You are here

195 Piccadilly Customer Privacy Policy

Introduction

BAFTA has always believed in being open about what data we collect from our members and clients of BAFTA 195 Piccadilly and what we do with it. New EU legislation called the GDPR now sets out comprehensive requirements for all companies handling the personal data of EU citizens. This includes a number of things we must tell you of when we collect data from you. We have provided all the information you need as simply and clearly as possible through this Privacy Policy using a question-and-answer format.

What data do you hold about me?

We hold the following details for people (clients) who have made bookings with us or enquired about making a booking:

  • Address and contact details.
  • Records of your interactions with BAFTA e.g. previous bookings
  • Records of email exchanges and phone calls
  • Details of financial transactions

What do you use my data for?

We use your data to provide any services you request from us and also pursue BAFTA’s legitimate interests in promoting 195 Piccadilly.

Specific activities include:

  • Providing a quotation should you make an enquiry to hold an event.
  • Organising any events should you make a booking.
  • Facilitating future bookings by being able to refer back to past bookings and enquiries.
  • Contacting you to tell you about new offer and updates.
  • Evaluate the success of business initiatives and design future offers.

Who is responsible for my data?

Any data collected about you on any of the BAFTA web sites will be kept under BAFTA's control. BAFTA is registered charity (No.  216726) and can be contacted using the following details:

Postal: The Data Controller, BAFTA, 195 Piccadilly W1J 9LN

Email: [email protected]

How long will you keep my data for?

We keep details of bookings for seven years for tax and accounting reasons.

We will keep your contact details for 3 years after the date of your last enquiry in case you want to make another booking.

We will keep your email address until 1 month after you unsubscribe from the mailing list - you can do this at any time using the unsubscribe link at the bottom of every email we send you.

Where will my data be stored?

Your data will be stored on BAFTA’s own internal systems in our headquarters in London.

We also use cloud based services to store and process data about members. Some of these cloud providers store data in the United States. In these cases the providers are certified under the EU-US privacy shield framework (see https://www.privacyshield.gov/welcome ). In addition to this our contracts with these providers include clauses which guarantee that they provide the same safeguards for the data and rights to our members as if the data were stored in the EU. More information about the security measures put in place by these providers is linked to below.

We may choose to use other service providers in future, if we do they will be bound by the same strict rules which guarantee that the same safeguards are in place, and your rights remain the same. If we change our service providers then we will update the details on this page so you can always return to this page to see where your data is being stored.

Here is a list of the current cloud based service providers we share your data with:

SalesForce.com

What data: All data collected about enquiries and bookings at 195 Piccadilly is stored in SalesForce

Purpose: Managing our client database

Data location: USA

More infohttps://help.salesforce.com/articleView?id=Salesforce-Services-Trust-and...

MailChimp.com

What data: Just name and email address

Purpose: Keeping in touch with clients via email

Data location: USA

More info: https://mailchimp.com/about/security/

https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swis...

Who will have access to my data?

Events organisers in the BAFTA 195 events office.

Other events staff in BAFTA 195 who manage events.

Will you pass my data to anyone else?

If you want to bring in third party suppliers such as a production company or florist we can, if you wish, make an introduction for you. If you have requested that we do this then we will pass your contact details on to suitable carefully selected partners.

We will not pass your data to anyone else.

What is GDPR?

GDPR stands for General Data Protection Regulation. This is a pan-european law which replaces previous national data protection legislation and gives all EU citizens common rights. The full text of the GDPR can be found here:

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC

What rights does GDPR give me?

Full details of your rights are available in the text of the GDPR (see http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC), but here is a quick summary of the main provisions which are relevant to the type of data we hold about you:

  • Access: You have the right to view the data we hold about you and to receive copies of this data in digital format.
  • Accuracy: If any of the data we hold about you is incorrect or incomplete then you can provide the correct or complete data and we must update the data we hold.
  • Erasure: You can request that we erase all the data we hold about you.
  • Restriction of processing: In some cases you can ask us to retain your data but not do anything with it.

How do I exercise my GDPR rights?

If you want to exercise any of your rights in relation to data BAFTA holds about you then please email: [email protected] or email or write to the Data Controller at the address given above (see "Who is responsible for my data?")

Please provide details in your email/letter of what actions you would like us to take. Depending on the nature of the request and whether or not your request comes from the email address we have on file for you, we may need to verify your identity so that we don't give out information to the wrong person. In most cases it helps if you are able to provide a contact phone number so that we can validate your identify and discuss the request with you.

What if I have a complaint?

If you are concerned about how we manage your data, or how we have handled a request to exercise your rights, then please get in touch with us to discuss it. To do this please send an email detailing your concerns to [email protected].

If you are still not satisfied with the response you can take your concern to the Information Commissioner's Office. For details of how to do this please refer to the ICO web site:

https://ico.org.uk/