itison Venues– Fair Processing Notice
We take your privacy seriously and you can find out more here about your privacy rights and how we gather, use, and share your personal information – that includes the personal information we might collect about you.
Our Data Protection Officer (DPO) provides help and guidance to ensure we apply the best standards to protecting your personal information. Our DPO can be reached by email at firstname.lastname@example.org or by post at Data Protection Officer, itison House, 29 Cochrane Street, Glasgow G1 1HL if you have any questions about how we use your personal information.
Please read Your privacy rights for more information about your rights and how our DPO can help you.
Your privacy rights
Under the Data Protection Act 2018, you have control over who is entitled to store, process, and use your data:
You have the right to:
· Request access to your personal data that we hold.
· Request corrections where the data we hold about you is inaccurate.
· Request that we erase any and all personal data we currently hold.
· Object to us processing your personal data.
· Request we restrict our processing of your personal data.
· Request we transfer your personal data to a third party.
· Withdraw your consent to us storing and processing your data, at any time.
If you would like to exercise any of your rights above, or make a complaint about our data processing activities, please contact our Data Protection Officer (DPO) by email: email@example.com or post: Data Protection Officer, itison House, 29 Cochrane Street, Glasgow, G1 1HL
We will not charge you a fee to access your personal data and we will respond within 28 days of your request. If a request is found to be excessive or unfounded we may either:
· Charge a fee (where request is excessive)
· Refuse the request (where it is unfounded or we cannot confirm identity
Data Access Requests
Where you make a request to receive a copy of all the data we hold on you, we may ask for you to provide us with identification. As responsible data controllers we will not deliver personal data to any individual unless we can either confirm their identity and the data belongs to them, or; we can confirm they are an authorised agent of another individual via signed consent or power or attorney.
How and what information we may collect on you
You are in control of what information we collect about you. By submitting your information on our website you consent to the use of that information, as set out in this policy. However if you choose not to share your information some areas of our websites may not be accessible or useable.
Information that you provide us, including:
· Information you actively provide when using our website to complete an online enquiry or booking form. For example, when you reserve a table in our restaurant we will ask for your personal information in order to process your request. This information will include identity data (such as first name, last name), contact data (such as email address, contact telephone number) and financial data (such as payment card details).
· If you contact us by post, email or telephone, we may keep a record of any correspondence
· We may also ask you to complete surveys that we use for research purpose, although there is no requirement to respond.
· Marketing and communications data such as your name and email address, of you opt-in to receive marketing material from us.
· Contact and identity data should you choose to enter into any competitions or prize-draws.
We will never provide third-parties with your data, to directly market to you.
Information that is automatically collected by our website
We use passive means to collect information such as tracking what pages you visit on our site. The information is used by our website to determine how visitors use our site. This feeds in to the development of our site to increase ease of use and make the experience more enjoyable. Data collected may include:
Like most sites we use small text files called cookies to help us improve your experience. A cookie is a small text file that your browser (Microsoft Edge, Google Chrome, Firefox, etc.) downloads in much the same way as it displays images and video.
Cookies do not provide us with any of your personal information, they provide non-identifying information such as remembering your browser settings, the type of software you use etc. This enables us to make our site easy to use and quick to navigate.
When you visit a page in your browser the cookies from that site are sent back to the server to allow it to change its response accordingly. The information held in a cookie cannot be sent any site other than its original source.
Most browsers automatically accept cookies but you can delete existing cookies from your browser and edit your settings to block any future cookies. Please check your browser settings to make this adjustment.
Please note, if you do choose to block cookies, some areas of our website may not work as you would expect.
We may collect information including your IP address, operating system and browser type, for system administration and website security. This is statistical information only about our users’ browsing habits and does contain any identifying data. We may also use your IP address to diagnose problems with our servers, monitor traffic to our website and help us develop and improve our site further.
Under the GDPR, data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, biometric data, data concerning health or sexual orientation is classified as Sensitive Data. Under normal circumstances we will not record any sensitive data however, we may need to collect some sensitive information in relation to health or dietary requirements (which can relate to your religious beliefs) of you or your guests. We will only ever request this information if it is relevant and required for your booking.
How we use your personal data
· We will use your personal only when legally permitted to. Most commonly this will be:
o When we need to perform a contract between us, such as emailing you booking confirmation
o Where it is necessary for our legitimate interests or those of a third party, and your fundamental rights do not override these,
o Where we need to comply with a legal obligation.
o Where you have provided us with consent to process your personal data for the purpose of marketing to you.
Administration and other non-marketing uses of data
We will use the information you enter in forms on our websites for administration purposes.
At times it may be necessary to disclose some of your personal data to third parties we work with, to ensure we can provide you with the services and information you request.
We will never sell or share your personal data with Third-Parties for the purposes of marketing to you. We employ third-parties to outsource functions where we do not have the capacity – for example electronic booking systems. We only work with businesses whose practices and ethos mirror our own, and contracts include privacy clauses to ensure your data is safe and protected at all times.
We may advertise on other websites, and you may see one of our adverts if you have previously visited our site. These ads may be targeted at you based on the cookies placed on your computer/device when you visited our site.
If you use any Social Media accounts, you may also see posts and adverts via our Social Media channels.
We make use of profiling tools provided by Social Media platforms to ensure adverts we place are of interest to you.
Countries outwith the European Economic Area (EEA) do not always offer the same levels of Data Protection. European Law has sought to combat this by restricting the transference of personal data outwith the EEA unless the transfer criteria can be met.
There may be an occasion where we transfer your data outwith the EEA. In those circumstances we do our upmost to ensure a similar degree of security of data via the following safeguards:
· We will only transfer personal data to countries that the European Commission has deemed to provide sufficient levels of protection to personal data;
· Where we use providers bases in the US, we will only transfer data to them if they are a member of the EU-US Privacy Shield.
· Specific contracts or codes of conduct, as approved by the European Commission are in place to ensure integrity of data.
Itison Venues will at times run competitions on our website, via our social media channels or through third-parties. All competitions will be supported with Terms and Conditions which will identify the personal information we will collect and how it may be used for that competition (for example we will need to contact the competition winner).
Any and all personal information collected for the purposes of competitions will be deleted after the advertised closing date, and the winner has been notified, unless you have opted in to our marketing communications.
At times we may ask our guests to complete a survey to rate their experience with us. These surveys may be:
· On premise – in the form of feedback cards. The cards can be completed anonymously or your may choose to provide your name and location. Providing this information allows us to properly review your experience but it is not required. Once feedback has been reviewed, the cards are shredded and recycled,
· Online – Our third-party booking engines may email you a feedback survey after your booking has passed. This is optional and any/all responses you provide to this will not be used to market to you.
We will not use any information provided for the purpose of a survey to market to you.
As referenced above, we may collect and analyse data collected via cookies and Google Analytics, about how our visitors interact with our website. We may also collect IP (internet protocol) addresses to allow us to diagnose issues with our servers or for server administration purposes. This data is never linked to any identity data.
Contacting you if you have opted out of marketing
At times we may need to contact you, even if you have opted out of our marketing communications. We will only contact you if we consider it to be in our legitimate interest to contact you, which may include:
· Booking confirmation emails when you reserve a table or hire an area in our venue.
· If there is an issue that can affect your booking/reservation with us and we need to let you know.
· Sending you a feedback survey so we can understand how you felt about your experience with us and allow us to improve our services or rectify any disappointment you may have felt.
Direct Marketing Communications
You will only receive marketing communication from us if you have
a) Positively opted in to receive marketing communications from us.
b) Signed up to a newsletter on our website
c) Requested to receive materials such as brochures, over the phone, via email or in person.
We do not share your data with any of our partners for the purpose of marketing, unless you provide explicit consent to do so.
You can ask us to stop sending you marketing messages at any time by using the unsubscribe links in our email messages to you, or by contacting firstname.lastname@example.org stating you with to be removed from any marketing lists.
Opting out of our marketing emails will not prevent you from receiving booking confirmation emails or other communications not related to marketing.
Children under the age of 18
The GDPR states that children’s personal data merits specific protection. We do not intend to collect, sore or process personal data belonging to children under the age of 16. Competitions run by us are only open to adults in the UK. As we do not collect date of birth information as a rule, anyone signing up to receive marketing information from us will be assumed to be 18 or older.
We operate CCTV across many areas of our venue. CCTV is there for the protection of our employees and our guests. Please be aware you may be recorded by our CCTV whilst in our establishment. CCTV recordings are kept for 30 days and then deleted, unless the footage is required for an ongoing investigation.
At times we will take photographs around the premises for the purposes of promotion on our Social Media channels in which you may be in the background. If you wish to be removed from an image please email: email@example.com
We employ stringent security measures and technology to ensure the safety of your personal information. Preventing data loss, breaches or unauthorised access is a high priority for us and our team. Access to sensitive data is limited to direct employees in managerial positions and access requires additional user authentication steps.
We only store your personal data for as long as required to fulfil the purposes we originally collected it for, which includes legal, accounting, or reporting requirements.
In setting our retention periods, we consider the type of the data, the purpose for it’s collection, use and storage methods.
To comply with our legal and tax obligations under UK law, we are required to keep basic information about our customers for at least six years.
We may anonymise your data where it is appropriate and allows us to fulfil our obligations under law.
You can request we delete your data at any time and we will remove as much as we can, whilst informing you of any information we are required to keep and why.