Privacy Policy

Last updated: 11/02/2026

1. Who We Are

Hoy & Dorman Ltd (Company Number NI066285) trades as Moira Lakes.

Registered address:
32B Old Church Lane
Craigavon
BT67 0EY
Northern Ireland

Telephone: 02892440788
Email: info@moiralakes.com

For the purposes of UK data protection law, Hoy & Dorman Ltd is the data controller.

2. The Information We Collect

Booking and Contact Information

  • Full name
  • Email address
  • Telephone number
  • Postal address (where required)
  • Booking history

Group and Youth Activity Information

  • Age or date of birth
  • Parent or guardian details
  • Emergency contact details
  • Group affiliation

Medical and Safety Information

  • Medical conditions
  • Medication details
  • Allergies
  • Swimming ability
  • Other safety-related information necessary for participation

This information is collected strictly for health and safety purposes.

Incident Records

Where an incident occurs, we may record:

  • Name of individual involved
  • Details of the incident
  • Actions taken

Incident reports are stored securely in physical form.

Photography and Media

With consent, we may capture photographs or video during activities for:

  • Marketing
  • Social media
  • Website content
  • Promotional materials

For children, individual parental consent is required.

Website Usage Data

When you visit our website, we may collect:

  • IP address
  • Device type
  • Browser type
  • Pages visited
  • Interaction data

This data is collected through analytics and advertising tools.

CCTV Footage

CCTV operates across our site including:

  • Car park
  • Reception
  • Activity areas
  • Lakes

Footage is retained for up to 30 days and is accessible only to authorised personnel.

3. How We Collect Information

We collect personal data through:

  • Our website contact forms
  • Online booking system (Beyonk, embedded on our website)
  • Google Forms
  • Paper forms completed on site
  • Email correspondence
  • CCTV systems
  • Marketing sign-ups

If reCAPTCHA or similar spam prevention tools are used on our forms, they may collect technical data such as IP address and device information for security purposes.

4. How We Use Your Information

We use personal data to:

  • Process bookings and manage activities
  • Ensure health and safety
  • Communicate regarding bookings or enquiries
  • Manage group events
  • Comply with legal, insurance and accounting obligations
  • Send marketing communications (where permitted)
  • Improve our website and advertising effectiveness

5. Lawful Basis for Processing

We rely on the following lawful bases:

  • Contract – to deliver booked services
  • Legal obligation – health and safety and financial record-keeping
  • Legitimate interests – to operate and improve our business
  • Consent – for marketing and photography
  • Vital interests – where medical information is required to protect life or safety

Special category medical data is processed solely for safety and legal compliance purposes.

6. Children’s Data

We provide activities for children and young people.

Participants under the age of 16 must have a responsible adult present on site unless attending as part of an organised group (for example Scouts, schools or youth organisations) where an appointed leader is responsible for supervision.

For all participants under the age of 18, a parent or legal guardian must complete the relevant booking forms, waivers and consent documentation. Where a booking is made as part of an organised group, the group leader is responsible for ensuring appropriate parental consent has been obtained.

We collect only the personal data necessary to deliver activities safely and effectively. This may include medical and emergency contact information.

7. Our Booking System – Beyonk

Bookings are processed via Beyonk, embedded within our website.

Beyonk acts as a data processor on our behalf.

We may occasionally download booking information for operational purposes. Where this occurs, data is stored securely and access is restricted.

Beyonk stores data within the UK and European Economic Area.

8. Third-Party Service Providers

We use:

  • Beyonk – booking system
  • Google Workspace – email and secure storage
  • Google Analytics – website analytics
  • Meta Pixel – advertising measurement
  • Mailchimp – email marketing

Some of these providers may process personal data outside the UK.

Where this occurs, appropriate safeguards are in place, including standard contractual clauses.

9. Marketing Communications

We may send marketing emails where:

  • You have given consent, or
  • You have previously booked with us and have not opted out

You may unsubscribe at any time via the link in our emails or by contacting us directly.

Marketing communications are managed via Mailchimp.

10. CCTV

CCTV is in operation for safety, security and crime prevention.

Footage is retained for up to 30 days.

Live CCTV may be displayed in reception.

Access is restricted to authorised personnel only.

11. Data Retention

We retain personal data for the following periods:

  • Booking records – 6 years
  • Incident reports – 6 years
  • Adult waivers – 6 years
  • Children’s waivers – until age 21
  • Medical forms – up to 5 years
  • CCTV footage – up to 30 days
  • Staff records – 6 years following employment

Data is securely destroyed when no longer required.

12. Automated Decision-Making

We do not carry out automated decision-making that produces legal or similarly significant effects on individuals.

Analytics and advertising tools may use automated profiling for marketing optimisation, but this does not affect your legal rights.

13. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Restricted access controls
  • Secure cloud storage
  • Physical document security
  • Staff awareness of confidentiality

14. International Transfers

Certain service providers, including Mailchimp and Meta, may process data in the United States.

Where data is transferred outside the UK, appropriate safeguards are used to protect personal information.

15. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent

You also have the right to complain to the Information Commissioner’s Office (ICO):

www.ico.org.uk

16. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.