The Aspinall Foundation is a world leading animal conservation charity; helping to protect critically endangered species including western lowland gorillas, black rhino and Sumatran tiger. With our sister charity, The Howletts Wild Animal Trust, we run world-class breeding programmes in our two parks in Kent and we manage major conservation projects in Congo, Gabon, Indonesia and Madagascar. Our mission is to return animals to their natural environment, so we run reintroduction schemes in more than ten countries. Howletts and Port Lympne Estates Ltd promote the use of our facilities, providing a hotel, short breaks and events on a commercial basis to support our charities.
The Foundation works hand in hand with The Howletts Wild Animal Trust which runs the Howletts Wild Animal Park and Port Lympne Reserve. The parks provide a home to a wide array of rare and endangered species, and the Foundation works to reintroduce animals back into their wild habitat.
You can contact us by email to firstname.lastname@example.org or by writing to:
The Aspinall Foundation,
Port Lympne Reserve,
Your privacy is important to us.
This document sets out in detail the type of data we collect, including our lawful basis for doing so in an easily understood format.
We fully respect your privacy and strive to meet the demanding regulatory requirements. To ensure we do so, we are supported by an independent Data Protection Officer to assist us. This includes reviewing our compliance including reviewing our policies, procedures, assisting with any complaints and providing advice.
This service is provided by:
Ferguson West Ltd,
6 Harvest Way,
The entities that make up our organisation share a common goal, to improve wildlife conservation and the habitat that they rely on for survival. We achieve this through a range of activities including breeding programmes, re wilding, and education. Wildlife conservation is incredibly expensive, and we generate funds to support our animals through a number of innovative methods include donations from our supporters, introducing exciting visitor experiences at our parks, as well as raising revenue from day visitors and the guests who use our accommodation.
Managing this ambitious programme of work often involves staff from each entity working together on the same initiative or programme from time to time. However, one of the entities will take a lead, and be the accountable body as far as data protection governance and compliance is concerned. Therefore, each entity is registered as a data controller in their own right with the Information Commissioners Office. We have appointed a data protection officer who operates in accordance with the GDPR who acts on behalf of each of the individual organisations listed below:
The personal data we collect.
Personal data is any information which could reveal your identity as an individual. This may include your name, title, date of birth, age, gender, employment status, demographic information, email addresses, telephone numbers, specific identifiers such as membership numbers IP addresses or national insurance numbers, photographs and images.
We minimise the personal data we collect and use, limiting it to only that which is necessary to facilitate a visit to our parks, purchase goods and services, enlist your support, maintain a relationship with you, as well as running our organisation.
We also collect information when you use our digital services such as our web site. This could include the pages you have visited, information about the device or browser you are using, details of digital transactions you have entered into such as buying tickets, making a donation, sponsorship, or making a reservation at our hotel or one of our lodges. We will also record details of any transactional errors you encounter when using our online services.
Occasionally we need to collect personal data of a more sensitive nature. This is called Special Category Data and includes information about your ethnic origin, political or religious beliefs, trades union membership, genetics, biometrics, health, sex life or sexual orientation. We only collect this type of data when it is absolutely necessary or when we are under a legal obligation to do so.
Information from third parties
We do not acquire personal data from third parties.
We collect and manage personal data about children in limited circumstances only. This may apply when seeking admittance to our parks, or when becoming a member. Our terms and conditions do not permit children to set up their own accounts with us, we do not knowingly provide online services directly to children under 13 years of age.
The purposes and lawful grounds for using your personal data.
When visiting our parks
To gain admission to either of our parks we require you to enter into an agreement with us which includes conditions for admission including payment. You can purchase tickets for your visit by using our online ticketing system accessed through our web site. The personal data we collect is the minimum necessary to provide you and your party with access to our facilities in advance and to collect payment. You can also pay for admission at our kiosk, if you choose to pay using a debit or credit card, the data we collect from you is limited to making that transaction.
When visiting our sites on official business
Like most organisations we rely on the support of suppliers and other specialists to enable us to operate. We receive visitors from time to time for various business reasons. As a condition of entry will collect personal information from each visitor before we grant them access to our sites and buildings. It is in our legitimate interests to do so, enabling us to provide security as well as safeguarding the well- being of every person on site including the official visitor.
Should you wish to become a member
You or your family may wish to become a member, doing so has many benefits such as enjoying unlimited annual visits to our parks, as well as other offers. Should you or your family wish to become members you can apply using our web site. The personal data we collect is limited to only that required to administer your membership, which will include your name, gender and date of birth, your address, a digital image of you and your family members, as well as contact details and payment details. By entering into this agreement with us, enables you to enjoy all of the additional benefits of becoming a member, including ease of access. Our use of digital images is necessary to for our own security as well as providing a duty of care.
We use CCTV at the points of entry to Port Lympne and Howletts, also within our parks including some public areas in and around our buildings. Our dedicated members of staff who are responsible for overnight security at Port Lympne wear body worn video cameras. The use of CCTV and body worn cameras is necessary to keep our staff and visitors safe, to prevent crime and assist in its detection, and for the protection and welfare of our animals.
Retail sales, short breaks and event management
When purchasing services or merchandise it is necessary for you to enter into a financial transactional with us. We collect and use your personal data to enable you to purchase our merchandise, to make a hotel or lodge booking, to book an experience or to organise and run an event using our facilities. This may include maintaining an ongoing relationship with you following on from your initial booking, confirmation of payment transactions, and to assist us address any changes you wish to make.
To provide a fully inclusive and enjoyable experience for all of our guests, it may be necessary to make special arrangements to accommodate individuals’ special requirements, such as disabled parking, wheelchair use or special dietary requirements. Therefore, we will seek your consent to provide more sensitive data when applicable, enabling us to put in place any special requirements you may need as well as meeting our own legal obligations.
Fundraising, donations and gifts
We use legitimate interest to contact supporters who have donated to our work recently, where applicable. This allows us to keep you updated on our work and invite you to support our campaigns without opting in. At all times you have the right to opt out of communications with us.
We have conducted a legitimate interest test to ensure that you only receive the communications that you would reasonably expect to as a supporter of our work. You can find out more about legitimate interest from the fundraising regulator here https://www.fundraisingregulator.org.uk/sites/default/files/2018-07/GDPR-briefings-fundraising_0.pdf.
If you make a donation, or support any of our fund-raising initiatives we will use the personal data you provide us with to record the nature and totality of your gift and to claim Gift Aid where it is applicable.
Any contributions you may choose to give are voluntary and based upon your consent. our web site offers you the choice to opt in to the Gift Aid scheme.
The rules of the Charity Commission place a requirement upon us to know where funds have come from, as well as any conditions attached to them. We apply due diligence to ensure credibility, financial propriety, reputation, and ethical principles are evident when donors indicate they are likely to make a significant donation. This includes researching information available in the public domain, and the use of professional specialists.
If you have informed us of your intention to leave us a gift in your will, or are considering doing so, we will keep a record of this. If we are already in some form of communication with you (or with someone who contacts us in relation to your will, such as a solicitor), we’ll keep notes of this throughout our relationship to ensure we honour your wishes.
In such circumstances after a donor has sadly passed away and we are in the process of receiving their gift we process the personal data of those involved in the administration of their estate to ensure we comply with our legal obligations, as well using the charitable gift for the purpose you intended. Access to this personal data is subject to strict controls and is stored for no longer than is necessary.
It is in our legitimate interest to process the personal data of either the supporter and or representative of the estate. On occasions we may wish to process personal data that is not directly linked to individuals involved in the administration of a legacy, we might wish to contact the relatives of a benefactor to update them how the legacy is being used, or specific benefits derived from it. In these circumstances we would rely on the consent of the individuals concerned.
In these circumstances we are likely to collect data from:
- Executors, Trustees, solicitors and other third party instructed in the administration of the legacy.
- Copies of wills and documents provided by Executors, Trustees or other professionals acting in the administration, or that publicly available.
- Other co-beneficiaries that have a shared interest to us under the will.
- Data and information in the public domain.
We like to keep our friends and supporters up to date with significant events at our parks and at our international project sites. This will include information such as recent births, updates on the progress of animals returned to their natural habitat around the world, the arrival of new animals, or events, appeals and offers. We do so through post, email and by phone.
We often use a third party to assist us with marketing and share your personal information to enable them to do so. They are contractually bound to keep your personal information safe, and to use your data only for the purposes we have set out in the contract.
When using our online services, we seek your consent to “opt in” to joining our e-mailing list. If you have initially opted in, or we are contacting you under legitimate interest and at some point in the future change your mind, we will remove your information from our lists as soon as is practicable. All methods of communication will have opt out options, and you can opt out of that method or all communication at any time.
Marketing to young people
We do not provide specific online services directly to young people.
How we keep your information safe
We fully understand the importance and duty we have in protecting your privacy. We take appropriate organisational and technical steps to safeguard it whilst in our care, including:
• Restricting access to only those who require it to process data.
• All personal data is password protected.
• Proportionate technical preventative solutions are installed on our systems.
• Using encrypted computers.
• Ensuring our staff are trained and understand potential risks.
• By using adequate physical security at our parks, buildings and offices.
• When transferring data to a third party, sending it by securely using encryption or password protection or a reliable secure courier.
• When taking files and records off site for business purposes.
• When deleting or destroying records, or dispensing with IT equipment.
Who we share information with
The Aspinall Foundation and its sister organisations will not exchange, rent, or sell your personal information to other organisations for use by them to carry out their own direct marketing activities or to share with others.
However, where you have given us permission to contact you, or we are contacting you under legitimate interest, we may use external service providers to do this on our behalf. An external service provider may, for example, include a fundraising agency calling on our behalf or a mailing house sending out material by post. We may also ask external service providers to carry out tracking and analysis on our behalf as described in the cookies policy. We recognise your right to withdraw your consent for us to contact you in this way, in which case we will remove you from our mailing list as soon as possible.
Where we use an external service provider to act on our behalf, we will disclose only the personal information necessary to deliver the service and will have a contract in place that requires the provider to comply with our data protection and information security requirements and with the relevant legal regulations.
We have an agreement in place with third parties for safe and effective information sharing and we require any suppliers to abide by the GDPR, to ensure that there are sufficient systems and procedures in place to protect your information.
We do not routinely transfer any personal data outside of the EEA except in very restricted circumstances. We may on occasions transfer data outside of the EEA on an ad hoc limited and non-repetitive basis. This involves a very small quantity of personal data relating to members of staff who may work with our contacts abroad or from time to time be sent temporarily overseas. Also to enable us to communicate with other natural persons based overseas who have been contracted to assist with our animal rewilding and conservation programmes.
How we handle direct debit or credit card information
We will ensure that when collecting sensitive information over the Internet such as debit cards, credit cards or personal information that it is carried out securely by encrypting data sent between our customer and us or our partners. We are PCI compliant and use external Payment Card Industry (PCI) compliant providers to collect this data on our behalf. We do not store PCI data on our own systems.
To protect yourself when sending us sensitive information, please ensure that you use devices running supported operating systems that are regularly patched, and incorporate some form of malware protection. Only connect your devices to networks that you trust.
Securing your passwords
Where we have given you (or where you have chosen) a password which enables you to access certain parts our website, you are responsible for keeping the password confidential. You agree not to share that password with anyone else.
Following links to third-party websites
Posting or sending inappropriate content or content you do not own
If you post or send any content that we believe to be inappropriate or in breach of any laws, such as defamatory content, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies. We have the right to disclose your identity to any third party claiming to own any content that you posted.
How long do we keep your information
We will not retain your personal information for any longer than is necessary, and only then for the purpose(s) we collected it for and its subsequent use. Our retention time limits may also be influenced by requirements set in law or by regulation, such as in Health and Safety legislation, or those required by HMRC.
You have the right to access your personal data and any such requests made to us shall be dealt within the legal time limits set.
Your rights include:
- The right to be informed about the collection and use of your personal data. This is a key transparency requirement of the GDPR.
- The right to access to information held about you.
- The right to have inaccurate personal data rectified or completed if incomplete.
- The right to have personal data erased.
- The right to request the restriction or suppression of the processing of their personal data.
- The right to data portability.
- The right to object to the processing of their personal data in certain circumstances.
- Rights in relation to automated decision making and profiling.
You also have the right to lodge a complaint with the Information Commissioner Office who can be contacted via their web site www.ico.org.uk
The GDPR does not insist for requests to be made in writing, however it will enable us to manage your request more quickly if you were to use either email or letter, accompanied by some form of identification such as a copy of a passport or driving license. Your request should be directed to:
Ferguson West Ltd,
6 Harvest Way,
In most circumstances charges will not be made. Information will be provided promptly and no later than 30 days following receipt of the request.
Changes to this privacy notice
We keep our privacy notice under is reviewed every 12 months. This privacy notice was last updated on July 2023.
How to contact us
If you want to request information about this privacy notice you can email or write to our Data Protection Officer:
Ferguson West Ltd,
6 Harvest Way,