The Aspinall Foundation is a world leading animal conservation charity; helping to protect critically endangered species including western lowland Gorillas, Black Rhino and Sumatran Tigers. With our sister charity, The Howletts Wild Animal Trust, we run world-class breeding programmes in our two parks in Kent and we manage major conservation projects in Congo, Gabon, Indonesia and Madagascar. Our mission is to return animals to their natural environment, so we run reintroduction schemes in more than ten countries. Howletts and Port Lympne Estates Ltd promote the use of our facilities, providing a hotel, short breaks and events on a commercial basis to support our charities.
The Foundation works hand in hand with The Howletts Wild Animal Trust which runs the Howletts Wild Animal Park and Port Lympne Reserve. The parks provide a home to a wide array of rare and endangered species, and the Foundation works to reintroduce animals back into their wild habitat.
You can contact us by email to firstname.lastname@example.org or by writing to:
The Aspinall Foundation,
Port Lympne Reserve,
Your privacy is important to us.
This document sets out in detail the type of data we collect, including our lawful basis for doing so in an easily understood format.
We fully respect your privacy and strive to meet the demanding regulatory requirements. To ensure we do so, we are supported by an independent Data Protection Officer to assist us. This includes reviewing our compliance including reviewing our policies, procedures, assisting with any complaints and providing advice.
This service is provided by:
Ferguson West Ltd,
6 Harvest Way,
CT 18 7PE
Our organisation is made up of three entities, each of them process data using shared policies, procedures and IT platforms. Each entity is registered as a data controller with the Information Commissioner reflecting the different aims and objectives of each of the parts of our organisation. The registration details are as follows: The Aspinall Foundation, Reg no ZA509081, Howletts and Port Lympne Estates Ltd, Reg no Z 7777137, and the Howletts Wild Animal Trust, Reg no ZA 509077.
The personal data we collect.
Personal data is any information which could reveal your identity as an individual. This may include your name, title, date of birth, age, gender, employment status, demographic information, email addresses, telephone numbers, specific identifiers such as membership numbers IP addresses or national insurance numbers, photographs and images.
We minimise the personal data we collect and use, limiting it to that which is necessary to facilitate a visit to our parks, purchase goods and services, enlist your support, maintain a relationship with you, as well as running our organisation.
We also collect information when you use our digital services such as our web site. This could include the pages you have visited, information about the device or browser you are using, details of digital transactions you have entered into such as buying tickets, making a donation, sponsorship, or making a reservation at our hotel or one of our lodges. We will also record details of any transactional errors you encounter when using our online services.
Occasionally we need to collect personal data of a more sensitive nature. This is called Special Category Data and includes information about your ethnic origin, political or religious beliefs, trades union membership, genetics, biometrics, health, sex life or sexual orientation. We only collect this type of data when it is absolutely necessary or when we are under a legal obligation to do so.
Information from third parties
We do not buy in data.
We collect and manage personal data about children in some circumstances, such as when seeking admittance to our parks, or when becoming a member. Our terms and conditions do not permit children to set up their own accounts with us, we do not knowingly provide online services directly to children under 13 years of age.
The purposes and lawful grounds for using your personal data.
When visiting our parks
To gain admission to either of our parks we require you to enter into an agreement with us which includes conditions for admission including payment. You can purchase tickets for your visit by using our online ticketing system accessed through our web site. The personal data we collect is the minimum necessary to provide you with access to our facilities in advance and to collect payment. You can also pay for admission at our kiosk, if you choose to pay using a debit or credit card the data we collect from you is limited to making that transaction.
When visiting our sites on official business
Like most organisations we rely on the support of suppliers and other specialists to enable us to operate. We receive visitors from time to time for various business reasons. As a condition of entry will collect personal information from each visitor before we grant them access to our sites and buildings. It is in our legitimate interests to do so, enabling us to provide security as well as safeguarding the well- being of every person on site including the official visitor.
Should you wish to become a member
You or your family may wish to become a member, doing so has many benefits such as enjoying unlimited annual visits to our parks, as well as other offers. Should you or your family wish to become members you can apply using our web site. The personal data we collect is limited to that required to administer your membership, which will include your name, gender and date of birth, your address, a digital image of you and your family members, as well as contact details and payment details. By entering into this agreement with us, enables you to enjoy all of the additional benefits of becoming a member, including ease of access. Our use of digital images is necessary to for our own security as well as providing a duty of care.
We use CCTV at the points of entry to Port Lympne and Howletts, also within our parks as well as the public areas in and around our buildings. This is necessary to enhance the personal safety of visitors, prevent crime and the safety and wellbeing of our own workforce.
Retail sales, short breaks and event management
When purchasing services or merchandise from us it is necessary for you to enter into a transactional arrangement with us. We collect and use your personal data to enable you to purchase our merchandise, to make a hotel or lodge booking, or to organise and run an event using our facilities. This may include maintaining an ongoing relationship with you following your initial booking, confirmation of payment transactions, and to assist us address any changes you wish to make.
To provide a fully inclusive and enjoyable experience for all of our guests, it may be necessary to make special arrangements to accommodate individuals’ special requirements, such as disabled parking, wheelchair use or special dietary requirements. Therefore, we will seek your consent to provide more sensitive data when applicable, enabling us to put in place any special requirements you may need as well as meeting our own legal obligations.
Fundraising, donations and gifts
We will always seek your consent when inviting you to support our charity raising activities such as making a donation or supporting any one of our fund-raising initiatives.
If you make a donation, or support any of our fund- raising initiatives we will use the personal data you provide us with to record the nature and totality of your gift, to claim Gift Aid where it is applicable, and also to provide updates on the results of competitions or raffles.
Any contributions you may choose to give are voluntary and based upon your consent, our web site offers you the choice to opt in to the Gift Aid scheme.
The rules of the Charity Commission place a requirement upon us to know where funds have come from, as well as any conditions attached to them. We apply due diligence to ensure credibility, financial propriety, reputation and ethical principles are evident when donors indicate they are likely to make a significant donation. This includes researching information available in the public domain, and the use of professional specialists.
If you have informed us that you intend to leave us a gift in your will, or are considering doing so, we will keep a record of this. If we are already in some form of communication with you (or with someone who contacts us in relation to your will, such as a solicitor), we’ll keep notes of this throughout our relationship to ensure we honour your wishes.
In such circumstances after a donor has sadly passed away and we are in the process of receiving their gift we process the personal data of those involved in the administration of their estate to ensure we comply with our legal obligations, as well using the charitable gift for the purpose you intended. Access to this personal data is subject to strict controls and is stored for no longer than is necessary.
Our legal basis for doing so is; it’s in our legitimate interest to process the personal data of either the supporter and or representative of the estate. On occasions we may wish to process personal data that is not directly linked to individuals involved in the administration of a legacy, we might wish to contact the relatives of a benefactor to update them how the legacy is being used, or specific benefits derived from it. In these circumstances we would rely on the consent of the individuals concerned.
In these circumstances we are likely to collect data from:
• Executors, Trustees, solicitors and other third party instructed in the administration of the legacy.
• Copies of wills and documents provided by Executors, Trustees or other professionals acting in the administration, or that publicly available.
• Other co-beneficiaries that have a shared interest to us under the will.
• Data and information in the public domain.
We like to keep our friends and supporters up to date with significant events at our parks, such as, recent births, updates on the progress of animals returned to their natural habitat around the world, the arrival of new animals, or events and offers.
We use a third party to assist us with marketing and share your personal information to enable them to do so. They are contractually bound to keep your personal information safe, and to use your data only for the purposes we have set out in the contract.
When using our online services, we seek your consent to “opt in” to joining our mailing list. If you have initially opted in and at some point in the future change your mind, we will remove your information from our lists as soon as is practicable.
Marketing to young people
We do not provide specific online services directly to young people.
How we keep your information safe
We fully understand the importance and duty we have in protecting your privacy. We take appropriate organisational and technical steps to safeguard it whilst in our care, including:
• Restricting access to only those who require it to process data.
• All personal data is password protected.
• Proportionate technical preventative solutions are installed on our systems.
• Using encrypted computers.
• Ensuring our staff are trained and understand potential risks.
• By using adequate physical security at our parks, buildings and offices.
• When transferring data to a third party, sending it by securely using encryption or password protection or a reliable secure courier.
• When taking files and records off site for business purposes.
• When deleting or destroying records, or dispensing with IT equipment.
Who we share information with
The Aspinall Foundation will not exchange, rent, or sell your personal information to other organisations for use by them in their own direct marketing activities.
However, where you have given us permission to contact you, we may use external service providers to do this on our behalf. An external service provider may, for example, include a fundraising agency calling on our behalf or a mailing house sending out material by post. We may also ask external service providers to carry out tracking and analysis on our behalf as described in the cookies policy. We recognise your right to withdraw your consent for us to contact you in this way, in which case we will remove you from our mailing list as soon as possible.
Where we use an external service provider to act on our behalf, we will disclose only the personal information necessary to deliver the service and will have a contract in place that requires the provider to comply with our data protection and information security requirements and with the relevant legal regulations.
We also have contracts for services such as IT and payroll.
We have an agreement in place with third parties for safe and effective information sharing and we require any suppliers to abide by the GDPR, to ensure that there are sufficient systems and procedures in place to protect your information.
We may also disclose your personal information if we are required to do so under any legal obligation.
We do not routinely transfer any data outside of the EEA. We may on occasion transfer data outside of the EEA on an ad hoc basis. When doing so we follow all of our legal obligations.
How we handle direct debit or credit card information
We will ensure that when collecting sensitive information over the Internet such as debit cards, credit cards or personal information that it is carried out securely by encrypting data sent between our customer and us or our partners. We are PCI compliant and use external Payment Card Industry (PCI) compliant providers to collect this data on our behalf. We do not store PCI data on our own systems.
To protect yourself when sending us sensitive information, please ensure that you use devices running supported operating systems that are regularly patched, and incorporate some form of malware protection. Only connect your devices to networks that you trust.
Securing your passwords
Where we have given you (or where you have chosen) a password which enables you to access certain parts our website, you are responsible for keeping the password confidential. You agree not to share that password with anyone else.
Following links to third-party websites
Posting or sending inappropriate content or content you do not own
If you post or send any content that we believe to be inappropriate or in breach of any laws, such as defamatory content, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies. We have the right to disclose your identity to any third party claiming to own any content that you posted.
How long do we keep your information
We will not hold on to your personal information for any longer than is necessary, and only then for the purpose(s) we collected it for and its subsequent use. Our retention time limits may also be influenced by requirements set in law or by regulation, such as in Health and Safety legislation, or those required by HMRC.
You have the right to access your personal data and any such requests made to us shall be dealt within the legal time limits set.
Your rights include:
• The right to be informed about the collection and use of your personal data. This is a key transparency requirement of the GDPR.
• The right to access to information held about you.
• The right to have inaccurate personal data rectified, or completed if incomplete.
• The right to have personal data erased.
• The right to request the restriction or suppression of the processing of their personal data.
• The right to data portability.
• The right to object to the processing of their personal data in certain circumstances.
• Rights in relation to automated decision making and profiling.
You also have the right to lodge a complaint with the Information Commissioner Office who can be contacted via their web site www.ico.org.uk
The GDPR does not insist for requests to be made in writing, however it will enable us to manage your request more quickly if you were to use either email or letter, accompanied by some form of identification such as a copy of a passport or driving license. Your request should be directed to:
Ferguson West Ltd,
6 Harvest Way,
CT 18 7PE
In most circumstances charges will not be made. Information will be provided promptly and no later than 30 days following receipt of the request.
Changes to this privacy notice
We keep our privacy notice under is reviewed every 12 months. This privacy notice was last updated on 5th July 2019.
How to contact us
If you want to request information about this privacy notice you can email or write to our Data Protection Officer:
Ferguson West Ltd,
6 Harvest Way,
CT 18 7PE