Privacy policy

    Your privacy is important to us. This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.

    The data controller is Boxpark Ltd, Unit 3 Diplocks Yard, 73 North Road, Brighton, East Sussex BN1 1YD

    Our GDPR Data Officer can be contacted by email at [email protected] or by telephone on 01273 579 939, or by post: Boxpark Ltd, Unit 3 Diplocks Yard, 73 North Road, Brighton, East Sussex BN1 1YD

    WHAT INFORMATION DO WE COLLECT?

    We collect information from you if;

    • you visit one of our sites, which stipulates on entry you need to sign up to the Boxpark Black Card
    • you subscribe to our newsletter
    • you submit an enquiry one of our forms
    • you book a ticket for an event
    • you engage with us on social media
    • you enter prize draws or competitions
    • you choose to complete any surveys we send you
    • you fill in any forms e.g if you have an accident at any of our sites, lost property etc
    • you use our free wifi at any of our sites
    • you visit one of our sites which have CCTV systems operating for the security of both customers and staff
    • you visit one of our sites we may have photography / recording / filming taking place that may be used for promotional material

    WHAT DO WE USE YOUR INFORMATION FOR?

    Any of the information we collect from you may be used in one or more of the following ways:

    • Black Card holders receive news via email about special offers and promotions, they can opt out of at any time
    • Black Card holders collect points when they spend money at Boxpark sites. We use information that we collect to award these points, to track any redemptions and to deliver redemption vouchers by email
    • Black Card holders will also receive location based push notifications by default when they are close to a Boxpark site (unless they already have global location services switched off on their device). These can be turned off for this feature by accessing the rear of the Black Card and disabling 'Allow Notifications', using your phone’s operating system
    • to respond via supplied contact details regarding your enquiry (email, telephone or post)
    • to personalise your experience (your information helps us to better respond to your individual needs)
    • to improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you
    • to send periodic emails about our company, product news or service information, etc.
    • to promote our tenants, events and sites over our social media channels
    • to administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering
    • if we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts.
    • to send you communications required by law or which are necessary to inform you about our changes to the services we provide you e.g. updates to this Privacy Policy
    • to create rich and engaging content for our website, social media and newsletters through the medium of photography and videography

    WHO WE SHARE INFORMATION WITH AND HOW WE PROTECT YOUR INFORMATION

    Boxpark Black Card - Data sent from our 3rd party PassKit to Sprout Send. In order to comply with legal guidelines Boxpark collects minimal information. This information is used to personalise the Boxpark Black Card, and the data is securely stored and managed via the PassKit platform. All data is protected at rest and in transit. TLS encryption is required and enabled by default for data being transmitted to and from the PassKit Service (data in transit). Data at rest is encrypted using AES256 encryption. Only authorised BOXPARK personnel can access this data via the PassKit platform.

    Email subscriptions: Data sent to our third-party data processor (Sprout Send) is secure and adheres to GDPR regulation. 

    Submitted enquires (from any enquiry form): Data sent to our third-party data processor (FormStack) is secure and adheres to GDPR regulation.

    Ticket bookings (from event booking forms): Data sent to our third-party data processor (EventBrite) is secure and adheres to GDPR regulation. 

    We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

    We secure access to all areas of our website using ‘https’ technology.

    Access to your personal data is password-protected. We regularly monitor our system for possible vulnerabilities and attacks, and we regularly update our passwords to ensure maximum security.

    HOW WE USE COOKIES

    See our Cookie Policy for information on the cookies we use.

    DO WE DISCLOSE ANY INFORMATION TO OUTSIDE PARTIES?

    We do not sell, trade, or otherwise transfer to outside parties any personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

    THIRD PARTY LINKS

    Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

    OUR LEGAL BASIS FOR PROCESSING YOUR INFORMATION

    If you register for a Boxpark Black Card, attend one of our sites, or register to receive our newsletter, our lawful reason for processing your personal information is that we have a legitimate interest in doing so. This means that we can process your personal information if (i) we have a genuine and legitimate reason; and (ii) are not harming any of your rights and interests.

    YOUR RIGHTS

    You may have rights in relation to the information we hold about you. These include the right to request access to your personal data, to request that it is erased, that its processing is restricted, or that any inaccurate personal data is rectified. You may also have the right to object to the processing of your information, in particular, for direct marketing. You also have the right in some circumstances to obtain a copy of the personal data in a machine-readable format.

    If you would like to exercise any of these rights, please contact us using the details in the “Contacting Us” section below. We may ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal data, and ensure that we are only releasing personal data to those entitled to receive it. These rights do not apply in all circumstances.

    If you wish to raise a complaint in relation to our processing of your personal data, you can contact us using the details below. You also have the right to lodge a complaint with the data protection regulator, the Information Commissioner’s Office or ICO at: https://ico.org.uk/global/contact-us/. The ICO encourages individuals to raise concerns first with organisations to try to resolve any problems.

    RETAINING YOUR INFORMATION

    The period for which we will retain personal data will vary depending on the purposes that it was collected for, as well as the requirements of any applicable law or regulation.

    We will retain personal for the period necessary to fulfil the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law.

    CHANGES TO OUR PRIVACY POLICY

    If we decide to change our privacy policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.

    This policy was last modified on 5th May, 2022.

    CONTACTING US (GDPR DATA OFFICER)

    If there are any questions regarding this privacy policy you may contact our GDPR Data Officer using the information below.

    GDPR Data Officer: Boxpark Ltd, Unit 3 Diplocks Yard, 73 North Road, Brighton, East Sussex BN1 1YD

    Email: [email protected]