OUR BUSINESS
This website is operated by Kensington RG Ltd trading as The Roof Gardens, a company registered in England and Wales under registration number 12762985 with its registered address at United House, 9 Pembridge Road, London W11 3JY, United Kingdom. This company is the data controller responsible for your personal data when you contract with or interact with this company as a membership applicant, member, customer, employee or supplier.
WHAT IS THAT PRIVACY POLICY FOR?
This privacy policy applies to personal data that we collect from you as a user of this website, our app, or as a membership applicant, a member or a customer. It provides information on what personal data we collect, why we collect it, how we use it and the lawful basis on which we process it. Personal data as referred to in this policy means any information relating to you from which you could be identified. It also states what your rights are under the UK’s General Data Protection Regulation. By using this website or submitting your personal data to us, you are considered to have accepted the terms of this Privacy Policy, so you should read it thoroughly and contact us if you have any questions.
WHAT PERSONAL DATA DO WE COLLECT?
We collect the following personal data about you:
- When submitting a membership application, we will collect personal data including name, address, e-mail address; billing address and phone number; payment details (including credit/debit card information); gender expression and date of birth; country; a picture of yourself; information about your occupation and other information that you have chosen to provide to support your application.
- When making a reservation, we will collect personal data such as your first and last name, email address, billing and payment information.
- When you visit the club in person, you may be recorded by our CCTV system. If you are visiting as a guest, we will ask you for your name and email address.
- We may also collect any personal details that you choose to give when you contact us by telephone or email, or visit the club in person, such as your dietary requirements and preferences.
WHAT PERSONAL DATA IS COLLECTED AUTOMATICALLY?
When you visit our website or app, our servers will record information known as log data which includes information that your browser automatically sends whenever you visit the website. This log data includes your IP address, browser type and settings, the date and time of your request. Our website uses cookies and similar technologies to distinguish you from other users; we do this so we can provide you with a good user experience while you are on our website.
HOW WE WILL USE YOUR PERSONAL DATA
We may use your personal data as follows:
- To process your membership application; this is necessary to consider your request to become a member.
- To manage/administer your membership account with us; the purpose of using your personal data is to enable us to notify you of matters concerning your membership including payment requests, invoice, receipts, reminders and other administrative matters pertaining to your account. This is necessary for the performance of the contract between you and us.
- To manage your reservations at the club including sending confirmation emails, administration of cancellations, or meeting your requirements for events or celebrations. This is necessary for the performance of the contract between you and us.
- For other legitimate business reasons (meaning the legitimate interests of Kensington RG Ltd trading as The Roof Gardens) in conducting and managing our business and your membership including:
- To improve our website to offer you a personalised and seamless user experience
- If you ask us to delete your data or to be removed from our mailing lists, we will do so to meet our legal obligations but may keep basic data to identify you and prevent further unwanted processing
- To analyse our membership and customer demographics in accordance with our DEI policies
- To provide information to our technical partners to keep our platforms and network secure
- To comply with legal obligations
- Responding to complaints
- Responding to enquiries
- To book you into events both at the club and at external venues when applicable
When we process your personal data for our legitimate business reasons, we consider your rights under data protection laws. We will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted by law. At any time, you have the right to object to the processing of your personal data that is based on our legitimate business reasons, on grounds relating to your individual circumstances.
SHARING YOUR PERSONAL DATA
We may share your personal data with third parties in the following situations:
- Service Providers: e.g. banks, payment processing companies, IT support agencies, software providers (including EPOS, CRM, marketing, credit reference and website analytics providers. When instructed by us, these parties may view, process, analyse or store your personal data so that they can fulfil their contractual obligations to us.
- Asset Transfers: if we sell our business to a third party, personal data held by us about our applicants, our members and our customers may be one of the transferred assets.
- Legal Reasons: if we are legally required to do so, we will disclose your personal data to comply with a legal obligation such as a court order or upon request by the police. We may also do so to enforce the other applicable T&Cs that you have agreed to when applying to become a member of the club.
YOUR FINANCIAL INFORMATION
The debit or credit card details or Direct Debit details that you submit to us at the point of membership application (or subsequently) will be stored so that we can process your application and collect your subscription fees once you are elected; we may put your application on a waiting list which means your payment data will be stored for use if/when you are later elected to the club. We store and use this card or payment information for the purpose of processing any future payments that you make as a member for additional goods and services. We will store this data in accordance only for so long as legally permitted.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
To determine the appropriate time that we retain your personal data, we consider the type, quantity and sensitivity of the personal data, the purposes for which we process it and applicable legal requirements. We will keep your membership records for one year after your membership is either resigned by you or expires through non-payment, except we will continue to hold your records even after this one year period in either of the following circumstances:
- If at any time before we destroy your records, you inform us that you may wish to rejoin. The reason we continue to hold your records in this circumstance is to help us re-admit you as efficiently as possible and to ensure that there is no discontinuity in the information which we hold on you after you re-join; and
- If we terminate your membership for cause. The reason we continue to hold your records in this circumstance is that, should you ever re-apply for membership, then we would need to know that you are a former member and the reasons why your membership was previously terminated.
We will retain information submitted through our website for one year following the end of your membership of the club. When you consent to receive our marketing communications, we will keep your data until you opt to unsubscribe. At the end of the retention period, we will securely destroy your personal data.
YOUR RIGHTS SURROUNDING YOUR PERSONAL DATA
Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please feel free to contact us using the contact details set out below. For additional information on your rights please contact your data protection authority and see below.
- THE RIGHT TO BE INFORMED. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy.
- THE RIGHT OF ACCESS. You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please contact us.
- THE RIGHT TO RECTIFICATION. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us.
- THE RIGHT TO ERASURE. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain of the information that we hold about you by contacting us.
- THE RIGHT TO RESTRICT PROCESSING. You have rights to ‘block’ or ‘suppress’ further use of your information. When processing is restricted, we can still store your information, but will not use it further.
- THE RIGHT TO DATA PORTABILITY. You have the right to obtain your personal information in an accessible and transferable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch.
- THE RIGHT TO LODGE A COMPLAINT. You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.
- THE RIGHT TO WITHDRAW CONSENT. If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us. Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
- THE RIGHT TO OBJECT TO PROCESSING. You have the right to object to certain types of processing, including processing for direct marketing and profiling. You can object by changing your marketing preferences, disabling cookies as set out above or by getting in touch.
CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our Privacy Policy in the future will be updated within this document which is held on our website. We suggest you view it regularly to keep abreast of any changes which may be applied from time to time. If required to do so by the ICO, we will notify you of any material or substantive changes to this policy.
HOW TO REACH US
If you wish to get in touch to discuss this policy or for any of the reasons mentioned above, please do so by email to data@theroofgardens.com. Our Data Protection Officer is Benjamin Nutbeam.
COMPLAINTS
If you are not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:
- Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- Telephone number: 0303 123 1113
- Website: www.ico.org.uk