Privacy & Cookie Policy
Privacy Policy
1. About this Policy
Your privacy is as important to us, Rockwater Group Ltd (referred to as “we”, “our”, “us”, “Rockwater”) as it is to you. We respect and value the privacy of everyone who becomes a member of the Rockwater community, visits our website, www.rockwater.uk (Our Site) or otherwise communicates with us. We will only collect and use personal data in ways and for proper purposes that are described here, and in a way that is consistent with our obligations and your rights under the law.
Please read this Policy carefully and ensure that you understand it. It explains the purpose for and legal basis on which Rockwater will collect, process, store and share any data that may be used to identify you (personal data) as a controller under relevant data protection laws in relation to the services and software applications hosted or made available by us, however you access them (Services). For the purposes of this Privacy and Cookie Policy the relevant data protection laws include the Data Protection Act 2018 and the retained version of the General Data Protection Regulation (EU) 2016/679 (as it applies in the UK with effect from 1 January 2021) (the UK GDPR).
By using Our Site or submitting your personal data to us through the site or by email or in response to any newsletter or social media outlet where we are active, you hereby accept the terms of this Policy.
Capitalised terms not otherwise defined in this Policy shall have the meaning given to them where they first appear or in the UK GDPR or other applicable data protection laws.
- Information About Us
Our Site is owned and operated by Rockwater Group Limited, a limited company registered in England under company number 11814588.
Registered address: THE OLD CASINO , 28 FOURTH AVENUE, HOVE, EAST SUSSEX, UNITED KINGDOM, BN3 2PJ
Trading Address: Western Esplanade, Kingsway, Hove BN3 4FA
VAT number: 337468571
- What Is Personal Data?
Personal data is defined as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as membership number, identification numbers, social media handles, electronic location data, your device IP address, and other online identifiers.
- Collection, purpose and legal basis for processing personal data
We may collect and process the personal data specified in the Annex to this Policy, for the relevant purpose and on the relevant legal basis also specified in that Annex. We only collect personal data relevant to your use of the Services (which include for example when you fill out a form, respond to a survey or a members’ email communication or a newsletter).
- How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.
We will keep your personal information for as long as you are a customer with us at Rockwater. We may store your data for up to six years after your last interaction with us or where you have made a transaction. Your data will be removed from all our systems and backups after this time. The reasons we may do this are:
- To respond to a query or complaint, or to prove we gave you fair treatment.
- To adequately defend any breach of contract claim (which may subsist for up to six years under English law)
- To study customer data as part of our own internal research.
- To comply with UK legislation about keeping your records which applies to us.
We may also store your data for a longer period of time if we cannot delete it for legal or regulatory reasons (such as by order of a court).
- How and Where Do You Store My Personal Data?
We use our best endeavours to only store your personal data within the UK and the European Economic Area (EEA) where possible. The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will take the full benefit of the protections under the UK GDPR (and the EU version of the UK GDPR as applicable) .
The security of your personal data is essential to us, and to protect your data, wetake a number of important measures, including limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality (through their employment/engagement with us). There will be occasions when we use the services, technology solutions, or functionality of a third party provider which is located overseas (typically in the USA). For these occasions we do not ourselves store your data outside the EEA or UK but these key partners will have access to such information. The controls which apply to such partners and service providers are set out in Part 9 of this Privacy and Cookie Policy.
We also use password protection for accessing our member services, encryption technology to protect data that you submit to us online in order to reduce the risk of your data being intercepted by unauthorised persons during transmission. However, the transmission of information via the Internet or mobile networks is not completely secure and, while we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to or from us and any transmission is at your own risk.
We have adopted new procedures for urgently and responsibly dealing with potential data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we arelegally required to do so.
As a new business which has formally launched in 2021, it is important to us to engrain and enhance a culture of privacy awareness at Rockwater. This will involve a proportionate level of data protection awareness and training for key staff with roles or responsibilities which brings them into contact with volumes of personal data.
- What Are My Rights?
Under the data protection laws you have the following rights, which we will always work to uphold:
i.The right to be informed about ourcollection and use of your personal data. This Policy should tell you everything you need to know, but you can always contact usto find out more or to ask any questions using the details in Part 16.
ii.The right to access the personal data wehold about you. Part 8 will tell you how to do this.
iii.The right to have your personal data rectified if any of your personal data held by usis inaccurate or incomplete. Please contact us using the details in Part 16 to find out more.
iv.The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 16 to find out more.
v.The right to restrict (i.e. prevent) the processing of your personal data.
vi.The right to object to us using your personal data for a particular purpose or purposes.
vii.The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
viii.The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
ix.Rights relating to automated decision-making and profiling.
For more information about ouruse of your personal data or exercising your rights as outlined above, please contact ususing the details provided in Part 16.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data wehold about you changes, please keep usinformed as long as wehave that data. You can contact us using the details in Part 16.
Should you be dissatisfied with the service we provide, you have the right to file a formal complaint to the Information Commissioner’s Office at www.ico.org.uk, or to the relevant data protection supervisory authority in your country of residence. The ICO can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by telephone on 0303 123 1113 or 01625 545 745. Wewould of course welcome the opportunity to resolve your concerns directly, and are happy to discuss any remedial action you would like us to consider, so please feel free to contact usfirst, using the details in Part 16.
- How Can I Access My Personal Data?
If you want to know what personal data wehave about you, you can ask usfor details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 16.
There is not normally any charge for a subject access request and we do not foresee a situation where we would ever need to levy a charge. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover ouradministrative costs in responding.
Wewill respond to your subject access request within 21 daysand, in any case, not more than one month of receiving it. Normally, weaim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required. You will be kept fully informed of ourprogress.
- Do You Share My Personal Data (and make international transfers)?
We may sometimes contract with the following third parties to supply certain products services.
- External Third Parties. Including third party technology companies who may provide elements of Service functionality and service providers acting as processors or hosts who provide IT and system administration services.
We want to draw your attention to two of the more frequently used third parties by Rockwater, who happen to be located overseas or who use facilities overseas:
- Google Analytics – by using Google’s analytics tools for our business, we are obliged by Google to disclose that analytics is used, how data is collected and processed, and to notify you about the use of certain cookies. We do this through the details in our own Privacy and Cookies Policy in addition to providing you access to Google Analytic’s own terms here: https://policies.google.com/technologies/partner-sites?hl=en-US and here: https://policies.google.com/privacy?hl=en-GB#infochoices
- The same is true with Typeform, who provide excellent functionality to us and our users. Please click here: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data- and here: https://admin.typeform.com/to/dwk6gt (see 3.5 in particular).
In both cases, it is clear that personal data is being transferred outside the EEA and UK. When this happens the UK GDPR and it’s EU equivalent mandate that such transfers take place using certain legal mechanisms described on the EU Commission’s website https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en. We happily comply with such appropriate safeguards and deem that the EU Commission’s approved Standard Contractual Clauses shall be deemed to apply to such transfers (but we and our international partners reserve the right to update our use of different appropriate safeguards as and when we need to do so).
- Government Agencies may also receive personal data from us for example in relation to fraud or illegal activities.
- Third parties to whom we may choose to sell, transfer, or merge parts or all of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy.
If any of your personal data is shared with a third party, no matter where they are, as described above, wewill take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, ourobligations, and the third party’s obligations under the law. Third parties will only use your information to help provide the Service, and in accordance with their privacy policies.
If any personal data is transferred outside of the UK or EEA, wewill take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK under the UK GDPR as explained above.
If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of ourbusiness may continue to use your personal data in the same way(s) that we have used it, as specified in this Policy.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
- Links to Third Parties
The Service may contain links to other websites and services. Please be aware that we shall not be held responsible for the privacy policies of such other sites and services. When you leave the Service, please read the privacy policies or statements of each and every site or service that collects your personal data.
Cookie Policy
- What are cookies?
Cookies are small pieces of text that are sent as files to your computer or mobile device when you visit a website and are used to uniquely identify your browser or device. Cookies may be delivered by us (first party cookies) or delivered by a third party supplier or partner (third party cookies).
- Our use of cookies
We use cookies for a number of reasons, including to:
- Help us to personalise and optimise your experience when visiting Our Site
- Fulfil transactions with you
- Identify errors on Our Site and assist with detecting potentially fraudulent or malicious activity
- Enable us to analyse traffic to Our Site, for example, date and time of a visit
- Monitor and analyse performance of Our Site
We may use the following types of cookies, listed below.
- Strictly necessary cookies. These are cookies that are required for the operation of the Services. They include, for example, cookies that enable you to log into secure accounts and use interactive features.
- Analytical/performance cookies. These allow us to recognise and count the number of visitors and users and see how they use the Service. This helps us to improve the way our Service works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our Service. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our Service, the pages you have visited and the links you have followed. We will use this information to make our Service and the information displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
As mentioned, OurSite uses analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling usto better understand how OurSite is used. This, in turn, enables usto improve OurSite and the productsand services offered through it.
The analytics services used by OurSite use cookies to gather the required information. You do not have to allow usto use these cookies, however whilst ouruse of them does not pose any risk to your privacy or your safe use of OurSite, it does enable usto continually improve OurSite, making it a better and more useful experience for you.
- How long will cookies stay on my device?
The length of time a cookie will stay on your device depends on whether it is a ‘persistent’ or ‘session’ cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your device until they expire or are deleted.
- How to control and delete cookies
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. All browsers provide tools that allow you to control how you handle cookies: accept, reject or delete them. These settings are normally accessed via the ‘settings’, ‘preferences’ or ‘options’ menu of the browser you are using, but you could also look for a ‘help’ function or contact the browser provider. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of the Service.
In light of recent changes to cookies practices in 2021 (with respect to the disablement of third party cookies on some browsers) we include below an updated list of the more popular browser types with information on how to adapt their cookie settings accordingly:
To find information relating to other browsers, visit that browser developer’s website.
Please note that third parties (including, for example, providers of external services like web traffic analysis services) may also use cookies, over which we have no control. You should refer to their privacy policies or cookie policies for the relevant information about those cookies.
GENERAL
- Changes to this Privacy and Cookie Policy
We reserve the right to add to or change the terms of this Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects the protection of personal data. Any changes will be immediately posted on Our Site and will become effective from the time of posting. Please visit this Policy on a regular basis to make sure you have read the latest version and you understand what we do with your information. This Policy was last updated in May 2021.
- How Do I Contact You?
To contact usabout anything to do with your personal data and data protection, including to make a subject access request, please use the following details (marked for the attention of the Data Protection Officer):
Email address: Hove@rockwater.uk
Postal Address: Western Esplanade, Hove BN3 4FA
ANNEX
- What Data Do You Collect and How?
Depending upon your use of OurSite, wemay collect and hold some or all of the personal and non-personal data set out in the table below, using the methods also set out in the table. Please also see Parts 11 – 14 for more information about ouruse of cookies and similar technologies. Wedo not collect any ‘special category’ or ‘sensitive’ personal data.
Data Collected |
Identity information including your title and first and last name, date of birth and gender |
Contact information including email address, postal address and telephone number |
Business information including your job title, business name and business address, email address and telephone number |
Payment information including billing and payment card details and bank account details |
Profile information including preferences, interests, login details, purchase history |
Technical information including IP address, browser type and settings |
Data collected from third parties including family and friends who provide your personal information to us on your behalf |
CCTV footage recorded on our premises |
Other information you choose to provide when corresponding with us by email, social media or telephone |
How We Collect Your Data |
When you make a reservation with us or book a private event |
When you place transactions with us at Rockwater or through Our Site, or when you register an account or make a transaction via our Rockwater mobile app |
When you communicate with us via telephone, email, via Our Site or through our social media platforms |
When you subscribe to our newsletter |
When you participate in user/customer surveys |
When you purchase a gift voucher |
When you book to attend one of our events, and when you attend an event or function organised by us |
When you submit your personal data to us for any other reason |
- How Do You Use My Personal Data?
Under the UK GDPR , wemust always have a lawful basis for using personal data. The following describes how wemay use your personal data, and ourlawful bases for doing so:
To provide a requested service or carry out a contract with you
- To manage our relationship and communicate with you. For example, when you book a table or event with us.
- Processing payments, if you purchase our products such as gift vouchers.
- Authentication of the identity of individuals contacting us by telephone, electronic means or otherwise.
- Administering and managing your account and associated services including updating records and answering queries.
- Exercising our rights and fulfilling our obligations set out in agreements and contracts.
- Sharing your personal data with certain third party service suppliers such as payment service providers.
- To acknowledge, confirm and deal with your Rockwater Residence application (and, where applicable, to put you on the waiting list for the Residence).
- In respect of Residence members, to provide related Residence membership services to you, administer your account and contact you regarding your relationship with us.
Where we have a legal obligation
- To comply with laws and regulations which apply to us.
- To establish, defend and enforce legal rights.
- To deal with requests from you in regard to exercising your rights under data protection laws.
Where we have your consent
- To develop and carry out marketing activities via our newsletter informing you of our latest activities and promotions.
- To study how our customers use products and services from us and our partnerships.
- To communicate with you about our products and services.
Where we have a legitimate interest
- To manage and maintain our relationship with you.
- For internal training and quality assurance purposes.
- Administration and management of your account and associated services, including updating your records.
- Developing and carrying out marketing activities, conducting market research and analysis to develop statistics.
- For security and safety purposes, for example, where we have placed CCTV cameras to assist in ensuring the safety of our customers and team.
- Carrying out research and statistical analysis, including development of new products and services or evaluation and improvement of our existing products and services.
- To personalise the content you receive and provide you with tailored content that will be of interest to you.
- To communicate with you about your visit to Our Site and digital channels.
- For internal business / technical operations including troubleshooting, testing, research, statistical and survey purposes and in order to keep Our Site, network and IT systems secure.
Marketing Communications
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email and/or phone and/or text message with information, news, and offers. You will not be sent any unlawful marketing or spam. Wewill always work to fully protect your rights and comply with ourobligations under data protection laws including the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.Wewill always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.
Third parties (including Collins, Mailchimp, Typeform, VeryConnect, Google and Trip Advisor) whose content appears on OurSite may use third-party cookies. Please refer to Part 14 for more information on controlling cookies. Please note that wedo not control the activities of such third parties, nor the data that they collect and use themselves, and weadvise you to check the privacy policies of any such third parties.
Wewill only use your personal data for the purpose(s) for which it was originally collected unless wereasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If wedo use your personal data in this way and you wish usto explain how the new purpose is compatible with the original, please contact ususing the details in Part 16.
If weneed to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, wewill inform you and explain the legal basis which allows usto do so.
In some circumstances, where permitted or required by law, wemay process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.