Privacy Policy

Privacy and Data Protection Policy

Who We Are

Northern Aqua Activities Limited (Company No. 16786456) is the organisation responsible for handling your personal information in connection with our wild swimming and outdoor sauna services at Woodland Lakes.

  • Data Controller: Laura Miles
  • Registered/Correspondence Address: Woodland Lakes, Carlton Miniott, Thirsk, United Kingdom, YO7 4NJ
  • Contact Email: sales@woodlandswimsauna.co.uk

What This Policy Covers

This policy explains what personal data we collect, how and why we use it, the lawful bases we rely on, how long we keep it, and your rights under UK GDPR and the Data Protection Act 2018.

How We Collect Your Data

  • Directly from you: when you make a booking, contact us via forms, or sign up to our newsletter.
  • Automatically: via cookies and similar technologies when you use our website.

Personal Data We Collect

  • Identity and Contact: full name, email address, phone number, postal address.
  • Booking Information: selected activities, dates/times, party size, special notes relevant to your booking.
  • Payment Information: processed securely by our payment provider; we do not store your full card details on our website.
  • Marketing Preferences: your choices about receiving newsletters and updates.
  • Technical/Usage Data: analytics cookies (e.g. Google Analytics) about how you use our site.

How We Use Your Data (Purposes)

  • To provide services: manage and fulfil bookings for swimming, sauna and (future) paddleboarding sessions.
  • To communicate: send booking confirmations, operational messages, and respond to enquiries.
  • To take payments: process transactions securely via our payment provider.
  • To improve our site: understand usage and performance through analytics.
  • Marketing (optional): send newsletters and updates if you choose to receive them.
  • Legal and security: comply with legal obligations and maintain site integrity.

Lawful Bases for Processing

  • Contract: to handle your bookings and provide the services you request.
  • Consent: for newsletters/marketing emails and for non-essential cookies (e.g. Google Analytics).
  • Legitimate interests: for routine business operations (e.g. responding to enquiries, improving our website) where your rights are not overridden.
  • Legal obligation: to meet accounting/tax requirements and comply with applicable laws.

Payments

Payments are processed by Stripe. We do not store your full card details on our website. Stripe processes your data securely in accordance with its own privacy and security standards.

Marketing and Newsletters

If you choose to receive updates, we will send newsletters using our email service provider Brevo. You can unsubscribe at any time by using the link in any email or by contacting us.

Cookies and Analytics

We use a cookie banner to obtain consent for non-essential cookies. You can change or withdraw your consent at any time via the banner settings on our site or by adjusting your browser settings.

Google Analytics Cookies We Use

  • _ga (2 years): distinguishes users for analytics.
  • _gid (24 hours): distinguishes users for analytics.
  • _ga_<container-id> (2 years): persists session state for analytics.
  • _gat (1 minute): throttles request rate.

For more information about cookies and how to manage them, please use the cookie banner controls or your browser’s help settings.

Data Sharing and International Transfers

We do not sell your personal data. We share data only with trusted providers that help us run our services, such as:

  • Our website platform and booking system: to accept and manage bookings.
  • Payment provider (Stripe): to process payments securely.
  • Email provider (Brevo): to send newsletters if you opt in.
  • Analytics (Google): for site performance and usage insights (with your consent).

Some providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place (e.g. adequacy regulations or standard contractual clauses) to protect your information.

Data Retention

  • Bookings and enquiries: retained for 12 months after your visit/enquiry.
  • Financial records: retained for 6 years to meet HMRC requirements.
  • Newsletter subscribers: retained until you unsubscribe or withdraw consent.

Your Rights

Under UK data protection law, you have the right to:

  • Access your personal data and receive a copy.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data (in certain circumstances).
  • Object to or restrict processing (in certain circumstances).
  • Withdraw consent at any time (where processing is based on consent).
  • Data portability (to receive your data in a structured, commonly used, machine-readable format, where applicable).

To exercise your rights, please contact us at sales@woodlandswimsauna.co.uk. We may need to verify your identity before responding.

Complaints

If you have concerns about how we handle your data, please contact us first so we can help. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

Security

We use appropriate technical and organisational measures to protect personal data, including secure hosting, access controls, and encryption where appropriate. While no system is completely secure, we work to protect your information against unauthorised access, use or disclosure.

Children

Our services and website are not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

Changes to This Policy

We may update this policy from time to time to reflect changes to our services, providers, or legal requirements. Significant changes will be highlighted on this page. Please check back periodically.

Last updated: November 2025