Dolphin Square Ltd and Dolphin Square Estates Ltd (“Dolphin Square”, “we”, “us” or “our”) are committed to protecting and respecting the privacy of its, guests, customers and potential customers (“Visitors”), tenants, employees of its partners, suppliers and contractors on its Premises and/or Website (“you” or “your”, as the context requires) and is committed to protecting your personal data.
1. IMPORTANT INFORMATION AND WHO WE ARE
2. THE DATA WE COLLECT ABOUT YOU
3. HOW YOUR DATA IS COLLECTED AND HOW WE USE YOUR DATA
3.1 Visiting our Premises
3.2 Visiting our Website
3.3 Staying at Dolphin House
3.4 Using the Spa
3.5 Visiting our Fitness Club
3.6 When you are a resident of Dolphin Square
3.7 Using our conference facilities
3.8 Presenting our company to you and/or sending marketing to you
5. DISCLOSURES OF YOUR DATA
6. INTERNATIONAL TRANSFERS
7. DATA RETENTION
8. YOUR LEGAL RIGHTS
1. IMPORTANT INFORMATION AND WHO WE ARE
Our Website nor any of our Products and Services are intended for children although children are residents of Dolphin Square and use our Fitness Club (providing there is adult supervision).
Dolphin Square Ltd is the controller and responsible for the Website, Premises, supplying the Products and Services and your personal data. The Dolphin Square Estate Ltd is the entity that enters into tenancy agreements.
1.3 Data protection manager
1.4 Contact details
Dolphin Square Ltd.
Email address: email@example.com
Postal address: Dolphin Square, London SW1V 3LX
You have the right to complain at any time to the Information Commissioner’s Office (ICO), which is the UK’s supervisory authority for data protection issues (www.ico.org.uk). However, we will always try to resolve your concerns so recommend that you contact us in the first instance before you approach the ICO.
This version was last updated in May 2018. Earlier versions can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and up-to-date. Please let us know if any of your personal data changes during your relationship with us.
1.6 Third party links and websites
Alternatively, you can reserve accommodation at Dolphin House, purchase vouchers for the Spa, visit our Fitness Club , view flats to let or make a reservation at our restaurant with third party providers. We do not control these third parties and are not responsible for their privacy policies.
2. THE DATA WE COLLECT ABOUT YOU
Personal data means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (for example, anonymous or aggregated data).
- Corporate Contact Data: name, email, place of business and professional qualifications.
- Dolphin House Guest Data: name, address, email, phone number, passport number (and if you are an overseas guest, your onward destination), nationality, car-registration and credit or debit card pre-authorisation slip. Any accessibility requirements or any special notes you ask us to record.
- Event Registration Data: name, email address, phone number and dietary requirements (if a meal will be provided at the Event).
- Fitness Club Registration Data: name, address, date of birth, current age, email address, contact number, direct debit details and bank account information together with a copy of valid passport or driving licence and utility bill or other proof of address.
- General Enquiry Data: name, email address, phone number (optional), information you provide to us in your enquiry.
- Guarantor Due Diligence Data: name, address, date of birth, nationality, gender, occupation, country of residence, a copy of your passport (which will include at least your passport number, place of birth, date of issue, data of expiry, issuing authority of passport), a copy of your national ID card, a copy of your driving licence.
- Guarantor Due Diligence Report Data: name, address, date of birth, nationality, gender, occupation, country of residence, a copy of your passport (which will include at least your passport number, place of birth, date of issue, data of expiry, issuing authority of passport), a copy of your national ID card, a copy of your driving licence, a pass or fail result and/or a reference number of the report.
- Guest ID Data: is the data shown on a particular form of photo ID which includes name, address, date of birth, ID number date of issue, data of expiry, and issuing authority of the ID.
- Hotel Booking Data: Name of payment cardholder, name of guest, contact email address, phone number, travel agent details, names of guests.
- Incident Claim Data: claimant’s name, signature, address, email address, phone number, date of birth, national insurance number, medical information (including if attended hospital, information of any rehabilitation, time taken off work, funding arrangements) and information about the Incident (including some information which we do not consider to be personal data, for example, the value of the claim).
- Incident Data: name, signature, address, phone number, age, information about the Incident (which may or may not be personal data depending on the Incident and if such information could identify you, for example, rare medical conditions).
- Incident First Aider Data: name, email address and phone number.
- Incident Witness Data: name, email address, phone number and witness statements.
- Lettings Expression of Interest Data: name, email address, phone number, current address.
- Marketing Subscriber Data: name, email address.
- Marketing Tracking Data: email address, received receipt of an email, read receipt of an email, number of opens of an email and/or date and time of first open.
- Services Apartment Booking Data: name, email address, telephone, employer.
- Spa Guest Data: name, address, contact number and any health contra-indications.
- Tenant ID Data: name, flat number, vehicle registration data (to the extent applicable), nominated person details, and bank account information (which will include the relevant bank account information that we request from you depending on where you are paying the funds from).
- Tenant Due Diligence: name, address, date of birth, nationality, gender, occupation, country of residence, a copy of your passport (which will include at least your passport number, place of birth, date of issue, data of expiry, issuing authority of passport), a copy of your national ID card, a copy of your driving licence a copy of any Visa that you hold.
- Tenant Due Diligence Report Data: name, address, date of birth, nationality, gender, occupation, country of residence, a copy of your passport (which will include at least your passport number, place of birth, date of issue, data of expiry, issuing authority of passport), a copy of your national ID card, a copy of your driving licence, a copy of any Visa that you hold, right to rent and a pass or fail result and/or a reference number of the report.
- Tenant Emergency Contact Information: name, address, next of kin, next of kin contact details
- Visitor Data: means depending on where you are visiting:
- Dolphin House: name, signature, car registration number, details of the payment card used to make the reservation
- Spa: name, email address, contact number.
- Fitness Club: name, membership number
- Restaurant:: name.
- Website Store Customer Data: name, address, email address and phone number (optional).
- WiFi Data: your device’s MAC address.
3. HOW YOUR DATA IS COLLECTED AND HOW WE USE YOUR DATA
We will only use your personal data when the law allows us to. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose please contact us. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation or as required by a regulatory or governmental authority.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending marketing communications to you.
- 3.1 Visiting our Premises
- 3.1.1. Visiting our Premises:
- If you are a visitor on our Premises you will be required to sign in at the relevant reception desk either in our visitor registration book or through one of the electronic sign in portals. We process your Visitor Data for the purposes of ensuring the safety and security of our employees and any other visitors attending our Premises.
- We process your Visitor Data in order to comply with a legal or regulatory obligation.
- 3.1.2. If you are involved in an Incident on our Premises:
- If you are a visitor on our Premises, and if you happen to be involved in an accident or you are injured (“Incident”), we have an obligation under health and safety legislation to record information about the Incident and we will do so by recording your Incident Data. This will include recording your Incident Data if you have suffered an Incident and recording the Incident Witness Data and the Incident First Aider Data of those that have been involved in the Incident, whether to support the person suffering the Incident or otherwise.
- If you suffer an Incident you may seek to make a claim against us. In the event that you do, we will process your Incident Data, the Incident Witness Data and the Incident First Aider Data in order to process and respond to your claim in accordance with our legal and regulatory obligations to do so.
- We process Incident Data, Incident Witness Data and Incident First Aider Data in order to comply with a legal or regulatory obligation.
- 3.1.3. Using our WiFi while on our Premises:
- If you are a visitor on our Premises and you use our WiFi, you will be required to agree to our acceptable use policy that applies to your use of our WiFi. Please refer to these terms separately. We process your WiFi Data when you use our WiFi in order to perform the contract we have with you to provide you with WiFi. The WIFI is powered by HSO Limited our ISP provider.
- 3.2. Visiting our Website
- 3.2.1. Visiting our Website:
- 3.3. Staying at Dolphin House
- 3.3.1. Booking accommodation at Dolphin House:
- If you have made a reservation for your accommodation we process your Serviced Apartment Booking Data (that we may receive from the third party booking provider depending on whether you contacted us directly or through a third party) to secure your accommodation.
- We process your Serviced Apartment Booking Data for the performance of a contract we have directly with you to provide you with serviced apartment accommodation.
- 3.3.2. Prior to your visit to Dolphin House;
- We may contact you prior to your stay with us to advise you of any events taking place and to welcome you in advance to make the check-in process as smooth as possible. After your visit, in the event you have raised a complaint or issue or have lost property we will contact you to discuss this.
- We have a legitimate interest to process this data to improve our check in process or improve our Products and Services.
- 3. Staying at Dolphin House Serviced Apartments
- Upon check-in we process your Dolphin House Guest Data in order to confirm your reservation and in order to provide you with your accommodation, and any associated services you have booked during your stay.
- We process your Dolphin House Guest Data for the performance of the contract we have with you.
- In order to comply with a legal or regulatory obligation we process full name and nationality of UK, Irish or Commonwealth citizens, and for all other citizens the passport number and place of issue (or other document showing identity and nationality) and the details of the next destination at the time of checking in to Dolphin House.
- In the event you have any accessibility requirements or other special requirements due to your health you may provide these to us in advance in order that these can be accommodated.
- We process any data in relation to your health only to accommodate your requirements during your stay at Dolphin House and these are shared only to the extent necessary for these requirements to be accommodated.
- We process your requirements based on accessibility or health in order to comply with a legal or regulatory obligation.
- 3.4. Using the Spa
- 3.4.1. When you receive a treatment at the Spa:
- If you book an appointment with us we will ask you for your Visitor Data (Spa). We will process this to make your reservation at the Spa and to send you a reminder of your appointment. At the time of booking the appointment you can elect to receive the reminder either by email or SMS.
- It is in our legitimate interests to process your Visitor Data (Spa) at the time of the reservation and prior to your appointment to send you a reminder that you have your appointment with us.
- When you visit the Spa to receive a treatment we process your Visitor Data (Spa) to confirm your booking, and your treatment. Your Spa Guest Data is processed by the Spa Mentor and a Spa Therapist providing your treatment in order to ensure there are no health reasons that would prevent us from providing the treatments.
- We process Visitor Data (Spa) and your Spa Guest Data for the performance of the contract we have with you to provide a spa treatment.
- 3.4.2. Purchasing Products from us from via our Website store:
- We sell vouchers on our Spa website; if you wish to purchase any vouchers from our Website store please visit: https://www.dolphinsquare.co.uk/spa/spashop/
- If you choose to purchase any vouchers from our Website store, we will process your Website Store Customer Data in order to facilitate the purchase of such vouchers and the delivery of the merchandise to you or your nominated third party. We do not process any debit or credit card information when you purchase any merchandise from our Website store, we rely on a third party payment processor, who does not share your debit or credit card information with us.
- We process your Website Store Customer Data for the performance of the contract we have directly with you to deliver to you the vouchers you have purchased from our Website.
- 3.5. Visiting our Fitness Club
- 3.5.1. Visiting as a member of the Fitness Club
- If you join our Fitness Club as a member and in order to complete the registration process, we require you to provide your Fitness Club Registration Data in order to: complete the registration and sign up process for the Fitness Club, to produce a membership card and to take payment of the applicable membership fees.
- We process your Fitness Club Registration Data for the performance of the contract we have directly with you to use the Fitness Club.
- 3.5.2. Visiting as a Guest member of the Fitness Club
- If you attend the Fitness Club as a visitor we require you to provide Guest ID Data which we will take a copy of. The Guest ID Data n is required before we can grant access to the Fitness Club ( in accordance with out terms and conditions).
- It is in our legitimate interests to process your Guest ID Data for the purposes of verifying the identity of those people who use our Fitness Club on a guest only basis..
- 3.6. When you are a resident of Dolphin Square
- 3.6.1. Carrying out tenant due diligence prior to your tenancy beginning
- Prior to confirming a tenancy at Dolphin Square, we process your Tenant Due Diligence Data in order to carry out a credit check, verify your identity, your entitlement to be in the UK and to counter fraud.
- As a result of these checks we may receive a Tenant Due Diligence Report which we are required to assess to enable us to satisfy our legal and regulatory obligations in order to provide you with a tenancy.
- In the event a guarantor is required, we process the Guarantor Due Diligence Data to carry out a credit check, verify identity and entitlement to be in the UK of the Guarantor and to counter fraud.
- We have a legitimate interest to process and assess a Guarantor Due Diligence Report in order to determine the suitability of a prospective tenant and the guarantee offered.
- 3.6.2. During your tenancy
- Throughout your tenancy at Dolphin Square we process your Dolphin Square Tenant ID Data. We process this data during the term of the tenancy for both You and Us to comply with obligations contained in the tenancy agreement relating to monthly payment, maintaining your property, taking delivery of any parcels and verifying the cars parked in the Dolphin Square garages.
- We process your Dolphin Square Tenant Data to perform our contract with you to provide a tenancy arrangement.
- We ask that you obtain the consent of any name provided to us as a ‘Nominated Person’ before their name provided to us. We do not process ‘Nominated Person’ details for any other reason than to provide access to the ‘Nominated Person’ as set out in the Tenancy Information Pack.
- In the event you are a Nominated Person we require you to produce valid photographic ID for inspection and we then process your name and take a picture of you which is stored on our system. We process this and keep a copy of your name and photo only for the purposes of providing access on the basis of being a ‘Nominated Person’ and it is in our legitimate interests to do so in order to verify your identiy.
3.6.3 3.6.3. In an emergency
- If at any time during your tenancy we feel your safety or health is compromised we will process your Tenant Emergency Contact Information Data (if you have chosen to provide this to us) to contact them directly and we may share this with emergency organisations or NHS Trusts.
- If your personal data is provided to us as Tenant Emergency Contact Information Data then we will process this data only in the event that we need to contact you or provide it to emergency organisations or NHS Trusts in the event we feel the safety or health of the tenant who has provided your information to us is compromised. We do not process your data or provide it to third parties for any other reason.
- We rely on consent to process the Tenant Emergency Contact Information Data and we ask that you obtain the consent of the individual before providing them to us as a ‘Contact in the case of an emergency’.
- 3.7. Using our Conference Facilities:
- We host events throughout the year and require the conference organiser to provide us with any relevant accessibility or dietary requirements or allergies of attendees prior to attending the events.
- We have a legitimate interest to process your Event Registration Data for the purposes of ensuring the safety of attendees and to ensure that we provide any food that meets your dietary requirements.
- 3.8. Presenting our company to you and/or sending marketing to you
- 3.8.1. Submitting a general enquiry to us and subscribing to our marketing email news feed via our Website:
- You may subscribe to receive marketing from us when you submit your general enquiry to us. If you choose to subscribe to receive marketing from us when submitting a general enquiry to us, we process your General Enquiry Data to provide you with details of our Products and Services.
- We rely on your consent to process General Enquiry Data (where General Enquiry Data is used solely for the purposes of marketing our Products and Services). We may share your General Enquiry Data that is received when you subscribe to receive marketing from us at https:www.dolphinsquare.co.uk to any third parties provided you have given us consent to do so.
- Our Website offers live chat functionality. It is in our legitimate interests to process any personal data provided to us via our live chat functionality.
- 3.8.2. Receiving marketing from us following your register of interest in membership to the Fitness Club.
- When you visit our Fitness Club you may choose to receive marketing from us. We will note your General Enquiry Data and follow up with you with offers, promotions and details of membership.
- We rely on your consent to process Marketing Subscriber Data.
- 3.8.3. Receiving marketing from us following your register of interest in a rental property at Dolphin Square:
- When you register your interest in a property available to rent in Dolphin Square or more generally in upcoming lettings through our Website, via our social media channels or through adverts placed on third party websites we will record your Lettings Expression of Interest Data in our marketing database.
- We have a legitimate interest to process your Lettings Expression of Interest Data for the purposes of contacting you in relation to your enquiry and sending marketing to you where such marketing is in respect of similar products or services. Business-to-business marketing:
- We may send marketing material to employees of letting agents, hotel booking sites, travel agents, media partners social media and digital marketing agencies and public relation companies “Corporate Third Parties”). We do so to work with our Corporate Third Parties for a common purpose of promoting our company and our Products and Services to our customers. Our media partners work with us to promote our company and our Products and Services to our customers.
- In these circumstances, we process your Corporate Contact Data in order to be able to send such marketing materials to you.
- We have a legitimate interest to process your Corporate Contact Data for the purposes of promoting our company and our Products and Services.
- 3.8.4. Analysing the effectiveness of our marketing activities:
- We may process your Marketing Tracking Data for the purposes of analysing the number of individuals that read our marketing communications. We may correlate your Marketing Tracking Data with your General Enquiry Data for the purposes of carrying out further analysis of the effectiveness of our marketing activities, including to assess reader rates.
- We rely on your consent to process your Marketing Tracking Data to analyse the effectiveness of our marketing activities.
- 4. COOKIES
We use the cookies on our Website. We rely on your consent to process cookies. Please refer to our Cookies Policy on our Website for more details.
If you want to delete any cookies that are already on your computer, please refer to the help and support area on your Internet browser for instructions on how to locate the file or directory that stores cookies. Information on deleting or controlling cookies is available at www.aboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Website. If you continue using our Website without changing your settings, we will assume that you are happy to receive all cookies on our Website.
To opt out of Google Analytics cookies across all websites, please visit: Google Analytics Opt-out Browser Add-on and for other third party cookies relating to behavioral advertising, please go to www.youronlinechoices.eu. Opting out does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted out will no longer deliver adverts tailored to your web preferences and usage patterns, so you may see a greater number of adverts that are irrelevant to you and your preferences.
We sometimes use third party service providers to collect information regarding how you use our Website or our Products or Services in order to support our marketing both on our Website and elsewhere on the internet. This information is collected in an anonymous format using a ‘pixel tag’ (also known as a ‘web beacon’) unless you choose to provide us with your Marketing Subscriber Data. None of your personal data is collected or used during this process. We do this to help inform our decision about how we market Dolphin Square’s Products and Services to others.
Third parties may also set cookies on our website in order to deliver the services that they are providing to us such as the pinterest, twitter, facebook and ‘share this’ button. We have no control over these and you should check the relevant third party websites for more information about these.
- 5. DISCLOSURES OF YOUR DATA
We may disclose your personal information to third parties as described below:
- As part of the Products and Services we provide to you, we may disclose personal information to third party facilities or maintenance staff;
- Where we are under a legal or regulatory obligation to disclose your information to UK government authorities, Westminster Council or other local government agencies, regulatory authorities, courts, tribunals, law enforcement agencies, emergency services or other healthcare staff;
- Third party service providers which provide us with services e.g. IT providers, analytics providers, AML and credit checking facilities, third party hotel, Fitness Club, spa and restaurant booking agents and letting agents;
- If Dolphin Square or substantially all of Dolphin Square’s asset are merged or acquired by third party, in which case your personal information may form part of the transferred or merged assets.
If you would like to receive a full list of our suppliers and other third parties who we share your data with them, you can get in touch with us using the details provided in the section Contact Us.
- 6. INTERNATIONAL TRANSFERS
We will not transfer your personal data outside of the European Union, except to selected third parties that we have instructed to help us provide our services to you.
Where such transfers are to a county outside the European Union, we rely on your consent, one of the European Commission’s adequacy decisions (for example, relying on a Privacy Shield certification where the transfer contains a US entity) or we will use reasonable efforts to put in place appropriate safeguards to cover transfers of your personal data including, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission. Please click here for a link to the standard contractual/data protection clauses and click here for more information about the Privacy Shield for US companies.
If there are any other circumstances (for example where we are not processing your personal data for the provision of the Services) which would require us to transfer your personal data outside of the UK, we will seek your consent to transfer your personal data outside of the UK unless a legal or statutory requirement prevents us from doing so. In the event of such a transfer, where applicable, we will put appropriate safeguards in place to cover transfers of your personal data including, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission, or where applicable, relying on a Privacy Shield certification where the transfer contains a US entity.
If you would like further information, please contact us at firstname.lastname@example.org
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
As a result of us collecting and processing your personal data, you have the following legal rights:
- to access personal data held about you;
- to request us to make any changes to your personal data if it is inaccurate or incomplete;
- to request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances;
- to receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is based on: (i) your consent; (ii) our necessity for performance of a contract to which you are a party to; or (iii) steps taken at your request prior to entering into a contract with us and the processing is carried out by automated means;
- to object to, or restrict, our processing of your personal data in certain circumstances;
- if we use your personal data for direct marketing, you can ask us to stop and we will comply with your request;
- if we use your personal data on the basis of having a legitimate interest, you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;
- to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and
- to lodge a complaint with a data protection supervisory body, which is the ICO.
To exercise any of your rights set out above, including to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us at General Manager, Dolphin Square, London SW1V 3LX.
- let us have enough information to identify you (e.g. name and email address);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know the information to which your request relates, including any account or reference numbers, if you have them.
If you would like to unsubscribe from any marketing communication you can also click on the ‘unsubscribe’ button at the bottom of the marketing communication. It may take up to 30 days before you are removed from our marketing database.