The Good Times House Privacy Policy
Welcome to GTH’s Privacy Policy.
We respect your privacy and is committed to protecting your personal data. This Policy will inform you as to how we look after your personal data when you visit and use our Website (defined below) and tell you about your privacy rights and how the law protects you. References to “we”, “us”, or “our” in this Policy mean GTH. Any other capitalised terms that are not defined herein are defined in our Terms.
We ask that you read this Policy carefully.
This Policy is divided into the following sections:
- Who we are, purpose of this privacy policy, and our processing role
- Contact details
- Our collection and use of your personal data
- How we use your personal data and our lawful basis
- Transfers of your personal data out of the UK and EEA
- Marketing
- Your rights
- Keeping your personal data secure
- How to complain
- Changes to this Policy
Who we are purpose of this Policy and our processing role:
GTH operates a website in relation to its private members club that provides information about the club to interested parties (hereafter, the Website). For more information see: https://thegoodtimeshouse.com/club/
As such, we collect and use the personal data of visitors to our Website (you).
We collect, use and are responsible for certain personal data about you. When we do so we are regulated under the UK GDPR (consisting of the UK Data Protection Act 2018, as amended and updated in light of the UK’s departure from the European Union) and the EU GDPR (the General Data Protection Regulation (EU) 2016/79, as amended from time to time), as applicable based on your location in the United Kingdom or the European Union and we are responsible as ‘controller’ of that personal data for the purposes of those laws.
Throughout the Website, we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you, or provide external services. These other third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate.
Contact details:
If you have any questions about this Policy or our privacy or tracking practices, please contact us using the following details:
Full Name of Legal Entity: 8 Imperial Square Limited t/a Good Times House (GTH)
Contact: Hello@thegoodtimeshouse.com 01242525866
Postal Address: 8 Imperial Square Cheltenham Gloucestershire Gl50 1QB
You have the right to make a complaint at any time to your local supervisory authority. If you are based in the United Kingdom, then this will be the Information Commissioner’s Office (the ICO), who is the UK regulator for data protection issues. For more information, please visit www.ico.org.uk.
If you are based in the European Union, please consult the following website to find out the details of your local supervisory authority, https://edpb.europa.eu/about-edpb/board/members_en.
We would, however, appreciate the chance to respond to your query and deal with your concerns before you approach a supervisory authority.
Our Collection and use of your personal data:
We collect personal data about you when they access our Website or make enquiries about our services offline, including when you contact us or send us feedback.
We collect this personal data from you either directly, such as when you contact us or indirectly, such as your browsing activity while on our website (see our Cookie Policy for more information on automatic collection).
If you are a member of GTH, we collect the following personal data:
- name;
- contact details;
- photo;
- references;
- e-mail address;
- IP address (automatically collected);
- web browser type and version (automatically collected);
- operating system (automatically collected);
- a list of URLs starting with a referring site, your activity on this Service, and the site you exit to (automatically collected); and
- information about your interactions with the Website and the Service (automatically collected);
If you visit the Website, we collect the following personal data:
- Your e-mail address if you sign up to receive our newsletter;
- IP address, login data, browser type and version, operating system and platform, and device data;
- usage data on how you use our Website, and services; and
- preferences in receiving marketing from us.
We use this personal data to:
- manage your membership and provide services to you;
- customise our Website and its content to your particular preferences and requirements;
- notify you of any changes to our Website or to our services that may affect you; and
- provide and improve our Website and our services.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal the identity of you. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about you’ health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How we use your personal data and our lawful basis for processing your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- With your consent, for example where you have opted in to receive our newsletter;
- In order to perform a contract with you, for example in order to manage your membership with GTH;
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests; or
- Where we need to comply with a legal obligation.
When we process your personal data, we are required to have a lawful basis for doing so. There are various different lawful bases on which we may rely, depending on what personal data we process and why.
Please see the below for more information on the lawful basis that we may rely on:
- consent: where you or in the case of Students, where the Guardian has given us clear consent for us to process personal data for a specific purpose;
- contract: where our use of your personal data is necessary for a contract we have with that Data Subject, or because the Data Subject has asked us to take specific steps before entering into a contract;
- legal obligation: where our use of a Data Subject’s personal data is necessary for us to comply with the law (not including contractual obligations); and
- legitimate interests: where our use of a Data Subject’s personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect a Data Subject’s personal data which overrides our legitimate interests).
Who we share your personal data with
Some of these third-party recipients may be based outside the United Kingdom and European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the UK and EEA’ below.
We will share personal data with law enforcement or other authorities if required by applicable law.
In addition to the above, we may also share your personal data with third party service providers, such as Seven Rooms, Lightspeed, WooCommerce, Mailchimp who assist us in managing your member experience. Where we do share your data with third parties, including Seven Rooms, we will always ensure that such third parties are bound by a contract setting out how they are authorised to process data on our behalf and which contains provisions regarding data security and confidentiality, as required by applicable privacy laws. For more information about how Seven Rooms, Lightspeed, WooCommerce, Mailchimp processes your personal data, please see their privacy policy.
Transfer of your personal data our of the UK and EEA
We may transfer your personal data outside the United Kingdom (UK) and European Economic Area (EEA).
Where we transfer your personal data outside of the UK and the EEA, we will only do so for the purposes mentioned in this Policy and any contract that we have entered into with you or the entity that you are representing.
Countries outside of the UK and the EEA do not have the same data protection laws as the UK and EEA. Therefore, when making such a transfer of data, we will always rely on a safeguard mechanism under the UK GDPR and/or the EU GDPR. We will only transfer your personal data to a country which the European Commission or the UK authorities have given a formal adequacy decision/regulation that confirms this third-country provides an adequate level of data protection similar to those which apply in the UK and EEA. If the third-country does not have an adequacy decision awarded to it, any transfer of your personal information will be subject to entering into the European Commission’s Standard Contractual Clauses (the SCCs) which are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.
Transfers of personal data from the EEA to the UK shall be done on the basis of an adequacy decision awarded by the European Commission to the UK on 28th June 2021.
If you would like further information, please contact us using the details provided at the start of this Policy. We will not otherwise transfer your personal data outside of the UK and the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
MARKETING
We would like to send you information about the Website, our services, the products on sale and any special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.
We will ask whether you would like us to send you marketing messages when you provide consent to such marketing, or where you have purchased products from us.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
—contacting us using the detail provided at the beginning of this Policy;
—using the ‘unsubscribe’ link in emails; or
—updating your marketing preferences on our Website within your account.
Your rights
Under the UK GDPR and the EU GDPR, you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal data;
- access to your personal data and to certain other supplementary information that this Policy is already designed to address;
- require us to correct any mistakes in your personal data which we hold;
- require the erasure of personal data concerning you in certain situations;
- receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- object at any time to processing of personal data concerning you for direct marketing;
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- object in certain other situations to our continued processing of your personal data; and
- otherwise restrict our processing of your personal data in certain circumstances.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email or write to us using the details provided at the beginning of this Policy.
We will require information from you to allow us to identify you. We will endeavour to respond to all requests with 30 days of receipt.
Keeping your personal data secure
We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Changes to this Policy
This Policy was last updated on 22/02/2024.
We may change this Policy from time to time, when we do, we will update this Policy on the Website. It is your responsibility to ensure you are always up to date of the latest policy in force.