If you have any requests about your personal data or queries with regard to how we handle your data you can contact us by email firstname.lastname@example.org or write to us at GDPR, 45 Dean Street, London, W1D 4QB.
Please note that all data captured thus will be used and held in accordance with the requirements of the Data Protection Act 2018 (DPA) and the EU General Data Protection Regulations (GDPR).
What information do we collect?
We collect the following personal data about you:
When applying for membership the personal details you provide include your name, address, phone number, email address, business address, date of birth, a picture of yourself, information about your work and your industry sector. We also collect your debit/credit card details and bank account information which is required for the processing of your membership application and continual renewal of your membership.
Private Event Clients
When an individual contacts us with a new enquiry we record the clients name, phone number and email address either over the phone or via email to be able to send the client information on the event spaces. To confirm an event the client completes a booking form with their contact details, address and debit/credit card details and ticks our terms and conditions.
Bedroom guests’ contact details and information about their stay are collected. We also take payment details to enable us to process payment. To enable us to provide a high level of customer service we also collect additional information about guest requirements and preferences.
Automatically Collected Personal Data
Our servers record information (‘log data’) when you visit our site, including information that your browser sends automatically whenever you visit the site. Information recorded in this log data includes your browser type and settings, your Internet Protocol (‘IP’) address, the date and time of your request.
What are cookies?
When you visit different websites small text files are stored on your computer. These are called ‘cookies’ and most websites use them for different purposes. Cookies may be used to improve your experience of a website, for example by making particular parts of a website work or remembering preferences you’ve selected. Cookies are also used to get a picture of how often people use a website, and how they are using it, so that improvements can be made to it. Below you can find out about the cookies we use on our website (www.thegrouchoclub.com and www.via-duck.com), what they do, how long they will remain on your computer, and how to opt out.
Cookies help us to improve your experience of our website. For example, they allow us to: • Provide certain functionality such as the ability to adjust the size of the text, and to change the colour of the text and the background, to suit your preferences. • Share video content with you. • Monitor how our website is being used so that we can keep improving it. There is also a cookie which enables us to administer the website and make changes to the content.
By visiting our website, some cookies will already have been stored on your computer. However, you can remove these and you can also change your browser settings to prevent them from being placed on your computer in future. For more information about this, please visit www.allaboutcookies.org.
Please note that if you choose to opt out of our cookies, this may affect your experience of our site. For example, you may not be able to view some of the content on our site such as embedded video content, and some of the tools we have included on our site to make it more accessible, such as the text magnifier, won’t work properly for you. Please note that one of the cookies we use on our website is strictly necessary for our site to work. Without it, you won’t be able to use our site.
What are the purposes of processing personal data?
The GDPR provides us the following grounds for processing your personal information in the following ways:
We collect our members’ and clients’ personal information so that we can fulfil the contract and manage your relationship with us. For example, we may use personal information to create and manage a membership, set up an online membership account enabling you to manage your membership and communication preferences, and in creating and managing a reservation or event booking.
We may be required to process and share personal data to comply with statutory obligations, for example in providing CCTV footage to the police in relation to the investigation of a criminal offence. Details of financial transactions are retained as are legally required.
We may also process your personal information due to the consent you have provided to us to do so, for example in opting in to receive marketing communications from us, in the form of our newsletter or other marketing emails pertaining to offers and events at the Club. You may withdraw consent at any time by emailing email@example.com, visiting your Via Duck account page or by following the link to unsubscribe at the bottom of our newsletter emails.
Disclosure of information
To provide services the Club may use third party suppliers. On our behalf, as ‘processors’, these suppliers may process personal data. These suppliers have undertaken to protect that personal data and only process it under our instructions.
We only share personal information that is strictly required for the purposes and take reasonable steps to ensure the third parties shall only process the personal information for those purposes.
We may share your data with the following suppliers:
- Card processing or payment services
- IT suppliers and contractors
- Web analytics suppliers
- Bedroom and restaurant booking system suppliers
- Online travel agents
- Providers of CRM, marketing and sales software solutions
- Health & Safety contractors
As a Member, we may also share data with reciprocal clubs in the setting up of reciprocal visits. This is on request and based upon your consent.
How do we protect data?
Your personal data is stored in compliance with GDPR requirements and any other data protection legislation that may come into effect.
Your information is accessed for the purposes set out above. Electronic information is stored and processed through secure servers with a maintained firewall and are password protected. All paperwork records are kept in a secure, locked area of the Club. Your personal information is electronically transferred into our database which is password protected.
We make sure that our employees and third party suppliers who access your information to provide you with our services are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet such obligations.
In the case that we have given you a log-in or password to be able to access www.via-duck.com, you are responsible for keeping these details secret and are not to share your log-in details or password with anyone else.
How long do we keep your information?
We securely store your personal data and retain membership records for three years after the expiration or termination of your membership, records are retained on the grounds of legitimate interests to deliver customer service in the case of membership renewal.
Unsuccessful applications are held for one month following the decision by the Committee, although the applicant can request in writing to remove their name and application at any time. We may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.
Private Events Clients
On the grounds of legitimate interest to deliver customer service in the case of a repeat booking, data is held for three years after the event booking.
On the grounds of legitimate interest to deliver customer service in the case of a repeat booking, data is held for three years after a bedroom booking.
What are your rights in relation to your personal data?
In the processing of your personal data subject to GDPR, you have the following rights in respect of your data:
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data, under certain circumstances.
- Object to the processing of your personal data where we are relying on a legitimate interest (or the legitimate interest of a third party) and there is something about your particular situation which makes you want to object to us processing on this basis.
- Request the restriction of processing of your personal data. You have the right to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for us processing it.
- Request access to your personal data (commonly known as a ‘data subject access request’).
- Request the transfer of your personal data to another party.
- If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
- Make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
If you wish to exercise any of these rights please contact us by email GDPR@thegrouchoclub.com or write to us at:
GDPR, 45 Dean Street, London, W1D 4QB
You are able to submit a complaint to the Information Commissioner’s Office about any matter concerning your personal information. We take our obligations seriously, so if you have any questions or concerns, we would encourage you to raise them with us first, so that we can try and resolve them.