Aviemore Ice Rink Privacy Policy

Who We Are

Aviemore Ice Rink is owned and operated by Aviemore and Glenmore Community Trust which is a private company limited by guarantee registered in Scotland with company number SC578898, Scottish charity number SC051417. Our registered office is 15-17 High Street, Kingussie, PH21 1HS and is referred to as "AGCT”, “we”, “us” or “our” in this privacy policy.

Our Commitment to You

Your privacy is very important to us. We are committed to protecting and respecting your privacy and to ensuring compliance with applicable legislation (including the UK GDPR) and to ensuring that when you choose us to acquire your tickets for our events, you know what personal data we collect about you and how we use your personal data.

This data privacy notice (“Privacy Policy”) describes how we will use your personal data. Please take the time to read and understand our Privacy Policy. Please note this Privacy Policy applies only to personal data collected by or through direct access to our website www.aviemoreicerink.com

Obtaining Your Consent

We seek ‘informed consent’ from you as part of the account creation process in order to collect and process your personal data. By supplying your personal data through our websites, over the telephone or in person, you are consenting to AGCT holding and processing such information for the purposes for which it was provided.

What Personal Data We Collect About You

The personal data which we collect about you may include:

• information that you provide as part of the ticket booking process or when creating, editing or logging into an account in our box office system (you can specify the use of this information – see Data Collected and Logged Data sections below for more details);
• other information that you provide by completing forms provided on our websites for a specific purpose; or
• correspondence with AGCT.

Additional Collected Data

Logged Data Collection

In common with most websites, our websites’ servers can automatically log certain information about every request made of them. This information is used for system administration, bug tracking and for producing usage statistics and may be kept for up to two years. From time- to-time logging may be enabled on the webserver hosting our websites. When logging is enabled, the following data is automatically collected for each data request:

• the name or network address of the computer making the request. Note that under some (but not all) circumstances it may be possible to infer from this the identity of the person making the request. Note also that the data recorded may be that of a web proxy rather than that of the originating client;
• the username, when known during authenticated (logged in) access to the site;
• the date and time of connection;
• the HTTP request, which contains the identification of the document requested;
• the status code of the request (success or failure etc.);
• the number of data bytes sent in response;
• the contents of the HTTP Referrer header supplied by the browser;
• the content of the HTTP User-Agent header supplied by the browser.

Logging of additional data may be enabled temporarily from time-to-time for specific purposes. In addition, the computers on which the website is hosted keep records of attempts to use them for purposes other than access to the web server. This data typically includes:

• the date and time of the attempt
• the service to which access was attempted
• the name or network address of the computer making the connection

It may also include details of what was done or was attempted to be done.

Google Data Collection

In addition, we use Google Analytics to help us analyse site usage and improve our websites. For more information about Google Analytics see http://www.google.com/analytics/ and Google’s Privacy Policy. You can opt out of Google Analytics collecting data about how you use ours and other websites.

How We May Use Your Personal Data

Legally speaking and in accordance with the UK GDPR, AGCT may process your personal data under the following circumstances:

• Consent: you have given clear consent for us to process your personal data for a specific purpose;
• Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract;
• Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations);
• Vital interests: the processing is necessary to protect someone’s life;
• Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
• Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Practically speaking, we are likely to process your personal data in the following ways:

• to contact you about future events being sold or activities being undertaken by AGCT;
• to contact you with essential information about your booking, for example in the case of a cancellation or programme alteration;
• to ensure that content from our websites is presented in the most effective manner for you and for your computer or device by gathering aggregate information about our users using it to analyse the effectiveness and popularity of our websites;
• to allow you to participate in interactive features of our service when you choose to do so.

You can opt in or out of receiving information by post and/or e-mail at any time, please contact us at hello@aviemoreicerink.com

How We May Disclose Your Personal Data

In addition to the foregoing, we may disclose your personal information to third parties in the following circumstances:

• In order to process a transaction: your personal information and card details are passed to third party service providers; card details are only used for the purpose of handling an individual transaction..
• If we have obtained your consent to do so.
• When we are required or authorised by law, court order, regulatory or governmental authority to disclose your personal data.
• If required to protect the rights, property or safety of the AGCT, its members, or others.

Your Data Protection Rights Under the UK GDPR

If you are a resident of the United Kingdom you are entitled to certain individual rights related to personal data protection. These rights include (but or not limited to):

• The right to be informed about the collection and use of your personal data;
• The right to access and receive a copy of your personal data, and other supplementary information;
• The right to rectification in accurate personal data, or completion thereof (if incomplete);
• The right to erasure of your personal data;
• The right to restrict processing or suppression of your personal data;
• The right to object to the processing of your personal data and certain circumstances.

For further information about your rights, please consult the UK Data Commissioner’s Office official website. AGCT is committed to taking requisite and reasonable steps to enable you to correct, amend, delete or otherwise limit the use of your personal data. If you wish to be apprised of what personal data we hold about you and/or you wish to exercise any of your rights in connection therewith (including having such data removed from our systems), please contact us at hello@aviemoreicerink.com 

Please note that we may ask you to verify your identity before responding to such requests.

Third Party Data Protection

Security

Credit card transactions are processed by www.stripe.com and transmitted via Bookwhen who provide our online booking system.

When asked to enter personal details, including your credit card number, the address bar will indicate that you are on a secure webpage, most likely by showing https:// at the beginning of the address. This indicates that all data is being transmitted securely between your web browser and Bookwhen servers, using encryption to ensure that the data cannot be read or modified by a third party. We take data security extremely seriously and understand the need to adhere to high levels of checking and auditing around storing and transferring cardholder data. As part of the global Payment Card Industry Data Security Standard (PCI DSS), Stripe is fully compliant with PCI requirements and maintains this standard as part of its regular system review process. Protecting customers against credit card fraud is a critical issue for AGCT as Card Payment Merchants and we require that under no circumstances should credit card information be sent by email.

Cookies

Like many websites we use cookies to store and then retrieve small bits of information on your computer when you visit. This information is used to make the site work as you expect it to. It is not personally identifiable to you, but it can be used to give you a more personalised web experience. Some of the information stored is put there by other companies whose software we have added to our website, and this can also impact your experience of other websites you may visit after leaving ours. If you continue to use our website without taking action to prevent the storage of this information, you are effectively agreeing to this use. If you want to learn more about the general uses of cookies, including how to stop them being stored by your computer, please visit Cookiepedia. Please note that if you disable cookies, or do not opt in to receive them from these sections of our website, some functionality will not be available, name, the ability to log in to your account and the ability to access the booking system.