The Pembroke's website ("Site") is operated by 6-7 Grosvenor Place Club Limited (registered in England and Wales with company number: 15901757) ("The Pembroke", "we," "us" and/or "our"). Our registered address is 7 Albemarle Street, London, United Kingdom, W1S 4HQ. You can contact us as indicated under the "Contact" section below.
The data controller responsible for your personal data is 6-7 Grosvenor Place Club Limited with whom you contract as a customer, member or membership applicant.
We take the privacy of applicants and our members and their guests very seriously. If you do have any questions or concerns regarding this policy or how we may use your personal data then please do contact us as described in the “Contact” section below and we will endeavour to address this.
2. What this privacy policy is for
This privacy policy (“Privacy Policy”) applies to personal data that we collect from you as a user of this Site or as a membership applicant, member or customer ("you" or "your" being interpreted accordingly). It provides information on what personal data we collect, why we collect the personal data, how it is used and the lawful basis on which your personal data is processed, and what your rights are under the applicable data protection and privacy laws in the UK, including the Data Protection Act 2018, the UK GDPR (within the meaning under the UK Data Protection Act 2018) and the Privacy and Electronic Communications Regulations 2003 as amended from time to time.
'Personal data' as used in this Privacy Policy means any information that relates to you from which you can be identified.
By using our Site or submitting your personal data you are taken to accept the terms of this Privacy Policy, so please read it carefully.
3. Personal data we collect
We collect the following personal data about you:
Membership Application: The personal details you provide when submitting a membership application. This includes your [name, address, e-mail address; business address and phone number; gender and date of birth; country; a picture of yourself; information about your work and other information that you elect to provide to support your application]. [If you are under 30 years old, we will require you to attach to your application a copy of your passport, driver's license or birth certificate in order to allow us to verify whether you are eligible to the reduced under 30 years membership fee, pursuant to the Pembroke's Club Rules (available )]. We may also collect information about your payments to our payment service providers, that we require for the purpose of recording and processing your membership application (and administering your membership). For further details please also refer to the section below headed "Payment Information".
Reservation Information: Guest information, such as your first and last name, email address, billing and payment information (for further details please also refer to the section below headed “Payment Information”). Personal data collected in relation to reservations will be processed in accordance with a privacy policy provided at the time of requesting a reservation so please ensure that you read our privacy notice on the reservation website that we may provide to you when we collect or process your personal data.
Financial Information: Wherever possible, for any payment requirements you will be encouraged to use our secure third party payment provider which is currently Stripe (for further details please also refer to the section below headed “Payment Information”). We endeavour not ourselves to directly receive or retain any debit/credit card and bank account information provided by you. However, in the event that you do provide this information to us, we may process this data for the purpose for which it was provided by you or on your behalf and retain this for as long as is reasonable required to do so and to confirm that this processing has been successful. We will endeavour to permanently destroy this Financial Information once this has been confirmed.
Other Information: Personal details you choose to give when corresponding with us by phone or e-mail, participating in user/customer/member surveys or otherwise visiting and interacting with this Site or any other websites we operate, and personal data that you provide to us when you visit one of our clubs or other premises. We can also combine personal data that you provide to us with other information we collect about you when you make a reservation through third-party services such as online restaurant-reservation or travel fare aggregator websites, as necessary to process your requests.
4. Automatically collected personal data
Log Data: When you visit our Site, our servers record information (“log data”), including information that your browser automatically sends whenever you visit the Site. This log data includes your Internet Protocol (“IP”) address (from which we understand the country you are connecting from at the time you visit the Site), browser type and settings, the date and time of your request.
Our Site uses cookies (small text files placed on your device) and similar technologies to distinguish you from other users. This is to provide you with a good user experience when you browse our Site and allows us to improve its features. For detailed information on the cookies and similar technologies we use, please see our Cookie Policy.
5. Where your personal data is stored
Some of your app specific data will be stored on 'PostgreSQL' a secure data base management system which is used extensively in apps. However, most of your personal data will be stored in 'PeopleVine', a cloud-based customer relationship management platform. PeopleVine is a GDPR compliant two-sided secure platform, their Privacy Policy can be found here.
6. How we use your personal data
We use your personal data in the following ways:
To acknowledge, confirm and deal with your membership application (and where necessary put you on our waiting list). Such use of your data is necessary in order to implement your request to become a member.
Where you are a member, provide you with membership services, administer your membership account and contact you regarding your use of the services. Such use is necessary to respond to or implement your request and for the performance of the contract between you and us.
To complete and fulfil your reservation and stay, for example, to process your payment, ensure that your room is available, and provide you with related customer service, including sending confirmations or pre-arrival messages, assist you with meetings, events or celebrations. Such use is necessary for the performance of the contract between you and us.
To contact you in connection with user/customer/member surveys and to provide postal communications about us and our services which we think will be of interest to you and to use any information you choose to submit in response, provided that you gave us your consent to being contacted in this way at the time you provided us with the personal data. As necessary for certain legitimate business interests, which include the following:
Where we are asked to deal with any enquiries or complaints you or your guests may make.
To administer our Site, to better understand how visitors interact with our websites and ensure that our Site is presented in the most effective manner for you and for your computer/device.
To conduct analytics to inform our marketing strategy and enable us to enhance and personalise the experience we offer to our members and our communications, including by creating customer or member profiles to enable personalised direct marketing communications.
If you ask us to delete your data or to be removed from our marketing lists and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing.
To share personal data among our affiliated businesses for administrative purposes only, such as where they are assisting us in providing our membership services or our sales and marketing activities.
We may anonymise, aggregate and de-identify the data that we collect and use such anonymised, aggregated and de-identified data for our own internal business purposes, including sharing it with our current and prospective members, business partners, our affiliated businesses, agents and other third parties for commercial, statistical and market research purposes, for example to allow those parties to analyse patterns among groups of people, and conducting research on demographics, interests and behaviour.
For internal business/technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep our Site, network and information systems secure.
In order to:
Comply with legal obligations;
Respond to requests from competent authorities;
Enforce our Club Rules;
Protect our operations or those of any of our affiliated businesses;
Protect our rights, safety or property, and/or that of our affiliated businesses, you or others;
Enforcing or defending legal rights or preventing damage.
We may use your personal data for other purposes which you have consented to at the time of providing your data unless you subsequently notify us that you withdraw that consent, following which we will stop using that data unless otherwise permitted to do so under this Privacy Policy.
As used in this Privacy Policy, “legitimate interests” means the interests of The Pembroke in conducting and managing our organisation. When we process your personal data for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate interests do not automatically override your interests. We will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object at any time to processing of your personal data that is based on our legitimate interests, on grounds relating to your particular situation (for more information on your rights, please see “Your Data Protection Rights” section below).
7. Disclosure of your personal data
We may share your personal data with third parties in the following situations:
Service Providers: The Pembroke, like many businesses, sometimes hires selected third parties who act on our behalf to support our operations, such as (i) card processing or payment services (see the section below headed “Payment Information”), (ii) credit reference agencies to protect against possible fraud, (iii) IT suppliers and contractors (e.g. data hosting providers or delivery partners) as necessary to provide IT support and enable us to provide membership services and other goods/services available on this Site or to members, (iv) web analytics providers, (v) providers of digital advertising services and (vi) providers of CRM, marketing and sales software solutions. Pursuant to our instructions, these parties may access, process or store your personal data in the course of performing their duties to us and solely in order to perform the services we have hired them to provide. We can, on request. provide further details of our current and historical providers who may receive or have received your personal data for such purposes.
Business Transfers: if we sell our business or all or a material part of our company assets are acquired by a third party, personal data held by us about our members, membership applicants or customers may be one of the transferred assets.
Administrative and Legal Reasons: if we need to disclose your personal data (i) to comply with a legal obligation and/or judicial or regulatory proceedings, a court order or other legal process. (ii) to enforce the Club Rules or other applicable contract terms that you are subject to or (iii) to protect us, our members, membership applicants, or contractors against loss or damage. This may include (without limit) exchanging information with the police, courts or law enforcement organisations.
8. Payment information
Any credit/debit card payments and other payments you make through our Site or in connection with your use of our services, including but not limited to payment for room hire deposits and pre-ticketed event payments, will be processed by our third-party payment provider, 'Stripe', and the payment data you submit will be securely stored and encrypted by our payment service providers using up to date industry standards. Stripe's Privacy Policy can be found here. Please note that we do not ourselves directly process or store the debit/credit card data that you submit except in limited circumstances as described under 'Financial Information' above.
We may arrange that card or payment data you submit in support of a membership application or subscription fee is, where appropriate (such as where you have asked us to set up a standing order, direct debit or other repeat payment arrangement), stored by our third-party payment provider for the purpose of processing your application, initiating your membership and collecting your subscription fees if your initial application is successful (or if you are put on to a membership waiting list, please note that this data may be stored for later use to initiate your membership and subscription).
If we do receive and hold any Financial Information ourselves, we will store this data in accordance with our legal obligations under applicable law and only for so long as legally permitted.
You may choose to opt out of having any Financial Information retained in accordance with this Privacy Policy although this means that you will need to re-supply us or our third party payment provider with card/payment details to initiate your membership subscription fee or for the purpose of making any future purchases.
9. Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions or as they are obliged to do by law, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. Your data protection rights
We will keep your personal data only for as long as is reasonably necessary for the purposes outlined in this Privacy Policy, or for the duration required by any legal, regulatory, accounting or reporting requirements, whichever is the longer. In particular, we retain membership records for 6 years after expiration or termination of your membership. We retain information submitted (membership records) through the Site and the other websites we operate for 6 years following account closure or contact with you, as applicable. And other information for a maximum of one year. When you consent to receive marketing communications, we will keep your data until you unsubscribe.
To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process your personal data, applicable legal requirements or operational retention needs, and whether we can achieve those purposes through other means.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.
11. Your personal data protection rights
Certain applicable data protection laws give you specific rights in relation to your personal data. In particular, if the processing of your personal data is subject to the GDPR, you have the following rights in relation to your personal data:
Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details such as the purpose of the data processing. If you require additional copies, we may need to charge a reasonable fee.
Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to erasure: You may ask us to delete or remove your personal data, such as where our legal basis for the processing is your consent and you withdraw consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data with so you can contact them directly. We may continue processing personal data where this is necessary for a legitimate interest in doing so, as described in this Privacy Policy.
Right to restrict processing: You may ask us to restrict or 'block' the processing of your personal data in certain circumstances, such as where you contest the accuracy of the personal data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to data portability: You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will provide you with your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to object: You may ask us at any time to stop processing your personal data, and we will do so:
if we are relying on a legitimate interest to process your personal data unless we demonstrate compelling legitimate grounds for the processing;
If we are processing your personal data for direct marketing.
Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to withdraw your consent.
Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the UK data protection authority (the Information Commissioner's Office or ICO), or, as the case may be, any other competent data protection authority of an EU member state that is authorised to hear those concerns (you may find EU Data Protection Authorities' contact information here).
If you wish to exercise any of these rights please contact us as described in the “Contact” section below. We may also need to ask you for further information to verify your identity before we can respond to any request.
12. Fees
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
13. What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
14. Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
15. Changes to our privacy policy
Any changes we may make to our Privacy Policy in the future will be posted on this page. Please check back frequently to see any updates or modifications. If required by the applicable law, we will notify you of any material or substantive changes to this Privacy Policy.