1 Overview
The following Privacy Policy ("Policy") apply to any use by the customer ("Customer") of The Sussex Exchange Ltd ("TSE"), and should be read carefully before being accepted by the Customer when using our services either online via our thesussexexchange.co.uk ("Website"), by phone or in person when attending our venue.
This "Policy" describes the way in which "TSE" manages and processes the information and data you provide to us to enable us to manage our "Customer" relationship.
References stated within this "Policy" to "The Sussex Exchange", "TSE", "us", "we" or "our" relate to The Sussex Exchange. The Sussex Exchange is a striking, environmentally-friendly restaurant and conference venue on Queensway – at the border of Hastings & St Leonards and on the doorstep of the area’s main business estates. Our contemporary restaurant and bar has been designed to be an inspiring place to take a break from work, to entertain your clients – or to eat and drink for pleasure. We serve lunch, dinner, snacks and drinks. The Sussex Exchange is also a venue to hire for conferences, meetings, events, training sessions and special functions such as wedding receptions covering the methods in which your personal data is collected and the purposes in which your personal data is used by "TSE".
"Services" refer to any service offered by "TSE" to "Customers", we will process any personal information provided to us or otherwise held by us relating to you in the manner set out in this "Policy" or as held by us relating to you in the methods set out in this "Policy". Information may be provided via the "Website", telephone calls or any other means. This covers our Restaurant, Cinema, and Conferencing Suites.
"Employee" refers to individuals employed by "TSE" who work under a legally binding employment contract that requires them to agree and adhere to our terms and policies in relation to this "Policy".
By accepting this "Policy", you agree that you understand and accept the use of your personal information as set out in this policy. If you do not agree with the terms of this "Policy", please do not use the Website or otherwise provide us with your personal information.
Not only is your personal data protected by the high standards and efficient processes of TSE, it is also protected by the law. The GDPR legislation states we can only process your personal data when a genuine reason is present. It must be one of the following:
• Consent has been provided for processing
• When it is in the public interest, our legitimate interest or if it is your vital interest
• To fulfil any contract that we have with you or when we have a legal obligation
2 Data we hold
At "TSE", we process personal data to manage customer relationships while fulfilling consumer contracts while ensuring quality delivery of products and services. Customer accounts are created and managed to fulfil obligations through the use of personal data alongside monitoring of our systems to ensure prevention of data beaches and improper use. If you decide to not share your personal data with us then it could prevent us from fulfilling a contact, meeting legal obligations or providing the products/services offered.
When using our "Services" either online or by phone we will ask for specific information, this information may include the following (depending on the "Services" required):
Full Name
Telephone Number
Email Address
Credit/Debit card billing address
Business information
Registered business address
Business VAT registration details
Copies of relevant legal documentation
Telephone recordings
We will hold your data for a minimum amount of time in order to comply with the reasoning as stated within this policy and any relevant legal or regulatory obligations to which we have. In the event of technical reasons, your data may be kept longer if it cannot be deleted.
All connected telephone calls to our Head Office and "TSE" premises are recorded for security, training and monitoring purposes.
3 Data we process (but do not store)
Credit/Debit Card Information
We do not store credit or debit card information on our system(s), all billing information aside from billing address is processed by our third party provider "Worldpay Group Plc" and Payment Gateway provider "Sage Pay Europe Ltd".
Card data that is processed via our website is processed securely via secure SSL encryption. Card information taken by phone is entered by "Employees" directly into a handheld card terminal provided by "Payment Sense Ltd"
4 How we store data
We store data stated in [Section 2] in order to provide the following services:
Cinema Bookings
Restaurant Bookings & Services
Conferences & Events
Promotion & Mailing list(s)
All data is entered on to our system either by the "Customer" when placing bookings online or by "TSE" employees who access our system when talking directly to "Customers" by phone or in person. Depending on the "Services" provided this data is either stored in our secure local intranet server or secure remote server provided by "Fasthosts Ltd".
Local servers and I.T Infrastructure
Local data storage includes but not limited to: General administration, Booking & reservation services and basic I.T infrastructure, we operate all of our internal I.T systems with the latest software versions and updates, we also have relevant firewalls and anti virus systems in place to ensure that data is safe and secure on both our computers systems, till systems and servers.
Remote servers and I.T systems
Operation of our website(s) and some external systems for both data storage and processing of data are provided and maintained by third party providers, these systems are essential to the operation of the business for providing but not limited to: Internet access, Data Storage, Recording of telephone calls and General Administration, if you wish to see more details regarding the third parties which we use please refer to section [6].
5 How your data is handled within our organisation
Access to your information is limited to specific "TSE" employees at various levels, each level within our organisation has certain restrictions on the data available. As an organisation we design our systems and infrastructure to limit specific classes of staff members to your data depending on job description and services that they will need to provide, our data protection levels for staff fall under the following categories:
Level [1] Restaurant, Cinema, Reception & Conference Centre Staff
Level [2] Head Office Admin Staff
Level [3] I.T / Technical Staff & Higher Management
Level [1] "Employees" which include reception,restaurant and conference centre staff are able to access our systems but are only able to view limited customer information depending on the service being provided, this is often limited to customer name, contact number and email address in relation to a booking held on our system and can only be accessed after the customer has provided information such as booking reference numbers/and or confirmed parts of the data in order for the staff member to access said data for the following tasks:
Cinema Bookings
Restaurant Bookings & Services
Conference Bookings & Services
General Enquiries/Administration
Level [2] "Employees" have more access to our system and are able to access customer name, contact number, email address, address details, documentation and invoices for the following purposes:
Accounting & General Administration
Dealing with enquiries and complaints
Level [3] "Employees" have full access to data stored on our database in relation to customer information, billing address and all documentation that we hold, this information is used for:
Accounting & invoicing enquiries
Access to call recordings
Statistical analysis and technical issues with our system(s)
Managing our mailing list and promotions
At each level of our organisation our "Employees" are made fully aware of their responsibilities in regards to how they handle data, this includes relevant training and basic knowledge of handling data in relation to the service they are providing to our "Customers".
6 Third parties
In order to provide all the "Services" provided by "TSE" we must both use and share some of the personal information we store with third parties, sharing of data with third parties will only ever be done for the sole purpose of providing the agreed "Services" to our "Customers".
Although we have listed some of these providers in the previous sections of this policy, here is a more comprehensive list of providers with whom we may share both personal and non-personal data in order to provide both payment facilities and "Services" to our customers:
"Worldpay Group Plc" - (Personal data) processing of credit/debit card information via our website(s).
"Opayo Ltd (Formerly Sage Pay)" - (Personal data) processing of credit/debit card information via our website(s).
"Payment Sense Ltd" - (Personal data) processing of credit/debit card information in person and by phone
"Fasthosts Ltd" - (Non-personal data) for secure hosting & data storage
"The Rocket Science Group" - (Personal data) for email marketing purposes
"Hastings Borough Council" - (Personal data) due to licensing requirements
"Epos Now" - (Non-personal data) for I.T services
"Beaming Internet Ltd" - (Non-personal data) for I.T services
When using third party companies we are always sure to choose well known and reputable companies that have well founded data protection policies to ensure that our customers data is always safe and secure.
7 Data removal
"TSE" will always assist you if you choose to exercise your rights over your personal data which may include, withdrawal of previous granted consent at that specific point in time. This would not include previous consented processing. Access or correction to personal data which is stored or processed. No automated processing of personal data is conducted within the operations of "TSE".
As part of our data protection policy we are happy to remove any data held on our system(s), if you wish to request that your information is removed please send us a request in writing to: The Sussex Exchange Ltd, Innovation Centre, Highfield Drive, St. Leonards on Sea, East Sussex, TN38 9UH. Your data removal request will be processed within 5-7 working days and you will receive written confirmation of this action.
8 Policy updates
Moving forward, our "Policy" may be updated from time to time. If at any point this "Policy" is updated the date of said change will be clearly marked. We regret that if you were to decline the changes made to this "Policy" we may not be able to continue to provide "Services" to you in future.
You can contact us on (info@thesussexexchange.co.uk) if you have any concerns regarding this policy.
Policy last updated: 19/09/2021