Your privacy is of the utmost importance to us, and we promise never to pass on your personal details to any third parties. Maintaining the privacy and security of your personal information is a priority at BAE Group, and we are committed to respecting your rights and handling your personal data fairly and legally at all times. We will also be transparent about what data we collect about you and how we use it.
The processing of personal data, such as the name, address, e-mail address, or telephone number of customers shall always be in line with the General Data Protection Regulation (GDPR) applicable in Member states of the European Union.
This policy applies to the personal data that BAE Group collects and holds about you whether you; visit our centre, contact our centre, or visit our websites and provides you with information about:
– What personal data we collect
– How and when we use and process this data for our legitimate business interests
– The safeguards we have in place to ensure your privacy is maintained
– Your legal rights relating to personal data and how you can instruct us if you prefer to limit the use of this data
What information do we collect from you?
We may collect information from you when:
– You purchase services or products from us
– You browse our websites or receive emails from us
– You contact our customer contact team
– You respond to a feedback survey, enter a competition with us, make an online enquiry or interact with our social media channels
This information may include the following data:
– Name, gender, date of birth
– Contact details including your address, telephone numbers and email address
– Records of your transactions including what and when you purchased from us
– Marketing preferences and your survey responses
– Correspondence and communications with BAE Group
– Other publicly available personal data, including any which you have shared via public platform (such as Twitter or public Facebook pages.)
Our websites are not intended for use by children and we do not knowingly collect personal data relating to persons under the age of 16. We ask that parents and guardians ensure that children do not submit personal information via our websites or through forms in our centres.
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an online account, or send an email to our customer contact team. Other personal data is collected indirectly, for example your website browsing or transaction activity.
What do we do with this information?
BAE Group and selected partners acting on our behalf may process and use your personal data to:
– Provide leisure services and products to you
– Make websites available to you
– Improve our understanding of our customers and to improve the services we provide to them
– Verify your identity
– For crime and fraud prevention and detection
– For market research purposes after your visit
– Help us manage customer service communications with you
– Contact you about promotional offers and services which we think may interest you if you have chosen to opt in of email, sms or phone marketing when you collect your details
– Where we have a legal right or duty to use or disclose your information for example for maintaining adequate accounting records; or in relation to an investigation by a public authority; or in a legal dispute.
BAE Group never rents or sells personal data with third parties for their marketing purposes.
BAE Group may use your personal data for electronic marketing purposes primarily where we aim to update you about offers and services which we believe are of interest and relevance to you.
You have the right to opt out of receiving marketing communications at any time, by:
– The “unsubscribe” link in emails or the “STOP” number for texts; and/or
– Contacting BAE Group via the contact channels listed below.
In order to contact you about services and offers that are relevant to you, we may analyse your browsing and purchasing activity, both online, or in our centres as well as your responses to our marketing communications. We may use software and other automated technology to help us do this analysis.
Sharing data with third parties
In order to provide our services, securely fulfil transactions and provide you relevant marketing communications, we may need to share your personally identifiable data or anonymised data with selected partners including payment processing companies, IT service providers (such as hosting companies), analytics companies and marketing services agencies.
– BAE Group only allows its service partners to handle your personal data when they conform to the appropriate data protection and security controls. Our service partners have obligations relating to data protection and security restricting their use of your data to provide services to – – – BAE Group and to you, and for no other purposes
We never sell or rent our customer data to other organisations for marketing purposes
Aside from our service partners, BAE Group will not disclose your personal data to any third party, except as listed below:
– Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are legally required to do so
– To comply with our legal obligations
– To exercise our legal rights (for example in court cases)
– For the prevention, detection, investigation of crime or prosecution of offenders; and
– For the protection of our team members and customers.
How long do we keep hold of your information?
We will not retain your information for longer than necessary for the purposes set out in this Policy. The longest we hold any personally identifiable data is 5 years after your last order or interaction with our marketing communications. Further to this date we anonymise any transactional data that we hold for the purposes of accounting records or business analysis.
How do we protect your information?
BAE Group is committed to keeping your personal data safe and secure and we follow strict security procedures, technological and operational measures which include:
– Cyber security assessments of all service providers who handle your personal data.
– Regular incident management reviews to ensure we are ready to respond to cyber security attacks and data security incidents
– Regular network vulnerability scans
– Intrusion detection and monitoring through leading network infrastructure solutions
– Security controls which protect the BAE Group IT infrastructure from external attacks and unauthorised access
– Real time scanning to protect against malicious threats to BAE Group IT infrastructure
– Internal policies setting out our data security approach
– Data security and data processing training for team members
– Secure WEEE disposal of all redundant IT hardware
Our legal basis for processing personal data
Our basis for processing customer data on a carefully considered and specific legal basis, is that it is necessary for the legitimate interests of BAE Group. “Legitimate interests” means the interests of BAE Group in conducting and managing our business to enable us to provide the best experience to our customers including:
– Operating networks and systems to allow us to securely sell and supply our goods and services
– Processing and analysing data to get a more informed picture of our customers’ behaviour, activities, preferences and needs
– Using this insight to help us enhance the products and services we offer our customers;
– To better understand how customers interact with our websites to help us improve the functionality and content of our customer’s online experience
– Promoting, marketing and advertising our services and determining the effectiveness of these campaigns to help us improve the relevance of our communications to our customers
– Protecting customers, team members and other individuals and maintaining their safety and welfare
– Handling customer contacts, queries, complaints or disputes including managing insurance claims
– Protecting BAE Group, our team members and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to BAE Group
– Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies
Handling any legal claims or regulatory enforcement actions taken against BAE Group
– Complying with our legal and regulatory obligations
– Fulfilling our duties to our customers, our team members, our shareholders and other stakeholders
When we process your personal information for our legitimate interests we make sure we consider and balance any positive or negative impacts on you alongside your data protection rights. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise permitted by law). Whenever we process your data we ensure that we always take account of your rights listed below.
– You have the following rights relating to updating, rectifying and deleting your personal data held with us:
– The right to opt out of any marketing communications that we may send you
– The right to ask what personal data that we hold about you and receive a copy of it
– The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you
– The right to erasure of your personal data in certain circumstances or to restrict the processing of your data rather than having it erased
– The right to object to the processing of personal data when BAE Group processes personal data for legitimate purposes but you do not feel that your interests or fundamental rights of freedoms have been protected
– The right to lodge a complaint about how your data is being used or processed with a supervisory authority.
If you wish to exercise any of the above rights, please contact our Data Protection Team at email@example.com
A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers.
Some people may find the idea of a website storing information on their computer or mobile device a bit intrusive, particularly when this information is stored and used by a third party without them knowing. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set.
If you wish to restrict or block web browser cookies which are set on your device then you can do this through your browser settings; the Help function within your browser should tell you how.
Alternatively, you may wish to visit www.aboutcookies.org, which contains comprehensive information on how to do this on a wide variety of desktop browsers.
If you have any questions about how BAE Group uses your personal data that are not answered here, please
– Email us: firstname.lastname@example.org
– Write to us : Data Protection Team, The Big Apple, Crown Square, Woking GU21 6HR
This policy was last updated in May 2020.