Privacy Policy

The Arts Club (London) Limited’s Privacy Policy has been written in accordance with the Data Protection Act 2018 and the EU 2016/679 General Data Protection Regulation (GDPR).

What Does This Privacy Policy Cover?

The Arts Club (London) Limited respects your privacy and is committed to protecting your personal data. We want to be transparent with you about how we collect and use your personal data in your dealings with us and your use of our Services (“Services”) and tell you about your privacy rights and how the law protects you.

With that in mind, this Privacy Policy is designed to describe:

  • Who we are and how to contact us
  • Your rights relating to your personal data
  • Complaints
  • Marketing communications preferences
  • What personal data we collect
  • How we use your personal data and why
  • What our “legal basis” is
  • What happens when you do not provide necessary personal data
  • Personal data and third-party sources
  • How we use cookies and other tracking or profiling technologies
  • Who we share your personal data with
  • Data transfers
  • How we keep your personal data secure
  • How long we store your personal data
  • Our policy on children
  • Third party links
  • International membership

This Privacy Policy aims to give you information on how The Arts Club Limited collects and processes your personal data through your use of our Services, and any data you may provide to us.

We will post any modifications or changes to this Privacy Policy on our website: www.theartsclub.co.uk

1. Who We Are and How to Contact Us

Who we are:
We are The Arts Club (London) Limited with registered address:
The Arts Club, 40 Dover Street, Mayfair, London, W1S 4NP.

How to contact us:
Email: privacy@theartsclub.co.uk

2. Your Rights Relating to Your Personal Data

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to the processing of your personal data.
  • Request the restriction of processing of your personal data.
  • Request the transfer of your personal data.
  • Withdraw consent.

How to exercise your rights:
Please contact us using the contact details shown under “Who We Are and How to Contact Us”.

Typically, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

3. Complaints

If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your personal data, please contact us at: privacy@theartsclub.co.uk

If you feel that your complaint has not been adequately resolved, you have the right to contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues: www.ico.org.uk

4. Marketing Communications Preferences

You can ask us to stop sending you marketing messages at any time by opting out on the Membership Application Form, following the opt-out links on any marketing message sent to you and/or by contacting us using the contact details shown under “Who We Are and How to Contact Us”.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of membership applications, restaurant reservations and other purchases or Services where we require your personal data to complete your order.

5. What Personal Data We Collect

All the personal data we collect, both from you and from third parties about you, is outlined in the table below.

If you have applied for International Membership, this information will be shared with The Arts Club Dubai Ltd for the purposes of administering your membership of The Arts Club Dubai (please see the section “International Membership” below for more details).

The information we may collect may relate to: Members, guests of Members, applicants and other potential or prospective Members, suppliers to the Club, or employees of the Club.

Personal data means any information relating to an identified or identifiable natural person; an identifiable person is one who can be directly or indirectly identified by reference to an identifier such as name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

It does not include ‘anonymous data’ (i.e. information where the identity of the individual has been permanently removed).

However, it does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e. information which alone does not identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).

Category of Personal Data What This Means
Identity Data First name, surname, marital status, title, date of birth and gender.
Contact Data Your home address, work address, billing address, email address and telephone numbers.
Financial Data Your payment card details. Note that we pass any financial data we receive from you immediately to our third-party payment processors. We do not store any of your financial data.
Transaction Data Details about payments to and from you in respect of food, beverage and other services you have purchased from us.
Marketing and Communications Data Your preferences in receiving marketing from us and your communication preferences.
Behavioural Data Inferred or assumed information relating to your behaviour and interests based on your online activity and use of our services.
Technical Data IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website or use our services.
Allergy Data Information about food allergies, intolerances and/or preferences you have.
Aggregated Data We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data, but once in aggregated form it will not be considered personal data as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

6. How We Use Your Personal Data and Why

We will only use your personal data for the purposes for which we collected it as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so.

7. What Is Our “Legal Basis” for Processing Your Personal Data?

In respect of each of the purposes for which we use your personal data, most commonly, we will rely on one of the following legal bases:

  • Where we need to perform a contract we are about to enter into or have entered into with you (“contractual necessity”).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“legitimate interests”).
  • Where we need to comply with a legal or regulatory obligation (“compliance with law”).
  • Where we have your specific consent to carry out the processing for the purpose in question (“consent”).

Generally, we do not rely on your consent as a legal basis for using your personal data other than in the context of direct marketing communications.

Purpose Category(ies) of Personal Data Involved Why Do We Do This Our Legal Basis for This Use of Data
Membership applications/elections Identity Data, Contact Data, Marketing and Communications Data To process membership applications and elect Members Contractual necessity
CCTV/security Identity Data Internal & external security Legitimate interests
Reservations/bookings Identity Data, Contact Data, Transaction Data To secure and manage Member reservations, and to settle bills upon consumption Contractual necessity
Marketing Identity Data, Contact Data, Marketing and Communications Data To send you newsletters and event information which we think may be of interest to you Consent
To process payments for gift cards Identity Data, Contact Data, Financial Data, Transaction Data To process and deliver your order Contractual necessity
To process advance payments for bookings Identity Data, Contact Data, Financial Data, Transaction Data To process your order to secure a reservation or to pay, or part pay, for a reservation in advance and allocate such payments correctly Contractual necessity
To improve our services Behavioural Data, Technical Data To monitor use of our Services, operate our Services more efficiently, and improve your experience Legitimate interests
To provide your order to you and record your food allergies, intolerances and preferences Allergy Data To ensure that we take into account information about your food allergies, intolerances and/or preferences when preparing and delivering your order to you Explicit consent; Legitimate interests

8. What Happens When You Do Not Provide Necessary Personal Data?

Where we need to process your personal data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the functionalities of the Services).

In this case, we may have to stop you using our services but we will notify you if this is the case at the time.

9. Personal Data from Third Party Sources

In addition to the personal data that we collect directly from you (as described in the section immediately above this one), we also collect certain aspects of your personal data from third party sources. These sources are broken down in the table below, together with a description of whether they are publicly available or not.

Third Party Data Source Publicly Available? Category(ies) or Other Types of Personal Data Received
Online booking platforms when in effect No Identity Data, Contact Data, Transaction Data
Analytics providers No Behavioural Data, Technical Data

10. How We Use Cookies and Other Tracking or Profiling Technologies

We may collect information using “cookies”.

What are cookies?
Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our sites.

We use two broad categories of cookies:

  • First party cookies – served directly by us to your computer or mobile device
  • Third party cookies – served by our partners or service providers on our sites

Cookies we use:

Type of Cookie Purpose
Essential Cookies These cookies are essential to provide you with services available through our sites and to enable you to use some of its features.
Functionality Cookies These cookies allow our sites to remember choices you make when you use our sites, such as remembering your language preferences. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our sites.
Analytics and Performance Cookies These cookies are used to collect information about traffic to our sites and how users use our sites. The information gathered via these cookies does not “directly” identify any individual visitor. However, it may render such visitors “indirectly identifiable”. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access our sites. The information collected is aggregated and anonymous. It includes the number of visitors to our sites, the websites that referred them to our sites, the pages they visited on our sites, what time of day they visited our sites, whether they have visited our sites before, and other similar information.
Social Media Cookies These cookies are used when you share information using a social media sharing button or “like” button on our sites or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.

Disabling cookies:
You can typically remove or reject cookies via your browser settings. Follow the instructions provided by your browser (usually located within the “settings”, “help”, “tools” or “edit” menus). Many browsers are set to accept cookies until you change your settings.

If you do not accept our cookies, you may experience some inconvenience in your use of our sites. For example, our sites may not remember your language setting.

Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, is available at www.allaboutcookies.org and www.youronlinechoices.com.

You can also prevent the use of Google Analytics relating to your use of our sites by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB

11. Who We Share Your Personal Data With

Recipients Category(ies) of Personal Data We Share Why We Share It
Membership Platform Identity Data, Contact Data, Transaction Data To process membership applications and elections, and store Member data including payment history.
Payment Systems Financial Data To process payments via third-party platforms in a PCI-compliant manner.
Reservations Platforms Identity Data, Contact Data To manage bookings and reservations.
Marketing Digital Platforms Identity Data, Contact Data To send marketing to Members who have opted in.
The Arts Club Limited (Dubai) Identity Data, Contact Data, Transaction Data To facilitate international memberships and support applications.
Lanserhof at The Arts Club Identity Data, Contact Data, Transaction Data To facilitate international memberships and support applications.
Courier Companies Identity Data, Contact Data To deliver physical content to Members.
Printing Companies Identity Data, Contact Data To print and mail personalised letters or content.

12. Data Transfers

We share your personal data with affiliated companies and selected external third parties. Whenever we transfer your personal data out of the UK, we ensure that it is protected by safeguards that provide an equivalent level of protection to UK data privacy laws.

13. How We Keep Your Personal Data Secure

We implement appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, accessed, altered or disclosed in an unauthorised way. Data is stored on secure, password-protected and firewall-protected servers. Access is limited to those who require it, under confidentiality obligations.

We have procedures in place to handle any suspected personal data breach and will notify you and any relevant regulator of a breach where we are legally required to do so.

14. How Long We Store Your Personal Data

Category of Personal Data Retention Period
Identity Data Deleted after 2 years from Membership termination unless opted in to marketing. Reinstatement requires proof of membership and joining fee.
Contact Data Deleted after 2 years from Membership termination unless opted in to marketing.
Financial Data Not stored. Passed to third-party processors immediately.
Transactions Data Retained for 2 years from Membership termination.
Marketing and Communications Data Stored until you unsubscribe.
Behavioural Data Anonymised immediately, retained in anonymised form for 38 months.
Technical Data Anonymised immediately, retained in anonymised form for 38 months.
Allergy Data Stored for 2 years from Membership termination.

15. Our Policy on Children

You may provide us with identity data relating to children (e.g., when booking a child’s birthday party). We may store this on your account for up to 2 years following Membership termination. In doing so, you confirm that you hold parental responsibility or have been authorised to share this information.

16. Third Party Links

Our sites may include links to third-party websites, plug-ins and applications. Clicking those links or enabling those connections may allow third parties to collect or share your data. We do not control these websites and are not responsible for their privacy statements. We encourage you to read their policies.

17. International Membership

If you apply for International Membership, you agree we may share your personal data with The Arts Club Dubai for the purposes of membership administration and service provision. The Arts Club Dubai has entered into a data-sharing agreement based on the European Commission’s standard contractual clauses.

You can request details of the protections and contractual clauses in place by contacting us via the “Contact Us” section above.

Hotel Reservation Request

By submitting this form you are agreeing to our privacy policy here.