Okay... here we go. Boring but important. We were going to try to pretty it up a bit... but really, are you bothered. There is a kind of dumb bravery to this. Read on. We salute you... and we'll be waiting for you... in the bar probably.
Website Use Policy
The Dungeon is not suitable for people of a nervous disposition or very young children: entry is at the discretion of the parent/guardian. Children 15 and under must be accompanied by an adult 16 or older. The Dungeons reserve the right to refuse entry without explanation. Tickets purchased online or in advance are not to be used in conjunction with any other offer, promotion, voucher or exchanged for cash. Ticket only redeemable at the attraction stated. The Dungeons reserve the right to alter, close or remove details/exhibits/rides without prior notice for technical, operational or other reasons, and that no refunds or price reductions can be given in these circumstances.
All tickets for the Edinburgh Dungeon whether they be purchased from the Edinburgh Dungeon directly, the Merlin Contact Centre, other Merlin Attractions or third party sellers are purchased on a non refundable and non transferable basis.
The Edinburgh Dungeon and The Merlin Entertainments Group shall have no liability for any loss or damage arising on the premises, and accept no liability for travel expenses or any other out of pocket expenses incurred.
1. Making your booking: The party leader must be authorised to make the booking on the basis of these booking conditions by all persons named on the booking and by their parent or guardian for all party members who are under 18 when the booking is made. The party leader is responsible for making all payments due to us. The party leader must be at least 18 when the booking is made. All bookings must be made online via the website. At the end of the booking process, you are asked to confirm that you have read and agree with our booking conditions. Your booking will be confirmed by a reference number or a print @ home ticket (if you select this options), we will reconfirm your booking by email. The confirmation is sent to the email address which you enter/provide at the time of making your booking. However if you have spam filtering on your email account, our email might not reach you.
Your email voucher will serve as proof of payment for your attraction ticket. If you are collecting your tickets at the attraction, you will need to present this confirmation email at the appropriate entrance to gain entry. You must take the confirmation email with you or you may not gain entry. If you selected the print @ home option, you must bring a printed version of your ticket with you. Please check your booking confirmation carefully as soon as you receive it. Contact us immediately if any information on the confirmation appears to be incorrect or incomplete as it may not be possible to make changes later.
Please arrive within your designated 15 minute show time, failure to do so may result in an extended wait. If you need to collect your tickets at the attraction then please allow enough time to collect them before your show begins. Your confirmation alone, will not provide you with immediate entry into the Edinburgh Dungeon. Please note that your show time indicates your arrival time and that your show will begin shortly after, this may be extended in peak periods.
2. Payment: Full payment is required at the time of booking.
3. Your contract: A binding contract between us comes into existence when the final page of the booking confirmation procedure gives you a booking reference. This contract and all matters arising out of it are governed by English law.
4. The cost of your ticket(s): We are committed to providing great value offers on tickets; where possible offering discounts on entrance rates. There are likely to be some seasonal special offers and in some circumstances prices may go up or down. The price of your ticket(s) will be confirmed at the time of booking.
We reserve the right to correct errors in both advertised and confirmed prices. We will do so as soon as we become aware of the error. A total price of your ticket(s) will be given before you confirm your booking which you may accept or not. All prices are for pre-booking and include VAT.
5. Changes by you: Once a booking reference has been issued it will not be possible to amend or transfer your booking.
6. Cancellation by you: Should you or any member of your party need to cancel your booking once it has been confirmed, the party leader must immediately contact the provider of your ticket. As soon as you cancel, your unique confirmation email voucher will become void and non-redeemable. We regret it is not possible to make refunds in respect of cancelled bookings. If you have any questions please contact our Guest Experience team on firstname.lastname@example.org
7. Changes and cancellation by us: Occasionally, we have to make changes to and correct errors and other details both before and after bookings have been confirmed and cancel confirmed bookings and we must reserve the right to do so. If we have to make a significant change or cancel, we will tell you as soon as possible. If there is time to do so before departure, we will offer you the choice of the following options:
- (a) accepting the changed arrangements or
- (b) purchasing an alternative ticket offer from us. If the chosen alternative date is less expensive than your original one, we will refund the difference but if it is more expensive, we will not ask you to pay any more
- (c) cancelling or accepting the cancellation in which case you will receive a full refund of all monies you have paid to us.
Please note, the above options are not available where any change made is a minor one. In all cases, our liability for significant changes and cancellations is limited to offering you the above mentioned options. We regret we cannot pay any expenses, costs or losses incurred by you as a result of any change or cancellation.
8. Force Majeure: Except where otherwise expressly stated in these booking conditions, we regret we cannot accept liability or pay any compensation where the performance or prompt performance of our contractual obligations is prevented or affected by or you otherwise suffer any damage or loss (as more fully described in clause 9 (1) below) as a result of "force majeure". In these booking conditions, "force majeure" means any event which we or the supplier of the service(s) in question could not, even with all due care, foresee or avoid. Such events may include war or threat of war, riot, civil strife, terrorist activity or actual threatened terrorist activity, industrial dispute, natural or nuclear disaster, adverse weather conditions, fire and all similar events outside our control.
9. Our Liability to you
(1) We promise to make sure that the ticket arrangements we have agreed to make, perform or provide as applicable as part of our contract with you are made, performed or provided with reasonable skill and care. This means that, subject to these booking conditions, we will accept responsibility if, for example, you suffer death or personal injury or your contracted arrangements are not provided as promised or prove deficient as a result of the failure of ourselves, our employees, agents or suppliers to use reasonable skill and care in making, performing or providing, as applicable, your contracted arrangements. Please note it is your responsibility to show that reasonable skill and care has not been used if you wish to make a claim against us. In addition, we will only be responsible for what our employees, agents and suppliers do or do not do if they were at the time acting within the course of their employment (for employees) or carrying out work we had asked them to do (for agents and suppliers).
(2) We will not be responsible for any injury, illness, death, loss (for example loss of enjoyment), damage arising including any distress, inconvenience or anxiety caused during the course of the experience, expense, cost or other sum or claim of any description whatsoever which results from any of the following:
- the act(s) and/or omission(s) of the person(s) affected or any member(s) of their party or
- the act(s) and/or omission(s) of a third party not connected with the provision of your visit and which were unforeseeable or unavoidable or
- 'force majeure' as defined in clause 8.
(3) Please note, we cannot accept responsibility for any services which do not form part of our contract. This includes, for example, any additional services or facilities which any supplier agrees to provide for you where the services or facilities are not advertised in our brochure and we have not agreed to arrange them.
(4) The promises we make to you about the services we have agreed to provide or arrange as part of our contract will be used as the basis for deciding whether the services in question had been properly provided.
(5) Please note, we cannot accept any liability for any damage, loss, expense or other sum(s) of any description (1) which on the basis of the information given to us by you concerning your booking prior to our accepting it, we could not have foreseen you would suffer or incur if we breached our contract with you or (2) which did not result from any breach of contract or other fault by ourselves or our employees or, where we are responsible for them, our suppliers. Additionally we cannot accept liability for any business losses.
(6) You must provide ourselves and our insurers with all assistance we may reasonably require. You must also tell us and the supplier concerned about your claim or complaint as set out in clause 12 below. If asked to do so, you must transfer to us or our insurers any rights you have against the supplier or whoever else is responsible for your claim or complaint (if the person concerned is under 18, their parent or guardian must do so). You must also agree to cooperate fully with us and our insurers if we or our insurers want to enforce any rights which are transferred".
10. Complaints and problems: In the unlikely event that you have any reason to complain or experience any problems with your visit to an attraction, you must immediately inform the supplier of the service(s) in question. Any verbal notification must be put in writing as soon as possible. Until we know about a problem or complaint, we cannot begin to resolve it. You must write to our Guest Experience Team at the attraction you have visited, within 28 days of the end of the visit to the attraction giving your booking reference and full details of your complaint. For all complaints and claims which do not involve death, personal injury or illness, we regret we cannot accept liability if you fail to notify the complaint or claim entirely in accordance with this clause.
11. Your Responsibilities: Bookings are accepted on the understanding that all persons travelling are normally in good health and able to fulfil the physical demands of the attraction visit. It is your responsibility to ensure all members of the party are in possession of all necessary travel and health documents before departure. We cannot accept any liability or associated costs if you are refused entry onto transport or into the attraction country as a result of failure to carry correct documentation.
12. Conditions of Suppliers: Many of the services which make up your visit are provided by independent suppliers. Those suppliers provide these services in accordance with their own terms and conditions. Some of these terms and conditions may limit or exclude the supplier's liability to you, usually in accordance with applicable International Conventions (see clause 9 (3)). Copies of the relevant parts of these terms and conditions are available on request from the supplier concerned.
13. Special Requests and Medical Problems: If you have any special request, you must advise us at the time of booking. Although we will endeavour to pass any reasonable requests on to the relevant supplier, we regret we cannot guarantee any request will be met. Failure to meet any special request will not be a breach of contract on our part. Confirmation that a special request has been noted or passed on to the supplier or the inclusion of the special request on your confirmation invoice or any other documentation is not confirmation that the request will be met. Unless and until specifically confirmed, all special requests are subject to availability.
14. Call Monitoring and Recording: As part of our continuing effort to ensure you receive the highest service standards, we may monitor and record your call for training purposes.
15. Directions: Please make sure you have directions to your chosen Dungeon; basic directions are also provided on your email voucher. Directions should be used in conjunction with an up to date map.
16. Parking: Please check parking arrangements. Parking is always at the vehicle owner’s risk.
17. Best Price Guarantee: Book more than 14 days in advance of your visit date and we guarantee that www.thedungeons.com will have the lowest priced entrance tickets available. If you find a cheaper price within 7 days of booking, we will match it and refund the difference!
The best price guarantee is subject to availability and times of date. The ticket must be the same in all respects including date, time of entry and admission priority. Excludes offers conditional on buying other products, group bookings or discounted membership schemes. We guarantee the best prices whether you make your purchase in Euros or Sterling, however, due to currency variations we will not consider price comparisons between products purchased in different currencies.
18. Dungeon Ticket Terms and Conditions: Prebooked tickets give you guaranteed entry.These can only be obtained through thedungeons.com and the Merlin Contact Centre. All other tickets holders must book into specific timeslots on the day of arrival.
For general admission ticket holders, join the main queue and present your booking confirmation at admissions to gain entry to the attraction. (If in doubt please check first with an assistant at the door which queue to join.).
19. Combi Ticket Terms and Conditions: When purchasing a combi ticket, the Dungeons element of the ticket is for a specific date and time slot. The SEA LIFE attractions are not booked for specific dates or time slots. You must visit these attractions after your visit to the Edinburgh Dungeon or up to three calendar months after your Dungeons visit. Combi tickets cannot be purchased without a Dungeons visit.
Combi tickets are for priority entrance to the Edinburgh Dungeon.
From time to time Merlin Entertainments Plc or other authorised parties carry out photography and/or video recording in the Attraction, which may feature guests. Entry to the Attraction is deemed acceptance of these Entry Conditions, and you therefore agree that Merlin or any authorised party may use such images in perpetuity in any promotional, advertising or publicity material in any format whatsoever. You further agree that copyright in these materials rests with Merlin or such authorised party (as the case may be).
OVERVIEW of this Policy and Commitments to Privacy at Merlin
At Merlin ("we", "us", "our"), we regularly collect and use personal data about consumers who visit our attractions or hotels, or browse our websites. Personal data is any information that can used to identify you as an individual. The protection of your personal data is very important to us, and we understand our responsibilities to handle your personal data with care, to keep it secure and to comply with legal requirements.
Please read this Policy carefully. It provides important information about how we use personal data and explains your legal rights. This Policy is not intended to override the terms of any contract that you have with us (for example, Wi-Fi terms and conditions or annual pass terms) or any rights you might have available under applicable data protection laws.
We will make changes to this Policy from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will make sure that you are aware of any significant changes by sending an email message to the email address you most recently provided to us or by posting a notice on each relevant website so that you are aware of the impact to the data processing activities before you continue to engage. We encourage you to regularly check back and review this policy so that you will always know what information we collect, how we use it, and who we share it with.
- WHO is responsible for looking after your personal data?
- WHAT personal data do we collect?
- WHEN do we collect your personal data?
- What PURPOSES do we USE your personal data for and what is the LEGAL BASIS?
- Who do we SHARE your personal data with?
- Direct Marketing
- International Transfers
- How long do we keep your personal data?
- What are your rights?
- Contact and complaints
1. WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?
Merlin Entertainments plc ("Merlin") is a British-based entertainment company, with a registered office at Link House, 25 West Street, Poole, Dorset, BH15 1LD, which operates over 100 attractions, and over 20 hotels and holiday villages in 25 countries. Our business is about creating unique, memorable and rewarding visitor experiences. A list of our attractions and a note of the companies that make up the Merlin group which help to achieve this is available at ("Merlin Group").
The entity in the Merlin Group which was originally responsible for collecting information about you will be the Data Controller. Other entities in the Merlin Group may also be Data Controllers where they control the use or processing of such data. There will be a single point of contact for all Merlin Group Data Controllers who can be contacted using the details set in section 11 below.
In relation to potential customers, historic customers and current customers and attraction visitors ("consumers"), we collect the following data:
- Information that you provide by filling in forms on our site. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We will also ask you for information when you report a problem with our site.
- Details of any concerns if you contact us with a query or issue.
- When you complete a survey to tell us how your experience of our attractions or hotels was and how we can improve, although you do not have to respond to them.
- Details of transactions you carry out through our site and of the fulfilment of your bookings including your credit/debit card details.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- Your name, address, telephone number and/or email address in order to contact you with details of your booking or in the unlikely event that we need to contact you urgently about your booking.
- We will collect information from you directly when you sign up for a newsletter from an attraction website, when you purchase a ticket or pass, where you make a phone booking, where you sign up for Wi-Fi at one of our attractions, when you book to stay at one of our hotels, where you complete a survey, or where you contact us with questions or suggestions.
- We also monitor and record telephone calls in order to record your opt-in to receive marketing content (where required, see section 6 for further details) when you call us directly.
- Where someone has applied for a family pass, or entered into a competition on your behalf, information about you in those circumstances will be provided to us indirectly by a family member or another third person.
In emergency circumstances, we will also collect information about you indirectly from other sources where we believe this is necessary to help ensure the security of our attractions. These other sources may include public registers and social media platforms.
We will not knowingly collect any personal data about children for the purpose of marketing without making it clear that such information should only be provided with parental consent, if this is required by applicable laws - so Merlin will only use the personal data of children as far as is permitted by law where the required parental or guardian consent has been obtained.
We will use your personal data to:
- ensure that content from our site is presented in the most effective manner for you and for your computer.
- provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- carry out our obligations arising from any contracts entered into between you and us.
- allow you to participate in interactive features of our service, when you choose to do so.
- notify you about changes to our service.
We may also send you marketing materials (where we have appropriate permissions as explained in more detail below under Section 6). This process is likely to include profiling, and more information is provided at Section 8 of this Policy about this. We will also need to use your personal data for purposes associated with our legal and regulatory obligations.
We have to establish a legal ground to use your personal data, so we will make sure that we only use your personal data for the purposes set out in this Section 4 and in Appendix 1 where we are satisfied that:
- our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to manage your booking for entry tickets to an attraction), or
- our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we are subject to (e.g. to comply with ICO requirements), or
- our use of your personal data is necessary to support 'Legitimate Interests' that we have as a business (for example, to improve our products, or to carry out analytics across our datasets), provided it is always carried out in a way that is proportionate, and that respects your privacy rights. Where required under separate laws, for example the Privacy and Electronic Communications Regulations, we will also ensure that you have opted in to send you marketing materials - see section 6 below for more details. Please see Appendix 1 for more details about our Legitimate Interests.
Before collecting and/or using any special categories of data we will establish an additional lawful ground to those set out above which will allow us to use that information. This additional exemption will typically be:
- your explicit consent;
- the establishment, exercise or defence by us or third parties of legal claims; or
- a specific exemption provided under local laws of EU Member States and other countries implementing the GDPR.
PLEASE NOTE: If we have previously told you that we were relying on consent as the basis of our processing activities, going forward we will not be relying on that legal basis unless we have said that are in this Policy.
PLEASE NOTE. If you provide your explicit consent to allow us to process your special categories of data, you can withdraw your consent to such processing at any time. However, you should be aware that if you choose to withdraw your consent we will tell you more about the possible consequences, including if this means that certain services (in particular where you have applied for a carer pass) can no longer be provided).
As flagged above, we share data with other Merlin Group companies.
We also share the data with third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data, and include:
- service providers, who help manage our IT and back office systems, and assist with our Customer Relationship Management activities, in particular Experian, Accesso, Facebook, Salescycle, Strange Marketing, Print Design Team, Ashleigh Print & Design, Sprint Marketing, Adare International and Mediacom.
- our regulators, which include the ICO, as well as other regulators and law enforcement agencies in the E.U. and around the world,
- solicitors and other professional services firms (including our auditors).
Also, if we were to sell part of our businesses we would need to transfer your personal data to the purchaser.
We may use your personal data to send you direct marketing communications about our attractions, hotels, experiences or our related services. This will be in the form of email, post, SMS or targeted online advertisements.
Where we require explicit opt-in consent for direct marketing in accordance with the Privacy and Electronic Communications Regulations we will ask for your consent. Otherwise, for non-electronic marketing or where we can rely on the soft opt-in exemption under the Privacy and Electronic Communications Regulations, we will be relying on our Legitimate Interests for the purposes of GDPR as further detailed in section 4 and Appendix 1.
You have a right to stop receiving direct marketing at any time - you can do this by following the opt-out links in electronic communications (such as emails), or by contacting us using the details in Section 11.
We also use your personal data for customising or personalising advertisements, offers and content made available to you based on your visits to and/or usage of our attraction websites or other mobile applications, platforms or services, and analysing the performance of those advertisements, offers and content, as well as your interaction with them. We may also recommend content to you based on information we have collected about you and your viewing habits. This constitutes 'profiling', and more information is provided at Section 8 of this Policy about this.
Some entities in the Merlin Group, with whom we share your data, and our service providers who have access to your personal data, are located outside the European Union. We may also share your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests, in particular we will either:
- only transfer your personal data to countries which are recognised as providing an adequate level of legal protection in accordance with Article 45 of the GDPR; or
- ensure that transfers outside the European Union are subject to an appropriate legal safeguard - for example, the EU Model Clauses pursuant to Article 46(2) of the GDPR and/or the EU - U.S. Privacy Shield for the protection of personal data transferred to the US (for further details, please see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).
You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us as set out in Section 11 if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).
'Automated Decision Making' refers to a decision which is taken through the automated processing of your personal data alone - this means processing using, for example, software code or an algorithm, which does not involve any human intervention. We do not carry out any automated decision making, however we do carry out profiling using automated processing to tailor marketing materials for a specific customer.
Where we have permissions to send a consumer marketing updates, we may use profiling to ensure that marketing materials are tailored to your preferences and to what we think you will be interested in. In certain circumstances it will be possible to infer certain information about you from the result of profiling, which could include special categories of personal data, but we will not do this unless we have obtained your explicit consent to do so.
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 4 of this Policy. In particular, where there has been no interaction from a consumer (e.g. a purchase, email open, newsletter sign up), a record will be archived after 1 year and deleted after 3 years.
Where we are required to do so to meet legal, regulatory, tax or accounting requirements, we will retain your personal data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required and we do not have a legal requirement to retain it, we will ensure it is either securely deleted or stored in a way such that it is anonymised and the Personal Data is no longer used by the business.
You have a number of rights in relation to your personal data. In summary, you have the right to request: access to your data; rectification of any mistakes in our files; erasure of records where no longer required; restriction on the processing of your data; objection to the processing of your data; data portability; and various information in relation to any automated decision making and profiling or the basis for international transfers. You also have the right to complain to your supervisory authority (further details of which are set out in Section 11 below). These are defined in more detail as follows:
WHAT THIS MEANS
You can ask us to:
· confirm whether we are processing your personal data;
· give you a copy of that data;
· provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out automated decision making or profiling, to the extent that information has not already been provided to you in this Policy.
You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.
Erasure / Right to be Forgotten
You can ask us to erase your personal data, but only where:· it is no longer needed for the purposes for which it was collected; or · you have withdrawn your consent (where the data processing was based on consent); or · it follows a successful right to object (see 'Objection' below); or · it has been processed unlawfully; or · it is necessary to comply with a legal obligation which Merlin is subject to.
We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims, in relation to the freedom of expression or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. In the context of marketing, please note that we will maintain a suppression list if you have opted out from receiving marketing content to ensure that you do not receive any further communications.
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:· its accuracy is contested (see 'Rectification' below), to allow us to verify its accuracy; or · the processing is unlawful, but you do not want it erased; or · it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
· you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where:· we have your consent; or· to establish, exercise or defend legal claims; or· to protect the rights of another natural or legal person.
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another Data Controller, but in each case only where: the processing is based on your consent or the performance of a contract with you; and the processing is carried out by automated means.
You can object to any processing of your personal data which has our 'Legitimate Interests' as its legal basis (see Appendix 2 for further details), if you believe your fundamental rights and freedoms outweigh our Legitimate Interests. Once you have objected, we have an opportunity to demonstrate that we have compelling Legitimate Interests which override your rights, however this does not apply as far as the objections refers to the use of personal data for direct marketing purposes.
To exercise your rights you can contact us as set out in Section 11. Please note the following if you do wish to exercise these rights:
- We take the confidentiality of all records containing personal data seriously, and reserve the right to ask you for proof of your identity if you make a request.
- We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances.
- We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
- Local laws, including in the UK, provide for additional exemptions, in particular to the right of access, whereby personal data can be withheld from you in certain circumstances, for example where it is subject to legal privilege.
The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is our Data Protection Officer. The Data Protection Officer can be contacted in the following way:
If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
APPENDIX 1 - LEGAL BASIS FOR PROCESSING
Type of information collected
The basis on which we use the information
Set up a record on our CRM systems
· Contact Details and Engagement Details
· Performance of a contract
· Legitimate interests (to ensure we have an accurate record of all consumers that we interact with)
Provide client care and support
· Contact Details, Engagement Details and Device Data
· Performance of a contract
· Contact Details, Marketing Preferences
· Legitimate interests (to provide information about Merlin which may be of interest, to create audience segments for the purpose of carrying out targeted marketing, to enrich data which we use to provide marketing content to you in a better, more personalised way)
· Opt-In (where required under the Privacy and Electronic Communications Regulations)
Comply with legal and regulatory obligations
· Contact Details and Engagement Details
· Legal obligation
APPENDIX 2 - GLOSSARY
Consumer: means an individual who will, who has, or who is purchasing tickets for an Attraction or using Merlin's websites, goods or services, or participating in a prize draw/competition or Merlin experience.
Data Controller: means a natural or legal person which determines the means and purposes of processing of personal data.
Data Subject: means an individual whom the personal data is about.
EEA: means the European Economic Area.
GDPR: means the General Data Protection Regulation, which comes into force on 25 May 2018 and replaces the previous Data Protection Directive 95/46/EC.
ICO: the Information Commissioner's Office regulates the processing of personal data by all organisations within the UK.
Legitimate Interests: this is a ground which can be used by organisations as a lawful basis of processing, for example where personal data is used in ways that could reasonably be expected, or there is a compelling reason for the processing.
Member States: means those countries which are part of the European Union.
Privacy Shield: means a framework which has been adopted to protect the rights of those individuals whose data has been transferred to the US.
Profiling: means to analyse your personal data in order to evaluate your behaviour or to predict things about you which are relevant in an entertainment context, such as how likely you are to attend a certain event that we host.
Special Categories of Data: means any personal data relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership.
Service Providers: these are a range of third parties to whom we outsource certain functions of our business. For example, we have service providers who provide / support 'cloud based' IT applications or systems, which means that your personal data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of personal data.
WEBSITE ACCEPTABLE USE POLICY
This acceptable use policy sets out the terms between you and us under which you may access our website www.thedungeons.com (our site). This acceptable use policy applies to all users of, and visitors to, our site.
Your use of our site means that you accept, and agree to abide by, all the policies in this acceptable use policy, which supplement our terms of website use.
www.thedungeons.com is a site operated by Merlin Entertainments Group Limited (we or us). We are registered in England and Wales under company number 5022287 and we have our registered office at 3 Market Close, Poole, Dorset, BH15 1NQ.
You may use our site only for lawful purposes. You may not use our site:
- In any way that breaches any applicable local, national or international law or regulation.
- In any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect.
- For the purpose of harming or attempting to harm minors in any way.
- To send, knowingly receive, upload, download, use or re-use any material which does not comply with our content standards set out below.
- To transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam).
- To knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.
You also agree:
- Not to reproduce, duplicate, copy or re-sell any part of our site in contravention of the provisions of our terms of website use.
- Not to access without authority, interfere with, damage or disrupt:
- any part of our site;
- any equipment or network on which our site is stored;
- any software used in the provision of our site; or
- any equipment or network or software owned or used by any third party.
We may from time to time provide interactive services on our site, including, without limitation:
- Chat rooms.
- Bulletin boards.
- Photo/video galleries.
- Social media feeds.
- Customer service chat facilities.
Where we do provide any interactive service, we will provide clear information to you about the kind of service offered, if it is moderated and what form of moderation is used (including whether it is human or technical).
We will do our best to assess any possible risks for users (and in particular, for children) from third parties when they use any interactive service provided on our site, and we will decide in each case whether it is appropriate to use moderation of the relevant service (including what kind of moderation to use) in the light of those risks. However, we are under no obligation to oversee, monitor or moderate any interactive service we provide on our site, and we expressly exclude our liability for any loss or damage arising from the use of any interactive service by a user in contravention of our content standards, whether the service is moderated or not.
The use of any of our interactive services by a minor is subject to the consent of their parent or guardian. We advise parents who permit their children to use an interactive service that it is important that they communicate with their children about their safety online, as moderation is not foolproof. Minors who are using any interactive service should be made aware of the potential risks to them.
Where we do moderate an interactive service, we will normally provide you with a means of contacting the moderator, should a concern or difficulty arise.
These content standards apply to any and all material which you contribute to our site (contributions), and to any interactive services associated with it.
You must comply with the spirit of the following standards as well as the letter. The standards apply to each part of any contribution as well as to its whole.
- Be accurate (where they state facts).
- Be genuinely held (where they state opinions).
- Comply with applicable law in the UK and in any country from which they are posted.
Contributions must not:
- Contain any material which is defamatory of any person.
- Contain any material which is obscene, offensive, hateful or inflammatory.
- Promote sexually explicit material.
- Promote violence.
- Promote discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.
- Infringe any copyright, database right or trade mark of any other person.
- Be likely to deceive any person.
- Be made in breach of any legal duty owed to a third party, such as a contractual duty or a duty of confidence.
- Promote any illegal activity.
- Be threatening, abuse or invade another's privacy, or cause annoyance, inconvenience or needless anxiety.
- Be likely to harass, upset, embarrass, alarm or annoy any other person.
- Be used to impersonate any person, or to misrepresent your identity or affiliation with any person.
- Give the impression that they emanate from us, if this is not the case.
- Advocate, promote or assist any unlawful act such as (by way of example only) copyright infringement or computer misuse.
SUSPENSION AND TERMINATION
We will determine, in our discretion, whether there has been a breach of this acceptable use policy through your use of our site. When a breach of this policy has occurred, we may take such action as we deem appropriate.
- Immediate, temporary or permanent withdrawal of your right to use our site.
- Immediate, temporary or permanent removal of any posting or material uploaded by you to our site.
- Issue of a warning to you.
- Legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach.
- Further legal action against you.
- Disclosure of such information to law enforcement authorities as we reasonably feel is necessary.
We exclude liability for actions taken in response to breaches of this acceptable use policy. The responses described in this policy are not limited, and we may take any other action we reasonably deem appropriate.
CHANGES TO THE ACCEPTABLE USE POLICY
We may revise this acceptable use policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we make, as they are legally binding on you. Some of the provisions contained in this acceptable use policy may also be superseded by provisions or notices published elsewhere on our site.