Use of your personal data is subject to your instructions to us, the EU General Data Protection Regulation (GDPR) and other relevant EU and UK Legislation.
1. KEY TERMS
(i) The Panic Room, We, Us, Our The Panic Room Escape Ltd
(ii) Data Protection Officer Alexander William Souter
The Panic Room Escape Ltd 7 Berkley Crescent Gravesend Kent DA12 Dontpanic@
thepanicroom.net 01474 536801
(iii) Personal Data Any information which can formally or informally
identify any living person
(iv) Sensitive Personal Data Personal information revealing any or all of the
following: Racial or ethnic origin, religious beliefs, political beliefs, philosophical opinions and trade union membership. Genetic and biometric data Health, sexual orientation or sex life.
2. YOUR PERSONAL DATA COLLECTED BY US
Personal data we may collect from customers: Name, address, telephone number, email address, information enabling us to verify your identity.
Personal data we may collect from our employees or suppliers: Name, address, telephone number, email address, information enabling us to verify your identity, information relating to the matter in which you are seeking our representation or advice, information to undertake credit or other checks e.g. passport or driving license details and financial details relating to your instructions including: National insurance number, bank and building society details, tax details, employment status, salary and benefits, employment records including sickness attendance, performance, disciplinary, conduct and grievances, pension details, trade union membership, medical records, racial or ethnic origin, gender and sexual orientation, religious or similar beliefs and other personal identifying information.
This personal data may be required – only should it be relevant – to provide services to you. If you do not provide personal data requested by us, it may delay or prevent us providing services to you.
3. HOW PERSONAL DATA IS COLLECTED
We collect the majority of personal information from you directly. We may also use other sources such as:
Companies House From a third party with your consent (e.g. banks, financial advisor, professionals engaged in your matter, employers, professional bodies, pension administrators, NHS professionals, your referees and guarantors, credit reference agents). Automated monitoring and analytics or our website and other IT systems, and our website.
Brower settings can be changed by you to automatically opt-out/block cookies. To prevent all cookies, you may need to install The Goole Analytics Opt-Out Browser Add-On.
5. YOUR PERSONAL DATA: HOW AND WHY WE USE IT
Your personal data can only be processed (i.e. taken/stored) if we have a proper reason to do so;
Legitimate Interest: The Panic Room Escape LTD have a legitimate interest in storing your personal data or those of a third party where we have a commercial or business reason to do so, so long as this is not overridden by your own rights and interests.
Consent: where you have given consent.
Personal data may be used for the following reasons:
To provide our booking services and sell experiences and gift vouchers
To contact you regarding news, offers and information regarding The Panic Room Escape Ltd.
For internal business reasons to ensure company policies and procedures are adhered to including staff training and quality control. To ensure the commercial confidentiality of sensitive and valuable information including intellectual property. To prevent unauthorised access and modifications to systems including prevention of criminal activity damaging to you and us. To ensure safe working practises as compliant with statutory and non-statutory procedures for health and safety at work reasons. To market our services to existing and former clients, third parties who have shown interest in our services and to third parties as of, yet we have had no dealings. To enter into/maintain/update/change and/or claim for our or our insurances as required under these specific policies.
The above list is an example of but not exhaustive of the many reasons why personal data may be processed including secure storage. Personal explicit data will only be processed by us, however, with your consent.
6. MARKETING AND PROMOTION
We may use your personal data to send you an email about our services including offers, promotions, new services or legal or other relevant updates.
It is under a legitimate interest we process your personal data for promotional purposes. However, where consent is needed e.g. electronic marketing communications, this we will obtain first.
No personal data will be sold to any third party for marketing purposes, and no third party will be sent your personal information unless a legitimate, consensual or contractual obligation exists.
You have a right to opt out of receiving promotional communications at an time by telephoning us on (01474) 536801 or emailing us at firstname.lastname@example.org . If you instruct us to provide further services in the future, we may ask you to confirm or update your marketing preferences at this time.
7. YOUR PERONAL DATA: WHO WE MAY SHARE IT WITH
We may routinely share personal data with:
Our IT/telephone providers. Our banks . Our accountants and auditors. Third parties necessary to carry out your instructions External service providers, representatives and agents that we use to make our business more efficient, e.g. IT analytics, IT service providers, payment processors
We will only allow our service providers to handle our personal data should we be satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to you.
8. WHERE YOUR PERSONAL DATA IS HELD
Information may be held at our offices or on the following customer service/business related companies secure servers:
Escape Games Global
9. YOUR PERSONAL DATA: HOW LONG DO WE HOLD IT FOR
We may keep your personal data after your booking is completed, because:
We may need to respond to any questions, complaints or claims made by you or on your behalf. We may need to carry out checks for conflicts of interest in the future. We may need to demonstrate we treated you fairly. We may need to keep records as required by law.
Your personal data will not be stored for longer than is necessary. Different retention periods apply to different data sets. You can request information on how long data will be held specific to the matter in hand.
10. PERSONAL DATA TRANSFERING OUT OF THE EUROPEAN ECONOMIC AREA (EEA)
To deliver services to you, sometimes it will be necessary to share your personal data outside the EEA e.g. with your service providers outside the EEA/if you are based outside the EEA/where there is an international dimension to the matter in which we are advising you. In this instance, we will however ensure that transfer of your personal data only happens with countries deemed to provide adequate protection and security as defined by The European Commission.
11. YOUR RIGHTS
You have the following rights which you can exercise free of charge:
Access: the right to be provided with a copy of your personal data. Rectification: The right to require us to correct any mistakes in your personal data. Deletion: The right to require us to delete your personal data in specific situations. Restriction of Processing: The right to require us to restrict processing of your personal data in certain circumstances e.g. if you contest the accuracy of the data. Data Portability: The right to receive the personal data you provided to us and to transmit this data to a third party in certain circumstances. Objection: The right to object at any time to your personal data being processed for direct marketing or in other certain situations to Sealeys continued processing of your personal data e.g. processing carried out for the purposes to legitimate interests.
For further information on these rights please see the guidance form The UK Commissioners Office on individuals rights under the General Data Protection Regulation: http://ico.org.uk/for- organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
To exercise these rights with The Panic Room,. please call us on 0147 536801 or email us at email@example.com . Please ensure we have sufficient information to identify you, let us have proof of your identity e.g. passport, photo driving license.
and let us know which right you want to exercise and the relevant information to which your request relates.
You will not have to pay a fee to access your personal data or exercise any of these rights, however, we reserve our right to charge a fee should the request be clearly unfounded, repetitive or excessive. Alternatively, you may refuse to comply with your request in these circumstances.
We will try to respond to all legitimate requests within one month. Occasionally, it may take us longer than one month in which case we will keep you updated.
12. PERSONAL DATA SECURITY
We employ appropriate security measures to prevent personal data from being accidentally lost or used and accessed unlawfully. All with a genuine business need to access data will do so only in an authorised manner and be subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
13. HOW TO COMPLAIN
GDPR gives you the right to lodge a complaint with the supervisory authority which is The Information Commissioner: http://ico.org.uk/concerns or telephone (0303) 123 1113.
15. HOW TO CONTACT US
Please contact us or our data protection officer (Alexander Souter) by post, email or telephone if you have any questions relating to The Panic Room Escape Ltd.