Privacy & Cookie Policy

This Policy was last updated on 24.08.2023

1. Introduction

Welcome to STACK (The Hold Group Limited). When we mention "we," "our," or "us" in this policy, we are referring to the company that forms part of The Hold Group, STACK.

At The Hold Group, safeguarding the privacy and security of your personal information is our top priority. We are dedicated to protecting the privacy of our customers.

This privacy notice provides you with information on how The Hold Group collects and processes your personal data when you visit our venues or use this website. It includes any data you may provide when signing up for our news announcements or filling out a contact form.

We have structured this privacy notice in a layered format, allowing you to navigate to specific sections easily. To better understand some of the terms used in this notice, please refer to the Glossary.

It is essential to read this privacy notice in conjunction with any other privacy notice or fair processing notice we may provide on specific occasions when collecting or processing your personal data. This ensures that you fully comprehend how and why we use your data. This privacy notice complements other notices and does not supersede them.

Throughout this document, when we mention Data Protection Legislation, we are referring to the Data Protection Act 2018 (DPA2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003, and any legislation implemented in connection with the aforementioned laws. If data is processed by a controller or processor established in the European Union or involves the data of individuals in the European Union, it also encompasses the EU General Data Protection Regulation (EU GDPR). This includes any future legislation replacing or updating these regulations.

2. Controller

We have appointed a Privacy Manager, who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Privacy Manager using the details below:

By email:        privacymanager@danieligroup.co.uk

By post:          The Hold Group

Patrick House,

Gosforth Park Avenue

Gosforth Business Park,

Newcastle upon Tyne

NE12 8EG

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority for data protection issues in the UK (phone: 0303 123 1113 or at www.ico.org.uk/concerns). However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance.

3. The Information We Collect and When:

We are committed to collecting personal information that we genuinely need and in compliance with Data Protection Legislation. We collect your personal data when you visit our bars/restaurants, use our websites and mobile apps, and engage with us in various ways.

The personal information we collect can be categorized into three types:

(a) Information You Provide to Us: This includes any information you willingly provide to us when interacting with our services. For example, when you fill out forms, make reservations, or communicate with our staff, we may collect details such as your name, contact information, and preferences.

(b) Information We Collect Through Automated Methods: When you use our services, we may automatically collect certain information through methods such as cookies and similar technologies. This may include your IP address, device information, browsing patterns, and interactions with our digital platforms. These automated methods help us enhance your user experience and provide personalized services.

(c) Information We Collect from Other Sources: In some instances, we may collect information about you from third-party sources. This may include publicly available information or data shared with us by our trusted partners. We combine this information with the data you provide to us and the information we collect about you to improve our services and ensure accuracy.

While you are not obligated to provide us with your personal information as per statutory or contractual requirements, we do require at least the aforementioned information to efficiently and effectively engage with you as a prospect or customer.

Please note that we may merge the information we receive from other sources with the information you provide to us and the data we collect about you. This allows us to create a comprehensive view of your preferences and tailor our services to better meet your needs.

4. We Collect Information You Provide to Us

When interacting with us, you may choose to provide us with the following information:

• Personal Details: This includes your name, home and email addresses, phone number, birthday date, dietary preferences, and other contact information. You may provide these details when registering with our App/loyalty scheme/online services, making a booking, logging in to Wi-Fi, contacting us by phone, or using our online services.
• Demographic Information: We may collect demographic information such as your age or gender, which helps us better understand our customer base and tailor our offerings accordingly.
• Transaction Information: When you make purchases with us, we collect transaction information. This includes details about your purchases, such as prices, payment methods used, and payment details (please note that payment details are not retained).
• Account Information: If you use our apps, you may provide us with account information, such as your username or password. This information is used to access our online services or to purchase and utilize our products and services.
• Other Personal Information: You have the option to provide us with additional personal information when interacting with us. This can include information shared through social media platforms or submitted via website forms.

5. We Collect Information Through Automated Methods:

When you visit our bars/restaurants, use our online services, or interact with our in-venue technology, we may employ automated technology to collect information from your computer system or mobile device. This automated technology may include cookies, local shared objects, and web beacons. For more details, please refer to our cookie policy.

Through these automated methods, we may collect the following information:

• Internet Protocol (IP) Address: Your device's IP address, which helps identify and deliver content to your computer or mobile device.
• Operating System and Browser Information: Details about your computer or mobile device's operating system, browser type, and version.
• Mobile Device Information: Information about the type of mobile device you use, its settings, and other technologies present on the device that you use to access our website.
• Unique Device Identifier (UDID) or Mobile Equipment Identifier (MEID): An identifier unique to your mobile device.
• Login Data: Data related to your login activities on our platforms.
• Device and Component Serial Numbers: Serial numbers associated with your device and its components.
• Advertising Identifiers: Identifiers used for advertising purposes.
• Referring Webpage or Application: The webpage or application that directed you to our platform.
• Online Activity: Information about your online activities on other websites, applications, or social media platforms.
• Activity Related to Our Online Services: Data related to how you use our online services, such as the pages you visit on our websites or in our mobile apps.
• Images obtained through CCTV, IDScan, or other surveillance technologies. For more information, refer to section 5 of our policy.

Additionally, our online services, including our apps and onsite Wi-Fi, may collect precise location information from your device using geolocation technology such as GPS, Wi-Fi, Bluetooth, or cell tower proximity. Please note that most devices and computer systems allow you to disable the collection of this information by adjusting the settings in your device or web browser.

We prioritise the protection and privacy of your information and adhere to relevant regulations. The information collected through automated methods enables us to enhance your experience and provide personalised services.

6. We Collect Information from other sources:

 My Place Connect – Guest Wi-Fi service provider

• Feeditback – Guest Experience Management & Feedback
• Social media platforms i.e. Facebook, Twitter, Tik Tok, Instagram, Threads, Linked In
• Zonal – STACK App food ordering and loyalty platform
• Airship – Customer relationship management, email campaigns
• Toggle – Gift Card processing
• Tonic – Ticketing solution
• Snaparazzi – Photobooths in bar
• Design My Night – Table and party booking provider
• Zonal – EPOS provider
• Meta Business – Facebook and Instagram
• Hootsuite – Social Media management and scheduling
• Websites:

https://www.stackleisure.co.uk/  – Managed by The Hold Group

Third-Party Links

Our website and services may contain links to websites, plug-ins, and applications operated by third parties. By clicking on these links or enabling such connections, you may allow third parties to collect or share data about you. It is important to note that we do not have control over these third-party websites and their privacy statements.

When you navigate away from our website or service, we recommend that you review the privacy notice of each website, plug-in, or application you visit. This will help you understand how your data is collected, used, and shared by those third parties. We cannot accept responsibility for the privacy practices or content of any third-party websites or services.

7. The Personal Data We Process

Personal data refers to any information that can identify an individual. It excludes anonymous data where the identity has been removed. We process various types of personal data, which we have categorized as follows:

• Identity Data: This includes your name, username (or similar unique identification numbers assigned to you), email address, marital status, title, date of birth, and gender.
• Contact Data: This encompasses your billing address, delivery address, email address, and telephone number(s).
• Financial Data: This comprises payment card details.
• Transaction Data: This includes details of products and services purchased, along with the date, time, and location of the sale. It also encompasses your purchasing activity, including voucher and coupon usage.
• Technical Data: This pertains to information collected through your use of our website, such as the referring website, your browsing activity within our website, frequency of visits, and technical details about the devices you use (e.g., MAC address, IP address, operating system, web browser, and geographic location).
• Profile Data: This consists of your username and password, purchase history, orders or bookings made by you, interests, preferences, feedback, survey responses, public social media content (including posts, comments, pictures, and videos), and profile information and insights obtained from organizations that hold data about you (e.g., credit reference agencies and customer insight companies).
• Usage Data: This relates to information about how you use our website, products, and services, including details of table reservations.
• Marketing and Communications Data: This covers your preferences regarding marketing communications from us and third parties, your communication preferences, and information about your interactions with our marketing emails.
• Sensitive Data: This refers to special categories of personal data, such as information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, trade union membership, health data, and genetic and biometric data (refer to section 6 for further details).

We also collect, use, and share Aggregated Data, which is statistical or demographic data that does not directly or indirectly identify individuals. Aggregated Data may be derived from personal data but is not considered personal data under the law. However, if we combine or connect Aggregated Data with personal data in a way that it can directly or indirectly identify individuals, we treat the combined data as personal data and handle it in accordance with this privacy notice.

In situations where we are legally or contractually obligated to collect personal data from you and you fail to provide such data upon request, we may not be able to perform the contract we have or are trying to enter into with you. This could result in the cancellation of a product or service. If this situation arises, we will notify you at the time.

Collection of Sensitive Data

In specific circumstances, there may be a need to collect Sensitive Data about you. Under data protection law, this type of information is referred to as "special category" data. It includes details regarding your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, trade union membership, as well as information about your health and genetic and biometric data.

When do we process Sensitive Data? We only collect and process Sensitive Data when you voluntarily provide such information in the following situations:

Feedback and Complaints: If you raise a complaint or provide feedback related to a health issue encountered during your visit to our venues (such as suspected food poisoning or a health and safety incident), or if you believe you have experienced discrimination based on race or sexual orientation, the details you provide may include Sensitive Data. We are authorized to process this Sensitive Data, along with any other relevant information, to investigate, address, and resolve your concerns, as well as to handle any potential legal claims or out-of-court procedures.

Job Applications: When you apply for a job with us, we may process your Sensitive Data as necessary to fulfill our obligations and exercise our rights in accordance with employment law. Detailed information about the handling of Sensitive Data during the job application process is available in our separate Candidate Privacy Policy. This policy is presented during the application process, and a copy can be obtained by emailing privacymanager@danieligroup.co.uk

In all other circumstances, we do not routinely collect or process Sensitive Data. However, should there be a need to collect and process Sensitive Data for other purposes, we will obtain your explicit consent beforehand.

8. When is my personal data collected?

The below table provide examples of when your personal data is captured:

9. How we us your personal information:

Under the General Data Protection Regulation (GDPR), we are required to have a lawful basis for processing your personal data. The relevant lawful bases for our processing activities are as follows:

Consent: You have provided explicit consent for us to use your data for a specific and defined activity.

Contract: Processing is necessary to fulfill or prepare a contract with you. For example, we collect information required to provide our party services.

Legal Obligation: Processing is necessary to comply with a legal obligation applicable to us. For instance, we may need to retain your information to meet tax or revenue laws.

Vital Interests: Processing is necessary to protect someone's life or address urgent medical situations.

Legitimate Interest: Processing is necessary for our legitimate business interests. However, this basis does not apply if there is a compelling reason to protect your personal data that outweighs our legitimate interests.

We use your personal data for the following purposes:

• Providing our services to you, including gift cards, reservations or bookings, ticket purchases, and online order and payment facilities.
• Communication, such as seeking feedback on services, responding to your emails, calls, feedback, or inquiries.
• Supplying information and/or marketing materials by email and/or post that you have opted-in to. You can unsubscribe or opt-out at any time using the 'unsubscribe link' in our emails or by contacting us at the provided address.
• Gathering information for statistical and trend analysis, research, and analytics on an aggregate and/or anonymous basis.
• Monitoring website usage and demand for services.
• Meeting legal, regulatory, and compliance requirements.
• Collecting and retaining information from messages posted via social media platforms (e.g., Facebook, Twitter, LinkedIn, Instagram) for dispute resolution, customer support, and troubleshooting as permitted by law.
• Understanding you as a customer and the products and services you consume to serve you better.
• Identifying and engaging with the appropriate audience, creating and distributing personalized marketing content across platforms and services.
• Providing you with online advertising and promotions.
• If you stop using our services, we may continue to use and disclose your personal information in accordance with this privacy policy (as amended from time to time).

We will only use your personal data for the purposes for which we collected it, unless we reasonably determine that we need to use it for another compatible reason. If you would like an explanation of how the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the aforementioned rules, when required or permitted by law.

10. Who we might share your information with:

We may share your personal data with other organizations under the following circumstances:

Legal Obligation: If the law or a public authority requires us to share personal data, such as HM Revenue & Customs, regulators, and other authorities.

Legal Rights: When it is necessary to share personal data to establish, exercise, or defend our legal rights. This includes sharing personal data with others for the purpose of preventing fraud and reducing credit risk.

Direct Marketing: We will not share your information with any third parties for direct marketing purposes without your explicit consent.

Third-Party Service Providers: We may engage third-party service providers, such as digital service providers, professional advisors, and marketing service providers. We ensure that all third parties respect the security of your personal data and handle it in accordance with the law. We do not permit our third-party service providers to use your personal data for their own purposes. They are only authorized to process your personal data for specified purposes and in accordance with our instructions.

Business Transactions: We may share your data with third parties in the event of selling, transferring, or merging parts of our business or assets. Similarly, if we consider acquiring other businesses or merging with them, your personal data may be shared. In such cases, the new owners will use your personal data in accordance with the terms outlined in this privacy notice.

The Hold Group: We may share your data with other companies in the The Hold Group, acting as joint controllers and/or processors. These companies are based in the UK and provide IT and/or system administration services.

We take precautions to ensure that your personal data is protected when shared with third parties. They are bound by agreements that require them to handle your personal data securely and in accordance with applicable laws and regulations.

11. CCTV

In the interests of Public Safety, and the prevention of Crime and Disorder The Hold Group uses CCTV in all of its venues. We may, in some of our premises use body cameras for the same purpose and the use of one or both may be a condition on the premises licence. Where we use CCTV, this will be clearly signposted at the entrance to the premises.

Video footage will be retained for a minimum of 31 days and will only be accessed by the following personnel;

• Site management
• The Risk and Compliance Team
• Local law enforcement officers

Video copies of specific incidents may be retained and made available to local law enforcement officers and/or legal representatives where the footage is part of an accident investigation, official investigation or legal case.

Enquiries regarding CCTV footage should be sent to privacymanager@danieligroup.co.uk

12. How We Keep You Updated on Our Products and Services

We strive to keep you informed about our latest products and services through various channels, including email, SMS, or phone. However, we will only send you marketing communications if you have given your prior consent to receive them. You have the freedom to unsubscribe or opt-out at any time by using the 'unsubscribe link' provided in all our emails or by contacting us using the address mentioned in Part 1. Additionally, you can manage your opt-in preferences conveniently through our preference centre. Links to access the preference centre can be found at the bottom of our emails.

13. Your Rights Over Information

We respect your rights regarding your personal information and provide you with the following rights:

Right to be Informed: You have the right to be informed about how we collect and use your personal data. We ensure this through our external website policy, which is regularly reviewed and updated to accurately reflect our data processing activities.

Right to Access Your Personal Information: You have the right to access the personal information we hold about you. To exercise this right, you can make a request known as a "Subject Access Request." Once your identity has been confirmed, we will provide the requested information free of charge within 1 month.

Right to Correct Your Personal Information: If any of the personal information we hold about you is inaccurate, incomplete, or outdated, you have the right to request corrections. Please keep us informed if your personal data changes during your relationship with us.

Right to Restrict Processing: You have the right to ask us to restrict the processing of your personal data. This right applies in certain circumstances, such as when you have concerns about the accuracy of the data or the way we have processed it.

Right to Erasure: You have the right to have your personal data erased, also known as the "right to be forgotten." This right applies in certain circumstances and is not absolute.

Right to Data Portability: The right to data portability allows you to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. It also enables you to request that we transmit this data directly to another controller.

Right to Object: You have the right to object to the processing of some or all of your personal data held by us. This right is absolute when we use your data for direct marketing purposes but may not apply in other circumstances where we have a compelling reason to continue processing your data, such as a legal obligation.

To initiate a Subject Access Request, please contact us using the details provided below. We may ask for proof of identity and sufficient information about your interactions with us to locate your personal information.

For additional information:

You will not be charged a fee to access your personal data or exercise any of the other rights mentioned. However, we may charge a reasonable fee or refuse to comply with requests that are unfounded, repetitive, or excessive.

We may need to request specific information from you to confirm your identity and ensure that we do not disclose personal data to unauthorized individuals. This is a security measure to protect your information.

We aim to respond to all legitimate requests within one month. If a request is particularly complex or if multiple requests have been made, it may take longer to respond. In such cases, we will notify you and provide updates on the progress of your request.

For more information about your privacy rights:

The Information Commissioner's Office (ICO) is the regulatory authority for data protection and privacy matters in the UK. They provide comprehensive information on their website and maintain publicly available details of all registered data controllers, including our organization. You can access their website at: https://ico.org.uk/for-the-public

If you have any concerns or complaints regarding the way we use your information, we encourage you to contact us first. Your satisfaction is important to us, and we are committed to resolving any issues you may have. However, if you wish to make a complaint directly to the ICO, you have the right to do so at any time.

14. How Long We Keep Your Information For

We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it. This includes satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider various factors, including the amount, nature, and sensitivity of the personal data, the potential risk of unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether those purposes can be achieved through alternative means, and the relevant legal requirements.

Under certain circumstances, you have the right to request the deletion of your data. Please refer to section 6, "Rights over your information," for more details on how to exercise this right.

In some instances, we may anonymize your personal data for research or statistical purposes. Once anonymized, the data can no longer be associated with you. In such cases, we may use this information indefinitely without providing further notice to you.

We regularly review our data retention practices to ensure that your personal data is not kept longer than necessary for the purposes for which it was collected.

15. Security

We prioritise the security of your personal data and have implemented appropriate measures to prevent accidental loss, unauthorised access, use, alteration, or disclosure of your information. These security measures encompass various technical and organisational safeguards.

Access to your personal data is restricted to employees, agents, contractors, and other third parties who require access for legitimate business purposes. They are granted access on a need-to-know basis and are bound by strict confidentiality obligations. Furthermore, they will only process your personal data in accordance with our instructions.

In the event of a suspected personal data breach, we have established procedures to promptly address and investigate the incident. If required by applicable regulations, we will notify you and the relevant regulatory authorities of any such breach.

We continuously monitor and enhance our security measures to adapt to evolving threats and industry best practices. Protecting your personal data is of utmost importance to us, and we remain dedicated to maintaining the confidentiality, integrity, and availability of your information.

16. International Transfers

We strive to minimize the transfer of your personal data outside the European Economic Area (EEA) whenever possible.

However, it's important to note that some of our external third parties may be located outside the EEA. As a result, the processing of your personal data by these parties may involve the transfer of data outside the EEA.

In cases where we transfer your personal information from Europe to a country that is not considered by competent regulators to offer an adequate level of protection for personal data, such transfers will be carried out:

1. Based on the recipient's adherence to standard contractual clauses or binding corporate rules;
2. With the consent of the individual to whom the personal information relates; or
3. As otherwise permitted under applicable European data protection laws.

If you require further information regarding international transfers of your personal data, please do not hesitate to contact us.

17. What Happens if Our Business Changes Hands

As our business evolves, there may be occasions when we expand or reduce our operations. This could involve the sale or transfer of control of all or a portion of our business. In such circumstances, any personal data you have provided will be transferred to the relevant part of our business undergoing the transfer. The new owner or controlling party will be bound by the terms of this Privacy Policy and allowed to use the data solely for the purposes for which it was initially collected by us.

18. Changes to Our Privacy Policy

As the law evolves and our business grows, it may be necessary for us to update this privacy notice. We are committed to keeping you informed of any changes.

If we have your email address on file, we will strive to provide you with advance notice by sending a service message. Alternatively, please be on the lookout for indicators, such as flags on our websites and materials, that signify updates to this privacy notice.

By continuing to use our websites and/or services after we have made changes to our privacy notice, you indicate your acceptance of those changes.

Maintaining accurate and current personal data is crucial. If there are any changes to your personal data during your relationship with us, please notify us promptly so that we can ensure our records are up to date.

19. No Intra-Group Sharing of Data:

We are committed to safeguarding the privacy of our users and customers. We want to assure you that we do not engage in the sharing of personal data within our corporate group for marketing or any other purposes. Your personal information will only be used for the explicit purposes outlined in our Privacy Policy. We do not engage in any data sharing practices that involve transferring personal information to other companies or entities within our corporate structure, unless explicitly stated and with your informed consent. Your trust is of utmost importance to us, and we take significant measures to ensure the security and confidentiality of your data.

20. How to contact us:

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:

By email:        privacymanager@danieligroup.co.uk

By post:         The Hold Group

Patrick House,

Gosforth Park Avenue

Gosforth Business Park,

Newcastle upon Tyne

NE12 8EG

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Thank you for taking the time to read our Privacy Policy.