Your basket is currently empty!
Version: 1.0 Last updated: 7 September 2025
1) Who we are
Controller: Wild Isle Adventures Ltd (“we”, “us”, “our”)
Registered office: 2 Timsgarry, Isle of Lewis, HS2 9JD
Trading as: Wild Isle Yurts
Contact for privacy matters: privacy@wildisleyurts.co.uk
We are the data controller for personal data processed through wildisleyurts.co.uk and associated pages (the “Site”).
We operate skills-based prize promotions for UK residents 18+, and a separate founders’ offering (outside any promotion).
2) What data we collect
We collect and process the following categories of personal data:
- Identity & contact: name, email, postal address, phone, age affirmation (18+).
- Account & transaction: order history, ticket purchases, free entry submissions, founders’ enquiries, invoices, refunds.
- Competition data: answers to the skills question, entry counts, referral/affiliate attribution, draw outcomes, winners’ details (incl. any required publication of surname/county per CAP/ASA rules).
- Payment: we receive payment confirmations and identifiers from our processors; we do not store full card or bank details on our servers.
- Technical & device: IP address, user-agent, device/approx. location, cookies and similar technologies (see Cookie Policy).
- Communications: emails, contact-form messages, support requests, complaint correspondence.
- Founders (non-promotion): enquiry details, invoice/bank transfer metadata.
- Postal free entries: the information you send us by post (we digitise and log these to ensure equal treatment).
We do not intentionally collect children’s data; entries are restricted to UK residents aged 18+.
3) Why we use your data (lawful bases)
We rely on the following lawful bases under UK GDPR:
- Contract (Art. 6(1)(b)) — to take and fulfil your entry/purchase, operate the draw, notify winners, provide the prize, handle support, and administer founders’ bookings (outside the promotion).
- Legal obligation (Art. 6(1)(c)) — to keep tax/transaction records, respond to lawful requests, and meet ASA/CAP and consumer-law requirements (e.g., making winners’ lists available).
- Legitimate interests (Art. 6(1)(f)) — fraud prevention, security, platform maintenance, internal analytics, referral/affiliate attribution and payout, enforcing entry caps and fairness, and reasonable business communications. We conduct a balancing test to ensure your interests aren’t overridden. You can object where we rely on legitimate interests.
- Consent (Art. 6(1)(a)) — email marketing (where required), non-essential cookies/trackers, and any third-party marketing. You can withdraw consent at any time.
4) How we use your data
- Operate promotions: verify eligibility (UK/18+), apply per-person entry caps, validate skill-question answers, run verified random draws, contact winners, and fulfil prizes.
- Run referrals & affiliates: attribute referrals (RewardsWP) and affiliates (AffiliateWP) and issue the separate Referrers’ Bonus Draw entries.
- Payments: take payment via approved processors (e.g., Nochex, Cashflows).
- Compliance & fairness: maintain auditable logs, publish a winners’ list (surname and county) where required, or share details with regulators upon request.
- Customer service: handle enquiries, complaints, and refunds (note: refunding a main order may revoke the associated bonus entry per T&Cs).
- Founders (outside promotion): respond to enquiries and issue invoices (bank transfer).
- Security & site operations: detect abuse, block disposable emails, rate-limit, and protect systems.
5) Automated decision-making & profiling
- Draws are randomised via a verifiable process (filmed or independently witnessed). This is not profiling.
- We do not conduct automated decision-making that produces legal or similarly significant adverse effects; awarding a prize is a beneficial outcome. You may contact us if you wish us to review any draw-related record involving you.
6) Sharing your data (categories of recipients)
We share data only as needed with:
- Payment processors (e.g., Nochex, Cashflows)
- Website hosting & IT (e.g., Hostinger; caching, security, email delivery providers)
- WordPress/WooCommerce plugins (Competitions for WooCommerce, RewardsWP, AffiliateWP, product video plugin) acting as processors of our instructions
- Professional advisers (accountants, lawyers, insurers)
- Regulators/authorities (e.g., on lawful request; ASA/CAP requirements re winners’ information)
- Courier/postal providers (if we send physical items)
We do not sell your data.
7) International transfers
Some providers may process data outside the UK/EEA. Where they do, we use appropriate safeguards (e.g., UK IDTA/Addendum, SCCs, or an adequacy decision). You can request details of relevant safeguards.
8) Retention
- Competition entries and draw logs: for the duration of the promotion and up to 6 years afterwards (limitation and audit).
- Transaction & tax records: 6 years from the end of the financial year.
- Support emails: typically 24 months after closure.
- Winners’ info published: for as long as reasonably necessary to demonstrate compliance; we may provide it to regulators even if you object to public disclosure.
- Founders’ records: for the term of the arrangement + 6 years.
- Server logs/security events: typically 12 months (unless needed longer for investigations).
9) Marketing
We only send direct marketing in line with PECR.
- Email marketing: by consent (or “soft opt-in” for similar products/services to existing customers, with an easy opt-out at any time).
- Referrals: our widget provides suggested text or none at all; you choose whom to contact. We do not send marketing to your contacts without their consent.
10) Your rights
You have rights to access, rectify, erase, restrict, object (esp. where we rely on legitimate interests), and portability (where applicable). Where we rely on consent, you may withdraw it at any time.
To exercise rights, contact privacy@wildisleyurts.co.uk.
You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with our handling. See ico.org.uk or call 0303 123 1113.
11) Security
We use HTTPS, access controls, role-based permissions, and reputable providers. No method is 100% secure; please keep your account credentials safe.
12) Changes
We may update this notice. We’ll post the new version with a new “Last updated” date and, where appropriate, notify you.
