Leisure Pass Group (“LPG”/”we”/”us”) is committed to protecting your privacy. We will only use the information that we collect about you lawfully in accordance with UK data protection legislation. LPG is registered with the Information Commissioner’s Office in accordance with that legislation.
1.1 Information collected
1.2 We also collect information automatically about your visit to our web site
The information obtained in this way, which includes demographic data and browsing patterns, is only used in aggregate form, and as such, cannot be used to identify you.
1.3 This aggregate information is used to:
- build up marketing profiles
- aid strategic development
- audit usage of the site
1.4 Use of personal information
Our legal bases for collecting and using your information is as follows:
- Contract – we need your information to enter into and perform our contract with you
- Consent – some information is processed because you have given your consent.
- Legitimate interest – some information we collect is used for legitimate business interest such as:
- Providing updates on attractions and or services
- Obtaining customer feedback to improve the quality of our service
- Running competitions
- Compliance with legal and regulatory obligations
When purchasing a pass, customers from EU countries will be given the choice to opt-in to receive marketing communication by checking a box. These communications include but are not limited to emails, SMS and push notifications, giving information, tips and promotions on upgrades and third party offers relevant to a customer’s trip, and promotions on other city passes. Non-EU customers will have the option to uncheck a box to opt out from receiving these communications. All recipients can unsubscribe from marketing communication at any time, by clicking on the unsubscribe process included in every message.
1.5 Your personal rights and how to contact us
You have certain rights under existing data protection legislation including the right to request a copy of the personal information we hold about you, if may you request it from us verbally or in writing.
You will have the following rights:
- Right to access: the right to request copies of your personal information from us;
- Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete;
- Right to erase: the right to request that we delete or remove your personal information from our systems;
- Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it;
- Right to data portability: the right to request that we move, copy or transfer your personal information;
- Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling to inform our market research and customer demographics (see section 5 above).
If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may be able to refer your complaint to the relevant data protection regulator which in the UK is the Information Commissioner’s Office. https://ico.org.uk/global/contact-us/ or 0303 123 1113.
How long do we keep your personal information?
We will hold your personal information on our systems for as long as necessary depending on the purpose to which it was provided or until you request it is deleted. Even if we delete your personal information it may persist on backup or archival media for legal, tax or regulatory purposes.
When determining the relevant retention periods, we will take into account factors including:
- our contractual and business relationships with you;
- legal obligations under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law(s);
- (potential) disputes; and
- guidelines issued by relevant supervisory authorities
2. Go City app
2.1 When you download the Go City app (“the app”), synchronise your Go City pass with the app, or purchase the mobile pass, LPG will ask you for certain information including your name, phone number, postal address, email address and contact details. LPG may also record which services you are interested in as well as patterns of use and information requested by you and offers purchased. LPG will never collect sensitive information about you without your explicit consent.
2.2 All personal information will be kept securely in accordance with our internal security policy and will be used to:
(a) administer, run and enable your use of the app and the mobile pass and any special offers and/or passholder offers;
(b) open and run your account and provide you with an up-to-date service;
(c) generally, run the product and its related services.
2.3 Marketing Communications:
(a) As an integral part of the app and the services LPG provides, once you have synchronized your Go City pass or purchased your mobile ticket, from time to time you will receive communications (if you have provided consent to marketing communications) from LPG by SMS, email or via the app about developments concerning offers, promotions, discounts, events and new services or related activities we think you may find useful, together with location specific offers.
(b) Whilst your personal data will not be passed to third parties these communications may concern services or related activities that other reputable companies that we select, wish to offer to you. (Note that if do contact any such third parties LPG has no responsibility for any arrangements you make with them and any personal data that you provide to such companies will be governed by the terms of their privacy policies.)
(c) You have a right to stop receiving direct marketing at any time - you can do this by following the opt-out links in electronic communications (such as emails), or by contacting us at: [email protected]
3. Who do we share your personal data with?
We share the data with third parties, to help manage our business and deliver services, in which case we will require those parties to keep that information confidential and secure and to use it solely for the purpose of providing the specified services.
These third parties may from time to time need to have access to your personal data, and include:
- service providers, who help manage our IT and back office systems, and assist with our customer relationship management activities
- our regulators, which include the ICO, as well as other regulators and law enforcement agencies in the E.U. and around the world,
- solicitors and other professional services firms (including our auditors).
If you make a purchase on our site after being sent from a Eurostar booking, we will share your email address with them in order to comply with the European Commission Package Travel Directive. Your data will be deleted by Eurostar within 7 days.
We do not sell any personal data to third parties.
Should it be requested by the UK government, Go City is obliged to provide customer names and contact details for NHS Track and Trace purposes, in order to prevent the spread of COVID-19.
4. International transfer of data
Some entities in the Leisure Pass Group, with whom we share your data, and our service providers who have access to your personal data, are located outside the European Union. We may also share your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body.
We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests, in particular we will either:
- only transfer your personal data to countries which are recognised as providing an adequate level of legal protection in accordance with Article 45 of the GDPR; or
- ensure that transfers outside the European Union are subject to appropriate legal safeguards.
We acknowledge that the information you provide may be confidential and will maintain the confidentiality of and protect your information in accordance with our normal procedures and all applicable laws. We employ appropriate technical and organisational security measures to help protect your personal data against loss and to guard against access by unauthorised persons. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
In addition, those employees, agents, contractors and other third parties who process your personal data will only do so on our instructions and they will be subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.