The following describes the Privacy Policy of Parrot Island Waterpark, which includes our policy for information received from or about you during visits to the website. The paragraphs below disclose the type of information collected on the website and how it is used. This privacy statement may change at any time. Any changes will be posted on this page.
Our website will only collect personal information which you knowingly and voluntarily provide, such as when you send us an e-mail, complete a membership form, make a reservation, or order tickets. We use this information to process and send ticket orders, bill credit cards, and contact the visitor when necessary. Personal information collected online is used only by us. It is not sold or provided to vendors, direct mail concerns, e-mail list services, etc.
Parrot Island Waterpark is committed to protecting the privacy of children and does not knowingly collect, use, or disclose personal identifiable information about children under 12 who visit our website without prior parental consent.
We use IP addresses to help diagnose problems with our server, and to administer various features of our site. Your IP address is also used to gather broad demographic information such as the name of your Internet service provider and its geographic location. This information does not personally identify you, and your e-mail address is not collected as a result of this process. We use this information to evaluate and improve the content of our site and make it more useful to visitors.
On the Internet, a cookie is piece information that a website transfers to a user’s computer for record-keeping purposes. As a user moves from page to page on the Parrot Island Waterpark website, a cookie is the only way that we have of knowing who you are. An activity on one page may depend on what you have selected on a previous page. We use a cookie to keep track of your selection. Without cookies, users may be asked to provide the same information repeatedly or some activities would not function at all.
The use of cookies is common on the Internet. Most major websites use cookies. Parrot Island Waterpark uses cookies only when appropriate. We never use cookies to retrieve information from your computer that was not originally sent in a cookie from us. We do not use information transferred through cookies for advertising purposes. We never share cookies information with any third parties for marketing or other purposes.
Our site’s registration form requires users to give us contact information (like their name and e-mail address, etc.). We use customer contact information from the registration form to send the user information about Parrot Island Waterpark. The customer’s contact information is also used to contact the visitor when necessary. Users may opt-out of receiving future mailings.
Our site uses a form for customers to request information, tickets, and services. We collect visitor’s contact information (like their e-mail address) and financial information (like their account or credit card numbers). Contact information from the form is used to send tickets and information about Parrot Island Waterpark to our customers. The customer’s contact information is also used to get in touch with the visitor when necessary. Financial information that is collected is used to bill the user for tickets and services.
This website contains links to other sites. When you link to another site, you are no longer on our site and are subject to privacy and other practices of the new site. We are not responsible for the practices or content of these or any other sites.
We periodically run contests on our site in which we ask visitors for contact information (like their e-mail address). We use contact data from our contests to send users information about Parrot Island Waterpark. The customer’s contact information is also used to contact the visitor when necessary.
This site has security measures in place to protect the loss, misuse and alteration of the information under our control. When you place ticket orders our system makes use of secure server software. The secure server software (SSL) encrypts personal order information you input before it is sent to us. Furthermore, all of the customer data we collect is protected against unauthorized access.
The CCPA contains a new set of consumer rights. Your Privacy Policy must inform your consumers of their rights.
Consumers have the right to request access to personal information. They can make this request for free, twice per year.
On receiving an access request, you must provide the necessary information in a portable and easily accessible format, normally within 45 days of the request.
When providing information under the right of access, you must include:
If the business sells personal information, the consumer also has a right to request access to the following information:
The consumer has a right to request the deletion of personal information that the business holds on the consumer.
However, this right does not apply where the business needs to retain the personal information in order to do any of the following:
The consumer has the right not to be discriminated against for having exercised their rights under the CCPA. In particular, the business may not:
You need to let consumers know about all of these rights.
Here’s how CBD Medic informs consumers about their right of access:
And here’s how Runza informs consumers about their right to non-discrimination:
You can have a clause for each right that helps your customers understand what their rights are and how you’re going to facilitate them.
It’s not enough to simply tell consumers about their rights. You need to set up a system to help consumers exercise their rights. This must include a toll-free number and web-page.
Your Privacy Policy must tell consumers how to submit a request to exercise their CCPA rights.
Here’s how Techbuyer approaches this:
Note how the clause begins with a phone number and email address that customers can use to exercise the rights. Then, further details and important information is included such as what the customer must do, and any limitations for the requests.
The CCPA requires any business that sells consumers’ personal information to provide a web page where consumers can opt out of having their personal information sold. The business must link to this page both on the front page of its website and in its Privacy Policy.
Here’s how FloraFlex displays the link to its Do Not Sell My Personal Information page in its Privacy Policy:
While FloraFlex is obviously keen to demonstrate compliance with the CCPA, it’s worth noting that only businesses that do sell personal information are required to comply with this part of the CCPA.
You must provide a list of the categories of personal information you’ve collected over the past 12 months.
To comply with this requirement, you need to know what constitutes “personal information” under the CCPA. Here’s the definition as it appears in the CCPA:
“information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
The CCPA lists the following categories of personal information:
Here’s how Vertafore Solutions approaches this:
You don’t have to use a chart format, but it’s something to consider since it helps keep things organized and makes information easier for your users to sort through.
In addition to telling your users what categories of personal information you collect, you need to disclose your sources of personal information.
You may collect personal information from a variety of sources, depending on the context in which your business operates. You only need to list the categories of sources, i.e. the types of companies or other sources.
Here’s an example from Brown-Forman:
Some of the sources listed include publicly-available database data, social network information and from marketing partners.
The CCPA requires that you tell consumers why you collect personal information – your purposes for collecting it. What are you actually doing with their personal information?
Here’s how Abacus does this in its Privacy Policy:
This type of clause is very standard across the board for Privacy Policies, so it’s highly likely that yours already has this type of clause included.
Your Privacy Policy must list all the categories of personal data your business has sold in the past 12 months. If it hasn’t sold any personal information over this period then it must disclose this.
Here’s how Malibu Boot Camp approaches this:
Note that the company has not sold any personal information in the past 12 months, so it lists “No” for each of the CCPA’s categories of personal information. You can also make a simple blanket declaration that you have not sold any personal information in the past 12 months.
Your Privacy Policy must list all the categories of personal information your business has “disclosed for business purposes” over the past 12 months. If you haven’t disclosed any personal information for business purposes over this period then you still must disclose this.
The CCPA gives seven categories of activities that count as “business purposes.” If you share consumers’ personal information with a third party so that they can perform these sorts of activities for you, you must disclose this in your Privacy Policy.
Note that these examples are not exhaustive.
Here’s how marketing company Lumen5 discloses how it shares its users’ personal information with service providers:
A CCPA-compliant Privacy Policy needs to go further than this by listing the categories of personal information disclosed for each business purpose.
Here’s how the CCPA’s Privacy Policy requirements match up against two other major privacy laws – the GDPR (EU) and CalOPPA (California).
| CCPA | GDPR | CalOPPA |
| Information about California consumers’ CCPA consumer rights. | Information about your EU users’ GDPR data subject rights. | N/A |
| Instructions on how California consumers can request access to and deletion of their personal information. | Instructions on how your EU users can exercise their rights over their personal information. | Instructions on how California consumers can request access to and deletion of their personal information (if you allow this). |
| A link to your “Do Not Sell My Personal Information” page. | Instructions on how your EU users can opt out of direct marketing or withdraw consent to the processing of their personal information. | Instructions on how consumers can opt out of third-party cookies (if you use them). |
| A list of the categories of personal information you’ve collected over the past 12 months. | A list of the categories of personal information you process. | A list of the categories of personal information you collect. |
| Your sources of each category of personal information you collect. | The ways in which you process personal information (this would include information about where you collect it from). | N/A |
| Your purposes for collecting each category of personal information. | Your purposes for processing each category of personal information. | N/A |
| A list of all the categories of personal information you’ve sold over the past 12 months. | N/A | N/A |
| A list of all the categories of personal information you’ve disclosed for business purposes over the past 12 months. | N/A | N/A |
| N/A | Your company’s name and contact details. | N/A |
| N/A | Names and contact details of key personnel (Data Protection Officer, EU Representative). | N/A |
| N/A | A list of the categories of organizations with whom you share personal information. | A list of the categories of organizations with whom you share personal information. |
| N/A | Your lawful basis for processing each category of personal information. | N/A |
| N/A | The periods for which you store each category of personal information. | N/A |
| N/A | Information about any international transfers of personal information outside the EU. | N/A |
| N/A | N/A | The date on which the Privacy Policy takes effect. |
| N/A | N/A | Information about how you will inform consumers of any changes to the Privacy Policy. |
| N/A | N/A | Information about how your website responds to Do Not Track signals from visitors’ web browsers. |
| N/A | N/A | Information about your use of third-party cookies or other tracking technologies (if you use them). |
For more information about how these laws compare, see:
Your CCPA Privacy Policy must contain:
