Privacy Policy

This website is owned and operated by Crealy Theme Park & Resort. Your privacy on the Internet is of the utmost importance to us and we want to make your experience online satisfying and safe.

We ask that you read this Privacy Policy ('the Policy') carefully as it contains important information about how we will use your personal data.

For the purposes of the Data Protection Act 1998, Crealy Theme Park & Resort ('we' or 'us') is the 'data controller' (i.e. the company who is responsible for, and controls the processing of, your personal data).

We take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience.

Use of Cookies

We use cookies to better your experience while visiting our website and also to analyse and improve our marketing campaigns. Where applicable, we use a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their device.  If you wish to deny the use and saving of cookies from our website on to your computer’s hard drive you should take necessary steps within your web browser’s security settings to block all cookies from us and our external serving vendors. 

Users contacting our website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998.

Email Newsletter

We operate an email newsletter program, used to inform subscribers about products and services supplied by us. Users can subscribe through an online automated process should they wish to do so. Some subscriptions may be manually processed through prior written agreement with you.

Email marketing campaigns published by us may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list]. This information is used to refine future email campaigns and supply you with more relevant content based around your activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 you are given the opportunity to un-subscribe at any time through an automated system.

External Links

We cannot guarantee or verify the contents of any externally linked websites despite our best efforts. You should therefore note that you click on external links at your own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Adverts and Sponsored Links

Our website may contain sponsored links and adverts. These will typically be served through our advertising partners who may have detailed privacy policies relating directly to the adverts they serve.

Clicking on any such adverts will send you to the advertisers website through a referral program which may use cookies and will track the number of referrals sent from We.

Social Media Platforms

Communication, engagement, and actions taken through external social media platforms that we participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

We will never ask for personal or sensitive information through social media platforms and encourage anyone wishing to discuss sensitive details to contact the respective platform through primary communication channels such as by telephone or email.

We may use social sharing buttons and you are advised before using such social sharing buttons that you do so at their own discretion.

By default some social media platforms shorten lengthy urls [web addresses] (this is an example:

Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore we cannot be held liable for any damages or implications caused by visiting any shortened links.


Consistent with the Children's Online Privacy Protection Act of 1998 (COPPA), we will never knowingly request personally identifiable information from anyone under the age of 16 without requesting parental consent.

Sharing of the information

Crealy Theme Park & Resort uses the above-described information to tailor content to suit your needs. We will not share information about individual users with any third party, except to comply with applicable law or valid legal process or to protect the personal safety of our users or the public. Under the Data Protection Act 1998 you may request a copy of personal information held about you by us. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.

Opt-out policy

Crealy Theme Park & Resort gives users options wherever necessary and practical. 

Our contact details

We welcome your feedback and questions. If you wish to contact us, please write to us at: Crealy Theme Park & Resort, Sidmouth Road, Clyst St Mary, Exeter EX5 1DR or call us on 01395 233200.

We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you access our website.

GDPR Policy

What is GDPR?

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. Data protection and privacy is incredibly important to us. This page has some legal technicalities, but also is underpinned by a genuine concern that we do everything we can to ensure your data is treated with the respect that we would want our data treated.

We have reviewed our data collection and retention policy in line with the General Data Protection Act. Whether you are a customer, employee or a supplier, we will have your data stored in a number of places for such purposes as keeping you up to date about upcoming events and special offers, paying wages, invoices or other bills, etc. This policy will outline our various data policies and how we use the data that we collect and store.

If you reserve the right to see the data we have collected about you. If you have any requests or concerns regarding your personal information or any queries with regarding our GPDR policy, please contact our Data Protection Officer, Josh Haywood (

Customer data policy

How we collect data:

  • Customers are able to supply their data to us by voluntarily opting in to our database at the time of booking theme park tickets and/or accommodation online or over the telephone.
  • We often run competitions on our website, social media channels, or face to face where users are able to supply their data to us by voluntarily opting in to our database at the time of entering.
  • Data is stored from customers who have supplied bank details for direct debit payments.
  • Data is stored from all customers who are and have been Crealy annual pass holders.
  • Data from customers who supply their details in return for free 7 day return tickets.
  • New Annual Pass holders who wish to sign up to our direct debit scheme will be required to supply a hard copy direct debit mandate form, which is stored securely by our Finance Department.
  • Anyone who has had made a lodge accommodation booking via our booking partner Hoseasons may be asked for contact details at the time of check-in which are then stored within CampManager.
  • Data is stored from customers who provide their details to register to use our free Wi-Fi services.
  • Information collected from any correspondence in regards to complaints or suggestions.
  • For our child Annual Pass options, we collect the name, date of birth, address, parent’s telephone number and a photograph to ensure a right to admission. We don’t ask children for consent to receive marketing communications, although a child with an annual pass may receive a renewal invitation.
  • For our animal experiences, we collect the name and address of children to enable us to deliver the experience. We don’t ask children for consent to receive marketing communications.
  • We will never knowingly send marketing communications to children under the age of 16. Anyone under the age of 16 who wishes to subscribe to our marketing databases must have the permission of a responsible parent or guardian.

How we use customer data:

  • We may use data in any one of the following ways, in all cases our aim is that it is clear what you are opting into and you will have given your consent for us to use your data:
  • Providing information about products, offers and upcoming events
  • Dealing with your enquiries and requests
  • Administering membership of our newsletter distribution list
  • Conducting market research

Where we store customer data:

  • For customers who have made any theme park purchase either online, over the telephone or face-to-face, data is stored in our CRM (Customer Relationship Management) tool, Merac.
  • For customers who have made any glamping or camping booking, data is stored in our cloud-based accommodation-booking platform, CampManager.
  • Any customer who has voluntarily chosen to opt-in to our marketing database will also have contact details stored in our email-marketing platform, Campaign Monitor. This information is supplied to our email-marketing platform via a secure API. No payment details are stored in Campaign Monitor.
  • Merac/CampManager is our customer relationship management tool and collects and stores your data. In this instance, Merac/CampManager is the data processor and Crealy Theme Park & Resort is the data controller.
  • Hard copies of all customer signed direct debit forms are stored and locked away in a safe storage area. (Only our Finance Director currently has access to these documents).

Employee data policy

The contact information of any person who has applied for a job via our website ( and has voluntarily opted-in to receive our recruitment emails is stored in Campaign Monitor.

We are required by law to store all personal information provided by any employee (past or present) for a period of up to 7 years. Any employee first aid records will be kept for up to 8 years.

Other data collection sources

  • We store all personal information connected with any recorded first aid incidents for up to 8 years.


  • We will NEVER sell or share your personal data with third parties, unless we are obliged to disclose personal data by law enforcement agencies, or the disclosure is necessary for purposes of national security, taxation and criminal investigation, or we have your consent. 

Opting out

  • If you’d like to opt-out of receiving email or newsletter communications from us,  would like to change the preference of media that we use to contact you (e.g. changing from email to postal mail), or would like to be removed from any of our databases entirely, please contact us via email at Our email newsletters always include an unsubscribe button should you wish not to be contacted this way again in the future.

External websites

  • Our website may contain links to other websites that are outside our control and are not covered by this Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.


  • In addition to the above, we collect anonymous data information automatically about your visit to our website through cookies. Please see our Privacy Policy for more details. This does not fall within the remit of GDPR but is important.


  • Please note that this privacy policy is subject to change from time to time. It was last updated in May 2018.

Signed on behalf of,

Maximum Fun Devon Ltd

T/A Crealy Theme Park & Resort

Chris Down

Managing Director

All information is correct at the time of publishing.