Privacy policy

We use cookies to better your experience while visiting our website and also to analyse and improve our marketing campaigns. Where applicable, we use a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their device. If you wish to deny the use and saving of cookies from our website on to your computer's hard drive you should take necessary steps within your web browser's security settings to block all cookies from us and our external serving vendors.

Users contacting our website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998.

What are cookies?

Most websites need to collect basic information on their users to work properly. To do this, websites - including this one - create small text files known as cookies on their users' devices.

There are a lot of different cookies which do a lot of different jobs. They can be used to remember your preferences on sites you visit often, to remember which products are in your online shopping baskets, and to make sure that the online adverts that you see are relevant to you.

Most of the data that cookies collect is anonymous. However, some of it is designed to detect patterns in site usage, user behaviour and approximate location to improve the experience of our users.

Information collected by cookies is not personally identifiable.

Resort bookings

CampManager acts on behalf of Crealy Theme Park & Resort. The cookies used by CampManager can be categorised as essential, performance, advertising or functional. You can find out more about the cookies we use and why we use them below.

Theme Park ticket bookings

Convious acts on behalf of Crealy Theme Park & Resort. The cookies used by Convious can be categorised as essential, performance, advertising or functional. You can find out more about the cookies we use and why we use them below.

Essential cookies

These cookies are required for Crealy Theme Park & Resort to work properly and to provide you with the information you request. These cookies do not collect any personal information and help you make your booking.

When you use the App, we automatically collect specific data that are required for the use of the App. This data includes:

• Location, accuracy and date/time periodically throughout the day (only while at the attraction)
• Each visit to the resort including date/time first seen and last seen
• Operating system
• Operating system version
• Device name
• Battery level
• Battery status (charging or not)
• Bluetooth status (on or off)
• Mobile network carrier name
• Currently connected Wi-Fi SSID
• Location permission status (on or off)
• IP address
• User's preferred locale
• Current time zone
• App version and build number
• App interactions (captured as events fed to Firebase Analytics and Keen IO)
• Date/time entered/exited geofence region (if you enter an offered geofence region)
• This data is automatically sent to us, (1) so that we can make the service and the associated functions available to you; (2) to improve the functions and features of the App and (3) to prevent misuse and to rectify malfunctions and (4) to offer you a personalized guest experience. This data processing is justified on the basis that (1) the processing is required in order to fulfil the requirements of the contract between you as the data subject and us in accordance with Art. 6(1)(b) GDPR for the use of the App, or (2) we have a legitimate interest in guaranteeing the functionality and fault-free operation of the App and being able to offer a service that is in line with the requirements of the market and with the interests of the users and prevails over your rights and interests in the protection of your personal data in accordance with Art. 6(1)(f) GDPR

We operate an email newsletter program, used to inform subscribers about products and services supplied by us. Users can subscribe through an online automated process should they wish to do so. Some subscriptions may be manually processed through prior written agreement with you.

Email marketing campaigns published by us may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list]. This information is used to refine future email campaigns and supply you with more relevant content based around your activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 you are given the opportunity to un-subscribe at any time at the bottom of each email.

We cannot guarantee or verify the contents of any externally linked websites despite our best efforts. You should therefore note that you click on external links at your own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Our website may contain sponsored links and adverts. These will typically be served through our advertising partners who may have detailed privacy policies relating directly to the adverts they serve.

Clicking on any such adverts will send you to the advertisers website through a referral program which may use cookies and will track the number of referrals sent from We.

Communication, engagement, and actions taken through external social media platforms that we participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

We will never ask for personal or sensitive information through social media platforms unless a competition and encourage anyone wishing to discuss sensitive details to contact the respective platform through primary communication channels such as by telephone or email. We will never ask for payment or bank details through a competition shared on social media.

We may use social sharing buttons and you are advised before using such social sharing buttons that you do so at their own discretion.

By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo).

Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore we cannot be held liable for any damages or implications caused by visiting any shortened links.

Consistent with the Children's Online Privacy Protection Act of 1998 (COPPA), we will never knowingly request personally identifiable information from anyone under the age of 16 without requesting parental consent.

Crealy Theme Park & Resort uses the above-described information to tailor content to suit your needs. We will not share information about individual users with any third party, except to comply with applicable law or valid legal process or to protect the personal safety of our users or the public. Under the Data Protection Act 1998 you may request a copy of personal information held about you by us. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.

Crealy Theme Park & Resort gives users options wherever necessary and practical.

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organizations across the region approach data privacy. Data protection and privacy is incredibly important to us. This page has some legal technicalities, but also is underpinned by a genuine concern that we do everything we can to ensure your data is treated with the respect that we would want our data treated.

We have reviewed our data collection and retention policy in line with the General Data Protection Act. Whether you are a customer, employee or a supplier, we will have your data stored in a number of places for such purposes as keeping you up to date about upcoming events and special offers, paying wages, invoices or other bills, etc. This policy will outline our various data policies and how we use the data that we collect and store.

If you reserve the right to see the data we have collected about you. If you have any requests or concerns regarding your personal information or any queries with regarding our GPDR policy, please contact our Data Protection Officer, Josh Haywood (josh@crealy.co.uk).

How we collect data:

• Customers are able to supply their data to us by voluntarily opting in to our database at the time of booking theme park tickets and/or accommodation online or over the telephone.
• We often run competitions on our website, social media channels, or face to face where users are able to supply their data to us by voluntarily opting in to our database at the time of entering.
• Data is stored from customers who have supplied bank details for direct debit payments.
• Data is stored from all customers who are and have been Crealy annual pass holders.
• Data from customers who supply their details in return for free 7 day return tickets.
• New Annual Pass holders who wish to sign up to our direct debit scheme will be required to supply a hard copy direct debit mandate form, which is stored securely by our Finance Department.
• Anyone who has had made a lodge or Glamping accommodation booking via our booking partner Hoseasons may be asked for contact details at the time of check-in which are then stored within CampManager.
• Data is stored from customers who provide their details to register to use our free Wi-Fi services.
• Information collected from any correspondence in regards to complaints or suggestions.
• For our child Annual Pass options, we collect the name, date of birth, address, parent's telephone number and a photograph to ensure a right to admission. We don't ask children for consent to receive marketing communications, although a child with an annual pass may receive a renewal invitation.
• For our animal experiences, we collect the name and address of children to enable us to deliver the experience. We don't ask children for consent to receive marketing communications.
• We will never knowingly send marketing communications to children under the age of 16. Anyone under the age of 16 who wishes to subscribe to our marketing databases must have the permission of a responsible parent or guardian.
• Data is collected through Google & Meta Ads who have their own privacy policies

How we use customer data:

• We may use data in any one of the following ways, in all cases our aim is that it is clear what you are opting into and you will have given your consent for us to use your data:
• Providing information about products, offers and upcoming events
• Dealing with your enquiries and requests
• Administering membership of our newsletter distribution list
• Conducting market research

Where we store customer data:

• For customers who have made any theme park purchase either online, over the telephone or face-to-face, data is stored in our CRM (Customer Relationship Management) tool, Convious.
• For customers who have made any glamping, camping or Lodge booking, data is stored in our cloud-based accommodation-booking platform, CampManager.
• Any customer who has voluntarily chosen to opt-in to our marketing database will also have contact details stored in our email-marketing platform, Mailchimp. This information is supplied to our email-marketing platform via a secure API. No payment details are stored in Mailchimp.
• Merac/CampManager is our customer relationship management tool and collects and stores your data. In this instance, Merac/CampManager is the data processor and Crealy Theme Park & Resort is the data controller.
• Hard copies of all customer signed direct debit forms are stored and locked away in a safe storage area. (Only our Finance Director currently has access to these documents).

Employee data policy

The contact information of any person who has applied for a job via our website (crealy.co.uk/jobs) and has voluntarily opted-in to receive our recruitment emails stored in Mailchimp and in the application section of our website.

We are required by law to store all personal information provided by any employee (past or present) for a period of up to 7 years. Any employee first aid records will be kept for up to 8 years.

Other data collection sources

• We store all personal information connected with any recorded first aid incidents for up to 8 years.

Disclosures

• We will NEVER sell or share your personal data with third parties, unless we are obliged to disclose personal data by law enforcement agencies, or the disclosure is necessary for purposes of national security, taxation and criminal investigation, or we have your consent.

Opting out

• If you'd like to opt-out of receiving email or newsletter communications from us, would like to change the preference of media that we use to contact you (e.g. changing from email to postal mail), or would like to be removed from any of our databases entirely, please contact us via email at fun@crealy.co.uk. Our email newsletters always include an unsubscribe button should you wish not to be contacted this way again in the future.

External websites

• Our website may contain links to other websites that are outside our control and are not covered by this Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.

Cookies

• In addition to the above, we collect anonymous data information automatically about your visit to our website through cookies. Please see our Privacy Policyfor more details. This does not fall within the remit of GDPR but is important.