themeparks.co.uk

Legal

Privacy Policy

How O&J Studio Ltd (the operator of themeparks.co.uk) collects, uses and protects your personal data under the UK GDPR and the Data Protection Act 2018.

Last updated: 24 April 2026

1. Who we are

themeparks.co.uk (“we”, “us”, “our”) is owned and operated by O&J Studio Ltd, a private limited company registered in Scotland, United Kingdom.

  • Company: O&J Studio Ltd.
  • Registered office: Clyde Offices, 48 West George Street, Glasgow, G2 1BP, United Kingdom
  • Contact: privacy@themeparks.co.uk

For the purposes of UK data protection law, O&J Studio Ltd is the “data controller” for personal data we collect through this website.

2. Summary

In plain English:

  • We run a content site about UK and global theme parks.
  • We collect very little personal data — mainly your email if you subscribe, plus standard analytics about how the site is used.
  • When you click an offer, you may be sent through an affiliate network (e.g. Awin or Partnerize) and on to a park operator such as Disney or Merlin Entertainments. Those companies have their own privacy policies.
  • We never sell your data. You have rights you can exercise at any time by emailing us.

3. What data we collect

Depending on how you use the site, we may collect:

  • Account data — if you create an account: email address, hashed password, display name and profile preferences.
  • Newsletter data — email address, signup source and engagement metrics (opens, clicks) if you subscribe.
  • Comments and submissions — content you voluntarily post (e.g. ride reviews, contact form messages).
  • Technical & usage data — IP address, device type, browser, referring page, pages viewed and approximate location (country / region) from IP.
  • Cookies and tokens — authentication tokens, consent state and analytics identifiers.
  • Affiliate click data — click identifiers (“click IDs”) and timestamps generated when you click outbound deal links, used by our affiliate partners to attribute resulting bookings.

4. How we use your data

  • To deliver and improve the website and its content.
  • To send you the newsletter you signed up for and let you manage your subscription.
  • To create and secure your account if you choose to register.
  • To measure aggregate site performance (page views, popular content, conversion of deals).
  • To attribute affiliate commissions when you book through one of our partner links.
  • To detect and prevent fraud, abuse and spam.
  • To comply with our legal obligations and enforce our terms.

5. Lawful bases (UK GDPR Art. 6)

  • Consent — for newsletter signup, non-essential cookies (analytics, marketing attribution) and any direct marketing.
  • Contract — to provide account services you have signed up for.
  • Legitimate interests — to operate the website, secure it against abuse, measure aggregate performance and earn affiliate revenue that funds the site. We balance these interests against your rights.
  • Legal obligation — where we must retain or disclose data to comply with UK law.

6. Cookies & similar technologies

We use cookies and similar technologies (local storage, pixels) in line with the Privacy and Electronic Communications Regulations (PECR). These fall into four broad categories:

  • Strictly necessary — required for the site to work (e.g. session, authentication, consent state). No consent required.
  • Analytics — to understand how the site is used in aggregate. Set only with your consent.
  • Affiliate attribution — set by our affiliate networks when you click an outbound deal, so the partner can credit any resulting booking. Set with your consent or on your action of clicking the link.
  • Embedded media — third parties such as YouTube or social platforms may set cookies when you interact with embedded content.

You can withdraw or change cookie consent at any time using your browser controls or our in-site cookie settings (where provided).

7. Affiliate networks & partners

themeparks.co.uk is partly funded by affiliate commission. When you click an outbound “Get tickets”, “Book” or “See offer” link, you may be redirected through one of the networks below before reaching the park operator’s site. The redirect typically sets a cookie or appends a click ID so that any resulting booking can be attributed to us.

Awin

Awin Ltd (registered in the UK) operates an affiliate network we use for many UK and European park partners. When you click an Awin-tracked link, Awin may set cookies and process your IP address, click timestamp and referrer to attribute conversions. See the Awin privacy policy.

Partnerize

Partnerize (Performance Horizon Group Ltd) is an affiliate platform used by some of our travel and ticketing partners. It processes click IDs, IP and device data to attribute bookings. See the Partnerize privacy policy.

Disney & Disneyland Paris

Some links direct you to The Walt Disney Company or Euro Disney Associés SAS (Disneyland Paris) booking pages. Once you land on a Disney site, Disney becomes an independent data controller for any data you provide there. See the Disney privacy policy.

Merlin Entertainments

Many UK parks — including Alton Towers, Thorpe Park, Legoland Windsor, Chessington World of Adventures, Warwick Castle and the Sea Life chain — are operated by Merlin Entertainments Ltd. Clicks to these sites are typically routed via Partnerize. Once on a Merlin-operated site, Merlin is the independent controller. See the Merlin privacy policy.

Other park operators & partners

We also link to other operators and resellers, including but not limited to Universal Destinations & Experiences, Europa-Park, PortAventura World, Efteling, Liseberg, Parc Astérix, Gardaland, Tivoli Gardens, attraction-ticket resellers and hotel/transport providers. Each operator is an independent controller for the data you share with them, and their own privacy policies apply once you leave themeparks.co.uk.

8. Third-party processors

We use a small number of vetted service providers to run the site. These act as our “processors” and only handle personal data on our instructions:

  • Hosting & CDN — to serve the website globally with low latency.
  • Backend infrastructure — managed database, authentication and serverless functions that store accounts, comments and newsletter subscriptions.
  • Email delivery — to send transactional emails (confirmations, password resets) and the newsletter.
  • Analytics — to measure aggregate traffic and content performance.
  • Affiliate networks — Awin, Partnerize and the operators listed in section 7.

A current list of sub-processors is available on request from privacy@themeparks.co.uk.

9. International transfers

Some of our service providers and affiliate partners are based outside the UK, including in the European Economic Area (EEA) and the United States. Where personal data is transferred outside the UK, we rely on one or more of the following safeguards:

  • UK adequacy regulations (e.g. transfers to the EEA);
  • the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses;
  • the UK Extension to the EU–US Data Privacy Framework, where the recipient is certified.

10. Data retention

  • Account data: kept while your account is active and for up to 12 months after closure, then deleted or anonymised.
  • Newsletter: kept until you unsubscribe, then suppression-listed (email only) so we don’t accidentally re-contact you.
  • Comments: kept while the related article is published.
  • Server & security logs: typically 30–90 days.
  • Analytics: aggregated retention typically up to 26 months.
  • Affiliate click data: as required by the affiliate network for attribution and reconciliation, typically 30–90 days.

11. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased (the “right to be forgotten”);
  • restrict or object to processing;
  • data portability in a machine-readable format;
  • withdraw consent at any time, where processing is based on consent;
  • not be subject to solely automated decisions with legal effects.

To exercise any of these rights, email privacy@themeparks.co.uk. We will respond within one month.

You also have the right to complain to the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113 · ico.org.uk

12. Children

themeparks.co.uk is a family-oriented site, but it is not directed at children. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it. Parents and guardians should supervise children’s use of the internet and use parental controls where appropriate.

13. Security

We protect your data with industry-standard measures, including encryption in transit (HTTPS), encrypted storage at rest, access controls, principle-of-least-privilege for our infrastructure, and routine security reviews. No internet service is 100% secure, but if a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected users.

14. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of the page reflects the latest version. Material changes will be highlighted on the site or emailed to subscribers where appropriate.

15. Contact us

Questions about this policy or our data practices? Email privacy@themeparks.co.uk or write to us at:

O&J Studio Ltd.
Registered office: Clyde Offices, 48 West George Street, Glasgow, G2 1BP, United Kingdom

See also our homepage and footer links for more about who we are.

This privacy policy is provided for general information and does not constitute legal advice. For advice on your specific circumstances, please consult a qualified solicitor.