Keeping things secure
1. What Are My Rights?
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to access the personal data we hold about you. Part 9 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 10 to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 10 to find out more.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way. For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 10.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Part 10.
2. Information we collect from you
We will collect and process the following data about you:
2.1. Information you give us This is information about you that you give us by filling in forms on our website ("our site"), during play at our venues or by corresponding with us by phone, email or otherwise. It includes information you provide when you register to use our sites, request information or place an order on our sites, enter a competition, promotion or survey and when you report a problem with our sites, products or services. The information you give us may include your name, address, email address and phone number, financial and credit card information. If you provide any information about any other individuals such as colleagues, friends or family, you warrant to us that you are entitled to provide that information to us and to authorise us to process it on the same basis as we will process the rest of the data you provide about yourself.
2.2. Information we collect about you With regard to each of your visits to our sites we will automatically collect the following information: Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our sites (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number.
2.3. Information we collect when you visit our premises This comprises video or still images that we record when you visit our premises together with information such as your actual name, nickname and email address.
2.4. Information we receive from other sources This is information we receive about you from sources other than directly from yourself, which may include social media such as Linkedin, Facebook, Twitter, Instagram and TikTok. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
2.5. Other This is information we receive about you when you use our WIFI, when you visit our premises and are captured on our CCTV camera, when you make a booking in person or on the telephone.
3. Purpose of which we may process the information
We use information held about you in the following ways:
3.1. We use information held about you in the following ways: We will use this information: to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (email or SMS) with information about goods and services similar to those which were the subject of a previous visit. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data;
to notify you about changes to our products or services;
to ensure that content from our sites is presented in the most effective manner for you and for your device.
Please note that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (eg contact, or payment information) it is a requirement for us to enter and perform such a contract or fulfil your request that you provide that information – if you do not do so, we may not be able to perform your contract or fulfil your request.
3.2. Information we collect about you We will use this information: To administer our sites and for internal operations, including trouble shooting, data analysis, testing, research, statistical and survey purposes;
to improve our sites to ensure that content is presented in the most effective manner for you and for your device;
to allow you to participate in interactive features of our service when you choose to do so;
as part of our efforts to keep our sites safe and secure;
to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
3.3. Information we collect when you visit our premises Save to the extent that you withhold your consent for us to do so, we will use this information: To make video and/or still images available at our premises to you and the individuals that are with on the occasion of your visit;
To make video and/or still images available to you and the individuals that you are with after your visit; and/or
To display on our website and/or social media accounts.
3.4. Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information the combined information for the purposes set out above (depending on the types of information we receive)
4. Disclosure of your information
4.1. You agree that we have the right to share your personal information with:
4.1.1. For administrative purposes, any our group undertakings, as defined in s1161(5) of the UK Companies Act 2006, provided that they either: (a) are within the European Economic Area; (b) are in a country that the European Union has decided has adequate data protection laws in place; or (c) have provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you. Any use by other group members of one group member’s personal data beyond administration will be subject to all the requirements of Data Protection Law.
4.1.2. Very limited third parties, such as business partners, suppliers and sub-contractors for the performance of any contract we enter into with them.
4.2. Additionally, we may disclose your personal information to third parties:
4.2.1. If we outsource any aspect of our business or systems, then we may disclose your personal data to our service provider(s).
4.2.2. In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
4.2.3. If we or a substantial part of our assets are acquired by a third party, in which case personal data held by us about our customers may be one of the transferred assets.
4.2.4. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of Trigger Group, our customers, or others. This may include exchanging information with other companies and organisations for the purposes of site security, fraud protection and credit risk reduction.
5. Legal Basis
Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The grounds applicable to the personal date to which this policy relates are:
5.1. Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, that is the ground on which we are processing that data;
5.2. Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data;
5.3. Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your fundamental rights and freedoms which require protection of your data override those legitimate interests (our legitimate interests comprise the management, marketing and promotion of our business, products and services, and the provision of our services when you are at our premises);
5.4. If you have given your consent to our processing the data, that is the basis on which we are processing that data. If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the one that is set out first above.
Special categories of personal data If you provide us with any special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences, it is a condition of us receiving that information that you expressly consent (and you hereby do) to us processing that personal data for the purposes set out in clause 3. Accordingly, if you do not want us to process any such categories of personal data, please do not provide it to us.
6. How and Where Do You Store or Transfer My Personal Data?
We will only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Length of Data Storage
Our policy is to ensure that personal data is only stored for as long as is necessary for the purposes set out at section 3 above. This may vary according to the type of information and the specific applicable purpose(s). We have a detailed data retention and destruction policy which governs the length of time for which we hold your data in personally identifiable form. The timing of our retention, anonymisation and/or destruction of your personal data is determined according to the criteria set out in that policy. We can provide you with relevant details applicable to your data on request – please see part 11 below as to how to request this information.
8. Can I Withhold Information?
You may access certain areas of Our Site without providing any personal data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
9. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 12. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding. We will respond to your subject access request within 28 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
10. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details: Email address: firstname.lastname@example.org
1. Definitions and Interpretation
2. Information About Us
2.1. Our Site is owned and operated by Trigger Group Limited, a limited company registered in England under company number 12045663 of 131 Finsbury Pavement, London EC2A 1NT.
2.2. Our VAT number is 340604535.
2.3. Our Data Protection Officer is Gemma Steffensen, and can be contacted by email at email@example.com.
3.2. All Cookies used by and on Our Site are used in accordance with current Cookie Law. We may use some or all of the following types of Cookie:
3.2.1. Strictly Necessary Cookies A Cookie falls into this category if it is essential to the operation of Our Site, supporting functions such as logging in, your shopping basket, and payment transactions. 3.2.2. Analytics Cookie It is important for Us to understand how you use Our Site, for example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information, helping Us to improve Our Site and your experience of it. 3.2.3. Functionality Cookies Functionality Cookies enable Us to provide additional functions to you on Our Site such as personalisation and remembering your saved preferences. Some functionality Cookies may also be strictly necessary Cookies, but not all necessarily fall into that category. 3.2.4. Targeting Cookies It is important for Us to know when and how often you visit Our Site, and which parts of it you have used (including which pages you have visited and which links you have visited). As with analytics Cookies, this information helps us to better understand you and, in turn, to make Our Site and advertising more relevant to your interests. Some information gathered by targeting Cookies may also be shared with third parties. 3.2.5. Persistent Cookies Any of the above types of Cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit Our Site. 3.2.6. Session Cookies Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit Our Site until you close your browser. Session Cookies are deleted when you close your browser.
3.3. Cookies on Our Site are not permanent and will expire after two years.
3.5. For more specific details of the Cookies that We use, please refer to the table below.
4. What Cookies Does Our Site Use?
4.1. The following first party Cookies may be placed on your computer or device:
Name of Cookie Purpose & Type Necessary _ga Used to distinguish users Yes _gid Used to distinguish users Yes _gtag Used to distinguish users Yes nextauth.message Account authentication Yes __Secure-next-auth.callback-url Account authentication Yes __Secure-next-auth.session-token Account authentication Yes __Host-next-auth.csrf-token Account authentication Yes
4.2. The following third party Cookies may be place on your computer or device:
Name of Cookie Purpose & Type Necessary atreemo_token authenticating API calls Yes
4.3. Our Site uses analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling Us to better understand how Our Site is used. This, in turn, enables Us to improve Our Site and the services offered through it. You do not have to allow Us to use these Cookies, however whilst Our use of them does not pose any risk to your privacy or your safe use of Our Site, it does enable Us to continually improve Our Site, making it a better and more useful experience for you.
4.4. The analytics service(s) used by Our Site use(s) analytics Cookies to gather the required information.
4.5. Our site uses Facebook and Instagram analytics. These are targeting cookies which allow us to place advertising content onto Facebook that is relevant to you based on your browsing patterns on our website. This information is never connected to your profile and it is always anonymous. You can read more and change your preferences on Facebook here: https://www.facebook.com/policies/cookies/ You can control and opt-out of Facebook adverts and other third-party cookies here: https://www.youronlinechoices.com/uk/your-ad-choices
4.6. Our site uses content manager services provided by GraphCMS. The cookies used by Graph can be found here: https://graphcms.com/privacy
5. Consent Control
5.1. Before Cookies are placed on your computer or device, you will be shown a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Site may not function fully or as intended.
5.2. In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
5.3. The links below provide instructions on how to control Cookies in all mainstream browsers:
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
- Microsoft Internet Explorer: https://support.microsoft.com/en-us/kb/278835
- Microsoft Edge: https://s upport.microsoft.com/en-gb/products/microsoft-edge (Please note that there are no specific instructions at this time, but Microsoft support will be able to assist)
- Safari (macOS): https://support.apple.com/kb/PH21411?viewlocale=en_GB&locale=en_GB
- Safari (iOS): https://support.apple.com/en-gb/HT201265
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-Cookies-website-preferences
- Android: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en (Please refer to your device’s documentation for manufacturers’ own browsers)
7. Further Information