This Policy was last updated on 24.08.2023
1. Introduction
Welcome to STACK (The Hold Group Limited). When we mention "we," "our," or "us" in this policy, we are referring to the company that forms part of The Hold Group, STACK.
At The Hold Group, safeguarding the privacy and security of your personal information is our top priority. We are dedicated to protecting the privacy of our customers.
This privacy notice provides you with information on how The Hold Group collects and processes your personal data when you visit our venues or use this website. It includes any data you may provide when signing up for our news announcements or filling out a contact form.
We have structured this privacy notice in a layered format, allowing you to navigate to specific sections easily. To better understand some of the terms used in this notice, please refer to the Glossary.
It is essential to read this privacy notice in conjunction with any other privacy notice or fair processing notice we may provide on specific occasions when collecting or processing your personal data. This ensures that you fully comprehend how and why we use your data. This privacy notice complements other notices and does not supersede them.
Throughout this document, when we mention Data Protection Legislation, we are referring to the Data Protection Act 2018 (DPA2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003, and any legislation implemented in connection with the aforementioned laws. If data is processed by a controller or processor established in the European Union or involves the data of individuals in the European Union, it also encompasses the EU General Data Protection Regulation (EU GDPR). This includes any future legislation replacing or updating these regulations.
2. Controller
We have appointed a Privacy Manager, who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Privacy Manager using the details below:
By email: [email protected]
By post: The Hold Group
Patrick House,
Gosforth Park Avenue
Gosforth Business Park,
Newcastle upon Tyne
NE12 8EG
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority for data protection issues in the UK (phone: 0303 123 1113 or at www.ico.org.uk/concerns). However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance.
3. The Information We Collect and When:
We are committed to collecting personal information that we genuinely need and in compliance with Data Protection Legislation. We collect your personal data when you visit our bars/restaurants, use our websites and mobile apps, and engage with us in various ways.
The personal information we collect can be categorized into three types:
(a) Information You Provide to Us: This includes any information you willingly provide to us when interacting with our services. For example, when you fill out forms, make reservations, or communicate with our staff, we may collect details such as your name, contact information, and preferences.
(b) Information We Collect Through Automated Methods: When you use our services, we may automatically collect certain information through methods such as cookies and similar technologies. This may include your IP address, device information, browsing patterns, and interactions with our digital platforms. These automated methods help us enhance your user experience and provide personalized services.
(c) Information We Collect from Other Sources: In some instances, we may collect information about you from third-party sources. This may include publicly available information or data shared with us by our trusted partners. We combine this information with the data you provide to us and the information we collect about you to improve our services and ensure accuracy.
While you are not obligated to provide us with your personal information as per statutory or contractual requirements, we do require at least the aforementioned information to efficiently and effectively engage with you as a prospect or customer.
Please note that we may merge the information we receive from other sources with the information you provide to us and the data we collect about you. This allows us to create a comprehensive view of your preferences and tailor our services to better meet your needs.
4. We Collect Information You Provide to Us
When interacting with us, you may choose to provide us with the following information:
5. We Collect Information Through Automated Methods:
When you visit our bars/restaurants, use our online services, or interact with our in-venue technology, we may employ automated technology to collect information from your computer system or mobile device. This automated technology may include cookies, local shared objects, and web beacons. For more details, please refer to our cookie policy.
Through these automated methods, we may collect the following information:
Additionally, our online services, including our apps and onsite Wi-Fi, may collect precise location information from your device using geolocation technology such as GPS, Wi-Fi, Bluetooth, or cell tower proximity. Please note that most devices and computer systems allow you to disable the collection of this information by adjusting the settings in your device or web browser.
We prioritise the protection and privacy of your information and adhere to relevant regulations. The information collected through automated methods enables us to enhance your experience and provide personalised services.
6. We Collect Information from other sources:
My Place Connect – Guest Wi-Fi service provider
https://www.stackleisure.co.uk/ – Managed by The Hold Group
Third-Party Links
Our website and services may contain links to websites, plug-ins, and applications operated by third parties. By clicking on these links or enabling such connections, you may allow third parties to collect or share data about you. It is important to note that we do not have control over these third-party websites and their privacy statements.
When you navigate away from our website or service, we recommend that you review the privacy notice of each website, plug-in, or application you visit. This will help you understand how your data is collected, used, and shared by those third parties. We cannot accept responsibility for the privacy practices or content of any third-party websites or services.
7. The Personal Data We Process
Personal data refers to any information that can identify an individual. It excludes anonymous data where the identity has been removed. We process various types of personal data, which we have categorized as follows:
We also collect, use, and share Aggregated Data, which is statistical or demographic data that does not directly or indirectly identify individuals. Aggregated Data may be derived from personal data but is not considered personal data under the law. However, if we combine or connect Aggregated Data with personal data in a way that it can directly or indirectly identify individuals, we treat the combined data as personal data and handle it in accordance with this privacy notice.
In situations where we are legally or contractually obligated to collect personal data from you and you fail to provide such data upon request, we may not be able to perform the contract we have or are trying to enter into with you. This could result in the cancellation of a product or service. If this situation arises, we will notify you at the time.
Collection of Sensitive Data
In specific circumstances, there may be a need to collect Sensitive Data about you. Under data protection law, this type of information is referred to as "special category" data. It includes details regarding your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, trade union membership, as well as information about your health and genetic and biometric data.
When do we process Sensitive Data? We only collect and process Sensitive Data when you voluntarily provide such information in the following situations:
Feedback and Complaints: If you raise a complaint or provide feedback related to a health issue encountered during your visit to our venues (such as suspected food poisoning or a health and safety incident), or if you believe you have experienced discrimination based on race or sexual orientation, the details you provide may include Sensitive Data. We are authorized to process this Sensitive Data, along with any other relevant information, to investigate, address, and resolve your concerns, as well as to handle any potential legal claims or out-of-court procedures.
Job Applications: When you apply for a job with us, we may process your Sensitive Data as necessary to fulfill our obligations and exercise our rights in accordance with employment law. Detailed information about the handling of Sensitive Data during the job application process is available in our separate Candidate Privacy Policy. This policy is presented during the application process, and a copy can be obtained by emailing [email protected]
In all other circumstances, we do not routinely collect or process Sensitive Data. However, should there be a need to collect and process Sensitive Data for other purposes, we will obtain your explicit consent beforehand.
8. When is my personal data collected?
The below table provide examples of when your personal data is captured:
Contact details (e.g. email address, telephone number and postal address) |
- When you book a table/package/function/event/ tickets. - When you contact us via our website or sign-up to competitions or offers. - When you opt-in to receive marketing communications. - When you provide us with feedback, complete a survey or submit an enquiry. - When you sign up to use our Wi-Fi. - When you purchase an item off our online shop (Gift Card). - When you use our mobile or web app to order and pay at table or to access loyalty rewards, perks and offers. - If you have an accident while visiting us at our venues. - When you sign-up to hear from us when using our photobooths. - When you interact with lead-generation ads and provide your contact details.
|
Date of birth |
- To confirm that you are over 18 in order to receive licensed goods and services. - When you use our mobile or web app to order and pay at table or to access loyalty rewards, perks and offers. - When you choose to provide it for marketing personalisation.
|
Personal Interests |
- When you choose to provide it for marketing personalisation. - When you sign-in to use our WIFI using a Social Media Login. - When you sign up to our loyalty scheme.
|
Dietary and special needs requirements |
- When you choose to provide it when booking a table / function / event.
|
Information about other guests on your booking |
- When you provide them on behalf of others as part of making a table / function booking.
|
The correspondence that you have with us (e.g., emails, letters, calls, online chat service) |
- When you contact us or we contact you. This may include telephone call recording. |
Your location / visit information |
- When you use our Wi-Fi. - When you make a booking. - When you check-in to our App or us our App to make a purchase/ collect loyalty points/ redeem loyalty. - When you use our Photobooths and opt-in to Marketing. - When you provide feedback. |
CCTV Recording |
- When you visit a The Hold Group location. |
Information about how you use our websites (e.g., IP address, Google Analytics, a list of URLs starting with your referring site, activity on our website, and the website you exit to). |
- When you browse our websites. |
Device information and vicinity information (if consented to). |
- When you use our Wi-Fi or leave us feedback. - When you use our websites or mobile app. |
Your transaction details and payment. |
- When you place an order and pay for food or drink in a The Hold Group location. - When you redeem a promotional voucher code. - When you pre-book a package or table online. - When you purchase a gift voucher. - When you order and pay for food and drink through our app. - When you purchase a ticket for an event.
|
9. How we us your personal information:
Under the General Data Protection Regulation (GDPR), we are required to have a lawful basis for processing your personal data. The relevant lawful bases for our processing activities are as follows:
Consent: You have provided explicit consent for us to use your data for a specific and defined activity.
Contract: Processing is necessary to fulfill or prepare a contract with you. For example, we collect information required to provide our party services.
Legal Obligation: Processing is necessary to comply with a legal obligation applicable to us. For instance, we may need to retain your information to meet tax or revenue laws.
Vital Interests: Processing is necessary to protect someone's life or address urgent medical situations.
Legitimate Interest: Processing is necessary for our legitimate business interests. However, this basis does not apply if there is a compelling reason to protect your personal data that outweighs our legitimate interests.
We use your personal data for the following purposes:
We will only use your personal data for the purposes for which we collected it, unless we reasonably determine that we need to use it for another compatible reason. If you would like an explanation of how the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the aforementioned rules, when required or permitted by law.
10. Who we might share your information with:
We may share your personal data with other organizations under the following circumstances:
Legal Obligation: If the law or a public authority requires us to share personal data, such as HM Revenue & Customs, regulators, and other authorities.
Legal Rights: When it is necessary to share personal data to establish, exercise, or defend our legal rights. This includes sharing personal data with others for the purpose of preventing fraud and reducing credit risk.
Direct Marketing: We will not share your information with any third parties for direct marketing purposes without your explicit consent.
Third-Party Service Providers: We may engage third-party service providers, such as digital service providers, professional advisors, and marketing service providers. We ensure that all third parties respect the security of your personal data and handle it in accordance with the law. We do not permit our third-party service providers to use your personal data for their own purposes. They are only authorized to process your personal data for specified purposes and in accordance with our instructions.
Business Transactions: We may share your data with third parties in the event of selling, transferring, or merging parts of our business or assets. Similarly, if we consider acquiring other businesses or merging with them, your personal data may be shared. In such cases, the new owners will use your personal data in accordance with the terms outlined in this privacy notice.
The Hold Group: We may share your data with other companies in the The Hold Group, acting as joint controllers and/or processors. These companies are based in the UK and provide IT and/or system administration services.
We take precautions to ensure that your personal data is protected when shared with third parties. They are bound by agreements that require them to handle your personal data securely and in accordance with applicable laws and regulations.
11. CCTV
In the interests of Public Safety, and the prevention of Crime and Disorder The Hold Group uses CCTV in all of its venues. We may, in some of our premises use body cameras for the same purpose and the use of one or both may be a condition on the premises licence. Where we use CCTV, this will be clearly signposted at the entrance to the premises.
Video footage will be retained for a minimum of 31 days and will only be accessed by the following personnel;
Video copies of specific incidents may be retained and made available to local law enforcement officers and/or legal representatives where the footage is part of an accident investigation, official investigation or legal case.
Enquiries regarding CCTV footage should be sent to [email protected]
12. How We Keep You Updated on Our Products and Services
We strive to keep you informed about our latest products and services through various channels, including email, SMS, or phone. However, we will only send you marketing communications if you have given your prior consent to receive them. You have the freedom to unsubscribe or opt-out at any time by using the 'unsubscribe link' provided in all our emails or by contacting us using the address mentioned in Part 1. Additionally, you can manage your opt-in preferences conveniently through our preference centre. Links to access the preference centre can be found at the bottom of our emails.
13. Your Rights Over Information
We respect your rights regarding your personal information and provide you with the following rights:
Right to be Informed: You have the right to be informed about how we collect and use your personal data. We ensure this through our external website policy, which is regularly reviewed and updated to accurately reflect our data processing activities.
Right to Access Your Personal Information: You have the right to access the personal information we hold about you. To exercise this right, you can make a request known as a "Subject Access Request." Once your identity has been confirmed, we will provide the requested information free of charge within 1 month.
Right to Correct Your Personal Information: If any of the personal information we hold about you is inaccurate, incomplete, or outdated, you have the right to request corrections. Please keep us informed if your personal data changes during your relationship with us.
Right to Restrict Processing: You have the right to ask us to restrict the processing of your personal data. This right applies in certain circumstances, such as when you have concerns about the accuracy of the data or the way we have processed it.
Right to Erasure: You have the right to have your personal data erased, also known as the "right to be forgotten." This right applies in certain circumstances and is not absolute.
Right to Data Portability: The right to data portability allows you to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. It also enables you to request that we transmit this data directly to another controller.
Right to Object: You have the right to object to the processing of some or all of your personal data held by us. This right is absolute when we use your data for direct marketing purposes but may not apply in other circumstances where we have a compelling reason to continue processing your data, such as a legal obligation.
To initiate a Subject Access Request, please contact us using the details provided below. We may ask for proof of identity and sufficient information about your interactions with us to locate your personal information.
For additional information:
You will not be charged a fee to access your personal data or exercise any of the other rights mentioned. However, we may charge a reasonable fee or refuse to comply with requests that are unfounded, repetitive, or excessive.
We may need to request specific information from you to confirm your identity and ensure that we do not disclose personal data to unauthorized individuals. This is a security measure to protect your information.
We aim to respond to all legitimate requests within one month. If a request is particularly complex or if multiple requests have been made, it may take longer to respond. In such cases, we will notify you and provide updates on the progress of your request.
For more information about your privacy rights:
The Information Commissioner's Office (ICO) is the regulatory authority for data protection and privacy matters in the UK. They provide comprehensive information on their website and maintain publicly available details of all registered data controllers, including our organization. You can access their website at: https://ico.org.uk/for-the-public
If you have any concerns or complaints regarding the way we use your information, we encourage you to contact us first. Your satisfaction is important to us, and we are committed to resolving any issues you may have. However, if you wish to make a complaint directly to the ICO, you have the right to do so at any time.
14. How Long We Keep Your Information For
We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it. This includes satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider various factors, including the amount, nature, and sensitivity of the personal data, the potential risk of unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether those purposes can be achieved through alternative means, and the relevant legal requirements.
Under certain circumstances, you have the right to request the deletion of your data. Please refer to section 6, "Rights over your information," for more details on how to exercise this right.
In some instances, we may anonymize your personal data for research or statistical purposes. Once anonymized, the data can no longer be associated with you. In such cases, we may use this information indefinitely without providing further notice to you.
We regularly review our data retention practices to ensure that your personal data is not kept longer than necessary for the purposes for which it was collected.
15. Security
We prioritise the security of your personal data and have implemented appropriate measures to prevent accidental loss, unauthorised access, use, alteration, or disclosure of your information. These security measures encompass various technical and organisational safeguards.
Access to your personal data is restricted to employees, agents, contractors, and other third parties who require access for legitimate business purposes. They are granted access on a need-to-know basis and are bound by strict confidentiality obligations. Furthermore, they will only process your personal data in accordance with our instructions.
In the event of a suspected personal data breach, we have established procedures to promptly address and investigate the incident. If required by applicable regulations, we will notify you and the relevant regulatory authorities of any such breach.
We continuously monitor and enhance our security measures to adapt to evolving threats and industry best practices. Protecting your personal data is of utmost importance to us, and we remain dedicated to maintaining the confidentiality, integrity, and availability of your information.
16. International Transfers
We strive to minimize the transfer of your personal data outside the European Economic Area (EEA) whenever possible.
However, it's important to note that some of our external third parties may be located outside the EEA. As a result, the processing of your personal data by these parties may involve the transfer of data outside the EEA.
In cases where we transfer your personal information from Europe to a country that is not considered by competent regulators to offer an adequate level of protection for personal data, such transfers will be carried out:
If you require further information regarding international transfers of your personal data, please do not hesitate to contact us.
17. What Happens if Our Business Changes Hands
As our business evolves, there may be occasions when we expand or reduce our operations. This could involve the sale or transfer of control of all or a portion of our business. In such circumstances, any personal data you have provided will be transferred to the relevant part of our business undergoing the transfer. The new owner or controlling party will be bound by the terms of this Privacy Policy and allowed to use the data solely for the purposes for which it was initially collected by us.
18. Changes to Our Privacy Policy
As the law evolves and our business grows, it may be necessary for us to update this privacy notice. We are committed to keeping you informed of any changes.
If we have your email address on file, we will strive to provide you with advance notice by sending a service message. Alternatively, please be on the lookout for indicators, such as flags on our websites and materials, that signify updates to this privacy notice.
By continuing to use our websites and/or services after we have made changes to our privacy notice, you indicate your acceptance of those changes.
Maintaining accurate and current personal data is crucial. If there are any changes to your personal data during your relationship with us, please notify us promptly so that we can ensure our records are up to date.
19. No Intra-Group Sharing of Data:
We are committed to safeguarding the privacy of our users and customers. We want to assure you that we do not engage in the sharing of personal data within our corporate group for marketing or any other purposes. Your personal information will only be used for the explicit purposes outlined in our Privacy Policy. We do not engage in any data sharing practices that involve transferring personal information to other companies or entities within our corporate structure, unless explicitly stated and with your informed consent. Your trust is of utmost importance to us, and we take significant measures to ensure the security and confidentiality of your data.
20. How to contact us:
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:
By email: [email protected]
By post: The Hold Group
Patrick House,
Gosforth Park Avenue
Gosforth Business Park,
Newcastle upon Tyne
NE12 8EG
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Thank you for taking the time to read our Privacy Policy.
Effective Date: 12.07.23
This Cookie Policy explains how Danieli Group ("we," "us," or "our") uses cookies on our website ("Site") and describes your choices regarding the use of cookies.
Our Site uses cookies to enhance your browsing experience and improve the functionality and performance of our Site. By continuing to browse the Site, you agree to our use of cookies as described in this policy.
A "cookie" is a small piece of information that is stored on your computer, tablet, or phone to recognize your browser and record how you have used a website. Cookies allow websites to provide tailored options based on your previous interactions. You can usually adjust your browser settings to prevent it from accepting cookies.
We use cookies for the following purposes:
You can choose to accept, reject, or manage cookies through your browser settings. Most web browsers automatically accept cookies, but you can modify your browser settings to notify you when a website attempts to place a cookie on your device or to refuse all or certain types of cookies. However, please note that blocking or rejecting cookies, particularly strictly necessary cookies, may limit your access to certain features or functionality on our Site.
To manage cookies and learn more about how to disable them, you can refer to your browser's help menu or privacy settings. You may also visit the Information Commissioner's Office (ICO) website for general information on cookies and instructions on how to disable them: https://ico.org.uk/for-the-public/online/cookies.
We may update this Cookie Policy from time to time to reflect changes in our practices or applicable laws. We encourage you to review this policy periodically for any updates. The "Effective Date" at the beginning of this policy indicates the date of the latest revision.
If you have any questions or concerns about our use of cookies or this Cookie Policy, please contact us at [email protected]
By using our Site, you consent to the use of cookies as described in this Cookie Policy.
Loading...