Finsbury Park Privacy Policy

This Privacy Policy explains how Finsbury Park collects, uses, discloses and protects personal data relating to customers located in the Finsbury Park area. It is intended to meet the requirements of the United Kingdom General Data Protection Regulation and applicable data protection laws. By using our services, visiting our premises or interacting with us, you acknowledge that you have read and understood this Privacy Policy.

Scope and Data Controller

This Privacy Policy applies to all Finsbury Park customers in the surrounding area who use our services, visit our facilities, make enquiries, or otherwise interact with us, whether in person, by post, or through digital channels. Finsbury Park is the data controller in respect of the personal data covered by this Privacy Policy, which means we determine the purposes and means of processing that personal data.

Personal Data We Collect

We collect and process different types of personal data depending on how you interact with us. This may include identification and contact details such as name, postal address, billing address, and preferred contact method. It may also include transactional information such as records of services purchased, payment details processed through secure payment providers, invoices, and receipts.

We may collect usage and interaction information, for example details of visits to our premises, records of communications and enquiries, notes from customer service interactions, and information relating to any complaints or feedback. Where relevant, we may collect limited technical data such as IP address, device type, and general location information from your use of our online services, to support security and service quality.

In some cases, we may process special category data only where strictly necessary and permitted by law. This may include health or accessibility information you choose to provide to enable us to meet specific access needs or to ensure your safety while using our services or facilities. Such information is handled with additional care and safeguards.

How We Collect Personal Data

We obtain personal data directly from you when you complete forms, register for services, make a booking or purchase, contact us with queries, participate in events, or provide feedback. We may also collect personal data automatically when you visit our premises, use our online services, or communicate with us, for example through device and usage data.

In limited cases, we may receive personal data from third parties, such as payment providers, partners involved in delivering services to you, or public authorities. We only receive and use such data where it is necessary, lawful, and relevant to the services we provide to you.

Lawful Bases for Processing

We process your personal data only where we have a lawful basis under data protection law. The main lawful bases we rely on are the performance of a contract, where processing is necessary to provide you with services you have requested, manage your account, handle payments, bookings and reservations, and respond to your queries.

We may process personal data based on our legitimate interests in operating, improving, and protecting our services and facilities, for example maintaining security, preventing fraud, and understanding how customers use our services. Where we rely on legitimate interests, we balance our interests against your rights and expectations.

In some cases, we may rely on your consent, for example where we wish to send you certain types of marketing communications that are not based on an existing customer relationship or where we collect special category data for specific purposes. When processing is based on consent, you can withdraw your consent at any time.

We may also process personal data where it is necessary for compliance with a legal obligation, such as tax, accounting, or regulatory requirements, or for the establishment, exercise, or defence of legal claims. In rare circumstances, we may process personal data to protect your vital interests or those of another person, for example in emergencies.

How We Use Personal Data

We use personal data to provide and manage our services, including handling bookings, registrations, memberships, and payments, managing access to our premises, and delivering customer support. We also use personal data to communicate with you about your use of our services, respond to enquiries and complaints, and provide important updates about changes to our terms or this Privacy Policy.

We may use personal data to improve and develop our services, facilities, and customer experience, by analysing aggregated customer trends and feedback. We may also use contact details to send you information about services that are similar to those you have already used, where permitted by law and your preferences.

Personal data may be used to ensure the safety and security of our premises, systems, and staff, including the detection and prevention of fraud, misuse, or other harmful activities. Where necessary, we may use personal data to comply with legal obligations and cooperate with regulatory or law enforcement authorities.

Data Sharing and Processors

We may share your personal data with carefully selected service providers who act as data processors on our behalf. These processors may provide services such as payment processing, IT hosting and maintenance, communications services, data storage, and customer relationship management. We only share personal data that is necessary for these providers to perform their services, and we require them by contract to handle your data securely, confidentially, and in accordance with applicable data protection laws.

Where required, we may share personal data with professional advisers such as accountants, auditors, or legal advisers, and with public authorities, regulators, or law enforcement agencies when we are legally obliged to do so or when it is necessary to protect our rights or the rights of others.

If any data transfers outside the United Kingdom or European Economic Area become necessary, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or other lawful transfer mechanisms, to protect your personal data.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. The specific retention period for different categories of data depends on factors such as the nature of the data, the purposes of processing, and statutory retention obligations.

Customer account and transaction records are typically retained for a period aligned with legal limitation periods and tax and accounting obligations. Information used for marketing is generally kept until you object to such processing or withdraw consent, or until it is no longer necessary for the purposes for which it was collected.

When personal data is no longer required, we will delete it or anonymise it in a secure manner so that it can no longer be associated with you.

Your Data Protection Rights

As a customer in the Finsbury Park area, you have a number of rights in relation to your personal data under data protection law. These include the right to obtain confirmation as to whether we process your personal data and to request access to that data, together with information about how we process it.

You have the right to request correction of any inaccurate or incomplete personal data we hold about you, and in certain circumstances you may request the deletion of your personal data where there is no longer a lawful basis for us to retain or process it.

You may have the right to restrict our processing of your personal data in certain circumstances, as well as the right to object to processing based on our legitimate interests or for direct marketing. Where processing is based on consent or is carried out by automated means for contractual purposes, you may have the right to data portability, allowing you to receive your data in a structured, commonly used format and to transmit it to another controller.

Where we rely on your consent to process personal data, you can withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of any processing carried out before the withdrawal.

Security of Your Personal Data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or damage. These measures include access controls, secure storage, and procedures designed to maintain the confidentiality, integrity, and availability of your data. While we strive to protect your personal data, no transmission or storage system can be guaranteed as completely secure. We regularly review our security measures and update them where necessary.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. Any significant changes will be communicated through appropriate channels. The date of the latest version will be indicated in this document, and we encourage you to review the Privacy Policy periodically to stay informed about how we protect your personal data.