Privacy policy

1. Introduction

At Haven we are committed to protecting and respecting your privacy, whilst striving to provide the very best guest experience. We work very hard to keep your information safe and we want our services to be safe and enjoyable for everyone. We follow strict security procedures on how personal information is stored and used and who sees it to help stop any unauthorised person getting hold of it.

This privacy policy (and any other documents referred to in it) explain in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle your data and keep it safe. Please read this privacy policy carefully to understand our practices regarding your personal information. We know it may seem like a lot of information, but we want you to be appropriately informed about your rights and how we use your data. We hope the following sections will answer any questions you may have, but if not, please do get in touch.

We may update this notice from time to time. If there is any significant change, we will let you know, but you’re welcome to come back and check it whenever you wish.

For your information this privacy policy was last updated on the date noted at the bottom of this page.

2. Who are Haven Leisure Ltd?

Haven Leisure LTD owns and operates thirty-eight family holiday parks, providing caravans for sale, touring and camping (including facilities) in the UK, in predominantly coastal locations. For simplicity throughout this notice, ‘we’ and ‘us’ means Haven Leisure LTD and its business units.

We have a legal duty to protect personal information that we collect under Privacy Legislation such as, the UK GDPR, the Data Protection Act 2018 (the “DPA”) and the Privacy and Electronic Communications Regulations 2003, (PECR).

For the purpose of the DPA and PECR, we are the data controller and are located at Bourne Leisure Ltd, One Park Lane, Hemel Hempstead, HP2 4YL. If you have any queries relating to this policy, you may write to us this address or contact us HERE

3. The Legal bases we rely on

The law on data protection sets out a number of different reasons for which a company may collect and process personal data, including:

Consent

In certain circumstances, we can collect and process your data with your consent.

For example, we may ask you if you would like to receive news and offers. When we ask you this we will always give you the option to tick a box informing us of your preferences.

To fulfil our contract to you

In certain circumstances, we can collect and process your personal data to fulfil our contract to you.

For example, if you book a holiday with us, we’ll collect your personal information to enable us to book your holiday and communicate with you about all the details.

Legal Compliance

If the law requires us to, we may need to collect and process your data

For example, we can pass on details of people involved in fraud or other criminal activity affecting Bourne Leisure LTD to law enforcement.

Legitimate Interest

In certain situations, we may process your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

For example; ensuring network and information security

Fraud and Anti Money Laundering prevention

Indicating possible criminal acts or threats to public safety

Personalising our websites content to improve your customer experience

We may send you surveys to ensure we understand your experience and to make improvements where necessary.

4. When do we collect your personal information?

We may collect and use various types of personal information about visitors to our websites and guests who book a holiday with us or buy a holiday home from us, including:

  • When you create an account with us.

  • When you engage with us on social media.

  • When you engage with one of our contact centres, we may record audio.

  • When you download or install one of our applications.

  • When you join one of our loyalty programmes.

  • When you contact us with a query or make a complaint.

  • When you ask us to email you about a holiday or service.

  • When you enter prize draws or competitions.

  • When you book an appointment or attend an event provided by a 3rd party supplier e.g. a big weekend or a bowls event.

  • When you choose to complete a survey that we send you.

  • When you leave reviews or comment on our services.

  • If you fill in any forms e.g. booking an activity or when going to a spa.

  • If an accident or incident takes place.

  • When you book a break through one of our partners e.g. Saga, family fund or The Sun.

  • When you give a third-party permission to share with us any information they hold about you.

  • When you use our car parks and hotel facilities, we usually have CCTV, ANPR and Body worn cameras in operation for the safety and security of both our guests and our Team Members. These systems may record your image during your visit.

5. What types of personal data do we collect?

  • Title

  • Name

  • Address

  • Telephone number

  • Age and DOB (Including children’s or additional parties)

  • Gender

  • Online identifiers (E.g. IP address, cookies and other social media identifiers)

  • Booking reference

  • Client ID

  • Health & medical information

  • Proof of identity (e.g. passport & driving license)

  • Financial information e.g. bank/credit/debit details

  • Photography/CCTV/Body worn camera, ANPR and Poolview)

  • Audio

  • Third party letting information

  • Ferry booking information (when we arrange this for you)

6. How and why do we use your personal data?

  • To process any bookings that you make or services that you purchase using our websites, apps or on site. If we don’t collect your personal data during checkout, we won’t be able to process your booking, fulfil our contract with you and comply with our legal obligations.

For example, your details may need to be passed to a third-party to supply or deliver the booking or service that you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on.

  • To respond to your queries, refund requests and complaints. Handling the information, you provide enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our services based on your experience.

  • To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.

For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent logins from unexpected locations.

  • To protect our customers, premises, assets and Partners from crime, and to ensure health and safety at all times, we operate CCTV systems on our facilities and car parks which record images for security. We do this on the basis of our legitimate business interests.

  • When buying a caravan with us we may carry out checks against the electoral roll and credit reference agencies and/or conduct identity verification and financial crime screening checks as part of our obligations under Money Laundering and Financial Conduct Authority (FCA) regulations.

  • To process payments and to prevent fraudulent transactions. We do this based on our legitimate business interests. This also helps to protect our customers from fraud.

  • Whenever you make a large booking at one of our resorts we may check your details against the electoral roll.

  • We may sometimes receive requests from TV and other companies to film/photograph our hotels. We also take our own promotional films and photographs on our parks throughout the year.

  • If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim to protect the individuals we interact with from criminal activities.

  • We may record conversations with you for training and monitoring purposes.

  • With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by post, email, web, text and telephone through our contact centres about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on.

Of course, you are free to opt out of hearing from us by any of these channels at any time.

  • To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, and legally required information relating to your bookings. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.

  • To display the most interesting content to you on our websites or apps, we’ll use data we hold about your favourite types of holiday or services. We do so on the basis of your consent to receive app notifications and/or for our website to place cookies or similar technology on your device.

For example, we might display a list of holidays you’ve recently looked at, or offer you recommendations based on your purchase history and any other data you’ve shared with us.

  • To administer any of our prize draws or competitions which you enter, based on your consent, given at the time of entering.

  • To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.

  • To comply with our contractual or legal obligations to share data with law enforcement and other authorities.

For example, when a court order is submitted to share data with Government functions & law enforcement agencies or a court of law e.g. HM Revenue or DWP.

  • To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.

  • To build a rich picture of who you are and what you like, and to inform our business decisions, we may combine data captured from across the group, third parties and data from publicly available lists, as we have described in the section 'What Sort of Personal Data do we collect?' We’ll do this on the basis of our legitimate business interest.

For example, by combining this data, this will help us personalise your experience and decide which inspiration or content to share with you. We also use anonymised data from customer booking histories to identify trends in different areas of the country. This may then guide which types of news and offers we send to different locations.

  • Help inform business decisions for example which 3rd Party websites we partner with to ensure our advertising reaches our customers.

7. Combining your data for personalised Advertising

We want to bring you news and offers that are most relevant to your interests at particular times. To help us form a better, overall understanding of you as a customer, we may, where relevant, combine your personal data, for example your booking history and activities preferences. For this purpose, we may also combine the data that we collect directly from you with data that we obtain from third parties to whom you have given your consent to pass that data onto us.

We may also use something called “Facebook custom audiences” to deliver advertisements to our website customers, based on email addresses that we collect from you. The tool enables us to convert your email address into a unique number that Facebook can then match with the numbers generated from its own customers email addresses. You may learn more about Facebook custom audiences by visiting: https://www.facebook.com/business/help/341425252616329?id=2469097953376494

We also use something called "Lookalike Audiences" this tool enables us to create a lookalike audience of customers with similar demographics. Facebook finds users who have similar attributes to our customer base.

Our customers would need receive marketing as a result of this activity.

To opt out of receiving marketing reading section 14 below, titled ‘How can you stop the use of your personal data for direct marketing?’

8. Who do we share your personal data with?

We sometimes share your personal data with trusted third parties. Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:

  • We provide only the information they need to perform their specific services.

  • They may only use your data for the exact purposes we specify in our contract with them.

  • We ensure appropriate Due Diligence is undertaken to ensure the security of your data.

  • We work closely with them to ensure that your privacy is always respected and protected.

  • If we stop using their services, any of your data held by them will either be deleted, returned or rendered anonymous.

Examples of the kind of third parties we may work with are:

  • IT companies and service providers who support our website, applications and other business systems.

  • Direct marketing companies who help us manage our electronic and postal communications with you.

  • Data insights and market research agencies.

  • Social Media Channels to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our

    Cookies Policy

    for more details.

  • Payment service providers that enable us to fulfil transactions with you.

  • Partnerships we work with e.g. Reward Schemes and Newspapers

  • For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.

  • We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.

  • We may, from time to time, expand, reduce or sell our business and therefore may share data with prospective buyers of our business or assets. If this happens your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.

  • Activity providers.

  • Where you are attending an event organised by a third-party at our resorts we may share booking details with them to allow the event to be planned effectively. This includes:

  • Spring Harvest breaks.

  • ESF breaks.

  • Status Quo Fan club breaks.

For example, If you take out holiday insurance as part of your holiday, we may pass on details of your booking to our insurers, and their underwriters. This will allow them to administer your policy and any claim.

For further information please contact our Data Protection Officer on HERE

9. Security on our resorts

The following are operated in our hotels to assist with monitoring & maintaining hotel safety, to prevent & detect crime & assist law enforcement (where necessary):

  • CCTV.

  • Automated Number Plate Recognition (ANPR).

  • Body Worn Cameras (BWC) where required for guest safety - the security team will always inform you before turning their BWC’s on.

  • Pool view, some sites may operate drowning prevention technology.

These systems are operated for the protection of our guests, employees & premises from criminal activities.

If we discover any criminal activity or alleged criminal activity through our use of CCTV, we will process this data for the purposes of preventing or detecting unlawful acts.

The Legal basis for our use of this information is in our Legitimate Interests to ensure the safety of guests and employees at our hotels and to assist with law enforcement. We may also use the footage to exercise & defend our legal rights.

10. How we use Sensitive Personal Information

We do not normally collect sensitive personal information from you as part of the booking process. However, if you make us aware of any special requests for your booking including anything due to specific medical, dietary or religious requirements, we will note these so that we can do our best to meet your request. We will not process this data for any other purpose. If you book onsite activities (including, but not limited to, sports, outdoor activities and spa treatments), we ask for information about your health including any existing conditions relevant to the activity and details of who to contact in the event of an emergency. The information is collected for the following purposes:

  • To provide the activities and treatments you want and to ensure you can safely take part.

  • To ensure we are able to contact someone in an emergency.

The legal basis for our use of this data is your consent and to fulfil our contract with you. You have the right to object to us processing this data at any time and our right to process data is not overridden by your interests, fundamental rights and freedoms.

11. Where We Transfer and Store Personal Information

The personal information that we collect from our website visitors and guests may be transferred to, and stored at, destinations outside the European Economic Area, (the "EEA”). To safeguard your personal information and to ensure that it is properly protected we have put in place contractual safeguards with our Data Processors.

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

12. How long will we keep your personal data?

Whenever we collect or process your personal data we’ll only keep it for as long as is necessary, for the purpose for which it was collected. This period will be determined based on any business and/or legal requirements.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

If you need further information, please contact us HERE

13. Your Rights in Your Personal Information

You have certain rights in respect of the personal information that we hold about you. To exercise any of these rights, please submit a request HERE

We will process all personal data in line with your rights, in each case to the extent required by and in accordance with applicable law only (including in accordance with any applicable time limits and any requirements regarding fees and charges). We will always respect your personal information rights. For more information on your rights, how to exercise these and when they apply, please see: https://ico.org.uk/your-data-matters/

14. How can you stop the use of your personal data for direct marketing?

There are several ways you can stop direct marketing communications from us:

You can opt out HERE

  • Click the ‘unsubscribe’ link in any of our email communication that we send you. We will then stop any further emails from that division.

  • If you have an account, log in into your account and change your preferences.

  • In our apps, you can manage your preferences and opt out from one or all the different push notifications by selecting or deselecting the relevant options in the ‘Settings’ section.

  • If you do not wish to see advertising on social media, you can also manage this within your social media platform settings.

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.

15. Cookies and other tracking technology

Our website uses “cookies” and other tracking technologies which are placed and stored on your computers’ hard drives, or in their browser memories, if you agree, when you visit our website. These are used for various purposes, including distinguishing you from other website visitors. You can manage all cookies using your browser settings or using a service such as https://www.aboutcookies.org.uk/managing-cookies. You can manage your preferences for the Facebook pixel through Facebook settings. See our Cookies Policy for more information.

16. HotJar

We use HotJar in order to better understand our users’ needs and to optimise this service and experience. HotJar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. HotJar uses cookies and other technologies to collect data on our users’ behaviour and their devices in particular device's IP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). HotJar stores this information in a pseudonymized user profile. Neither HotJar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see HotJar's privacy policy which can be located at https://www.hotjar.com/legal/policies/privacy/You can opt-out to the creation of a user profile, HotJar's storing of data about your usage of our site and HotJar's use of tracking cookies on other websites by following this opt-out link:https://www.hotjar.com/legal/compliance/opt-out/

17. How do we protect your personal data?

We treat your information with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our websites and apps using ‘https’ technology.

Access to your personal information is password protected, and sensitive data is secured and tokenised to ensure it is protected.

We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

18. Changes to Our Privacy Policy

We reserve the right to modify this privacy policy from time to time. Any changes we make in the future will be posted on the following website: haven.com You should check back frequently to see any updates or changes to our privacy policy.

19. Any Questions?

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you with any questions, concerns, comments, requests or complaints regarding this privacy policy, our website and/or our use of your personal information. Please address your concerns to us by clicking HERE or submit in writing for the attention of: The Data Protection Officer, Bourne Leisure Ltd, One Park Lane, Hemel Hempstead, HP2 4YL.

If you have any complaints regarding this privacy policy, you may also contact the UK Information Commissioner at telephone number 0303 123 1113 or https://ico.org.uk/make-a-complaint

Get the latest Haven exclusives!

Receive Haven news and offers to your inbox

By providing your email address, you are consenting to being updated on all things Haven! Manage preferences via your account or by clicking the update preferences link in our emails. Privacy policy