Purpose of this Privacy Notice
Aqua Leisure Ltd respect your privacy and is committed to protecting your personal data, this Privacy Notice will tell you what to expect when we process personal information. It applies to information about customers, potential customers, website users and other service users. It tells you the purposes for which we may process your personal information and the legal basis for this processing (‘processing’ includes us just keeping your personal information).
Aqua Leisure Ltd is the controller and responsible for your personal data (referred to as
“Aqua Leisure Ltd”, “we”, “us” or “our” in this privacy notice) Aqua Leisure Ltd is the controller and responsible for this website.
If you have any requests about this privacy notice, including any request to exercise your legal rights, please contact us on the below:
Aqua Leisure Ltd
Phone: 01309 641102
FAO Privacy Manager Aqua Leisure Ltd
This version was last updated on 18th March 2021.
You have the right to complain to the ICO if you think we have breached the GDPR.
You can contact the ICO at:
Information Commissioner’s Office, Wycliffe House, Water Lane , Wilmslow, Cheshire, SK9 5AF
0303 123 1113 / http://www.ico.org.uk/
The Information Commissioner (ICO) is also a source of further information about your data protection rights. The ICO is an independent official body, and one of their primary functions is to administer the provisions of the GDPR.
- Why do we collect and store personal information?
Personal data, or personal information means any information about an individual from which a person can be identified.
We may ask you for certain personal data to provide you with the products and services you request. For example, when you make a purchase, a website request, contact our Customer Service team, to fulfil our warranty program or when you request to receive communications, participate in our events, offers or competitions.
We may collect, use, store, and transfer different kinds of personal data about you which we have categorised below:
Identity Data – First Name, Last Name
Contact Data – Billing Address, Delivery Address, Email Addresses, Phone Numbers
Your employment status, salary, and homeowner status
CCTV footage at our main office
- How is your personal data collected?
You may give us your personal data by filling in web forms or by corresponding with us directly by post, phone, email our website, or otherwise. This includes personal information you provide when you:
- Complete and submit a form on our website.
- Enter a competition.
- Legal basis for processing
Where possible, we will always get your consent to us processing your personal information, in particular, this is the case when it comes to us collecting personal data used for marketing communication purposes.
Under the GDPR, consent is a legal basis for processing personal information.
Where we cannot get consent, there are other reasons why we can process your personal information under the GDPR:
- Legitimate interests: where it is in our legitimate business interests as a Wet Leisure Expert to process your information, we can do that so long as we do not interfere with your fundamental rights or freedoms.
- Where we are under a legal obligation or an obligation under a contract to process/disclose the information
- Where we need to protect the vital interests (i.e., the health and safety) of you or another person.
- Your consent
- Where we need to protect the vital interests (i.e., the health and safety) of you or another person.
- Where you have already made your personal information public
- Where we or another person needs to bring or defend legal claims
- Substantial public interest grounds
- Information we may hold about you and how we use it.
The information we hold on our records concerns our relationship with you. The below table sets out the activities we carry out, the type of personal data we collect (as per the above categorisations), and the lawful reason for us processing this personal data: Purpose/Activity Type of Lawful basis for processing Data.
|To manage our relationship with you, including:
||Identity & Contact||
|To process product orders and delivery including:
||Identity & Contact||
|To process any after-sales request including:
||Identity & Contact||
|To communicate information about;
||Identity & Contact||• Consent|
- Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests
This list is not exhaustive, as we hold records of most contacts, we have with you, or about you, and we process this information so we can deliver services to you. Generally, the information we hold will have been provided by you at point of order or directly to our Customer Service team via email or over the phone.
We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details or opt out if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide some services to you if you refuse to provide information that stops us from doing so.
To opt out of any marketing content, you will find an unsubscribe option on any emails sent. For any other activities you want to opt out of, please contact our Privacy Manager on the contact stated at the start of this policy.
- How we manage your personal information
We process your personal information in accordance with the principles of the General Data Protection Regulation (‘GDPR’).
We will treat your personal information fairly and lawfully and we will ensure that information is:
- Processed for limited purposes;
• Kept up-to-date, accurate, relevant, and not excessive;
- Not kept longer than is necessary;
• Kept secure.
Access to personal information is restricted to authorised individuals on a strictly need-to-know basis.
We are committed to keeping your personal details up to date, and we encourage you to inform us about any changes needed to ensure your details are accurate.
To help us to ensure confidentiality of your personal information we may ask you security questions to confirm your identity when you call us.
- Security of your data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- Data Retention – How long will we hold your personal data?
We will only hold your personal data for as long as necessary to fulfil the purpose we collected it for.
In order for us to decide how long we hold your personal data for we review sensitivity, amount, potential risk from unauthorised use, the purpose we are processing and the legal basis.
The details of our full retention periods of your personal data can be found in our data retention policy. You can request this by contacting our Privacy Manager at the contact stated at the start of this policy.
- Sharing your personal information
Normally, only relevant Aqua Leisure Ltd staff will be able to see and process your personal information. However, there may be times when we will share relevant information with third parties for the purposes as outlined in the above section “why do we collect personal information”, or where we are legally required to do so. When sharing personal information, we will comply with all aspects of the GDPR.
Where necessary or required, we may share information as follows:
- With our authorised dealers, in order to undertake repairs as part of our warranty program, to fulfil website requests, or where consent has been given for dealers to communicate further information about our products, services, events and other promotional activity.
- With third party service providers, in order to complete hot tub installations and repair work as part of our warranty program.
- With third party IT software providers and support
- With external agencies who support us on marketing campaigns and events.
- If you choose to fund your purchase with us using one of the finance products we offer to our customers as a credit broker on behalf of lenders, we will share your data with the relevant lender, so they are able to process your finance application.
- With local authorities and government departments, as necessary for administering justice, or for exercising statutory, governmental, or other public functions.
- With police and other relevant authorities (e.g., Probation Service, Department of work & Pensions, HM Revenues & Customs) in relation to the prevention or detection of crime and fraud; the apprehension or prosecution of offenders and the assessment or collection of tax or duty. This list is not exhaustive as there are other circumstances where we may also be required to share information, for example:
- To meet our legal obligations
- In connection with legal proceedings (or where we are instructed to do so by Court order)
- To protect the vital interests of an individual (in a life-or-death situation)9. Data Security We have set security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We also limit access to personal data to employees and third parties who have a business requirement to know.
Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.
We have procedures in place to manage any potential data breach and will notify you and any relevant regulator where legally required.
Sensitive Personal Data
There may be instances where it is necessary for you to share information with us containing special categories of personal information or ‘sensitive personal data’. This relates to things such as details of medical conditions which you may need to share with us so we are able to meet your specific requirements when providing our goods and services
Due to the sensitive nature of this information, we will only take it from you if you have given us your explicit consent and it is necessary for us to do so. We will also inform you of what we will do with this information and who we will share it with.
- Your rights under the GDPR
You have a number of rights under the GDPR:
Access to personal information
Under the GDPR, you have a right to ask us what personal information we hold about you, and to request a copy of your information. This is known as a ‘subject access request’ (SAR). SARs need to be made in writing to our Privacy Manager. We have a subject access form you can use for this purpose which we will provide upon request, and we ask that your written request is accompanied by proof of identity. We have one calendar month within which to provide you with the information you have asked for (although we will try to provide this to you as promptly as possible).
Following your SAR, we will provide you with a copy of the information we hold that relates to you. This will not generally include information that relates to your product such as repair logs or details of engineer visits, as this is not considered personal information.
If you need us to correct any mistakes contained in the information, we hold about you, you can let us know by contacting our Customer Service Team at firstname.lastname@example.org
Erasure (‘right to be forgotten’)
You have the right to ask us to delete personal information we hold about you. You can do this where:
- the information is no longer necessary in relation to the purpose for which we originally collected/processed it.
- where you withdraw consent
- where you object to the processing and there is no overriding legitimate interest for us continuing the processing
- where we unlawfully processed the information
- the personal information has to be erased in order to comply with a legal obligation.
- We can refuse to erase your personal information where the personal information is processed for the following reasons:
- to exercise the right of freedom of expression and information;
- to enable functions designed to protect the public to be achieved e.g., government or regulatory functions.
- to comply with a legal obligation or for the performance of a public interest task or exercise of official authority;
- for public health purposes in the public interest;
- archiving purposes in the public interest, scientific research historical research or statistical purposes;
- the exercise or defence of legal claims; or
- where we have an overriding legitimate interest for continuing with the processing
Restriction on processing
You have the right to require us to stop processing your personal information. When processing is restricted, we are allowed to store the information, but not do anything with it. You can do this where:
- You challenge the accuracy of the information (we must restrict processing until we have verified its accuracy)
- You challenge whether we have a legitimate interest in using the information.
- If the processing is a breach of the GDPR or otherwise unlawful
- If we no longer need the personal data but you need the information to establish, exercise or defend a legal claim. If we have disclosed your personal information to third parties, we must inform them about the restriction on processing, unless it is impossible or involves disproportionate effort to do so. We must inform you when we decide to remove the restriction giving the reasons why.
Objection to processing
You have the right to object to processing where we say it is in our legitimate business interests. We must stop using the information unless we can show there is a compelling legitimate reason for the processing, which override your interests and rights, or the processing is necessary for us or someone else to bring or defend legal claims.
Withdrawal of consent
You have the right to withdraw your consent to us processing your information at any time. If the basis on which we are using your personal information is your consent, then we must stop using the information. We can refuse if we can rely on another reason to process the information such as our legitimate interests.
Right to data portability
The right to data portability allows you to obtain and reuse their personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way. The right only applies to personal data you have provided to us where the reason we are relying on to use the information is either your consent or for the performance of a contract. It also only applies when processing is carried out by us using automated means.
- Changes to this Privacy Notice
We keep our privacy notice under regular review and will place any updates on our website; you will be notified of any major changes to this policy.
- Automated decision-making & Profiling
We do not conduct any automated decision-making or profiling activities whilst processing your personal information.
- Contact Us
If you have any questions about this policy, please contact us at the details stated in this policy.