1.1 This privacy notice (Privacy Notice) sets out the ways in which we, CityLounge Ventures Limited trading as Central Working (Central Working, we, us, our), collect and use your personal data (your personal information) in connection with our business. It also explains what rights you have to access or change your personal data.
1.2 In this privacy notice, the capitalised terms below have the following meanings:
1.2.1 Member: a person who has subscribed to one of the membership packages we offer;
1.2.2 Partner: one of our copororate sponsors;
1.2.3 Premises: one of the UK-wide Central Working premises managed and operated by us.
2. ABOUT US
2.1 We are a company registered in England under company number 07218028 with our registered
address as set out below.
2.2 You can contact us as follows:
Address: Citylounge Ventures Limited 124 Finchley Road,
London, England, NW3 5JS
Email: [email protected]
INFORMATION WE MAY COLLECT ABOUT YOU
2.3 Information that you provide to us.
2.3.1 We will collect any information that you provide to us when you:
(a) are making an enquiry provide feedback or make a complaint over the phone, by email or on our website;
(b) submit correspondence to us by post, email or via our website;
(c) apply to become a Member;
(d) apply to become a Partner;
(e) enter and use the services available on our Premises, including our car parks where applicable;
(f) subscribe to our newsletter and mailing lists;
(g) fill in a form, respond to surveys, participate in promotions or use any other features of the website or our services;
(h) submit reviews and comments in person, by telephone, by email or on the website;
(i) update your membership or Partner details;
(j) ‘follow’, ‘like’, post to, or interact with us on our social media accounts, including Linkedin, Twitter and Facebook;
(k) register to and/or attend our events; and
(l) submit an application to a job vacancy or attend an interview or assessment for a job vacancy.
2.3.2 The information you provide to us might include:
(a) Identity and contact data: title, names, addresses, email addresses, phone numbers and a photgraph;
(b) Member profile data: if you’re registering as a Member you may also provide job title/position, and information to aid our ability to seek to make new networking connections to grow your business;
(c) Financial data: if you are booking our services, purchasing a membership, or applying to become a Partner or applying for a one-off partnership opportunity you will also provide payment details, which may include billing addresses, credit/debit card details and bank account details;
(d) Employment and background data: if you are submitting a job application, you may also provide additional information about your academic and work history, projects and research that you are involved in, references and any other such similar information that you may provide us; and
(e) Survey data: from time to time we might ask if you would be willing to participate in our surveys and the surveys of our partners; if you agree, we will also collect any information that you provide as part of that survey.
2.4 Information we collect about you:
(a) Information contained in correspondence: We will collect any information contained in any correspondence between us. For example, if you contact us using the contact form on our website or by email or telephone, we may keep a record of that correspondence;
(b) Imagery: We may capture images of you when we take photographs or film the Premises from time. We will use our best endevours to provide you with reasonable notice in advance by notice at the Premises whenever such filming or photography will take place;
(c) CCTV, ANPR and swipecard data: We collect information about you through CCTV footage which operates at the Premises, through an ANPR camera installed in our car park at The Bradfield Centre, Cambridge and by other electronic means such as swipecard records which provides information about your access to our Premises including the frequency and location;
(d) Payment and transactional data: We will collect information related to your transactions with us, including the date and time, the amounts charged and other related transaction details;
(e) Website usage and technical data: We will also collect certain information about how you use our website and the device that you use to access our website. This might include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), the data transmitted by your browser (such as your IP address, date and type of the request, content of the request regarding the specific site, time zone settings, access status/HTTP status code, volume of data transmitted, browser type and version, language settings, time zone settings referral source, length of visit to the website, date and time of the request, operating system and interface) number of page views and similar information. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read paragraph 6 below.; and
2.4.2 We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2.5 Information we receive from third parties
2.5.1 In certain circumstances, we will receive information about you from third parties. For example:
(a) Members and Partners: we may receive personal information from other Members and Partners, who may be based inside or outside the EU, for example information relating to introductions we have facilitated, transactions and/or correspondence between Members and Partners;
(b) Fraud detection agencies: where permitted or required by law, we may receive information about you, including demographic data or fraud detection information from third party service providers and/or partners who may be based inside or outside the EU;
(c) Employers, recruitment agencies and referees: if you are a job applicant we may contact your recruiter, current and former employers and/or referees, who may be based inside or outside the EU, to provide information about you and your application;
(d) Service providers: we may collect personal information from our website developer (Make us Proud), IT support provider, marketing dashboard service provider (Geckoboard) payment services provider, and event management provider (Eventbrite), website analytics service provider (Hotjar and Google Analytics) and marketing services provider (MailChimp)and Visitor Registration software (Envoy) who may be based inside or outside the EU;
(e) Website security: we will collect information from our website hosting service partner (Make us Proud) who is based in the UK , about any misuse to the website, for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful;
(f) Social media plugins: we currently use social media plugins from the following service providers who are based both inside and outside the EU: Facebook, Twitter, Instagram and LinkedIn. By authorising your social media account details you are authorising that third-party provider to share with us certain information about you; and
(g) Publicly available sources: we currently use publicly available sources such as Companies House, LinkedIn, and Crunchbase for instance to carry out identity and compliance checks.
2.5.2 We might also receive information about you from third parties, such as an organizer of an event hosted at our Premises, if you have indicated to such third party that you would like to hear from us.
3. HOW WE USE INFORMATION ABOUT YOU AND RECIPIENTS OF YOUR INFORMATION
3.1 We will use your information for the purposes listed below either on the basis of:
3.1.1 performance of your contract with us and the provision of our services to you;
3.1.2 your consent (where we request it);
3.1.3 where we need to comply with a legal or regulatory obligation; or
3.1.4 our legitimate interests (see paragraph 4.3 below).
3.2 We may use your information for the following purposes:
3.2.1 To provide access to our website: to provide you with access to our website in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);
3.2.2 To provide access to the Premises and to monitor your use if you are a Member: to provide you with access to our Premises and other services whilst ensuring the security of our Premises (on the basis of performing our contract with you and our legitimate interests in securing the Premises). If you are a Member we also monitor your use of our Premises through the data supplied by your accesscard to ensure your use is inline with the number of hours available to you under the terms of your membership (on the basis of our legitimate interests in managing your membership allowance);
3.2.3 To register you as Member: when you apply to become a Member, we will use the details provided on your membership form (on the basis of performing our contract with you);
3.2.4 To facilitate introductions with other Members or Partners (Connections): we view it as a key part of our service that we are able to make useful Connections for you and your business. We will use the information you have provided (such as your name, contact details and job/title (if applicable)) to facilitate Connections, unless you ask us not to (on the basis of our legitimate interest in providing an effective and high quality networking service for our Members);
3.2.5 To process and facilitate transactions with us: we will use your information to process transactions and payments, and to collect and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover debts due);
3.2.7 User and customer support: to provide customer service and support (on the basis of our contract with you), deal with enquiries or complaints about the website, Premises or our services and share your information with our website developer, IT support provider, payment services provider, building facilities manager as necessary to provide customer support (on the basis of our legitimate interest in providing the correct services and to comply with our legal obgliations);
3.2.8 Prize draws, competitions and surveys: to enable you to take part in prize draws, competitions and surveys (on the basis of performing our contract with you and our legitimate interest in studying how our website and services are used, to develop them and grow our business);
3.2.9 Recruitment: to process any job applications you submit to us including sharing this with our third party recruitment agency (on the basis of our legitimate interest to recruit new employees or contractors);
3.2.10 Marketing: to keep in contact with you about our news, events, new website features products or services that we believe may interest you, provided that we have the requisite permission to do so, and sharing your information with our email marketing services provider (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
3.2.11 Advertising: to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (on the basis of our legitimate interests in studying how our website/services are used, to develop them, to grow our business and to inform our marketing strategy);
3.2.12 Publicity: to promote our services and the Premises which may include photographs or films of the Premises in which you may appear. We may use such photographs or films in our printed and online publicity, social media and press releases (on the basis of our legitimate intrests in promoting our services);
3.2.13 Analytics: to use data analytics to improve our website, products/services, marketing, user experiences (on the basis of our legitimate interests in defining types of users of our website and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy);
3.2.14 Suggestions and recommendations: to share your information with selected third parties such as suppliers and Partners, to enable them to contact you with information about things that may interest you (where we have your consent to do so);
3.2.15 Research: to carry out aggregated and anonymised research about general engagement with our website, Premises, and services (on the basis of our legitimate interest in providing the right kinds of services to our users, Members and Partners);
3.2.16 Security and surveillance: to manage the security of our Premises via CCTV cameras installed on the Premises and, where applicable, an ANRP camera installed in our car park at The Bradfield Centre, Cambridge (on the basis of our legitimate interests to operate safe and lawful business and to ensure our car parking facilities are only used by authorised individuals);
3.2.17 Fraud and unlawful activity detection: to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and
3.2.18 Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
4.3 Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:
3.2.1 personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;
3.2.2 providing an effective and high quality networking service for our Members;
3.2.3 securing our Premises and managing your membership allowance;
3.2.4 provide you with marketing communications where we may lawfully do so;
3.2.5 promoting our services through publicity materials;
3.2.6 defining types of users of our website and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy;
3.2.7 providing the right kinds of services to our users, Members and Partners;
3.2.8 detecting and preventing fraud and operating a safe and lawful business; and
3.2.9 improving security and optimisation of our network, website and services.
3.3 Where we use your information for our legitimate interest, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your rights” in paragraph 9 below.
4. WHO WE MIGHT SHARE YOUR INFORMATION WITH
4.1 In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we may share your personal information with third parties such as:
4.1.1 Partners and collaborators: including event hosts and Partners based in the United Kingdom as described on http://centralworking.com/
4.1.2 Our service providers: Service providers we work with to deliver our business, who are acting as processors and provide us with:
(a) website hosting service provided by Make us Proud based in the UK;
(b) security and admission services in relation to our Premises supplied by RewardTech (Unifi.id), Avigilon based all based in the UK; Envoy visitor registration baded in the USA.
(c) IT, system administration and website security services provided by Make us Proud based in the UK;
(d) marketing and advertising services (including the Mailchimp, Eventbrite and Google Adwords service), analytics providers (including Hotjar Google Analytics) and marketing dashboard provider (Geckoboard) based in the UK and the USA;
(e) maps services (including Google Maps API), based in the USA;
(f) social media plugin services including Facebook, Twitter, Instagram and Linkedin based in the USA;
(g) payment services Xero (based in New Zealand) and Go Cardless (based in the UK);
(h) identity verification, fraud prevention and detection services based in the UK;
(i) banking services (Metro Bank) based in the UK;
(j) legal, accountancy, auditing and insurance services based in the UK; and
(k) recruitment service providers based in the UK.
4.1.3 Regulators and governmental bodies: HM Revenue & Customs, regulators, governmental bodies and other authorities acting as processors or joint controllers based in the UK,who require reporting of processing activities in certain circumstances;
4.1.4 Marketing parties: any selected third party that you consent to our sharing your information with for marketing purposes;
4.1.5 Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and
4.1.6 Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the United Kingdom and where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
4.2 We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.
5.1 Cookies are small amounts of information in the form of text files which we store on the device you use to access our website. Cookies allow us to monitor your use of the software and simplify your use of the website.
If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org. Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the website.
6. HOW WE LOOK AFTER YOUR INFORMATION AND HOW LONG WE KEEP IT FOR
6.1 We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
6.1.1 ensuring the physical security of our Premises;
6.1.2 ensuring the physical and digital security of our equipment and devices by using appropriate password protection;
6.1.3 maintaining a data protection policy for, and delivering data protection training to, our employees; and
6.1.4 limiting access to your personal information to those in our company who need to use it in the course of their work.
6.2 We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example,
6.2.1 we archive our email and paper correspondence regularly and destroy information older than 7 years;
6.2.2 we retain financial data including data relating to payments for 7 years;
6.2.3 we retain information relating to recruitment for maximum of 3 years;
6.2.4 the CCTV footage collected on our Premises is deleted after 90 days;
6.2.5 access swipecard data is deleted 30 days after you cease to be a Member or Partner; and
6.2.6 we maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes we must store this information permanently.
6.3 For further information about our data retention policy please contract us using the details at the top of this Privacy Notice.
7. HELP KEEP YOUR INFORMATION SAFE
7.1 You can also play a part in keeping your information safe by:
7.1.1 keeping your access cards secure and informing us if your card is lost or stolen as soon as possible;
7.1.2 not leaving your personal items unattended;
7.1.3 operating a clear desk policy when you have finished working;
7.1.4 being aware and considerate of others around you when taking calls. We provide Skype booths and phone pods at our Premises for added privacy;
7.1.5 letting us know if you suspect that someone is not authorised to access the Premises; and
7.1.6 being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in ‘@centralworking e.g. @centralworking.com’.
8. INTERNATIONAL TRANSFERS OF YOUR INFORMATION
8.1 Our company is located in the UK.
8.2 Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
8.3 Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implemented:
8.3.1 We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
8.3.2 Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, European Commission: Model contracts for the transfer of personal data to third countries; and
8.3.3 Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
8.4 Please contact us using the contact details at the top of this Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
9. YOUR RIGHTS TO THE INFORMATION WE HOLD ABOUT YOU
9.1 You have certain rights in respect of the information that we hold about you, including:
9.1.1 the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Notice;
9.1.2 the right to ask us not to process your personal data for marketing purposes;
9.1.3 the right to request access to the information that we hold about you;
9.1.4 the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
9.1.5 the right to withdraw your consent for our use of your information in reliance of your consent, which you can do by contacting us using any of the details at the top of this Privacy Notice;
9.1.6 the right to object to our using your information on the basis of our legitimate interests (or those of a third party)) and there is something about your particular situation which makes you want to object to processing on this ground;
9.1.7 the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances;
9.1.8 in certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you; and
9.1.9 the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence.
9.2 How to exercise your rights
9.2.1 You may contact us with the details at the top of this Privacy Notice if you wish to action any of these additional rights and we will comply with your requests unless we have a lawful reason not to do so.
9.2.2 Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications even when you have requested not to receive marketing communications
9.3 What we need from you to process your requests
9.3.1 We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
9.3.2 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. SHARING DATA DIRECTLY WITH THIRD PARTIES
10.1 You might end up providing personal information directly to third parties as a consequence of your interactions with our website and other services offered by us. For example, you may attend an event hosted by us where you communicate personal information directly with other attendees. We are not responsible for how such third parties use personal data provided by you.
10.2 Please be responsible with personal information of others when using our website and other services offered by us. We are not responsible for your misuse of personal information, or for the direct relationship between you and others when takes place outside of the website or our services.
11. THIRD-PARTY LINKS
11.1The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
12. CHANGES TO THIS PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
12.1 We may make changes to this Privacy Notice from time to time. We will post any changes to our
site, or notify you of any material changes by e-mail.
12.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by updating your profile account information or contacting us via the contact details at the top of this Privacy Notice.
This Privacy Notice was updated on 24 March 2018