Privacy & Cookie Notice
https://www.hotshotsairsoft.co.uk (the 'Website') is provided by Hotshots Airsoft Ltd ('we'/'us'/'our'). In doing so, we may be in a position to receive and process personal information relating to you. As the controller of this information, we're providing this Privacy & Cookie Notice ('Notice') to explain our approach to personal information.
We intend only to process personal information fairly and transparently as required by data protection law including the UK General Data Protection Regulation ('UK GDPR'). In particular, before obtaining information from you (including through use of cookies) we intend to alert you to this Notice, let you know how to access it and to make sure you know you can opt-out of some of the things we might use your data for.
Of course, you may browse parts of this Website without providing any information about yourself and without accepting cookies. In that case, it's unlikely we'll possess and process any information relating to you.
You may wish to start with the table at clause 4, which summarises what we intend to collect, or the table at clause 8.5, which summarises our use of cookies.
1. Identity and Contact Details
Our Data Protection Officer (DPO) would welcome communication from you regarding any matter relating to data protection, and can be contacted by email at [email protected].
2. When We're Allowed to Collect Information From You
We will only collect personal information relating to you if one of the following conditions has been satisfied:
- 2.1. You have clearly told us that you are content for us to collect that information for the particular purpose or purposes that we will have specified.
- 2.2. The processing is necessary for the performance of a contract that we have with you.
- 2.3. The processing is necessary so that we can comply with the law.
- 2.4. The processing is necessary to protect someone's life.
- 2.5. The processing is necessary for the performance of a task that's in the public interest.
- 2.6. The processing is necessary for a recognised legitimate interest; or our or another's non-recognised legitimate interests — but in this case, we'll balance those interests against your interests.
3. How to Consent
3.1. If we need your consent to collect and use certain information, we'll provide you with the opportunity to tell us that you're happy to provide that information at the point of collecting it.
3.2. If at any point in time you change your mind and decide that you want to withdraw your consent, please let us know and we'll endeavour to stop processing your information in the specified manner, or we'll delete your data if there is no continuing reason for possessing it.
3.3. If you don't consent to a particular bit of processing, we'll endeavour to ensure that the Website and our service continue to operate without the need for that information.
4. Information We Expect to Collect From You
4.1. We envisage collecting the following types of information from you:
| Information type | Purpose and related details | Justification |
|---|---|---|
| Identity data First name, last name, date of birth |
To identify individuals on the waitlist and at events; to complete participant waivers and verify age eligibility. This information may be transferred to the recipient in the USA under the UK-US Extension to the EU-US Data Privacy Framework. |
We'll ask for your consent |
| Contact data Email address, phone number, home address |
To send a single launch notification (email); to confirm and manage event bookings. This information may be transferred to the recipient in the USA under the UK-US Extension to the EU-US Data Privacy Framework. |
We'll ask for your consent |
| Professional data Company name |
To understand the proportion of corporate/B2B enquiries and segment demand. This information may be transferred to the recipient in the USA under the UK-US Extension to the EU-US Data Privacy Framework. |
Legitimate interest: understanding the proportion of corporate and private group enquiries in order to inform product development, pricing, and go-to-market decisions before launch |
| Marketing & analytics data How they heard about us |
To identify which channels are driving awareness and inform marketing spend decisions. This information may be transferred to the recipient in the USA under the UK-US Extension to the EU-US Data Privacy Framework. |
Legitimate interest: identifying which channels are generating awareness of the business in order to allocate pre-launch marketing resources effectively |
| Legal & contractual records Signed participant waiver, site liability agreement |
To evidence that participants accepted liability terms before taking part; to record site conditions for safety and insurance purposes. This information may be transferred to the recipient in the USA under the UK-US Extension to the EU-US Data Privacy Framework. |
Necessary for the performance of a contract with you |
| Health data Medical screening responses from participant waiver |
To assess whether a participant has any condition that may affect safe participation; collected under explicit consent (UK GDPR Article 9(2)(a)). This information may be transferred to the recipient in the USA under the UK-US Extension to the EU-US Data Privacy Framework. |
We'll ask for your consent |
4.2. We may collect personal information about you from a number of sources, including the following:
- From you when you agree to take a service or product from us, in which case this may include your contact details and how you will pay for the product or service.
- From you when you contact us with an enquiry or in response to a communication from us, in which case, this may tell us something about how you use our services.
- As you interact with this Website, we may automatically collect technical information about your equipment, browsing actions and patterns (such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website).
- From documents that are available to the public, such as the electoral register.
- From third parties to whom you have provided information with your consent to pass it on to other organisations or persons — when we receive such information we will let you know as soon as is reasonably practicable.
4.3. Event and booking data (pre-launch). When we open for bookings, all participants will be required to complete and sign a Participant Waiver and Release of Liability before taking part in any activity. This records your name, date of birth, email address, telephone number, and signature, and includes a medical screening questionnaire covering conditions that may affect safe participation. This medical information constitutes special category personal data under UK GDPR Article 9 (health data). We collect it under Article 9(2)(a) — your explicit consent, given freely at the point of signing, for the purpose of ensuring your safety and the safety of other participants. Physical waivers are stored in a locked file accessible only by authorised personnel.
4.4. For site-based events, the person or organisation providing the venue will be required to sign a Customer Site Liability Agreement prior to the session. This records the site owner's name, contact number, site address, and declared hazards. This is a commercial record processed under our legitimate interests in documenting site conditions for safety and insurance purposes.
4.5. If you refuse to provide information requested, and that information is necessary for a service we provide to you, we may need to stop providing that service.
4.6. If at any point you think we've invited you to provide information without explaining why, feel free to object and ask for our reasons.
5. Using Your Personal Information
5.1. Data protection, privacy and security are important to us, and we shall only use your personal information for specified purposes and shall not keep such personal information longer than is necessary to fulfil these purposes. Examples of the ways in which we use personal information include:
- To notify waitlist members when bookings open (single notification email).
- To conduct anonymised internal analysis of market research responses.
- To process and manage event bookings and communicate with you about your reservation.
- To ensure compliance with safety regulations and maintain a safe environment for all participants.
- To fulfil our legal and insurance obligations in relation to participant waivers.
- To help to prevent and detect fraud or loss.
5.2. We will not use your personal data for marketing purposes unless you have explicitly consented. You may withdraw that consent at any time by emailing [email protected].
5.3. We will not disclose your personal information to any third party except in accordance with this Notice, and then only in one of the following circumstances:
- They will be processing the data on our behalf as a data processor (where we'll be the data controller). In that situation, we'll always have a contract with the data processor as set out in the UK GDPR.
- Sometimes it might be necessary to share data with another data controller. Before doing that we'll always tell you.
- We have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.
5.4. We do not sell your data to third parties. We do not share it with advertisers or marketing agencies. Your data may be processed by the following third parties, each operating under a Data Processing Agreement with Hotshots Airsoft Ltd:
| Processor | What they handle | Location | DPA |
|---|---|---|---|
| Tally Privacy policy |
Waitlist sign-up form submissions and market research survey responses | European Union — no international transfer | Auto-activated on account creation |
| Booking & payment processor To be confirmed prior to launch |
Event bookings and payment processing | To be confirmed | To be confirmed |
5.5. We may allow other people and organisations to use personal information we hold about you if we, or substantially all of our assets, are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets.
6. Protecting Information
6.1. We have strict security measures to protect personal information.
6.2. We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software to encrypt information you input.
6.3. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you. Physical records (including signed participant waivers) are stored in a locked file accessible only by authorised personnel.
6.4. It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when you finish using a shared computer.
7. The Internet
7.1. If you communicate with us using the internet, we may occasionally email you about our services and products. When you first give us personal information through the Website, we will normally give you the opportunity to say whether you would prefer us not to contact you by email. You can also unsubscribe at any time by following the instructions within the email.
7.2. Please remember that communications over the internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered — this is the nature of the internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
8. Cookies and Other Internet Tracking Technology
8.1. When we provide services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your computer, which is sent back to us at a later time. These are called 'cookies'. These cookies are listed in the table at clause 8.5.
8.2. Where applicable, this section of the Notice also relates to that technology but the term 'cookie' is used throughout.
8.3. Some of these cookies are essential to services you've requested from us, whereas others are used to improve services for you, for example through:
- letting you navigate between pages efficiently;
- enabling a service to recognise your computer so you don't have to give the same information during one task;
- recognising that you have already given a username and password so you don't need to enter it for every web page requested; and
- measuring how many people are using services, so they can be made easier to use and that there is enough capacity to ensure they are fast.
8.4. To learn more about cookies, you may wish to visit: www.allaboutcookies.org, www.youronlinechoices.eu or Google's cookie policy.
8.5. This Website uses, or allows use of, the following cookies:
| Cookie name | Cookie qualities | Consent needed |
|---|---|---|
| Google Analytics 4 | Tracks page views, session data, device type, approximate location, and user behaviour to measure site performance. Category 2 — performance (statistical purposes exception applies) Third party: another website is placing the cookie Persistent: _ga lasts 2 years; _ga_* lasts 2 years |
No |
| Microsoft Clarity | Records session behaviour including heatmaps and scroll patterns. Category 2 — performance (statistical purposes exception applies) Third party: another website is placing the cookie Persistent/session: _clck lasts 1 year; _clsk is session |
No |
| Tally | Strictly necessary to process form submissions. Not used for tracking or advertising. Category 3 — functionality Third party: another website is placing the cookie Session cookie |
Yes |
8.6. The distinctions referred to in the above table are as follows:
- First party versus third party cookies — we set first party cookies ourselves; third party cookies are set by other entities via our Website.
- Session versus persistent cookies — session cookies only persist for the duration of that visit; persistent cookies last for longer.
- Categories 1–4 are explained below.
| Category | Type | Description |
|---|---|---|
| Category 1 | Strictly necessary | These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for cannot be provided. |
| Category 2 | Performance | These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. This information is only used to improve how a website works. |
| Category 3 | Functionality | These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. |
| Category 4 | Targeting and advertising | These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. |
8.7. We require your consent to set cookies unless an exception applies:
- Category 1 cookies don't require your consent.
- Category 2 cookies may require your consent unless their sole purpose is to collect information for statistical purposes about how our service or website is used with a view to making improvements (the statistical purposes exception). Google Analytics 4 and Microsoft Clarity are used solely for this purpose.
- Category 3 cookies may require your consent unless their purpose is to adapt the way our service appears or functions in line with your preference or otherwise enhance the appearance or functionality of the website. Tally cookies require consent as they go beyond this.
- Category 4 cookies do require your specific and informed consent. We do not currently use any Category 4 cookies.
8.8. Even if consent is not required to a cookie, we must still tell you about that cookie and, in some cases, you will have the right to opt out.
9. Data Retention
9.1. We retain personal data only for as long as necessary to fulfil the purpose for which it was collected:
- Waitlist data: held until you request deletion, withdraw consent, or 12 months after the launch notification has been sent with no further engagement from you.
- Market research responses: anonymised aggregates are retained for business planning; any personally identifiable responses are deleted within 12 months of collection.
- Booking data: retained for the duration required by our accounting, insurance, and legal obligations, then securely deleted.
- Participant waivers and medical screening data: retained for a minimum of 6 years, as required by our public liability insurance provider and applicable law. We will confirm the retention period to each participant prior to their first session.
- Customer Site Liability Agreements: retained for a minimum of 6 years from the date of the session, in line with the Limitation Act 1980 for contractual claims.
9.2. If Hotshots Airsoft does not launch within 24 months of your waitlist sign-up, we will delete all waitlist data and notify you by email before doing so.
10. Your Legal Rights
10.1. Under certain circumstances, you have rights under data protection laws in relation to your personal information. You have the right to:
- Request access to your personal information (commonly known as a 'data subject access request'). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. We will action this within 30 days, subject to any legal retention obligations (e.g. liability waivers required by our insurer).
- Object to processing of your personal information where we're relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
- Request restriction of processing of your personal information in certain situations.
- Request the transfer of your personal information to you or to a third party in a structured, commonly used, machine-readable format.
- Withdraw consent at any time where we're relying on consent to process your personal information. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
10.2. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
10.3. To exercise any of the rights above, email [email protected]. We will respond within one calendar month and may ask you to verify your identity first.
11. Complaints
11.1. If you are unhappy with how we have handled your personal data, we would welcome the opportunity to resolve your concern directly. Please contact our DPO at [email protected] in the first instance.
11.2. You also have the right to lodge a complaint with the UK supervisory authority:
Website: ico.org.uk
Helpline: 0303 123 1113
Our ICO registration number: ZC149884
12. Further Information
12.1. If you would like any more information or you have any comments about this Notice, or if you wish to exercise any of your legal rights, please contact our Data Protection Officer at [email protected].
12.2. We may have to amend this Notice on occasion, for example if we change the cookies that we use or the data we collect. If we make a material change, we will publish the amended version on the Website and, where possible, notify waitlist members by email before the change takes effect.
12.3. You can ask us for a copy of this Notice by emailing us at [email protected]. This Notice applies to personal information we hold about individuals. It does not apply to information we hold about companies and other organisations.