The Aspinall Foundation is a world leading animal conservation charity; helping to protect critically endangered species including western lowland Gorillas, Black Rhino and Sumatran Tigers. With our sister charity, The Howletts Wild Animal Trust, we run world-class breeding programmes in our two parks in Kent and we manage major conservation projects in Congo, Gabon, Indonesia and Madagascar. Our mission is to return animals to their natural environment, so we run reintroduction schemes in more than ten countries. Howletts and Port Lympne Estates Ltd promote the use of our facilities, providing a hotel, short breaks and events on a commercial basis to support our charities.
The Foundation works hand in hand with The Howletts Wild Animal Trust which runs the Howletts Wild Animal Park and Port Lympne Reserve. The parks provide a home to a wide array of rare and endangered species, and the Foundation works to reintroduce animals back into their wild habitat.
You can contact us by email to firstname.lastname@example.org or by writing to:
The Aspinall Foundation,
Port Lympne Reserve,
Your privacy is important to us.
This document sets out in detail the type of data we collect, including our lawful basis for doing so in an easily understood format.
We fully respect your privacy and strive to meet the demanding regulatory requirements. To ensure we do so we are supported by an independent Data Protection Officer who assists us with our compliance including reviewing our policies, procedures and providing advice.
This service is provided by:
Ferguson West Ltd,
6 Harvest Way,
CT 18 7PE
We are registered as a data controller with the Information Commissioner Office, Reg no Z7777137.
The personal data we collect.
Personal data is any information which could reveal your identity as an individual. This may include your name, title, date of birth, age, gender, employment status, demographic information, email addresses, telephone numbers, specific identifiers such as membership numbers IP addresses or national insurance numbers, photographs and images.
We minimise the personal data we collect and use limiting it to only that which is necessary for us to assist you visit our parks, purchase goods and services, enlist your support, maintain a relationship with you, as well as running our organisation.
We also collect information when you use our digital services such as our web site. This could include the pages you have visited, information about the device or browser you are using, details of digital transactions you have entered into such as buying tickets, making a donation, sponsorship, or making a reservation at our hotel or one of our lodges. We will also record details of any transactional errors you encounter when using our online services.
Occasionally we need to collect personal data of a more sensitive nature. This is called Special Data and includes information about your ethnic origin, political or religious beliefs, trades union membership, genetics, biometrics, health, sex life or sexual orientation. We only collect this type of data when it is absolutely necessary or when are under a legal obligation to do so.
Information from third parties.
We do not buy in data.
The purposes and lawful grounds for using your personal data.
When visiting our parks.
To gain admission to either of our parks we require you to enter into an agreement with us which includes conditions for admission including payment. You can purchase tickets for your visit by using our online ticketing system accessed through our web site. We only collect sufficient personal data from you to provide you with access to our facilities in advance and to collect payment. You can also pay for admission at our kiosk, if you choose to pay using a debit or credit card the data we collect from you is limited to making that transaction.
When visiting our sites on official business.
Like most organisations we rely on the support of suppliers and other specialists to enable us to operate. We receive visitors from time to time for various business reasons. As a condition of entry will collect personal information from each visitor before we grant them access to our sites and buildings. It is in our legitimate interests to do so, enabling us to provide security as well as safeguarding the well- being of every person on site including the official business visitor.
Should you wish to become a member.
You or your family may wish to become a member, doing so has many benefits such as enjoying unlimited annual visits to our parks, as well as other offers. Should you or your family wish to become members you can apply using our web site. The personal data we collect is limited to that required to administer your membership, which will include your name, gender and date of birth, your address, as well as contact details and payment details. This is to enable you to enter into an agreement with us, enabling you to enjoy all of the benefits membership brings.
We use CCTV at Port Lympne and Howletts for the purpose of preventing crime and providing security and safety for our workforce.
Retail sales, short breaks and event management.
When making a purchase we need to enter into an arrangement to provide you with the services or products you require. We collect and use your personal data to assist you with the purchase our merchandise, to make a hotel or lodge booking, or to organise and run an event using our facilities. This may include maintaining an ongoing relationship with you following your initial booking, confirmation of payment transactions, and to assist us address any changes you wish to make.
To provide a fully inclusive and enjoyable experience for all of our guests, we may need to make special arrangements to accommodate individuals’ special needs, such as disabled parking, wheelchair use or special dietary requirements. Therefore we collect this data from you with your consent to meet our own legal obligations.
Fundraising, donations and gifts.
We seek your consent when inviting you to support our charity raising initiatives such as making a donation or supporting any one of our fund-raising initiatives.
If you make a donation, or support any of our fund- raising initiatives we will use the personal data you provide us to record the nature and total of your gift, also to claim Gift Aid where it is applicable, also to update you with the results of competitions or raffles.
Any contributions you may choose to give are voluntary and based upon your consent, our web site offers you the choice to opt in to the Gift Aid scheme.
The rules of the Charity Commission place a requirement upon us to know where funds have come from, as well as any conditions attached to them. We apply due diligence to ensure credibility, financial propriety, reputation and ethical principles are evident when donors indicate they are likely to make a significant donation. This includes researching information available in the public domain, and the use of professional specialists.
If you have informed us that you intend to leave us a gift in your will, or are considering doing so, we will keep a record of this. If we are in some form of communication with you (or with someone who contacts us in relation to your will, such as a solicitor), we’ll keep notes of this throughout our relationship to ensure we honour your wishes.
In such circumstances after a donor has passed away and we are in the process of receiving their gift we process the personal data of those involved in the administration of their estate for the purpose of ensuring we comply with our legal obligations in receiving and using the charitable gift for the purpose you intended. Access to this personal data is subject to strict controls and is stored for as long as may be required to enable us to administer our legacy.
Our legal basis for doing so is that it is in our legitimate interest to process the personal data of either the supporter and or representative of their estate. On occasions we may wish to process personal data that is not directly linked to individuals involved in the administration of a legacy, we might wish to contact the relatives of a benefactor to update them how the legacy is being used, or specific benefits derived from it. In these circumstances we would rely on the consent of the individuals concerned.
In these circumstances we are likely to collect data from:
• Executors, Trustees, solicitors and other third party instructed in the administration of the legacy.
• Copies of wills and documents provided by Executors, Trustees or other professionals acting in the administration, or that publicly available.
• Other co-beneficiaries that have a shared interest to us under the will.
• Data and information in the public domain.
We like to keep our friends and supporters up to date with significant events at our parks, such as, recent births, updates on the progress of animals returned to their natural environment around the world, the arrival of new animals, or events and offers.
We do use a third party to assist with marketing, and share your personal information to enable them to do so. They are required to comply with a contract which we have in place setting out strict terms and conditions specifying how they use your personal data on our behalf.
When using our online service we seek your consent to “opt in” to being added to our mailing list. If you have initially opted in and at some point and later change your mind we will remove your information from our lists as soon as is practicable.
Marketing to young people.
We do not provide specific online services directly to young people.
Managing staff and volunteers.
The information we collect from you is limited to that required for us to enter into an employment contract with you, as well as meeting our legal obligations as an employer.
If you apply and are successful in being offered a position with us, either on a permanent, temporary or voluntary basis we will request you to provide information about yourself, including unspent criminal convictions. This might include your name, address, data of birth, national insurance number, a CV, references, verifiable proof of identity, proof of relative qualifications, and where you access our parks with your personally owned vehicle, its registration details.
If you are unsuccessful your application we will retain your application material for 6 months before deleting it. We may approach you and seek your consent to retain your information so that we can contact you if another employment opportunity arises.
In certain circumstances we may need to collect and use personal data relating to you that is sensitive (special category personal data). This may be because of the type of job you do and its associated risks, or as a consequence of an injury sustained whilst at work.
We do not routinely monitor the activities of our staff and volunteers in the workplace with the exception of those staff who enter animal enclosures where we use CCTV for their welfare, or following a breach of security.
How we keep your information safe
We fully understand the importance and duty we have in protecting your privacy. We take appropriate organisational and technical steps to safeguard it whilst in our care, including:
• Restricting access to only those who require it to process data.
• All personal data is password protected.
• Proportionate technical preventative solutions are installed on our systems.
• Using encrypted computers.
• Ensuring our staff are trained and understand potential risks.
• By using adequate physical security at our parks, buildings and offices.
• When transferring data to a third party, sending it by securely using encryption or password protection or a reliable secure courier.
• When taking files and records off site for business purposes.
• When deleting or destroying records, or dispensing with IT equipment.
Who we share information with
The Aspinall Foundation will not exchange, rent, or sell your personal information to other organisations for use by them in their own direct marketing activities.
However, where you have given us permission to contact you, we may use external service providers to do this on our behalf. An external service provider may, for example, include a fundraising agency calling on our behalf or a mailing house sending out material by post. We may also ask external service providers to carry out tracking and analysis on our behalf as described in the cookies policy. We recognise your right to withdraw your consent for us to contact you in this way, in which case we will remove you from our mailing list as soon as possible.
Where we use an external service provider to act on our behalf, we will disclose only the personal information necessary to deliver the service and will have a contract in place that requires the provider to comply with our data protection and information security requirements and with the relevant legal regulations.
We also have contracts for services such as IT and payroll.
We have an agreement in place with third parties for safe and effective information sharing and we require any suppliers to abide by the GDPR, to ensure that there are sufficient systems and procedures in place to protect your information.
We may also disclose your personal information if we are required to do so under any legal obligation.
We do not routinely transfer any data outside of the EEA. We may on occasion transfer data outside of the EEA on an ad hoc basis. When doing so we follow all of our legal obligations.
How we handle direct debit or credit card information
We will ensure that when collecting sensitive information over the Internet such as debit cards, credit cards or personal information that this done so securely by encrypting data sent between the customer and us or our partners. We are PCI compliant and use external Payment Card Industry (PCI) compliant providers to collect this data on our behalf. We do not store PCI data on our own systems.
To protect yourself when sending us sensitive information, please ensure that you use devices running supported operating systems that are regularly patched, and incorporate some form of malware protection. Only connect your devices to networks that you trust.
Securing your passwords
Where we have given you (or where you have chosen) a password which enables you to access certain parts our website, you are responsible for keeping the password confidential. You agree not to share that password with anyone else.
Following links to third-party websites
Posting or sending inappropriate content or content you do not own
If you post or send any content that we believe to be inappropriate or content in breach of any laws, such as defamatory content, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies. We have the right to disclose your identity to any third party claiming to own any content that you posted.
How long do we keep your information for
We will hold your personal information for as long as it is necessary as is necessary for the purpose we have collected the personal data, and its subsequent use.
By way of example, we hold data for six years after contract end so we can fulfil any statutory obligations.
You have the right to access your personal data and any such requests made to us shall be dealt with in a timely manner.
When carrying out work with a stakeholder or client who for data protection purposes is a controller, an Information Sharing Agreement will be put in place, its contents will explain to you, which controller you should contact should you wish to exercise any of your rights.
Your rights include:
• The right to be informed about the collection and use of your personal data. This is a key transparency requirement of the GDPR.
• The right to access to information held about you.
• The right to have inaccurate personal data rectified, or completed if incomplete.
• The right to have personal data erased.
• The right to request the restriction or suppression of the processing of their personal data.
• The right to data portability.
• The right to object to the processing of their personal data in certain circumstances.
• Rights in relation to automated decision making and profiling.
You also have the right to lodge a complaint with the Information Commissioner Office who can be contacted via their web site www.ico.org.uk
The GDPR does not insist for requests to be made in writing, however it will enable us to manage your request more quickly if you were to use either email or letter, accompanied by some form of identification such as a copy of a passport or driving license. Your request should be directed to:
Ferguson West Ltd,
6 Harvest Way,
CT 18 7PE
In most circumstances charges will not be made. Information will be provided promptly and no later than 30 days following receipt of the request.
Changes to this privacy notice
We keep our privacy notice under is reviewed every 6 months. This privacy notice was last updated on August 2018.
How to contact us
If you want to request information about this privacy notice you can email or write to:
Ferguson West Ltd,
6 Harvest Way,
CT 18 7PE