Privacy Policy

Jumpbox Trampoline Park Privacy Policy v4
At Jumpbox we take your Privacy very seriously. We use Global Payments to process your online booking payments. Global Payments are leaders in their field of online payment processing. Our till systems are provided by EposNow, another reputable leader in the field. We store your data on a secured private (not shared) cloud server, hosted by Storm Internet. That means that no-one else can have access to it.
We absolutely do not sell or pass on any of your personal details for profit or marketing purposes. News and special offers will be updated through the Website and Social Media sites, we will not contact you directly, unless you have accepted that we do so, maximum once every 2 months.

if you wonder why we need your email address, it is because if you forget your password, the website can send you the forgotten password in seconds (as opposed to by post if we had enabled you to create an account, just with your personal references). Indeed we do not see your password on our system. It is kept on the secured server. Remember also that if you want to add another waiver under your account, or if you want to check your loyalty scheme, or if you want to book a session or a birthday, you will need to log in and it will be important to remember your password.

If you wonder why we need your exact date of birth, it is for insurance purposes (in case of incident, AXA Insurance will ask us a list of participants, and it is in your interest to give accurate information). So we will show the list of customers on site, matched to their individual waiver. So without the right date of birth, our system may not link the participant's waiver to the right type of entry ticket and it will be difficult to prove that you were present. 

GDPR (General Data Protection Regulation)
GDPR is a new Data compliance law coming into EU law on 25th May 2018.
Jumpbox has applied the best practice of GDPR at our park and on our website
On Account Register you will be asked to provide the following details:-
Unique User Key (Hidden auto generated by the system)
Email address.
Account password
First Name Last Name 
Date Of Birth
Address Line 1
Address Line 2
Address Line 3 
City 
Country 
Post code 
Phone 
Preferred Language English or French
 
You will also be asked to check the following check boxes:-
I allow my information to be used in the booking/waiver process and used for my visit at the park. (Mandatory)
This is our legal basis Contract for GDPR. In GDPR you have to outline why we are collecting the information we are. We need this information so that you can book online and visit the park.
We use your booking to make sure we don’t go over capacity at the park.  For Health & Safety - we are only allowed so many people on the trampolines at one session at a time.  The capacity of a session depends on the type of session. This is all handled by the website.

I have read and confirmed the Privacy Policy. (Mandatory)
This is quite simply that you have read and agreed this notice and you know what your GDPR rights are.

I have read and confirmed Terms And Conditions. (Mandatory)
You have read and agreed our Terms & Conditions of operation 

I consent to being a member of the loyalty scheme. (Optional)
By ticking this checkbox, you become a member of our Loyalty scheme. When you book 10 times a normal ‘Open Jump’ session, we will give you an account credit for the same value of 1 open jump. This will be applied to your account automatically, and email will be sent to you confirming your free Open Jump. You can then book this online or at the park.
You don’t have to be a member of the loyalty scheme. This is optional. If you aren’t we won’t total add you into the loyalty scheme and we stop counting your jumps if you leave. You can join/leave the loyalty scheme at anytime by logging in and editing your account details

I consent to receiving marketing emails. (Optional)
By ticking the checkbox, you are agreeing to receive marketing emails. Jumpbox won’t spam you but from time to time (once every 2 months), we may run a fantastic promotion and if you want us to let you know… By ticking (or unticking) this box, you can opt in or out of marketing emails. You can change this in your account at any time.


For GDPR compliance we audit the changes to these checkbox’ and they can be viewed by our Administrators. The aim of this is not for user tracking, but just in case you question why you have received a service when you thought you hadn’t ticked the box.

Please be aware out system will send you Booking confirmation emails, waiver emails, rules and terms and conditions emails when you book. These won’t contain any marketing, they are just information, so you are aware of your booking. When we now send you waivers we have removed out the personal information for your security.
Once registered you can edit your account.
You can change your details and password at any time, under my account details.

Party Information
We do collect extra information when you book a party. This is only used to provide the best party. The extra info is:-

  • Any Special requirements including allergies/dietary requirements, so the party food is safe for all guests.
  • First name of Birthday Prince/Princess (Mandatory)
  • Surname of Birthday Prince/Princess (Optional)
  • Age of Birthday Prince/Princess
  • Gender of Birthday Prince/Princess
  • Some extra confirmation boxes required for the party
    • Confirm that the number booked includes my child/ren.
    • Birthday guests cannot be aged less than 4 (no diaper accepted). If some jumpers are not 7 yet, I agree that 1 adult per 3 Mini-Jumpers will be in charge of supervising the group on the trampoline zone. The adult(s) will need to wear/purchase Jumpbox socks.
    • I understand that any changes to the number of jumpers will have to be notified by email to info@jumpbox.lu by the ...  (midnight) prior to the party.
 
Forgotten password
If you forget your password, then you can go through the forgotten password process when you click login

Waivers
Waivers are linked to your account. Anyone who is bouncing at the park must have a waiver. You can create a waiver for you and your dependents.
You can create waivers at any time, if any information changes, you can create a new waiver.
Waivers are valid for 12 months and we can search in our system for you and your dependents waiver. 

This is the information we hold on Waivers:-
UserID of the owning account
First Name
Last Name 
Date Of Birth
Address Line 1 
Address Line 2
Address Line 3
Address Line 3 
City 
Country 
Post code
Waiver Start and Finish Dates



If our Privacy Policy/Terms and Conditions change over time.
On your next login, we will ask you to read and re-confirm that you are happy with them.
At this point you can also join/remove yourself from the Loyalty scheme and email marketing
We audit this change and can view it in our admin area. As part of GDPR we need to know what version of documentation you signed against.

Where else do we use your data?
Your hosting is with Storm Internet and this is where you data is stored on our own Cloud Server:-
https://www.storminternet.co.uk/GDPRStatement
GPDPR requires that we tell you about every system that can use some or part of your data (Data processors). These Data processors are required to be GDPR compliant.

Google G Suite
Jumpbox uses G Suite to send and receive email to and from the park
Google Cloud Services are GDPR compliant.
https://www.google.com/cloud/security/gdpr/

Taking Payments
We pass information to Global payment gateway for payment. Email address, 1st name, last name and client address. This saves the user from retyping the info. Global Payments are PCI DSS compliant payment provider. 
https://www.globalpaymentsinc.com/en-gb/accept-payments/ecommerce/solution/simplify-pci-scope

Mail Chimp - Mandrill emails
The website sends a lot of emails, too many for a Google G Suite service so we have to use a different mass email provider.
We use Mandrill an extension of Mail Chimp to send our emails :
  • Account register email when staff member booking as a client
  • Booking Confirmation email
  • Forgotten Password email – which provides the user with a new password. (Can be changed when the user logs in)
  • Waiver email.
  • Rules email
  • First Signed Terms & Conditions are sent by email.
Mail Chimp is GDRP compliant:-
https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation

Mail Chimp - Marketing emails
Mail Chimp is an industry standard email system used for mail marketing. We would send any marketing emails via Mail Chimp. Mail Chimp and GDPR
https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation

EPOS Now
When you visit the park, you will notice that you book in on an EPOS. The EPOS runs the website.
We do take payments on the EPOS system, which requires the website to communicate with EPOS now. The only data that we send to the EPOS is Surname and Booking ID and cost.  For payment tracking.

We then take face to face card payments using EMS Pay.  https://emspay.eu/ We don’t pass any of your data to EMS Pay. We use it as a card provider to take payments.

Google Analytics
The website does use Google Analytics, every page clicked is logged in Google Analytics. We use this data only to improve our site. 

Google and GDPR:-
https://privacy.google.com/businesses/compliance/

CCTV
We have CCTV at the park for safety purposes and it is a requirement of our insurance company.

Insurance
If you have an accident at the park and we need to inform AXA our insurance company then we need to pass your booking and account information to AXA, plus any CCTV footage too. Plus any treatment/action required at the time of the accident.

How Long do we Keep the Data for?
After legal consultation Jumpbox keeps the account data forever so you can continue to book. However we do anonymise the data as per below:-
Bookings: we will remove the booking from your account after 5 years and associate it with an anonymous user.  So that we can’t trace the booking back to you.
Bookings contain waivers. These waivers will be associated with an Anonymous waiver.
Waivers will expire after 12 months.
Any waivers that are over 5 years old will be automatically removed from the system.

In GDPR however you do have rights as an individual that overrule the above. These are outlined below:-

the right to rectification;
You can edit your account details at any time, by logging into the website and altering the details. You can also alter your consents to the loyalty and email marketing scheme here too.
The only thing you cannot edit is your email address. This is for security. But we can edit it for you. If you need your email address changed, then please email info@jumpbox.lu from the account registered with the system and we can change it for you. Please allow 72 hours for this request. But under normal circumstances we change it very quickly.

the right to erasure;
If you want your account and waivers to be removed from the system then we can do that for you. Please email info@jumpbox.lu from the account registered and we can start the process of removing you from the system. We will answer the request within 72 hours.

the right to restrict processing;
As per above you can remove consents from email and loyalty system.
We can also mark your account as inactive. So that no one can log in or use your account. Please email info@jumpbox.lu with your request from the account that is registered. Please allow 72 hours for this request.

the right to data portability;
You can download your own account information from the My Account area of the system.
If you require any other data then please email the request to info@jumpbox.lu. Please allow 72 hours for this request.

the right to object;
You have the right to object to any processing undertaken for the purposes of direct marketing. We will stop processing for direct marketing as soon as we receive your objection.

the right to not to be subject to automated decision making including profiling;
We do not supply the information we hold to third parties for use in analysis or prediction.

Data Breaches
As per GDPR we have a process in place and would follow the GDPR process notifying you if any data breach affected your data. We will do this in 72 hours of identifying the breach.
Our website uses Cloud Flare to help protect against illegal activities on our site, by hackers and 3rd parties to alleviate breaches. Or encryption of data also helps protect our systems against a breach.

More information can be found here: -
https://www.cloudflare.com/
We also have our internal security policy for our staff on how to keep your data secure on electronic devices or any paper based information.

Cookies and Privacy
Cookies are small files that are downloaded to your browser from the website.
Jumpbox do use cookies on our website, these cookies though are only used for authentication and to make our website function correctly. Google Analytics uses cookies too. But we don’t use cookies in any malicious way.

Any future development
If we develop our systems any further we shall adopt a data protection by design model. We have done from the start and shall continue to do so.

Questions and further contact
If you have any questions or require any further information. Then please contact us below:-
info@jumpbox.lu
or use the contact form at https;//www.jumpbox.lu/Contern/Contact.aspx

Data Authority
Our GDPR Data authority is:-
Luxembourg National Commission for Data Protection under which we are registered with.