top of page

Privacy Policy

In order to provide our Activities, we collect data about individuals, usually within a business context. We treat all data which identifies an individual or when combined with any other information can identify an individual as personal data.


Unless otherwise stated at the time of collection, we will be defined as the ‘Controller’ of the personal data you provide to us. This means that we control what happens to and what is done with this data that is in our possession.


We collect various personal data which may include but is not limited to name, address, email, phone number, age, vehicle registration, IP address, medical conditions and allergies along with any other information relevant to your booking. We will never collect any data from you that is not required to provide your adventure or for a legal obligation.


It may also be necessary to collect additional details from you should an accident occur whilst on site. These details will be retained in line with our obligations under UK law and our insurances. The required retention periods for this data varies depending on the individual as below;


  • Details of incidents involving minors may need to be retained for up to three years following their 18th birthday.

  • Details of incidents involving adults will be retained for no longer than 6 years following the incident.


We will endeavour to provide details of any processing including any third parties that may have access to your data and the location of the processing whenever we ask you to provide information.


Personal data that we process directly is typically managed through our booking system and all data may be accessible to our booking system support partner, Roller. In addition, we use third-party software to help manage our records and stay in touch such as googlemail or mailchimp. Should you have any questions about how we handle your data or wish to update any information that we hold about you, please get in touch via email to


The purpose of this privacy policy (“Policy”) is to provide a clear explanation of when, why and how we collect and use personal data.


Please read this Policy carefully. It provides important information about how we use your personal data and explains your legal rights. This Policy does not override the terms of any contract that you have with us (for example, ticket terms and conditions) or any rights you might have available under the relevant data protection laws.

Who we are

We are Pembrokeshire Wake Park Ltd, trading as Wild Lakes Wales.  Through our subsidiary companies, we are known under the name of Wild Lakes and operate numerous activities from our site in Pembrokeshire. 

Our core principles about your data:

  • User privacy and data protection are your rights

  • We have a duty of care when collecting, holding and processing your data

  • We will never sell or otherwise distribute or make public your personal information.


Our Commitment to Legislation


Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

  • UK Data Protection Act 2018 (DPA)

  • EU General Data Protection Regulation 2018 (GDPR).


This site’s compliance with the above legislation means that it is likely compliant with the data protection and user privacy legislation set out by many other countries as well. 


What personal data we collect and why we collect it


How your information is collected

We will mainly collect personal information about you through direct interactions with you. You may give us your personal information by filling in forms or by corresponding or engaging with us through our website or by face-to-face communication, post, phone, email, social media or any other means of communication. This includes personal information you provide when you: (i) purchase or use our services; (ii) register an account with us; (iii) subscribe to our newsletters / mailing list or any other services / products; (iv) request marketing materials to be sent to you; (v) enter a competition, promotion or survey; or (vi) provide us with any feedback or other communications.

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. 

We may also collect information about you from other entities in our group, from our business partners and from various other third party service providers, such as analytics providers, search information providers, fraud prevention and credit reference agencies and providers of IT / technical services, payment services and/or delivery services.  

It is important that the personal information we hold about you is accurate and up to date. Please let us know if your personal information changes at any time during your relationship with us.


Types Of Date We Collect 

Website Cookies 

Our booking system ‘Roller’ and website (built on ‘Wix’) use cookies. Cookies are small pieces of data stored on a site visitor's browser, usually used to keep track of their movements and actions on a site. They help us to improve our site and to deliver a better and more personalised service. You may refuse to accept cookies by activating the relevant setting on your browser. However, if you select this setting you may be unable to access certain parts of our site. 


Google Analytics 

When someone visits or we use Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. 


Google Adwords 

We advertise the products we sell through Google Adwords. Sales through our site are recorded by Google Adwords so we can track the performance of our adverts. No personally identifiable information is used. 



We do not permit guest use of our wifi, the wifi is intended for office use only. 

How we use your information

We will only use your personal information where we have a lawful basis for doing so. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.

  • Where it is necessary for the purposes of our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those legitimate interests.

  • Where we need to comply with any legal obligation or regulatory requirement.


We may also use consent as a lawful basis for providing you with marketing communications.


Below sets out the main ways we plan to use your personal information:


  • Personal Details: We store your personal details such as your name, email address, postal address, contact number, age, date of birth and gender. 

  • Email address - We use your email address for sending confirmation of bookings and links for completion of waivers.

  • Your age and date of birth is to ensure you meet our activities age restrictions.

  • Identifying your gender allows us to know our male to female ratio of customers.

  • Your contact number is stored in case we need to contact you to rearrange a booking.

  • We take emergency contact information so that if there is an incident on site, we are best prepared to deal with it. 

  • If you opt in for marketing we may use your email address to send updates and information via MailChimp. If you have opted in to marketing, you may receive an email with our latest offers. If you choose to opt out of email marketing we will still hold your details for the purpose of processing your orders. You can update your information and preferences at any time on your ‘Roller’ account. 

  • Financial Information: Online card, standing orders and in-house card payments are processed via RollerPay. Roller Pay is GDPR compliant. 

  • Transaction Information: We do keep a record of your purchases and bookings on Roller. 

  • Other Information: This may include CCTV footage when you attend our premises. This is used for security reasons.

Please note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. 


​Please note that we may also process sensitive personal information about you (e.g. information on physical and/or mental health) in circumstances where: (i) you have provided your explicit consent; (ii) the processing relates to information which has been manifestly made public by you; (iii) the processing is necessary for reasons of substantial public interest; (iv) the processing is necessary for the establishment, exercise or defence of legal claims; or (v) the processing is otherwise permitted in accordance with the GDPR and/or the Data Protection Act 2018.


If you have provided us with your details, you will only receive marketing materials, email newsletters or email promotions from us in circumstances where you have provided an opt-in consent which confirms that you want to receive such marketing from us. 

If you choose to join our email newsletter, the email address that you submit to us will be used within MailChimp who provide us with email marketing services, and who we consider to be a third party data processor.

Their privacy policy can be found (here).

Opting out of marketing

You have the right to object at any time to the processing of your personal information for direct marketing purposes. If you object to such processing, we will cease to process your personal information for direct marketing purposes.

You can ask us to stop sending you marketing materials at any time by: (i) following the Unsubscribe links on any marketing communication, email message or email newsletter sent to you; or (ii) contacting us by email at the email address provided at the foot of our website home pages.

Site Visit Tracking

We use both session and persistent cookies on our sites. 

Like most websites, this site uses Google Analytics (GA) as a third party processor to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although data such as your geographical location, device, internet browser and operating system is recorded, none of this information personally identifies you to us. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within our websites.


When making a booking on our website, we utilise the third parties Adyen as our payment gateways for online bookings. They process all payment data on our websites and we only have limited access to that data.


Who we share your data with

We may need to share your information with various third parties which provide services to us or act on our behalf in connection with the operation of our business. In particular, your information may be disclosed to the following categories of third parties:

  • Professional advisers (including legal advisers and financial advisers), auditors, insurers, bankers, and financial organisations.

  • Third party service providers which provide services to us in connection with the operation of our business, including but not limited to: payment processing services, IT and system administration services and other technical services; data analytics services; marketing services; fraud prevention and credit reference services; logistics and delivery services.

  • HM Revenue & Customs and/or any other public authority or regulatory authority in circumstances where we are required to disclose personal information by law.


We require all third party service providers to respect the security of your personal information and to treat it in accordance with the law. We do not permit our third party service providers to use your personal information for their own purposes and only permit them to process your information for specified purposes and in accordance with our instructions.


International data transfers 

Please note that there may be instances where it may be necessary for us to transfer your information outside the European Economic Area, e.g. our booking system is not UK based or  if we use third party service providers from another country.


How long we retain your data

We will retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

What rights you have over your data

You have a number of rights in relation to your personal data. In summary, you have the right to request: access to your data; rectification of any mistakes in our files; erasure of records where no longer required; restriction on the processing of your data; objection to the processing of your data; data portability; and various information in relation to any automated decision making and profiling or the basis for international transfers. You also have the right to complain to your supervisory authority.


These are defined in more detail as follows:


Right of Access

You can ask us to:

  • confirm whether we are processing your personal data;

  • give you a copy of that data;

  • provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out automated decision making or profiling, to the extent that information has not already been provided to you in this Policy.


Right of Rectification

You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.


Right to be Forgotten

You can ask us to erase your personal data, but only where:

  • it is no longer needed for the purposes for which it was collected; or

  • you have withdrawn your consent (where the data processing was based on consent); or

  • it follows a successful right to object; or

  • it has been processed unlawfully; or

  • it is necessary to comply with a legal obligation which we are subject to.


We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims, in relation to the freedom of expression or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. In the context of marketing, please note that we will maintain a suppression list if you have opted out from receiving marketing content to ensure that you do not receive any further communications.


Right to Restrict

You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or

  • the processing is unlawful, but you do not want it erased; or

  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or

  • you have exercised the right to object, and verification of overriding grounds is pending.


We can continue to use your personal data following a request for restriction, where:

  • we have your consent; or

  • to establish, exercise or defend legal claims; or

  • to protect the rights of another natural or legal person.


Right to Portability

You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but in each case only where: the processing is based on your consent or the performance of a contract with you; and the processing is carried out by automated means.


Right to Object

You can object to any processing of your personal data which has our ‘Legitimate Interests’ as its legal basis if you believe your fundamental rights and freedoms outweigh our Legitimate Interests. Once you have objected, we have an opportunity to demonstrate that we have compelling Legitimate Interests which override your rights, however this does not apply as far as the objections refers to the use of personal data for direct marketing purposes.


How to exercise your rights 

To exercise your rights, you can contact us as set out below. Please note the following if you do wish to exercise these rights:

  • Identity. We take the confidentiality of all records containing personal data seriously and reserve the right to ask you for proof of your identity if you make a request.

  • Fees. We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances.

  • Timescales. We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.

  • Exemptions. Local laws, including in the UK, provide for additional exemptions, in particular to the right of access, whereby personal data can be withheld from you in certain circumstances, for example where it is subject to legal privilege.


Contact information

For any data protection questions, please contact - 

Sarah Harris

Facilities Manager

c/o Wild Lakes Wales

Cott Lane


Pembrokeshire, SA67 8AB

bottom of page