1.1. At Haulfryn, we are committed to protecting and respecting your privacy.
1.2. Haulfryn Group Ltd. is a family owned company operating Holiday and Residential Parks across the UK. In this privacy notice, uses of “we”, “our”, “us” or “Haulfryn” are references to Haulfryn Group Ltd. and our parks.
1.3. Our registered office address is Haulfryn Group Ltd, Clarion House, Norreys Drive, Maidenhead, Berkshire, SL6 4FL. Our registered company number in England & Wales is 307876.
1.4. This privacy notice sets out how we collect, use, and store your personal information (meaning any information that identifies or could identify you) in order to offer the service you expect and to comply with data protection laws and regulations (“Data Protection Legislation”) which may include the General Data Protection Regulation 2016/679 (“GDPR”) and the Data Protection Act 2018 (“DPA”). The Data Protection Regulation continues to change in the UK, following the UK’s exit from the European Union and we continue to update our practices and policies in line with these changes.
1.5. Uses of “you” and “your” in this privacy notice refers to the “data subject” meaning a living individual whose personal data is collected, held or processed by us. If you are reading this privacy notice on one of our websites, this almost certainly includes you.
1.6. Data Subjects for our business may include our customers (holidaymakers, holiday and residential home owners, leisure members and members of the public using our facilities), suppliers, partners, employees, contractors and other third-parties necessary to the effective running of the business including prospective individuals in all categories.
1.7. For the purposes of the Data Protection Legislation, in most cases dealt with in this privacy notice Haulfryn Group Ltd. is the “data controller” meaning we determine the purpose and means of the personal information processing dealt with within. Our ICO registration number is Z6407268.
1.8. If you are reading this privacy online, we recommend you save and retain a copy for your records
2. Information we collect about you
Information you give to us:
2.1. While interacting with us through a holiday booking, holiday or residential home purchase, living or spending time on our parks, supporting our business needs, working for us, or for any other reason, you may give us personal information in a number of ways, including:
2.1.1. Using, visiting, or interacting with our website (such as completing forms or using live chat)
2.1.2.Visiting our parks or offices
2.1.3.During meetings, interviews, or appointments
2.1.4.Corresponding with us by post, phone, email, SMS or other means
2.1.5.Sending information directly to us, or providing information as requested by us and/or which is necessary under certain circumstances
2.2. The information you give us may include the following information about you:
Personal information such as:
2.2.1. Full or partial name
2.2.2. Contact details (which may include postal address, email address and phone numbers)
2.2.3. Date of birth
2.2.4. Financial information (for example payee details, credit/debit card details)
2.2.5. National insurance number
2.2.6. Employment details (such as salary, employment history, educational records, and achievements)
2.2.7. References (as an applicant or potential supplier)
2.2.8. Photograph(s) of you or that you may have taken
Sensitive personal information such as:
2.2.9. Passport details, nationality and other information relating to immigration status.
2.2.10. Information about your physical or mental health, or disability status, to ensure your health and safety at our premises and to assess your ability to work and make appropriate adjustments.
2.2.11. Information relating to your race or national or ethnic origin, religious, philosophical, or moral beliefs, your gender and/or gender identity, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
Information we collect when you use our website(s) and/or other digital products
2.3. We may automatically collect the following information – with prior consent where applicable:
2.3.1. Technical information such as the Internet Protocol (IP) address used to connect your device to the internet, operating system and platform, browser type and version, time zone setting, and browser plugin types and versions.
2.3.2. Information about your visit such as the Uniform Resource Locators (URL) clickstream to, through and from our website(s) or other digital product (including date and time), pages you viewed or searched for, page response times, download and other errors, length of visits to certain pages, interaction information (for example scrolling, clicks, mouse-overs, field selections) and methods used to browse away and contact methods used.
2.3.3. Screen recordings of your interactions with our website(s) and other digital products (strictly excluding the entry of any personal information into forms and anything beyond the boundaries of our products).
2.3.4. Transcripts of interactions with chat services such as chat bots and live chat.
2.4. Please note that our website(s) may contain links to other websites outside our control. If you follow any of these links, these websites or digital products will not be covered by this privacy notice and may have their own, different privacy notices. We do not accept any responsibility or liability for these notices. We encourage you to check these third-party notices before sharing any personal data with third parties.
Information we receive from other sources
2.5. We may be working closely with third parties (for example booking agents, directories, estate agents, suppliers, partners, payment and delivery services) and may receive information about you from them.
2.6. If you book a holiday at one of our holiday parks, or are an owner inviting guests to stay at your holiday home, we may ask you for personal information about your additional holidaymakers/guests to ensure their safety and quality of experience on park. In these instances, this privacy notice will not only apply to your personal information but also to the information you provide on their behalf. It is your responsibility to bring this privacy notice to their attention.
2.7. We may utilise CCTV footage and ANPR (Automatic Number Plate Recognition) to ensure the safety of our premises, employees, and customers.
3. Legal basis for using/processing your information
3.1. In most cases, we will only use your personal information with your prior consent and/or to fulfil a contract or potential contract with you (for example you have booked or attempted to book a holiday (including activities undertaken), purchased, or attempted to purchase a property from us).
3.2. However, there are other lawful reasons we may use or process your personal information, the most common being ‘legitimate interest’ – meaning when there is legitimate interest for us to use/process your personal information to ensure you get the most from your interaction(s) with us.
3.3. Whenever we use/process your personal information under the lawful basis of ‘legitimate interest’ we will make sure to consider your rights and interests and will not use/process your personal information if there is no need.
4. How we use/process your information
Information you give to us
4.1. We will use/process the personal information you give to us with consent and/or with the following legitimate interests (as applicable to our relationship with you):
4.1.1. Market and promote our business and the products, facilities, and services we offer
4.1.2. To keep you up to date with news, events offers and important information
4.1.3. To enable to efficient management of our business and the adherence to legal and other such obligations
4.1.4. Respond to an enquiry or declaration of interest in our products, facilities, or services via our website(s) or other means
4.1.5. To enable us to meet our obligations arising from the contract (or potential) contract between you and us and to provide the information and services you request from us and we request from you (for example the purchase or sale of a holiday or residential property, the booking of a holiday, or membership at our facilities)
4.1.6. As needed to supply or receive products or services
4.1.7. As required for recruitment purposes
4.1.8. To comply with government or regulatory guidance
4.2. In addition to the above, we may be required by law to do the following (as a minimum):
4.2.1. Keep a record of payments and accounting
4.2.2. Keep a record to evidence fair recruitment processes
4.2.3. Keep a record of your personal or business relationship with us
Information we collect when you use our website(s) and/or other digital products
4.3. In addition to the above legitimate interests where relevant, we will use this information as follows:
4.3.1. To administer our website(s) and/or other digital products
4.3.2. To ensure smooth running of internal operations, including troubleshooting, data analysis, testing and research
4.3.3. To optimise and improve our website(s) to ensure the content and experience is effective and appropriate for all users and devices
4.3.4. As part of our efforts to keep our website(s) and other digital products safe and secure
Information we receive from other sources
4.5. We may combine this information with other information we collect about you and in most cases the types of information will align with those outlined above.
4.6. We may use/process this information in the same ways, with consent and/or legitimate interest set out above and will treat its safety and security in the same way.
When we disclose information
4.6. To pursue the legitimate interests outlined above, we may share your information with:
4.6.1. All business areas within Haulfryn Group Ltd. as necessary
4.6.2. Business partners, professional advisors, suppliers, and sub-contractors as required for the performance of any contract we enter into with them or you
4.6.3. Credit/debit card companies or payment processors
4.6.4. Third party booking or distribution partners or service providers
4.6.5. Customer review and market research companies (for our own purposes only) and marketing service providers
4.7. We may disclose your personal information with other third parties if we are under a duty to do so to comply with legal obligations, regulations, or codes of practice, or to enforce contracts (between us and you) and other agreements
4.8. We will under no circumstances ever sell or share your personal information for third party marketing purposes.
When we need your consent
4.9. We will not market to you by phone, email, SMS or by other direct digital contact methods (other than in rare cases where legitimate interest is applicable) without your express consent.
4.10. Postal communications are not covered under the same data protection regulations and as such we may send you information by post unless you have specifically told us you don’t want to receive this.
4.11. We will endeavour to offer you the option of receiving marketing communications by the methods you prefer, and to honour these preferences where possible.
4.12. We may from time to time use unaddressed postal marketing (for example flyers delivered by Royal Mail) to reach new customers but rarely have granular control over its distribution. If you receive anything like this after requesting we don’t contact you buy post, please accept our apologies.
4.13. Likewise, from time to time you may see advertising from us online and in print which is not targeted at you based on personal data but instead because you fall in into a target group or due to Cookie based tracking. These are not covered under marketing consent though we do offer you the opportunity to opt out of tracking cookies (see paragraph 8).
4.14. It is your right to request that we do not use your details for marketing purposes and any consent given can be revoked at any time by following the unsubscribe links in electronic communications, or by contacting our Data Protection Officer (see paragraph 10).
5. Keeping your personal information safe
5.1. To pursue the legitimate interests above, we rely on software applications and other technology to store and process data about you. The third parties we use to deliver these applications are carefully selected by us, amongst other things, to ensure the safety and security of your personal information. If you have any concerns about use of software and technology in our data practices or would like more information about the systems we use, please contact our Data Protection Officer (see paragraph 10).
5.2. We take the security of your personal information extremely seriously. We have implemented appropriate physical, technical and organisation measures to protect all the personal information under our control, both on and offline from improper access, use, alteration, destruction and loss.
5.3. Unfortunately, the transmission of information over the internet is not completely secure. Although we do our best to protect information sent to us in this way, we cannot guarantee the security of data transmitted to our website(s) or by other electronic means.
5.4. Any debit or credit card details received through our website(s) and/or other digital products are passed securely to our payment processing partners in accordance with the Payment Card Industry Security Standards (PCI DSS).
5.5. The data we use/process about you may be transferred, and stored at a destination outside the UK, or the European Economic Area (EEA). Where possible we limit this, but it may sometimes be necessary for example when one of our suppliers has a data centre outside of the UK or EEA. In these instances, we will take all reasonable steps and measures to ensure the safety of this information in accordance with this privacy notice and that all legal safeguards are in place prior to the transfer and for the length of the storage/processing of the information.
6. How long we keep your personal information
6.1. We only retain your personal information for as long is reasonable and/or necessary for the relevant activity or context.
6.2. When determining the length of retention period we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of the personal information, the purposes for which we process the personal information and any legal, regulatory or and relevant industry standards or guidelines.
7. Your rights under data protection legislation
7.1. The data protection legislation in the UK affords you the following rights regarding the personal information we may hold about you:
7.1.1. The right to be informed: You have the right to be informed when your personal data will be collected and what it will be used for. This privacy notice sets out when and how we do this and will be made easily accessible at the point of data collection wherever possible
7.1.2. The right of access: You have the right to receive a copy of any personal information any organisation holds about you. This is commonly referred to as a Subject Access Request (SAR).
7.1.3. The right to rectification: You have the right to request that any incorrect personal information is rectified, or completed if it is incomplete.
7.1.4. The right to erasure: You have the right to request that any personal information held about you be erased. This is also known as the right to be forgotten.
7.1.5. The right to restrict processing: As an alternative to complete erasure, you have a right to request that your personal information be processed (used) only in certain circumstances.
7.1.6. The right to data portability: You have the right to receive personal information (that you have previously provided) in a structured, commonly used and machine readable format. You also have the right to request that one data controller transmits the data directly to another data controller.
7.1.7. The right to object: You have the right to object to the processing/use of your personal information. This may be all the information held or just some of it.
7.1.8. Rights in relation to automated decision making and profiling: You have the right to not be subject to decision making and/or profiling made without human intervention unless you have given your consent, it is strictly necessary for a contract or is otherwise permitted by law.
7.2. None of the rights mentioned above are absolute and unlimited. Many apply only in certain circumstances and as such we may not be able to fulfil every request.
7.3. If you would like to exercise any of your rights in relation to the personal information we hold about you, you can do so by contacting our Data Protection Officer (see paragraph 10).
7.4. Although we would hope to resolve any issues directly with you, should you deem it necessary, you can make a complaint to the data protection supervisory authority, the Information Commissioner’s Office at https://ico.org.uk where you can also find out more about your rights.
8.2. Cookies are used to store information about you such as your preferences, your device/browser and your actions on a website.
8.3. Cookies are typically categorised into 4 types: Strictly necessary, performance, functional and targeting. Our website(s) use all 4 types.
9. Changes to our privacy notice
9.1. We may from time to time update this privacy notice. The month and year of the last updated will be captured at the bottom of this page.
9.2. Minor changes will be reflected within and the update date captured.
9.3. Major changes with significant impact will be communicated to you (if we hold your data at the time) by additional means, such as email, where possible and appropriate.
10. Contacting our Data Protection Officer and Data Control team
10.1 Any questions, comments and requests relating to this privacy notice or in any way to your data protection rights should be addressed to our Data Protection Officer:
10.1.1 By email: firstname.lastname@example.org
10.1.2 By post: Data Protection Officer, Haulfryn, Clarion House, Norreys Drive, Maidenhead, Berkshire, SL6 4FL
10.2 Our current Data Protection Officer is Dave Murphy who is also our Chief Financial Officer.
10.3 Where possible, any questions comments and requests will be dealt with by our Data Control team – escalating to our Data Protection Officer only as necessary or upon your request.
Last Updated: August 2021