Privacy Policy

Jersey Kayak Adventures & Jersey Walk Adventures

We promise to meet internationally recognised standards for protecting privacy by fully complying with the requirements of Jersey’s Data Protection Laws under which we are registered: Number 17210.

Jersey Kayak Adventures Ltd and Jersey Walk Adventures, Registered office; Ackaless, La Grande Route de la Cote, St Clement, Jersey, JE2 6FW. Company registration: 89374.

We want to make sure all the personal information we have collected about you is safe and secure whether we collect it through our websites: https://www.jerseykayakadventures.co.uk/ and https://www.jerseywalkadventures.co.uk/ (“Site”) or from other sources.

This Policy sets outs our commitments to you in compliance with the General Data Protection Regulation (commonly known as the GDPR). It explains how we collect, store and use your personal information.

We have appointed a Data Protection Officer to oversee our compliance with data protection laws which is responsible for data protection compliance in our organisation.

If you have any questions about this Policy or what we do with your personal information, their contact details are in the “Contact” section below.

Collecting specific, relevant personal information is necessary for us to provide you with any services you may request from us, providing services to our customers or just managing our relationship with you.

When we hold or use your personal information as a data controller (see below for a description of what this is), we will provide you with a privacy notice which sets out in detail what information we hold about you (such as your contact details, address, etc.), how your personal information may be used and the reasons for these uses, together with details of your rights.

Where we collect personal information from you directly, we will provide this privacy notice at the time we collect the personal information from you. This will normally be as a link to the privacy page.

We will only provide this privacy notice to you once, generally at the start of our relationship with you. If the applicable privacy notice is updated substantially, we may provide you with details of the updated version.

The difference between Data Controllers and Data Processors

A data controller is a person who controls how personal information is processed and used.

A data processor is a person who processes and uses personal information in accordance with the instructions of a third party, i.e. the data controller.

This distinction is important.

You have certain rights in relation to your personal information, for example, the right to be provided with the personal information held about you and details of its use and the right to have certain of your personal information either erased or anonymised, commonly referred to as the right to be forgotten (see below to see what rights you have).

These rights can generally only be exercised against a data controller of your information.

In most cases, we will be a data controller of your personal information.

In any case, where we are not a data controller, this means that you cannot exercise these rights against us directly (i.e. where we only act as a data processor), but you can do so against the data controller (i.e. the person who controls how we process the personal information).

In these cases, we will endeavour to inform you who is the data controller of your personal information so that you can direct any such requests to them.

Also, it is only a data controller that will provide you with a privacy notice about your personal information, so where we process your personal information as a data controller we will provide you with a privacy notice e.g. when you book an activity with us there is a link in the terms and conditions section of the booking form.

Where we process your personal information as a data processor for a third party, that third party should provide you with a privacy notice which will set out details regarding the processing of your personal information, which should also include the processing to be carried out by us on their behalf. For us, this is unlikely to occur.

Privacy notice for our Customers

We are committed to respecting your privacy. This notice explains how we may use the personal information we collect before, during and after your activity with us. This notice applies to you if you have booked an activity with us. This notice explains how we comply with the law on data protection, what your rights are, and for the purposes of data protection, we will be the controller of any of your personal information.

The words “we”, “our”, or “us” in this privacy notice refer to our business; Jersey Kayak Adventures & Jersey Walk Adventures. Company registration 89374, Jersey Office of the Data Commissioner. Registration number 17210.

We have appointed a Data Protection Officer responsible for data protection compliance in our organisation. Contact details are in the “Contacting us” section at the end of this privacy notice.

1. Personal information we may collect from you

Depending on the booking or contact you make with us, we may obtain personal information about you, such as information regarding your:

  • personal contact details that allow us to contact you directly, such as name, email address, postcode and country of residence;

  • telephone numbers so we can inform you of the meeting point or, in the case of bad weather/cancellations;

  • age, clothing size, shoe size and height so we have the correct equipment for you to use;

  • Optional health or medical matters that you think we should be aware of. This is for your (and others in the group’s) safety.

  • booking dates;

  • records of your interactions with us, such as telephone conversations, emails and other correspondence and your instructions to us;

  • any credit/debit card and other payment details you provide so that we can receive payments from you and details of the financial transactions with you;

  • use of and movements through our booking system, personal identification booking numbers, IP addresses, and other IT system identifying information;

  • records of your attendance and no-show information;

  • images in video and photographic form -usually photos/video of the activity and voice recordings such as voicemail;

  • your marketing preferences so that we know whether and how we should contact you.

  • details of those you have booked on the activity;

  • emergency contact and phone numbers in case of an accident;

  • National Governing Body (NGB) membership, address, date of birth and specific information required by the awarding body, e.g. when attending British Canoeing courses where a certificate is issued;

  • Seymour Tower guide training course information which will be shared with Jersey Heritage;

  • records and assessment of any grading, outcomes or ratings, competition results, details regarding courses attended and performance, e.g. if you are attending one of our British Canoeing training or assessment courses

  • Names, phone numbers, dates and times of anyone who booked one of our activities for the purpose of the Government of Jersey Contact Tracing requirements

Staff

  • as above

  • references and other information included in a CV or cover letter as part of the application process for employment;

  • disciplinary and grievance information;

  • identification documents such as passport/driving licence, DBS and Social Security cards

  • bank details

  • copies of certificates as evidence of their relevant qualifications.

  • details of relevant courses attended and Continuous Professional Development (CPD).

  • copy of social security card, tax rate and code, Identification evidence, e.g. driving licence.

  • NGB membership number and confirmation of awards held;

  • time sheets;

  • contracts and terms of employment;

  • staff meeting and appraisal notes.

2. Special categories of personal information

We may also collect, store and use the following “special categories” of more sensitive personal information regarding you:

  • information about your health, including any medical condition and behavioural matters that might be important for our staff to know about when you are participating in one of our activities. This is for your safety and the safety of others taking part (e.g. heart issues, medication you might need during the activity, knee/hip replacements and mobility matters, autism, epilepsy, allergies to wasps, oysters, etc.). This helps us to plan the activity to meet your needs and to arrange extra staffing and even specialist kit. If you think there is something we should know about which might otherwise create a barrier, please tell us in advance so we can try to enable participation;

  • Listing your medical and health information is optional.

In relation to the special category of personal data that we process, we do so on the basis that

  • the processing is necessary for reasons of substantial public interest on a lawful basis;

  • it is necessary for the establishment, exercise or defence of legal claims;

  • it is necessary for the purposes of carrying out the obligations and exercising our or your rights in the field of employment and social security and social protection law; or

  • based on your explicit consent.

In the table below we refer to these as the “special category reasons for processing of your personal data”.

3. Where we collect your information

We typically collect personal information about our customers when you purchase any services or products we offer by booking online, when you make a query and complaint or when you correspond with us by phone, e-mail or another way.

If you are providing us with details of referees, next of kin, family members and emergency contacts. In that case, they have a right to know and be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with those who you feel are sufficiently mature to understand it. They also have the same rights as set out in the “Your rights in relation to personal information” section below.

If seeking employment;

We also may collect personal information about you from any third-party references you provide as part of a job application.

4. Uses made of the information

The table below describes the main purposes for which we process your personal information, the categories of your information involved and our lawful basis for being able to do this.

Purpose

Personal information used

Lawful basis

To administer any booking, you have with us and managing our relationship with you, including dealing with payments and any support, service or product enquiries.

All contact details, transaction and payment information, records of your interactions with us, and marketing preferences.

We need to contact you with details of the venue, changes of plans, and cancellations. This is usually done by SMS, phone and email.

To send you information relating to your booking, where to meet, what to bring etc.

Contact details.

This is necessary to enable us to manage and administer your booking contract with us properly.

To arrange and manage any contracts for the provision of any services or products

Contact details, transaction and payment information.

Records of your interactions with us.

This is necessary to enable us to properly administer and perform any contract to provide any services and products you have purchased from us.

To send you marketing information about our products we think you might find useful or which you have requested from us, including our newsletters, information about our events, and products and information such as tours, walks, course dates etc.

Contact details and marketing preferences.

Where you have given us your explicit consent to do so. You can opt-in and out anytime by changing the newsletter preferences.

To answer your queries or complaints

Contact details and records of your interactions with us

We have a legitimate interest in providing complaint-handling services.

Retention of records

All the personal information we collect.

We have a legitimate interest in retaining records whilst they may be required in relation to complaints or claims. In some cases, we may have legal or regulatory obligations to retain records, e.g. following an accident.

If you do not rebook or contact us, your booking data and emails are deleted after two years. Payment records are deleted automatically after two years. We do not have access to (or keep) payment card numbers etc.

We process special category personal data (health/medical matters) based on the “special category reasons for processing of your personal data” referred to above. If you do not rebook, this is deleted after two years.

The security of our IT systems

Your usage of our IT systems and online portals.

We have a legitimate interest in ensuring that our IT systems are secure.

To conduct data analytics studies to understand attendance and trends better

Records of your attendance at any events hosted by us.

We have a legitimate interest in doing so to ensure that our products are targeted and relevant.

To promote our activities.

Images in video and photographic form.

Where you have given us your explicit consent to do so. This is requested when you book the activity.

To comply with health and safety requirements

Records of attendance and medical information about your health.

We have a legal obligation and a legitimate interest to provide you and other clients and staff with a safe environment to participate in.

We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above. Listing medical and health information is optional.

To administer your attendance at any courses or programmes, you sign up to

All contact and NGB membership details,

Transaction and payment data.

Details of any personal performance data.

This is necessary to enable us to register you and properly manage and administer your attendance on the course. NGBs such as British Canoeing require us to forward details of those attending a certificated course.

Use information about your physical or mental health (including any injuries) or disability status to ensure your health and safety. To assess your fitness to participate in our activities and -where possible- to provide appropriate adjustments to activities.

Health and medical information

We process special category personal data based on the “special category reasons for processing of your personal data” referred to in section 2 above. Listing medical and health information is optional when you book.

To gather evidence for possible grievance or disciplinary hearings

All the personal information we collect from staff and, in some situations, from customers, e.g., a customer has made a complaint against a staff member.

We have a legitimate interest in doing so to provide a safe and fair environment for customers and staff. To ensure the effective management of any disciplinary hearings, appeals and adjudications.

We process special category personal data based on the “special category reasons for processing of your personal data” referred to in section 2 above.

For criminal records history, we process it based on legal obligations or based on your explicit consent.

To comply with legal obligations, for example, regarding people working with children or vulnerable adults to comply with our safeguarding requirements

Information about staff and volunteer criminal convictions and offences

For criminal records history, we process it based on legal obligations or based on your explicit consent.

To comply with the Government of Jersey COVID-19 Contact tracing requirements.

Names, phone numbers, dates and times of anyone who booked one of our activities

We have a legal obligation and a legitimate interest to request this information as part of the Government of Jersey’s strategy to combat COVID-19. Personal details collected for the purpose of the government contact tracing scheme will only be passed onto the Government of Jersey when requested to do so. The information collected will not be used for any other purpose, such as marketing -unless you have opted-in to receive our email newsletters-. Information requested by the contact tracing team will only be used for the purposes of contact tracing. If requested, it will be kept securely on the Government of Jersey systems and processed in accordance with the Government of Jersey coronavirus (COVID-19): privacy notice.

For some of your personal information, you will have a legal, contractual or other requirement or obligation to provide us with your personal information. If you do not provide us with the requested personal information, we may be unable to properly perform our contract with you or comply with legal obligations, and we may have to cancel your booking.

For other personal information, you may not be under an obligation to provide it to us, but if you do not provide it, then we may not be able to perform our contract with you properly.

Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below.

Please note, however, that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent, and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent.

Withdrawing consent may also have the same effects as not providing the information in the first place. For example, we may no longer be able to provide you with certain benefits or special offers.

Direct marketing

Email, post and SMS: from time to time, we may contact you by email, post and SMS with information about the products and services we believe you may be interested in.

We will only send marketing messages to you by following the marketing preferences you set. You can inform us at any time that you do not wish to receive marketing messages by emailing us at Jersey Kayak Adventures. You can also unsubscribe from our marketing by clicking on the unsubscribe link in the marketing messages we send to you.

Cookies

Certain parts of our site use “cookies” to keep track of your visit and help you navigate between sections. A cookie is a small data file that certain websites store on your computer’s hard drive when you visit such websites. Cookies can contain information such as your user ID and visited pages. The only personal information a cookie contains is information you have personally supplied.

We use cookies on our site to deliver content specific to your interests and gives us an idea of which parts of the site you are visiting, and recognise you when you return to the site. Reading cookies does not provide us with access to other information on your computer’s hard drive, and our site will not read cookies created by other websites you have visited.

You may refuse to accept cookies by activating the setting on your browser, which allows you to reject the setting of cookies. If you select this setting, you may be unable to access certain parts of the site. Unless you have adjusted your browser settings to refuse cookies, our system will issue cookies when you access the site.

Please note third-party content providers may also use cookies over which we have no control.

Our site also has an opt-in/opt-out cookie option.

Cookies

Name

Domain

Purpose

Expiry

Type

CloudFlare

cloudflare.com

Helps to keep our site and our users safe and secure.

7 days

HTTP

Facebook

facebook.com

Allows us to see which visitors to our site also engage with us on Facebook

2 months

HTTP

Google Analytics

google.com

Tracks user activity across our site

7 days

HTTP

Bookeo

bookeo.com

Integrates our website with our booking provider Bookeo

7 days

HTTP

1. Disclosure of your personal information

We share personal information with the following parties:

  • Any party approved by you.

  • National Governing Bodies (NGBs such as British Canoeing) to properly administer the sport on a local, regional and national level, allow the NGB to process course attendance data and update their course attendance records. This only happens if you have completed a BC-certificated training or assessment course.

  • COVID-19 Contact Tracing information. If requested, it will be kept securely on the Government of Jersey systems and processed under the Government of Jersey coronavirus (COVID-19): privacy notice.

Other service providers: for example, payment processors, data analysis, contractors or suppliers and IT services (including CRM and website services);

Our supply chain partners and sub-contractors, such as charter boat companies for our offshore trips, may need to be aware of any safety and health-related matters and also any information that will make your trip more enjoyable and safe;

When required by law or to assist with Government (or our regulators) in their investigations or initiatives.

Police, law enforcement, and security services: to assist with investigating and preventing crime and for national security.

Transferring your personal information internationally

The personal information we collect may be transferred to and stored in countries outside the UK and the European Union. Some of these jurisdictions require different levels of protection concerning personal information. In certain instances, those countries’ laws may be less protective than the jurisdiction you are typically resident in.

All of our suppliers know the GDPR requirements for UK and EU customers and are taking steps to meet GDPR regulations. In turn, we monitor and ask for confirmation that they will adhere to GDPR standards.

We will take all reasonable steps to ensure that your personal information is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure. Where a third party processes your data on our behalf, we will place appropriate safeguards as required under data protection laws.

How long do we keep personal information?

The duration we retain your personal information will differ depending on the type of data and why we collected it from you. However, in some cases, personal information may be retained long-term. For example, we need to keep personal information for legal purposes will generally be retained under usual commercial practice and regulatory requirements. Generally, where there is no legal requirement, we retain all physical and electronic records for two years after your last contact with us. Exceptions to this rule are:

Information about personal injury or discrimination claims may be retained until the limitation period for those claims has expired. This can be extended for personal injury or discrimination claims as the limitation period might not start to run until a long time after the event.

It is essential to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example, if you change your phone number or email address. You may be able to update some of the personal information we hold about you through your booking. Alternatively, you can contact us by using the details in the “Contacting us” section below.

Your rights to personal information

You have the following rights to your personal information:

  • the right to be informed about how your personal information is being used;

  • the right to access the personal information we hold about you;

  • the right to request the correction of inaccurate personal information we hold about you;

  • the right to request the erasure of your personal information in certain limited circumstances;

  • the right to restrict processing of your personal data where specific requirements are met;

  • the right to object to the processing of your personal information;

  • the right to request that we transfer elements of your data either to you or another service provider; and

  • the right to object to specific automated decision-making processes using your personal information.

Some of these rights, such as the right to require us to transfer your data to another service provider or the right to object to automated decision-making, may not apply as they have specific requirements and exemptions and may not apply to personal information recorded and stored by us. For example, we do not use automated decision-making with your personal data.

However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.

While this privacy notice provides a general summary of your legal rights regarding personal information, this is a very complex area of law. More information about your legal rights can be found on the Jersey Information Commissioner’s website at https://oicjersey.org.

To exercise any of the above rights, or if you have any questions relating to your rights, please get in touch with us by using the details set out in the “Contacting us” section below.

If you are unhappy with how we use your personal information, you can also complain to the Jersey Information Commissioner’s Office. But, please contact us first so we can resolve your complaint.

Changes to this notice

We may update this privacy notice from time to time. When we materially change this notice, we will update the version date at the bottom of this page. We will try to give you reasonable notice of significant changes unless we are prevented from doing so. Where the law requires, we will seek your consent to changes in using your personal information.

Contacting us

If you have any query or complaint with the information we hold about you, please email [email protected] or write to us at Jersey Kayak Adventures Ltd, Ackaless, La Grande Route de la Cote, St Clement, Jersey, JE2 6FW.

Version updated 2 January 2023