This is the privacy policy for Trafford Palazzo Limited (referred to in these terms as Trafford Palazzo, we, us, our etc). We are committed to safeguarding your privacy, so please read this policy to understand how the information we hold about you will be treated on our website and our app(s) when you visit us in person and when you otherwise interact with us. If you have any questions in relation to this policy, please email customerservices@TraffordPalazzo.co.uk with subject header “data protection query”.
We do occasionally update this policy so you should return to this page and read it through again from time to time.
Last updated: [15/11/2021] (Version 1.0)
Information we collect about you and our collection methods
“Personal data” is information about you from which we can identify you (either on its own, or by piecing it together with other information). Personal data does not include aggregated data where you cannot be identified (e.g. statistics about usage in general or in categories).
Trafford Palazzo Limited (registered with the Information Commissioner’s Office with registration number Z1648384) is the controller of your personal data. We collect, use and are responsible for certain personal data about you. When we do so we are regulated under data protection legislation and we are responsible as ‘controller’ of that personal data for the purposes of those laws.
We may, from time, collect your personal data in ways other than those set out in this policy, where we do so we will provide you with relevant privacy notices at the appropriate time. This privacy policy supplements the other notices and is not intended to override them.
The types of personal data we collect about you are:
Contact data
Information provided when you interact with us directly through the Site including when registering with us, or participating in promotions and competitions, or completing customer surveys – this may include your title, name, postal address, email address, telephone number(s), and information about your use of our Centre;
Preferences & Profile data
Information about your preferences, including brands and content you like, dislike, click on or share with others;
Information provided when you interact with us directly (e.g. telephoning, writing or emailing us, buying services from us, participating in promotions and competitions);
Demographic information;
Data collected when you interact with us or otherwise make accessible via third parties, including:
through brand partners and social media platforms (see section 8 below), and
through third party surveys and market research you participate in);
Other information which you give us when dealing with us or interacting with us in any way including via third parties;
Financial data
Your credit and/or debit card number and expiry date may be collected if you make a purchase from us;
Image data
CCTV footage, including Body-worn Video (BWV), featuring your image; BWV may also include audio recording.
Vehicle registration number and details (via Automatic Number Plate Recognition (ANPR) systems where it is in operation at our Centre car parks);
Technical / Usage data
Information about your use of the Sites. Some of this information may be automatically collected, such as your Internet Protocol (IP) address, unique device identifier, browser type, browser language and access times;
Technical Data from analytics providers;
Details you provide when using our WiFi in a Centre;
Information about your location. We may automatically collect your location information (if you have consented to this on your device).
How we use your personal data
We will ensure that in all circumstances the personal data we hold about you will be adequate to fulfil the purpose for which it was collected, relevant, and not excessive.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you, where necessary or appropriate, and we will explain the legal basis which allows us to do so.
Please note that we will process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected (including for the period of any contract/agreement we have with you, and for a period of time after in the event of any potential issue), unless we are required by law to retain your personal data for a longer period (e.g. where you make a rights request, and we maintain records to demonstrate how e comply with such requests).
We may use your personal data to:
Provide you with information, products, services or experiences that you request from us;
Process payments for purchases;
Provide reservation or booking services;
Compile a user profile for you where you have requested that we do so through your use of relevant services;
Provide and personalise our products and services to you, including making predictions about your interests or preferences and to display targeted content, features, deals and offers that match your profile or that we believe will be of interest to you;
Keep track of your activity patterns and preferences in order to improve the level of service you receive and to increase the functionality of the Sites, including monitoring and analysing usage and trends, determining the effectiveness of our content and personalising and improving the Sites;
Link or combine with other information we get from third parties to help understand your needs and provide you with better service.
Inform you of products, services, experiences or promotions which we feel may be of interest to you where you have indicated that you wish to be contacted for such purposes by email, SMS, post, telephone, through the Sites or social media platforms, or by other means of electronic communication (and where you have indicated that you are happy to be contacted by specific third parties, you may be contacted about products, services, experiences or promotions by those third parties);
Ensure that content from our Sites is presented in the most effective manner for you and for your computer/tablet/mobile;
Send you push notifications;
Interact with you on social media platforms;
Allow you to participate in any interactive features of our products, services and experiences, when you choose to do so;
Manage and administer any of our promotions/competitions which you enter;
Request feedback from you;
Respond to your emails, submissions, questions, comments, requests or complaints and provide customer service;
Send you surveys, updates, security alerts and support and administrative messages and to facilitate your use of, and our administration and operation of, the Sites, including to notify you about important changes; and
To deter and to detect fraud and combat criminal and antisocial behaviour.
International transfers
To deliver services to you, it is sometimes necessary for us to share your personal data outside the UK with our service providers located outside the UK;
Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK
where the UK has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
a specific exception applies under data protection law
These are explained below.
6.1 Adequacy decision
We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:
- all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);
- Gibraltar; and
- Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.
The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.
6.2 Transfers with appropriate safeguards
Where there is no adequacy decision, we may transfer your personal data to another country if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.
The safeguards will usually include using legally approved standard data protection contract clauses, which have been approved by the UK data protection regulator.
To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards please contact us (see ‘How to contact us’ below).
6.3 Transfers under an exception
In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, eg:
- you have explicitly consented to the proposed transfer after having been informed of the possible risks;
- the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
- the transfer is necessary for a contract in your interests, between us and another person; or
- the transfer is necessary to establish, exercise or defend legal claims
We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.
We currently transfer Personal data outside the EEA:
When you subscribe to our database via the sign-up option on our website, the personal data you supply is collected, stored and processed by Mailchimp, our email marketing provider. You can find out more about how they will store and process your data here; https://mailchimp.com/legal/privacy/
Mailchimp is based in the US.
Purposes for which we use your data – summary
We have set out below, in a table format, a broad summary of the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data on more than one lawful ground if we are processing the same information for more than one specific purpose.
Purpose/activity | Type of data | Lawful basis for processing including basis of legitimate interest |
To manage our relationship with you which will include:
|
|
|
To administer and protect our business (including protecting our Centres, visitors and staff) and our Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), this may include data collected from on-site visits to Centres |
|
|
To use data analytics to improve our websites, products/services, marketing, customer relationships and experiences |
|
|
|
|
|
To manage and administer any of our promotions and competitions which you enter |
|
|
To provide a service to you (including services provided through our apps) |
|
|
How we keep your personal data safe
We have a number of measures to keep your data safe and secure:
Your personal data is held on a secure database.
We have policies, rules and technical measures in place to protect the personal data that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
All of our employees and data processors that have access to, and are associated with, the processing of your personal data are obliged to respect the confidentiality of your personal data.
All third parties supporting our Sites as external data processors are engaged under appropriate contractual and confidentiality protections.
We ensure that your personal data will not automatically be disclosed by us to government institutions or authorities. However, if required by law, or when we receive a request from regulatory bodies or law enforcement organisations, we may disclose your information.
When you subscribe to our database via the sign-up option on our website, the personal data you supply is collected, stored and processed by Mailchimp, our email marketing provider. You can find out more about how they will store and process your data here; https://mailchimp.com/legal/privacy/
How we disclose your personal data
We may disclose your personal data to any of the following in any country within the EU (to the extent necessary to fulfil the purpose for which your data was collected:
Our staff;
Our affiliates;
Suppliers and service providers who may access your personal data when providing products or services to us, in particular providers of platform, data storage, marketing and data security services;
Purchasers or potential purchasers of our business or any part of it or of our Centre;
Government bodies and law enforcement agencies and in response to legal or regulatory requests; and
Auditors or other advisers auditing, assisting with or advising on any aspect of our business or a Centre, including our external legal advisors.
We may also share information or statistics with third parties in an aggregated or anonymised form that does not directly identify you, e.g. we may share aggregated information about your interests and geographic preferences and/or location (if given) with advertisers and third party deal sites for marketing purposes.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law and subject to appropriate contractual terms. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
When you subscribe to our database via the sign up option on our website, the personal data you supply is collected, stored and processed by Mailchimp, our email marketing provider. You can find out more about how they will store and process your data here; https://mailchimp.com/legal/privacy/. Please note as stated in point three, Mailchimp are based in the US.
Your own sharing of your personal data
When you post in any profile, comments, forums and other interactive features of the Site, or share personal data with individuals through the Site or social media platforms, this personal data will be available to other users and in some cases may be publicly available outside of the Site (e.g. on social media platforms).
Our access to your personal data through social media platforms
If you interact with us on social media platforms, (for example, if you ‘Like’ our Facebook Page or post on our Facebook timeline, or if you follow us or mention us in a tweet on Twitter) we can interact with you and send you information via these platforms.
The personal data we have access to through social media platforms will depend on your personal settings on these platforms. We will have access to all public information on these platforms. We may also be able to access personal data that others share about you (because they control how that is shared, not you).
We may collect any data that is accessible to us or that you provide through social media platforms, including but not limited to your Facebook and/or Twitter and/or Instagram profile picture, gender, and usernames. We will interact with you through social media platforms in accordance with each platform’s rules but we are not responsible for how the platform owners collect and handle your data. We are not responsible for what third parties post on our social media accounts.
Your legal right with respect to your personal data
Under certain circumstances, you have rights under data protection laws in relation to your personal data, as listed below, to:
request access to your personal data;
request correction of your personal data;
request erasure of your personal data;
object to processing of your personal data;
request restriction of processing your personal data;
request transfer of your personal data; and
withdraw consent to processing of your personal data.
If you wish to exercise any of the rights set out above, please email customerservices@traffordpalazzo.co.uk with subject header “data protection query”.
When writing to us to obtain a copy of your personal data, please quote your name and address and provide brief details of the personal data of which you would like a copy of, or which you would like to be corrected, because this will help us more easily locate your personal data.
What we may need from you when you exercise your legal rights
When exercising your legal rights above, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that requests are made by the individual themselves and that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
Fees and refusal to comply with requests
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive we may charge a reasonable fee and/or refuse to comply with your request.
Time limit to respond
We will respond to all legitimate requests within one month. If your request is particularly complex or you have made a number of requests and it is likely to take us longer than a month to respond, we will notify you of that and keep you updated as to progress.
Your right to make a complaint
In addition to your legal rights set out above, you also have the right to make a complaint at any time to your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html). Information Commissioner’s Office (ICO) is the UK supervisory authority for data protection issues (www.ico.org.uk). We are committed to protecting your personal data and would appreciate the opportunity to address any concerns or complaints you may have before you approach the ICO so that we can remedy them. Any concerns or complaints should be raised with the Data Protection Officer in the first instance.
Automated decision-making
Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We may carry out automated decision making in the course of providing some of our services. For more information on this please contact our Data Protection Officer at the address detailed above.
Direct marketing – how to opt out
You have the opportunity to opt-out of receiving marketing communications from us at any time. You can do this by clicking on the unsubscribe link on any communications from us, updating your preferences in our Preference Centre, or by emailing customerservices@traffordpalazzo.co.uk
We take your online privacy very seriously, so if you need any assistance in unsubscribing to future communications please contact us. We will promptly take action to ensure that you are “opted-out” from receiving any further mailing or other information. Although we will remove your name from our e-mail list as quickly as possible, there may be a period of time after you unsubscribe during which you may still receive e-mails from us. Additionally, in order to ensure you do not continue to receive correspondence from us, we may retain your Personal Data on a suspension list.
Third parties and the privacy of your personal data
You may be able to access third party websites and apps from the Sites. We are not responsible for the privacy policies and practices of other websites and apps. We recommend that you check the policy of each website and app and contact the operator of the website or publisher of the app if you have concerns or questions.
Follow us!