Privacy Policy

1. Introduction

​

This Privacy Policy explains how The Canterbury Tales Experience Ltd (“we”, “us”, “our”) collects, uses and protects your personal data when you visit our website, purchase tickets, sign up for marketing, or visit the attraction in person.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

By using our website, booking tickets, or visiting the attraction, you agree to the terms of this Privacy Policy.

​

2. Who We Are (Data Controller)

​

The data controller for all personal data collected by us is:

The Canterbury Tales Experience Ltd
St Margaret Street
Canterbury
Kent
CT1 2TG

Email: hello@canterburytales.co.uk

​

We also share data within our sister company:
Escapement Kent Ltd, for operational and administrative purposes.

​

We never sell your data.

​

3. Personal Data We Collect

​

We collect and process the following types of data:

​

3.1 Information you provide directly

• Name

• Email address

• Phone number

• Booking details

• Payment details (handled securely by third-party processors such as Stripe and Apple Pay)

• Messages submitted through website forms

• Newsletter sign-up information

• Incident report information (if an incident occurs on-site)
   

3.2 Information collected through your booking

​

We use Beyonk as our ticketing provider, which collects:

• Name

• Email

• Phone

• Booking date/time

• Ticket type

• Payment information (processed by Stripe/Apple Pay)
   

3.3 Website analytics data
 

We automatically collect data via:

• Google Analytics

• Meta (Facebook) Pixel

• Wix Analytics

• Bing Ads

This may include:

• IP address

• Device type

• Browser type

• Pages viewed

• Time spent on site

• Click behaviour
   

3.4 Cookies and tracking technologies
 

We use:

• Essential cookies

• Performance/analytics cookies

• Marketing and retargeting cookies (Google Ads, Meta Pixel, Bing Ads)
   

You can manage cookie preferences through your browser settings.
 

3.5 CCTV footage
 

Our venue uses CCTV for safety, security and crime prevention.
Footage is retained for 30 days, unless required for investigations.
 

4. How We Use Your Data
 

We use your personal data for the following purposes:

• Processing your ticket purchase

• Managing your booking

• Sending booking confirmations and important updates

• Providing customer support

• Ensuring the safety and security of our venue

• Fulfilling legal or regulatory obligations

• Sending marketing emails (if you opt-in)

• Running retargeting advertising

• Analysing website usage and improving performance

• Operational use within our sister company Escapement Kent Ltd
   

We do not sell personal data.
 

5. Marketing Communications
 

If you sign up for our newsletter or agree to receive marketing, we will send updates about:

• Special offers

• Events

• Seasonal promotions

• Attraction news
   

We use Flodesk to manage our email communications. You can unsubscribe at any time by clicking the link in any email.

We also use Meta and Google retargeting to show relevant ads based on your interaction with our website.
 

6. Legal Basis for Processing
 

Under UK GDPR, we process your data on the following bases:

• Contract – to fulfil your ticket booking

• Legitimate interest – venue safety, analytics, business operations

• Consent – for marketing emails and cookies

• Legal obligation – incident reporting, accounting, tax

• Vital interest – emergency situations on-site
   

7. Data Sharing
 

We share data only with trusted service providers required to run the attraction:

• Beyonk (ticketing)

• Stripe & Apple Pay (payment processing)

• Wix (website hosting)

• Google Analytics

• Meta/Facebook

• Bing Ads

• Flodesk (email marketing)

• Escapement Kent Ltd (sister company for operational purposes)
   

We do not sell or trade your personal data.
 

We may disclose data to legal authorities if required by law.
 

8. International Data Transfers
 

Some of our service providers operate outside the UK, such as:

• Google

• Meta

• Flodesk
   

Where data is transferred outside the UK, we rely on approved safeguards such as:
 

• UK Addendum to EU Standard Contractual Clauses

• Adequacy decisions

• Secure data transfer frameworks
   

9. Data Retention
 

We retain personal data indefinitely unless you request its removal, except:

• CCTV: deleted after 30 days

• Incident reports: retained as required by law

• Financial records: kept for 6 years minimum (legal requirement)
   

You may request deletion of your data at any time (subject to legal obligations).
 

10. Children’s Data

We do not knowingly collect personal data from children under 16.

For school bookings, data is provided by the responsible adults (teachers/group leaders).
 

11. Your Rights Under UK GDPR
 

You have the following rights:

• Right to access – request a copy of your data

• Right to rectification – correct inaccurate data

• Right to erasure (“right to be forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object to processing or marketing

• Right to withdraw consent (e.g., unsubscribe from marketing)
   

To exercise any rights, contact us at:
hello@canterburytales.co.uk
 

We may require proof of identity for security purposes.
 

12. Security Measures
 

We take appropriate technical and organisational measures to protect your data, including:

• Encrypted payment processing via Stripe/Apple Pay

• Secure website hosting via Wix

• Limited staff access to personal data

• CCTV security measures

• Regular system monitoring
   

13. Changes to This Policy
 

We may update this Privacy Policy occasionally. Any changes will be posted on our website with an updated revision date.
 

We recommend reviewing this page periodically.
 

14. Contact Us

For questions or data requests:
📧 hello@canterburytales.co.uk
📍 The Canterbury Tales Experience Ltd, St Margaret Street, Canterbury, CT1 2TG