Data Protection Legislation
All handling of your personal data is done in compliance with any applicable law relating to the processing of personal Data, including but not limited to the Directive 96/46/EC (Data Protection Directive) or the General Data Protection Regulation (EU) 2016/679 (GDPR), and any national implementing laws, regulations and secondary legislation, for as long as the GDPR is effective in the UK (“Data Protection Legislation”). The terms “Personal Data”, “Special Categories of Personal Data”, “Personal Data Breach”, “Data Protection Officer”, “Data Controller”, “Data Processor”, “Data Subject” and “process” (in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation.
“Data Protection Lead” is the title given to the member of staff leading our data protection compliance programme in lieu of a requirement for a Data Protection Officer. Our Data Protection Lead can be contacted at email@example.com.
For the purposes of the applicable Data Protection Legislation, we are a data controller in respect of the personal data we collect when you use the Website, become a member, register and use the App, or purchase merchandise through the Website.
What personal data do we collect from you?
We may collect, use, store and transfer different kinds of Personal Data about you as detailed in the table below. We have grouped together personal data into the following categories:
Identity Data such as names, usernames or similar; marital status; title; date of birth; sex and gender.
Contact Data such as addresses; email addresses and telephone numbers.
Financial Data such as bank account and payment card information.
Transaction Data such as information about payments and details of purchases you have made.
Technical Data such as IP addresses; login data; browser info; time zone; location; browser plug-ins; operating systems; platforms; mobile device information; and other technology on the device used to access this Website, some of which is automatically collected.
Profile Data such as usernames; passwords; security answers; purchases/orders; interests; preferences; feedback and responses to surveys, blogs and messages.
Usage Data such as analytics relating to how you use the Website and/or the App.
Marketing and Communications Data such as your preferences about receiving communications from us or third parties.
Special Categories of Data such as details about race or ethnic origins, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic or biometric data.
Our lawful basis for processing personal data
The lawful basis for our use of your Personal Data is detailed in the table below. Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are outlined in Article 6, Section 1 of the GDPR. They are as follows: (a) ‘your consent’; (b) 'performance of a contract'; (c) 'compliance with a legal obligation'; (d) 'protection of your, or another’s vital interests'; (e) ‘public interest/official authority’; and (f)'our legitimate interests'. Legitimate interests are a flexible basis upon which the law permits the processing of an individual’s personal data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Lead. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact firstname.lastname@example.org.
What personal data do we collect and how do we process your personal data?
Our processing is related to:
What categories of information do we process?
What personal data do we collect, how do we process your personal data and the lawful basis for processing?
Your request to register for an account on our App or Website
Whenever you request register for an account on our App or Website, we use the personal data that you give us or we collect from you, in order to process your registration.
This processing is conducted lawfully on the basis of your consent and our legitimate interests in providing you with information about our events and merchandise.
If you register on the Website, register on the App or apply to be a member of the Club, we will collect your name, postal address, e-mail address, and (where applicable) the company you represent and your job title), which we need in order to identify you and social media tags, phone number, age and gender, username and password. You may also be asked to provide other details such as your interests, likes and preferences particularly in relation to music and musical artists. We need this information to perform the contract we have with you, and to tailor the Club’s activities and events to members’ profiles.
Your membership application
Whenever you request to become a member, we use your personal data you provide to us or we collect from you, in order to process your membership application and, where applicable to process payments. This processing is conducted lawfully on the basis of your consent and our legitimate interests in providing the service to you and promoting and marketing our events and merchandise.
If you apply to become a member and you are accepted you will be asked to provide identification documentation (passport or photo driving licence) together with the names and email addresses of your nominees which will be checked through identification scanning equipment and saved on our system. This will enable access to the Club without the need to show ID subsequently.
Your table booking / studio booking / private hire booking
Whenever we receive your request and/or order to make a booking we use your personal data you provide to us or we collect from you, in order to manage your order, process payments and fulfil your booking. This processing is conducted lawfully on the basis of performance of our contract with you.
Fulfilment of Merchandise Orders / Music and Artworks Collectables Orders
Whenever we sell you a product, such as apparel (merchandise), music or artwork collectables, we use your personal data you provide to us or we collect from you, in order to manage your order, process payments and for internal record keeping, billing and accounting, and to respond to any queries, complaints or requests for further information and to make sure that you receive your products. This processing is conducted lawfully on the basis of performance of our contract with you.
If you wish to order any of our merchandise through the Website or App (or perhaps in due course apply for tickets for an event at the Club), or the entity you represent does so, we will collect further personal data from which we need to fulfil the order and keep in contact with you about it. If you make a payment through the Website’s or App’s payment gateway for merchandise, your credit or debit card number will be collected and used to make the payment, but we do not store such information.
Events and Merchandise mailing lists
Marketing and Communications Data
If you join or opt in to be added to one of our mailing lists, we, our affiliates or the third parties listed in the section Third Party Interests below, will use your personal data to contact you with updates related to the subject of the mailing that you have subscribed to. This processing is conducted lawfully on the basis of your consent. We may also contact you by email with marketing information about other goods and services we feel may interest you, (for example membership information or promotions) where you have consented to this by ticking the relevant box on the form on which we collect your data. If do not you want us to use your data in this way, please tick the relevant box situated on the form on which we collect your data. You can always opt-out of receiving marketing emails from us. All future marketing communications will also contain a simple way to opt out of receiving such further communications from us. This processing is conducted lawfully on the basis of 'our legitimate interests' and your consent.
Marketing and Communications Data
If you are a current customer or if you previously attended an event at the Club, or registered for an account or membership or purchased from us or if you opted in to marketing communications, and providing that you haven't opted-out before or since we collected your personal data, we, our affiliates or the third parties listed in the section Third Party Interests below, may occasionally send you marketing information about other goods and services we feel may interest you, (for example membership information or promotions). If do not you want us to use your data in this way, please tick the relevant box situated on the form on which we collect your data. You can always opt-out of receiving marketing emails from us. All future marketing communications will also contain a simple way to opt out of receiving such further communications from us. This processing is conducted lawfully on the basis of our legitimate interests and your consent.
Customer Services / Enquiries / Lost Property
Identity Data Contact Data Transaction Data
If you make an enquiry or contact us regarding an aspect of our service, or lost property, we will use your personal data in order to respond to your enquiry. We may also contact you to manage our relationship with you including notifying you of changes to the Website or App.
This processing is conducted lawfully on the basis of 'our legitimate interests' and ‘'your consent' in managing our business and improving our goods and services.
If you wish to contact us through the Website, we ask you to supply essential contact details (your name, e-mail address, and (where applicable) the company you represent and your job title), which we need in order to identify you through the Website.
Your entry to the Club Identity Data
Special categories of data – biometric fingerprint data
When you enter the Club for the first time, you will be asked for identification documentation which will be scanned. You will also be asked whether you are willing to give a fingerprint. The purpose of this is to allow you to enter the Club on future occasions by not having to provide ID but only your fingerprint. You will be asked to sign an express consent form authorising us to hold this identification information. If so, this information will be held unless and until you instruct us you not to do so. This processing is conducted lawfully on the basis of your consent and our legitimate interests to provide the services to you and to comply with the Club’s license.
Photographs and filming of you at the Club Identity Data
The Website, the App and social media pages relating to the Club contain photos of artists who have performed at the Club as well as members of the public who have been in the Club or attended certain gigs or events. When you enter the Club you may be filmed or have your photo taken. This will be used for social media posts and to have recent photos of events included on the website. On entering the Club you will be asked to sign an acknowledgement and consent. This processing is conducted lawfully on the basis of your consent and our legitimate interests in promoting and marketing the Club.
CCTV Identity Data
We use CCTV at the entrance to the Club, around the perimeter of the Club and inside the Club to:
(a)to prevent and detect crime and protect buildings and assets from damage, disruption, vandalism and other crime;
(b) identify, apprehend and prosecute offenders;
(c) for the personal safety of staff, visitors and other members of the public and to act as a deterrent against crime;
(d)to support law enforcement bodies in the prevention, detection and prosecution of crime;
(e)to assist in day-to-day management, including ensuring the health and safety of staff, visitors and other members of the public;
(f)to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings;
(g) dealing with any queries, complaints or enquiries;
(h) ensure the security of our and your property and that of our visitors;
(i) ensure that our policies and procedures are being adhered to;
(j)to assist in the defence of any civil litigation, including employment tribunal proceedings.
This processing is conducted lawfully on the basis our legitimate interests to provide the services to you and protect the Club’s business and license. We operate the CCTV in accordance with our CCTV Policy.
Zoom Parties / Seminars
Identity Data Contact Data Transaction Data Technical Data Financial Data
If you wish to join a Zoom party, we will use your personal data to register you for the party, to process your booking and payment and to validate your ID when entering the Zoom party. This processing is conducted lawfully on the basis of performance of our contract with you on the basis of our legitimate interest in providing the services to you.
Service improvement/Market Research
Identity Data Contact Data Transaction Data Technical Data
We may use your personal data or aggregate data to improve our products/services; to administer and protect our business and the App including troubleshooting, data analysis and system testing and/or to monitor trends so we can improve the Website and App. This processing is conducted lawfully on the basis of our legitimate interest in promoting and marketing our events, promotions, competitions and membership, managing the Website and providing a better service for our customers.
How we collect data
We collect data in the following ways: (a) data is given to us by you, for example through your use of the Website or the App and your device, or by corresponding with us; and (b) data is collected automatically. To the extent that you access the Website and on account creation for and usage of the App, we will collect your data automatically, for example: (a) we automatically collect some information about your visit to the Website or use of the App, this information helps us to make improvements to Website and App content and navigation and in the case of the App. The information we collect includes your IP address, the date, times and frequency with which you access the Website or App and the way you use and interact with its content; (b) we will collect your data automatically via cookies, in line with the cookie settings on your browser. For more information about cookies, and how we use them on the Website, see the section below, headed "Cookies"; (c) information about your installation and device, for example, the type of operating system, may be sent to us.
Who do we share your personal data with?
We may pass your data to the third parties listed in the table ‘Who we share your data with’ below. In common with many other suppliers of goods and services, the personal data that we collect from you may be transferred to and stored at a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Details are included in the section ‘Who we share your data with’ below. Where personal Data is transferred outside the EEA we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following contractual or other safeguards are in place to ensure that your personal data is adequately protected, and that enforceable rights and effective legal remedies are available for data subjects: (a) we will only transfer your personal Data to countries that have been deemed to provide adequate level of protection for personal Data by the European Commission; and/or (b) where we use certain service providers, we may use specific contracts approved by the European Commission which give personal Data the same protection it has in Europe.
Third Party Interests
Who we share your data with
Name or Category of Third-Party Controller
Reason for processing being performed?
We may share your information with any of our group companies or our affiliates as joint controller, for the purpose of our own administration.
Our employees, agents and/or professional advisors
To provide the services and obtain advice and ensure the best quality of product and service is offered. or where we have a legitimate interest in doing so, such as in order to enforce or apply our contract with you, to investigate potential breaches of contract, or to protect our property and rights or those of others. This may include exchanging information with other companies and organisations for the purposes of licence compliance requirements, fraud protection and credit risk reduction.
HMRC, regulatory authorities or other authorities such as the Police
We are joint Controller with these authorities who require reporting of processing in some situations (for example to facilitate the detection of crime or the collection of taxes or duties).
Where these providers act as Data Controller, we are joint Controller with them for the purposes of order fulfilment.
Third Party Payment Processors with whom you may already have a relationship, such as PayPal
We are joint Controller with these service providers who simply pass payments you make through their services directly to us based on a transaction. These transactions are subject to the provider’s privacy notices/policies.
For further information on the representatives for each of these please contact email@example.com.
Our Data Processors
Name or Category of Third-Party Processor
Purposes for carrying out processing
Web hosting providers
Website hosting, including the storage of data forming the website content and processing your Technical Data (and Profile Data, where applicable) in order to provide you with access to our websites.
Internal technology providers
CRM and ERP software providers, whose services we use in order to manage our business with you.
Office software providers, such as email clients.
IT Support services, (including CCTV and biometrics) who might require access to our systems (with our strict supervision) in order to remedy faults with our technology.
Mobile App and Web development providers whose service we use in order to develop and maintain our App through which we provide services to you.
Marketing technology providers
Providers who enable us to send you our marketing emails
Third Party Payment Services Providers
We use these processors so that we can take electronic or card payments securely and without the requirement for you to disclose your card data to us.
Social Media Providers
We post photos and videos taken by us in the Club on social media platforms including, but not limited to, Facebook, Twitter, Instagram and YouTube.
Business to Business relations
If you are an employee of one of our business partners, we may use your personal data (Identity Data and Contact data) to communicate with you and your business about achieving our respective business objectives. This processing is conducted lawfully on the basis of 'performance of a contract' This data may be provided by you directly or referred to us by one of yours or our partners.
What profiling or automated decision making do we perform?
We do not perform any profiling or automated decision making based on your personal data.
How long will your personal data be kept?
We hold different categories of personal data for different periods of time. Wherever possible, we will endeavour to minimise the amount of personal data that we hold and the length of time for which it is held. Where you book a table, tickets, or the Studio, order any merchandise, apply for membership, we normally retain contract information (including personal data) for 6 years. It may be longer if it is clear that you wish us to continue to retain it either by you indicating this is the case or by making it clear through your actions, for example still visiting the Club. We retain CCTV images for up to sixty (60) days and biometric fingerprints for up to thirty (30) days unless we are required by authorities of other legal requirement to retain for longer.
Keeping your data secure
What are your rights?
If you have any questions, comments or requests regarding our use of your personal data, or wish to delete your personal data from the Website or the App, please contact us by email to: firstname.lastname@example.org or write to us at the following address: The Operations Manager, TEN London 29 High Holborn London WC1V6AZ