Privacy Policy

Privacy Policy:

At Air Haus we take your Privacy very seriously. We use Treuvo to process your online booking payments. Truevo are leaders in their field of online payment processing. Our till systems are provided by Epos Now, another reputable leader in the field. We store your data on a secured server, hosted by Storm Internet.

We do not sell or pass on any of your personal details for profit or marketing purposes. News and special offers will be updated through the Website and Social Media sites, we will not contact you directly, unless you have accepted that can send you a marketing emails. 

Our aim under GDPR is to maintain the assurance of your rights to data privacy and protection.

On this page you can find out how to contact us to find out more about your data and also your privacy rights and how we will act.


GDPR (General Data Protection Regulation)
GDPR is a new Data compliance law coming into EU law on 25th May 2018.

Air Haus has applied the best practice of GDPR at our park and on our website
On Account Register you will be asked to provide the following details:-
Unique User Key (Hidden auto generated by the system)
Email address.
Account password
First Name Last Name 
Date Of Birth
Address Line 1
Address Line 2
Address Line 3 
Address Line 4
Address Locality

City 
County
Post code 
Phone 

Microsoft Account System
The website uses a Microsoft Account system in the website, to hold the accounts. This system is used is very robust/secure and is used in many websites.

Encryption/Decryption
We also encrypt/decrypt alot of your account data on the fly.

Site Certificate
Our site runs completely over https, which opens a secure encrypted web tunnel from your web browser to our server. The requests and responsese from the website are then transmitted over this tunnel.

Post code lookup
We use an address lookup system called GetAddress.IO we pass in a post code and it returns all addresses in that postcode. This saves time on you typing information in.
 
You will also be asked to check the following check boxes:-

I allow my information to be used in the booking/waiver process and used for my visit at the park. (Mandatory)
This is our legal basis Contract for GDPR. In GDPR you have to outline why we are collecting the information we are. We need this information so that you can book online and visit the park.
We use your booking to make sure we don’t go over capacity at the park.  For Health & Safety - we are only allowed so many people on the trampolines at one session at a time.  The capacity of a session depends on the type of session. This is all handled by the website.

I have read and confirmed the Privacy Policy. (Mandatory)
This is quite simply that you have read and agreed this notice and you know what your GDPR rights are.

I have read and confirmed Terms And Conditions. (Mandatory)
You have read and agreed our Terms & Conditions of operation 

I consent to being a member of the loyalty scheme. (Optional)
By ticking this checkbox, you become a member of our Loyalty scheme.

I consent to receiving marketing emails. (Optional)
By ticking the checkbox, you are agreeing to receive marketing emails. Air Haus won’t spam you but from time to time, we may run a fantastic promotion and if you want us to let you know… By ticking (or unticking) this box, you can opt in or out of marketing emails. You can change this in your account at any time. Our marketing emails are also managed by Mail Chimp, and you can opt ourt of the marketing emails at anytime, by clicking the footer on the bottom of the emails.

For GDPR compliance we audit the changes to these checkbox’ and they can be viewed by our Administrators. The aim of this is not for user tracking, but just in case you question why you have received a service when you thought you hadn’t ticked the box.

Please be aware out system will send you Booking confirmation emails, waiver emails, rules and terms and conditions emails when you book. These won’t contain any marketing, they are just information, so you are aware of your booking. When we now send you waivers we have removed out the personal information for your security.
Once registered you can edit your account.
You can change your details and password at any time, under my account details.

Party Information
We do collect extra information when you book a party. This is only used to provide the best party. The extra info is:-
  • Any Special requirements including allergies/dietary requirements, so the party food is safe for all guests.
  • First name of Birthday Boy/Girl (Optional)
  • Surname of Birthday Boy/Girl  (Optional)
  • Age on Birthday (Optional)
  • Gender of Birthday Boy/Girl (Optional)

Forgotten password
If you forget your password, then you can go through the forgotten password process when you click login

Waivers
Waivers are linked to your account. Anyone who is bouncing at the park must have a waiver. You can create a waiver for you and your dependents.
You can create waivers at any time, if any information changes, you can create a new waiver.
Waivers are valid for 12 months and we can search in our system for you and your dependents waiver. 

This is the information we hold on Waivers:-
UserID of the owning account (Only if you create a waiver in account)
Email Address - (If you create a Waiver with no account)

First Name
Last Name 
Date Of Birth
Address Line 1 
Address Line 2
Address Line 3
Address Line 3 
City 
Country 
Post code
Waiver Start and Finish Dates


If our Privacy Policy/Terms and Conditions change over time.
On your next login, we will ask you to read and re-confirm that you are happy with them.
At this point you can also join/remove yourself from the Loyalty scheme and email marketing
We audit this change and can view it in our admin area. As part of GDPR we need to know what version of documentation you signed against.

Where else do we use your data?
Your hosting is with Storm Internet-
https://www.storminternet.co.uk/GDPRStatement
GPDR requires that we tell you about every system that can use some or part of your data (Data processors).

These Data processors are required to be GDPR compliant:-

Google G Suite
Air Haus uses G Suite to send and receive email to and from the park
Google Cloud Services are GDPR compliant.
https://www.google.com/cloud/security/gdpr/

Taking Payments
We pass information to Emerchant Pay payment gateway for payment. Email address, 1st name, last name and client address. This saves the user from retyping the info. Truevo are PCI DSS compliant payment provider. 
https://www.emerchantpay.com/certifications/

Payments are taken in £ GBP

 


Mail Chimp emails
The website sends a lot of email, too much for a Google G Suite service so we have to use a different mass email provider.
We use Mail Chimp Mandrill to send our emails


The List of Emails the system sends you are:-
  • Account register email when staff member booking as a client
  • Booking Confirmation email
  • Forgotten Password email – which provides the user with a new password. (Can be changed when the user logs in)
  • Waiver email.
  • Rules email

Mail Chimp - Marketing emails
Mail Chimp is an industry standard email system used for mail marketing. We would send any marketing emails via Mail Chimp. Mail Chimp and GDPR
https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation

EPOS Now
When you visit the park, you will notice that you book in on an EPOS. The EPOS runs the website. This EPOS system is by EPOS Now
We do take payments on the EPOS system, which requires the website to communicate with EPOS Now. The only data that we send to the EPOS is Surname and Booking ID and cost.  For payment tracking.

We then take face to face card payments. We don’t pass any of your personal data We use it take card payments only.

Google Analytics

Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see relevant section below).

Google Analytics makes use of cookies, details of which can be found on Google’s developer guides. For your information our website uses the analytics.js implementation of Google Analytics

Further information on Google Analytics and your privacy:-

https://support.google.com/analytics/answer/6004245

Google Analytic Opt out Browser Addin​

In order to provide website visitors with more choice on how data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to stop data being sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not affect usage of the website in any other way. A link to further information on the Google Analytics Opt-out Browser Add-on is provided below for your convenience.

Google Analytics opt-out.

Google and GDPR:-
https://privacy.google.com/businesses/compliance/

CCTV
We have CCTV at the park for safety purposes and it is a requirement of our insurance company.

Insurance
If you have an accident at the park and we need to inform our insurance company then we need to pass your booking and account information to our insurance, plus any CCTV footage too. Plus any treatment/action required at the time of the accident.

How Long do we Keep the Data for?
Air Haus keeps the account data forever so you can continue to book. However we do anonymise the data as per below:-
Bookings: we will remove the booking from your account after 3 years and associate it with an anonymous user.  So that we can’t trace the booking back to you.
Bookings contain waivers. These waivers will be associated with an Anonymous waiver.
Waivers will expire after 12 months.
Any waivers that are over 20 years old will be automatically removed from the system.

In GDPR however you do have rights as an individual that overrule the above. These are outlined below:-

accessing your data

We recognise our responsibility in looking after your data. You can ask us for a copy of the data we hold, have it corrected, sent to a third party or deleted (subject to our need to hold data for legal reasons). We manage this process by executing a Data Subject Access Request procedures in line with GDPR requirements when you contact us. You can request a Data Subject Access Request Form by contacting us: By Post: AK Leisure Group Ltd, Unit 9 Vulcan Road, Sheffield, S9 1EW. Email: sheffield@airhaus.co.uk Phone: 0114 242 2457

We will respond within 30 calendar days of receipt of this DSAR. We also reserve the right to increase the response time to three months if we consider the request to be complex and time consuming. If you are not satisfied you have the right to contact the Information Commissioners Office (ICO).

the right to rectification;
You can edit your account details at any time, by logging into the website and altering the details. You can also alter your consents to the loyalty and email marketing scheme here too.
The only thing you cannot edit is your email address. This is for security. But we can edit it for you. If you need your email address changed, then please email sheffield@airhaus.co.uk from the account registered with the system and we can change it for you. 

the right to erasure;
If you want your account and waivers to be removed from the system then we can do that for you. Please email
 ssheffield@airhaus.co.uk from the account registered and we can start the process of removing you from the system. 

the right to restrict processing;
As per above you can remove consents from email and loyalty system.
We can also mark your account as inactive. So that no one can log in or use your account. Please email
 sheffield@airhaus.co.uk with your request from the account that is registered. 

the right to data portability;
You can download your own account information from the My Account area of the system.
If you require any other data then please email the request to
 sheffield@airhaus.co.uk

the right to object;
You have the right to object to any processing undertaken for the purposes of direct marketing. We will stop processing for direct marketing as soon as we receive your objection.

the right to not to be subject to automated decision making including profiling;
We do not supply the information we hold to third parties for use in analysis or prediction.

Data Breaches
As per GDPR we have a process in place and would follow the GDPR process notifying you if any data breach affected your data. We will do this in 72 hours of identifying the breach.
Our website uses Cloud Flare to help protect against illegal activities on our site, by hackers and 3rd parties to alleviate breaches. Or encryption of data also helps protect our systems against a breach.

More information can be found here: -
https://www.cloudflare.com/
We also have our internal security policy for our staff on how to keep your data secure on electronic devices or any paper based information.

Cookies and Privacy
Cookies are small files that are downloaded to your browser from the website.
Air Haus use cookies on our website, these cookies though are only used for authentication and to make our website function correctly. Google Analytics uses cookies too. But we don’t use cookies in any malicious way.
The website will not function correctly without using cookies.

Any future development
If we develop our systems any further we shall adopt a data protection by design model. We have done from the start and shall continue to do so.

Questions and further contact
If you have any questions or require any further information. Then please contact us below:-

sheffield@airhaus.co.uk.
or use the contact form at Data Authority
Our GDPR Data authority is:-
ICO
https://ico.org.uk

Under GDPR you have the right to contact ICO at any time. But if you have any issues then please bring it to our attention first.