We take the privacy and security of your personal information very seriously and want you to be confident about giving it to us.
We promise to respect the information you give us and keep it safe. We aim to be clear when we collect your information and not do anything you wouldn’t reasonably expect.
We’ll never sell your personal information and we will only share it when it’s absolutely necessary and then only with trusted organisations, for example those who provide data processing services for us like the providers of our e-shot mailing system.
Whenever we collect information from you, whether on this website or elsewhere, we will do our best to explain why we need it, what we’re planning to do with it and how long we will keep it for.
We won’t ask for information we don’t need and we will endeavour to only keep your personal information for as long as necessary for the purpose we collected it.
We will never sell or share your data with third parties for marketing purposes.There may be times however, when we need to share your details for data processing; for example to process online bookings. We only use reputable companies to help us collect or process your personal information.
The only other people we might be required to share your information with would be the police, official bodies or other parties as legally required.
Most of the customer data we hold is collected and stored within Merac, our Customer Relationship Management System (CRM). For example we use Merac to handle online bookings, it stores the information needed to process your booking and so that we can recognise you when you arrive on park to use your tickets. Merac is the data processor and The Milky Way is the data controller.
We do not store any card or payment details and customer data is automatically anonymised over time.
We send regular emails to keep our customers up to date with latest news, events and offers. Opt in subscriptions are collected through our website via an email sign up form, as well as during the online ordering process. We also collect them offline, for example on annual pass holder sign up forms, in feedback questionnaires and via the WIFI service that guests join while at the park. Every marketing email we send includes an unsubscribe link to allow you to opt out from receiving them in the future.
We use a reputable email provider called Campaign Monitor to store your data and to send our marketing emails. This information is transferred via a secure API / encrypted during transfer. If you have opted in during an online process, or for an annual pass, your email will also be stored with your customer record in our CRM.
As part of our email provider’s standard service they place tracking within the email. This tracks and stores activity such as whether emails were opened and if links were clicked. We use this information to make our email activity more efficient and relevant to you – for example, if you haven’t opened an email from us in some time we will automatically remove your details from our list. You can opt out of this tracking by clicking the preferences link at the bottom of every email that we send.
We understand that circumstances change and that you may no longer want to receive emails from us. To be removed from our marketing emails the easiest thing to do is click the ‘unsubscribe’ link within our emails. Alternatively you can contact us.
When you use the App, we automatically collect specific data that are required for the use of the App. This data includes:
· Location, accuracy and date/time periodically throughout the day (only while at the attraction)
· Each visit to the resort including date/time first seen and last seen
· Operating system
· Operating system version
· Device name
· Battery level
· Battery status (charging or not)
· Bluetooth status (on or off)
· Mobile network carrier name
· Currently connected Wi-Fi SSID
· Location permission status (on or off)
· IP address
· User's preferred locale
· Current time zone
· App version and build number
· App interactions (captured as events fed to Firebase Analytics)
· Date/time entered/exited geofence region (if you enter an offered geofence region)
This data is automatically sent to us, (1) so that we can make the service and the associated functions available to you; (2) to improve the functions and features of the App and (3) to prevent misuse and to rectify malfunctions and (4) to offer you a personalised guest experience. This data processing is justified on the basis that (1) the processing is required in order to fulfil the requirements of the contract between you as the data subject and us in accordance with Art. 6(1)(b) GDPR for the use of the App, or (2) we have a legitimate interest in guaranteeing the functionality and fault-free operation of the App and being able to offer a service that is in line with the requirements of the market and with the interests of the users and prevails over your rights and interests in the protection of your personal data in accordance with Art. 6(1)(f) GDPR
When you make an enquiry using an online form we will only collect the information needed to efficiently respond to your enquiry and we won’t use your information for any other reason unless we specifically ask for your permission at the time. Your enquiry will be emailed to us and will be kept in our system for a maximum of 12 months (normally less), unless your enquiry is ongoing.
Online bookings and the information you provide to make the booking, are handled and stored by our CRM system. As well as storing data this system is connected to the tills onsite to allow us to recognise you when you arrive at the entrance. Personal details will be automatically anonymised over time.
There is a separate payment provider (bank) who processes your card details when you book online, we don’t store any card or payment details on our systems. When you make a payment, you enter your card details directly into the payment provider’s secure web page. These details are not shared with us. To protect you against credit card fraud, you will be asked to enter the unique security code printed on the back of your payment card. All of your personal information is encrypted as it travels over the internet.
We will collect the data we need to set up your pass either via an online or offline form. Hard copies of the form will be kept for a maximum of 4 months, after which your personal data will only be stored in our CRM system, so that we recognise you when you visit. We may also use this information to contact you should we have any questions or issues during the period that your pass is active and to inform you when your pass is going to expire. We will also take a photo of you when your pass is activated. Personal data and photos will be kept on our system for a maximum of 12 months from the expiration of your annual pass.
To set up annual passes we need to collect name, gender, age band and photos for children under the age of 18. We will always endeavour to obtain parental consent when we collect this information.
The details you supply to apply for a job at The Milky Way will not be used for any other reason than to assess your suitability for employment with us.
If you send us a CV or application and are not applying for a specific role, we will hold your details on file in case a suitable job opportunity arises in the future. We will print or retain one hard copy and delete any digital copies of the information you send. The hard copy will be kept in a secure cabinet for a maximum of 16 months. You can request that we destroy the hard copy at any point by emailing [email protected].
We are obliged by our insurance company and by the HSE / RIDDOR to keep a record of all accidents reported to us which occur on our premises. We will not use the information for any other purpose and it will be stored securely for the minimum time legally required.
We have numerous other communications with customers via email or the phone where we collect data. These include birthday party bookings and group bookings. In all communications we will only ask for the information that we sensibly need to handle you booking or enquiry. For any type of booking this information will be kept securely either in hard copy or in our CRM system and will be anonomised or deleted after a sensible time period.
Occasionally we will take photographs and video around the site for marketing purposes. If you are going to feature in the photos or video we will ask for your permission and, if you consent to this, we will store the image(s) and your consent form for future reference.
Information that is automatically collected via our website
Under the GDPR regulations you can ask us for a copy of the personal information we hold about you and you can ask for it to be erased where there is no reason for us to continue to process this data.
If you wish to request any information or to have your details removed from our records please contact us. You can email [email protected] or you can write to the Information Controller at The Milky Way, Clovelly, Bideford, Devon EX39 5RY. We may require proof of identity and more details to process your request and we have one month to respond.
If you are not happy with our response, you are able to contact the Information Commissioner’s Office at www.ico.org.uk
Our website and social media may contain links to other websites or services. You should note that we are in no way responsible for the content or privacy policies these websites / services may have in place and advise that you use caution and refer to these websites own Privacy statements and terms.
The contents of this site are owned or registered to The Milky Way which is owned by TK, CA, MD, J & T Stanbury, the partners of Stanbury Lesure LLP, and can only be used or reproduced strictly by permission. Unlawful reproduction may result in legal action.
If you have any comments, questions, or complaints relating to our Security & Privacy Statement please email [email protected]