Lava Mayfair Club Limited (The Conduit)
ABOUT THIS NOTICE
The Conduit is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in accordance with data protection law. If you have any questions about this notice or how we collect and use personal information, please contact email@example.com.
1. INFORMATION ABOUT US
We are Lava Mayfair Club Limited (The Conduit). Our registered office is at 40 Conduit Street and our registered company number is 10075472 . If you have any questions, please contact us at: firstname.lastname@example.org.
2 Member Information and OTHER CORRESPONDENCE
2.1 When you join The Conduit (or someone suggests you for membership) we will collect personal information about you, relating to that membership such as your name, contact details, membership details, and correspondence with us. We need this information to review your potential membership and to finalise your registration. We ask that you share your name, address, contact details, date of birth, nationality, position, organization, sector, biography, interests, why you are interested in joining The Conduit and what you would offer the Community, as well as your payment details.
2.2 We may also collect data about potential members from public sources such as Companies House and LinkedIn. We collect this information in order review potential membership and, where applicable, to finalise registration. We retain this information for up to one year from the date of collection.
2.3 We will also gather information on you via other correspondence or interactions (for example by email, telephone or via our website) such as names and contact details. This may include: enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you.
2.4 We will keep and use this information to manage your membership, to comply with any legal requirements for us to maintain certain records or carry out certain verifications, and/or for our legitimate interests in dealing with a complaint or enquiry and administering your (or your organisation’s) membership or any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
2.5 Where your information relates to your membership, it is kept for a period of up to 3 years after the end of your contract, to enable us to deal with any after enquiries or re application for membership.
2.6 Payment information is collected by GoCardless and Global Payments and is retained until you cancel your membership; upon which your data will be deleted after the last contract payment has been taken.
2.7 If you were recommended to The Conduit by a third party we will hold your personal information on record for three months, unless we hear from you. At this point, we will delete all the personal information we have collected on you and will add you to our do not contact list. In order to maintain this list, and respect your privacy, we will only hold on to the information that is required to prevent us from contacting you again. This will include: Your Name, Position, Organization and Email. If you have been in contact with us, we will keep your information for a period of 1 year, upon which we will delete your information, as per the above.
3.1 We will use your email address to send you information about The Conduit and our events that we think you might be interested in. We may collect this directly from you, or through a third party. If a third party collected your name and contact details, they will only pass those details to us for marketing purposes if you have consented to them doing so. For example, when you use our wi-fi services, our wi-fi service provider may ask for your consent to share your name and email address with us for marketing purposes.
3.2 You always have the right to “opt out” of receiving our communications and you can do this by contacting us at email@example.com. We will always provide an unsubscribe option in all of our communications to allow you to opt out of any further emails. If you “opt-out” of our communications, you will be added to our do not contact list, to ensure we do not accidentally send you any further communications.
3.3 If you are an existing member of The Conduit we will use your contact details as necessary for our legitimate interests in communicating to you and managing your relationship with us.
3.4 If you are not an existing member of The Conduit, we will only contact you for marketing purposes with your consent (whether we have collected your details directly from you, or through a third party, being the individual who nominated you).
3.5 We never share your name or contact details with third parties for marketing purposes. We do use third party service providers to send out our marketing, but we only allow them to use that information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
3.6 We retain your details on our communications list until you “opt-out” at which point we add you to our do not contact list. We keep that do not contact list indefinitely to comply with our legal obligations to ensure we don’t accidentally send you any more marketing.
4 Website information
4.1 We may collect information about you and your use of our website via technical means such as cookies, webpage counters and other analytics tools. We use this as necessary for our legitimate interests in administering our website and to ensure it operates effectively and securely.
4.2 For detailed information on the cookies we use and the purposes for which we use them see our Cookie Notice.
4.3 We keep this website information about you for six months from when it is collected or the relevant cookie expires.
4.4 Our website may, from time to time, contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
5 Member Profile
5.1 This is information about you, which you provide when you complete your member profile on our Membership portal. This content will be visible to all other members of The Conduit unless indicated otherwise or if you choose to limit what is shown. You have the ability to maintain your own privacy preferences when it comes to your information on the member’s portal. We will also display and publish your information on the Members Directory and on Member Event RSVP lists. This information is displayed for as long as you are a Member of The Conduit.
6 Employee Information
6.1 If you work for one of our members, suppliers or business partners, the information we collect about you may include your contact information, details of your employment and our relationship with you. This information may be collected directly from you, or provided by your organisation. Your organisation should have informed you that your information would be provided to us, and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your organisation. If we have a business relationship with you or your organisation, we may receive information about you from your organisation. We keep this information for up to 3 years after the end of our relationship with your organisation.
7 Information collected at our premises
7.1 Visitor information. We collect information about visitors to The Conduit. We may record information on your visit, including the date and time, who you are visiting, your name, your contact details, your employer (where applicable) and your food and beverage preferences , . We use this information for our legitimate interests in administering your visit and building and improving our offering.
7.2 If you have an accident at our premises, we may also retain an account of your accident. If you have an accident on our premises, our accident records are retained for a period of up to 4 years.
7.3 CCTV. We operate CCTV at our premises, which may record you and your activities. We display notices to make it clear what areas are subject to surveillance. We only release footage following a warrant or formal request from law enforcement, or as necessary in relation to disputes. CCTV recordings may be kept for a period of up to 31 days (unless an incident occurs and it is necessary for us to keep recordings for longer to properly deal with it).
7.4 We use this information as necessary for our legitimate interests in administering your visit, ensuring site security and visitor safety.
8 Job Applicants
8.1 We will collect and hold information on job applicants, including information you provide to us in your application, or provided to us by recruitment agencies, as well as information on you from any referees you provide. We use this as necessary to enter into an employment contract with you, and for our legitimate interests in evaluating candidates and recording our recruitment activities, and as necessary to exercise and perform our employment law obligations and rights.
8.2 If you are successful in your application, your information will be used and kept in accordance with our internal privacy notice. If you currently work for us, or used to work for us, you can request a copy of this from us. If you are not successful in your application, you information will be held for up to six months after the relevant round of recruitment has finished.
8.3 You must provide certain information (such as your name, contact details, professional and educational history) for us to consider your application fully. If you have not provided all of this information, we may contact you to ask for it. If you do not wish to provide this information, we may not be able to properly consider your application.
8.4 If you are listed as a referee by an applicant, we will hold your name, contact details, professional information about you (such as your employer and job title) and details of your relationship with the applicant. We will use this information as necessary for our legitimate interests in evaluating candidates and as necessary to exercise and perform our employment law obligations and rights. Your information will be kept alongside the applicant’s information.
8.5 If you are listed as an emergency contact by someone who works for us, we will hold your name, contact details and details of your relationship with that worker. We will use this to contact you as necessary to carry out our obligations under employment law, to protect the vital interests of that worker, and for our legitimate interests in administering our relationship with that worker. Your information will be kept until it is updated by that worker, or we no longer need to contact that worker after they have stopped working for us.
9 Legal Claims
9.1 Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal information as necessary for our legitimate interests in ensuring that we can properly bring or defend legal claims. We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the nature of the claim and how long we consider there to be a risk that we will need to defend or bring a claim.
10 Information we receive from third parties
10.1 We may also receive information about you from our service providers. We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, analytics providers and search information providers) who may provide us with information about you, to be used as set out above.
11 Special Categories of data
11.1 We do collect certain “special categories” of more sensitive personal information about you. This is limited to certain dietary preferences and your ethnicity.
11.2 Where we collect and store your dietary preferences, we do this in order to perform our contract with you and for our legitimate interests in ensuring that we cater to your needs, at the events that we host, and to make sure that we tailor our service to your preferences. Where your dietary preferences would be considered to be a “special category” of data (for example, if you have a serious allergy which could affect your health) we process this data in order to protect your vital interests. We retain this information for as long as you are a member of The Conduit.
11.3 We also ask you to share your ethnicity with us upon registration, as The Conduit is committed to building a diverse community. We only collect this information with your explicit consent. You will have the option at the point of registration whether or not to provide this information and, where you do provide it, you can ask us to stop storing this information at any time. Unless you ask us to delete it earlier, we will retain this information for as long as you are a member of The Conduit and upon the cancellation of your membership with us we will delete straight away.
12 WHAT ELSE DO WE USE YOUR INFORMATION FOR?
12.1 Common uses of your information. We will only use your personal information when the law allows us to do so. Although in limited circumstances we may use your information because you have specifically consented to it, we generally use your information in the ways set out in this notice because:
12.1.1 we need the information to facilitate your engagement with the Conduit Community and provide you with access to all the benefits The Conduit offers its members.
12.1.2 we need to comply with a legal obligation.
12.1.3 it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.
12.1.4 we need to protect your interests (or someone else’s interests) or where it is needed in the public interest (although these circumstances are likely to be rare).
12.2 Change of purpose. We will only use your personal information for the purposes for which we collected it as set out in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
13 SHARING YOUR INFORMATION
As well as any sharing listed above, we may also share your information with third parties, including third-party service providers and other entities in our group. Third parties are required to respect the security of your personal information and to treat it in accordance with the law. We never sell your data to third parties.
13.1 Why might we share your personal information with third parties?
We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where we have another legitimate interest in doing so. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
13.2 Which third-party service providers process your personal information?
We also may need to share your personal information for third-party service providers (including contractors and designated agents) so that they can carry out their services.
[The following activities are carried out by third-party service providers: [legal advice, contract administration, order fulfilment, delivery, administration, IT services, payment processing].
13.3 When might we share your personal information with other entities in the group?
We may share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, and for system maintenance support and hosting of data. We may also share your name, position and organization with our event partners when sharing a list of event attendees.
13.4 How secure is your information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. Where third parties process your personal information on our behalf as “data processors” they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
13.5 What about other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business where necessary in connection with the purposes which your information was collected for. We may also need to share your personal information with a regulator or to otherwise comply with the law.
14 WHERE WE STORE YOUR INFORMATION
14.1 Our office headquarters are based in 40/41 Conduit Street and our main data centre is located in the UK. However, where required to perform our contract with you or for our wider business purposes, the information that we hold about you may be transferred to, and stored at, a destination outside the UK and the EU. It may also be processed by staff operating outside the UK and EU who work for us or for one of our service providers. [In particular, we may also share information with our parent company which is based in the United States.
14.2 We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.
Some countries or organisations outside of the UK and the EU which we may transfer your information to will have an “adequacy decision” in place, meaning the EU considers them to have an adequate data protection regime in place. These are set out on the European Commission website: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
14.3 If we transfer data to countries or organisations outside of the UK and the EU which the EU does not consider to have an adequate data protection regime in place, we will ensure that appropriate safeguards (for example, model clauses approved by the EU or a data protection authority) are put in place where required. To obtain more details of these safeguards, please contact us.
15 DATA SECURITY
15.1 As well as the measures set out above in relation to sharing of your information, we have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
15.2 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.
16 HOW LONG WILL WE KEEP YOUR INFORMATION FOR?
We have set out above indications of how long we generally keep your information. In some circumstances, it may be necessary to keep your information for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
17 YOUR RIGHTS
17.1 Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner’s Office (ICO). Under certain circumstances, by law you have the right to:
17.1.1 Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
17.1.2 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
17.1.3 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
17.1.4 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
17.1.5 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object where we are processing your personal information for direct marketing purposes.
17.1.6 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
17.1.7 Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
17.1.8 Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest in doing so.
17.1.9 Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us at firstname.lastname@example.org. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
17.2 What we may need from you. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
17.3 Timescale. Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
18 CHANGES TO THIS PRIVACY NOTICE
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or otherwise. Please check back frequently to see any updates or changes to our privacy notice