what data we might hold on you please feel free to get in touch by contacting the manager c/o World Heritage Ltd, 25 High West Street, Dorchester, Dorset DT1 1UW or emailing info@world-heritage.org.uk
Similarly, it is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at info@world-heritage.org.uk
Policy last updated: 24th May 2018