This policy is effective from 26/06/2021.
Data controller details
The Data Officer is Hannah Betts. You can contact her at: TimeSquared Ltd, 22 Abbey Street, Nuneaton, CV11 5BT firstname.lastname@example.org
This Policy applies to visitors and users, "you," of TimeSquared's websites, applications, and other online services, henceforth referred to as our "site" or "sites". It also applies to information collected in person or digitally at one of our venues.
- The personal data we will collect;
- Use of collected data;
- Who has access to the data collected;
- The rights of Site users and visitors; and
We are TimeSquared Ltd (registered business 10429971), House of Escapes Ltd (registered business 10910473) and House of Games Ltd (12338851) with registered offices at 22 Abbey Street, Nuneaton, Warwickshire CV11 5BT.
Data protection principles
In relation to your personal data, we will:
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for reasons that are necessary
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed
Your Rights as a User
Under GDPR, you have the following rights:
- Right of access: To get a free copy of your personal data. A subset of the data we hold on you will be made available to you on request.
- Right to rectification: To update your personal data. You can update or amend your information by contacting us via email@example.com or writing to us at TimeSquared Ltd, 22 Abbey Street, Nuneaton CV11 5BT
- Right to erasure: To ask us to delete your personal data. There may, however, be circumstances where we are legally entitled to retain it.
- Right to restrict processing: To object to the processing of your data and have it restricted. There may be circumstances where you ask us to restrict the processing of your information, but we are legally entitled to refuse that request. There may also be circumstances where restricting the processing of your information may mean that you cannot partake in all of our services.
- Right to data portability: To obtain data held by us about you for your own purposes. Please see our Subject Access Request Policy for more information on obtaining data we hold on you.
- Right to object: The right to make a complaint to the Information Commissioner (www.ico.org.uk) if you think that any of your rights have been infringed by us. Should this be the case, we would appreciate you contacting us directly in the first instance for us to consider and have chance to put it right.
We do not currently use automated profiling, so requests under this clause would be denied.
To exercise any of your rights, please see our Subject Access Request Policy. You will need to provide the following information so that we can verify your identity:
- A colour copy of your passport, driving licence, birth certificate or utility bill
- A booking confirmation reference number
Types of data we collect and process
When ordering vouchers, merchandise or creating a booking via our site, as appropriate, you may be asked to enter your name, email address, postal address, phone number or other personal details which are required in order for us to provide the service requested.
We may also collect information from you when you place an order, subscribe to a newsletter, fill out a form, enter a competition, contact our customer service team, partake in one of our experiences or provide us with feedback on our products or services.
If you choose to opt-in to our “updates” marketing, we will inform you of new experiences launching, competitions, discounts and send you a treat on your birthday. We aim to keep the emails to a reasonable level at around once a month.
If you choose to opt-in to our “launches” marketing, we will only inform you of new games and services that we are launching, which may include an invitation to play it first by being a game tester.
What other information may be collected outside of your website?
CCTV is essential in our experiences for the operation of gameplay equipment as well as security and the safety of players. Participation in our activities is not possible without the use of CCTV as it informs your game operator and our systems where you are within the room and what you are doing in order for you to progress and play the games. CCTV featuring night-vision helps us to prevent potential accidents and to monitor your safety in rooms that may become dark, dimly lit or wet. It also allows us to record any deliberate damage, inappropriate behaviour or criminal activity. CCTV may also be used for training and monitoring purposes. The CCTV footage is stored on an overwriting system and if not required for criminal, legal or subject access requests, will be automatically overwritten, usually within three months.
Why we process your data
The law on data protection allows us to process your data for certain reasons only:
- in order to perform the employment contract that we are party to
- in order to carry out legally required duties
- in order for us to carry out our legitimate interests
- to protect your interests and
- where something is done in the public interest.
How we collect your data
When you visit and use our Site, we may automatically collect and store the following information:
- IP address;
- Hardware and software details;
- Clicked links;
- Content viewed; and
- Data types.
We may also collect your data through the booking process and during your visit via online forms or when you make a payment to us. If you fill out a comment card, or enter a competition, you may also enter your data as part of the process.
We reserve the right to collect information about your usage and activity on our sites using certain technologies, such as cookies, web beacons, and other technologies. Third parties may also view, edit, or set their own cookies.
A cookie is a small file, stored on a user's hard drive by a website. Its purpose is to collect data relating to the user's browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience.
Cookies are used to enhance your experience of the Website and TimeSquared Social Media and to provide certain facilities on these. For example, session cookies allow you to carry information across pages of the Website and Social Media when booking a game with us, and avoid you having to re-enter information.
We may also use session cookies to collect information about your device including its IP address (a unique identifier of your device), operating system and browser type. This helps us ensure that content from the Website and TimeSquared Social Media is presented in the most effective manner for you and your device. We also collect information about browsing actions and patterns.
We may use the following types of cookies on our Site:
- Functional cookies are used to remember the selections you make on our Site so that your selections are saved for your next visits
- Analytical cookies allow us to improve the design and functionality of our Site by collecting data on how you access our Site, for example data on the content you access, how long you stay on our Site, etc; and
- Third-party cookies are created by a website other than ours. We may use third-party cookies for purposes such as analytics.
See the section below for further information if you wish to remove cookies after you leave our website.
What about third-party cookies?
We work with third-parties who may place cookies on our sites to provide their services, including:
Analytics/Measurement: we use third-party analytics cookies to gain insight into how our visitors use the Sites, to find out what works and what doesn't, to optimise and improve our Sites and to ensure we continue to be interesting and relevant. The data we gather includes which web pages you have viewed, which referring/exit pages you have entered and left from, which platform type you have used, date and time stamp information and details such as the number of clicks you make on a given page, your mouse movements and scrolling activity, the search words you use and the text you type while using our sites. We also make use of analytics cookies as part of our online advertising campaigns to learn how users interact with our sites after they have been shown an online advertisement, which may include advertisements on third-party websites.
Remarketing Pixel Tags: we may share website usage information about visitors to our sites with third-party advertising companies for the purpose of managing and targeting advertisements and for market research analysis on our Sites and other sites. For these purposes, we and our third-party advertising companies may place pixel tags (also called clear gifs) on some of the pages you visit on our Sites. We will then use the non-personally identifiable information that is collected using these pixel tags to serve you relevant advertisements when you are visiting other sites on the Internet. These advertisements may be targeted to specific searches you conducted on our Site during earlier browsing sessions.
How do I deactivate cookies?
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through your browser settings. Since all browsers are a little different, look at your browser's Help Menu to learn the correct way to modify your cookie preferences.
If you turn cookies off, some of the features that make your site experience more efficient may not function properly. This won't affect, however, your user experience nor make your experience on our site less efficient.
What we do with your Data
We will use your data primarily to provide the products and services you have selected. Where you have opted-in, we will use it to keep you informed of new events, games, discounts, competitions or to send you a birthday treat.
If we have identified you as a leisure or corporate customer, we may contact you as a one off to offer you an opt-in to the other sector.
Information gathered on our website or from feedback amongst others will help us improve our products and services for you and other customers including managing the site to ensure everyone gets the best experience, performing market research and to understand our customer’s views. If you have opted-in, we may ask for feedback and testimonials for personalising our experiences to make them more intuitive & engaging.
Anonymised data may also be used to target some of our social media advertising, but we are happy that this does not represent a risk to your privacy. You can update your advertising settings at any time by visiting Facebook, Instagram, Twitter, LinkedIn or the other social media platforms directly.
On some occasions, we may need to contact you without further consent particularly in relation to an active booking. For example, booking confirmations or sending you and your team relevant information such as parking directions or to supply requested photos or information. We may also send you a one-off thank you email.
We may need to send legal, regulatory or business communications such as assisting with crime and fraud prevention. If we need to do anything with your data that you have not been consulted on or agreed to, we reserve the right to contact you to give you a choice about whether to proceed.
The Laws Controlling the Data we Collect
All personal information that we may require will be collected, used and securely held in accordance with the provisions of the Data Protection Act 1998 and your rights under that Act. GDPR has added new stricter controls to guide what information we can and cannot reasonably ask you for, how securely we store it and how long we can keep it. This also means we have to have clear policies (such as this one) highlighting our procedures and enabling you to stay in control of your data, what we do with it and whether you would like us to update or remove some, or all of it from our secure storage.
For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the "GDPR"). For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018.
We have not appointed a Data Protection Officer as we do not fall within the categories of controllers and processors required to appoint a Data Protection Officer under Article 37 of the GDPR.
Legal Basis for Processing
We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.
We rely on the following legal bases to collect and process the personal data of users in the EU:
- Users have provided their consent to the processing of their data for one or more specific purposes;
- Processing of user personal data is necessary for us or a third pary to pursue a legitimate interest. Our legitimate interest is not overriden by the interests or fundamenal rights and freedoms of users. Our legitimate interest(s) are: Bookings stuff; and
- Processing of user personal data is necessary for us to take, at the request of a user, steps before entering a contract or for the performance of a contract to which a user is a party. If a user does not provide the the personal data necessary to perform a contract the consequences are as follows: Can't book.
What am I agreeing to?
By visiting or using our sites or venues, to the extent permitted by applicable law, you are consenting to us gathering and processing information about you in accordance with this Policy, although consent may not be required for all of the elements described.
For particular types of information or processing, we may provide you with choices or request your further consent related to what information we collect and how we process it.
Do I need to do anything?
Am I legally obliged to provide my information to you?
If you do not provide your data to us
One of the reasons for processing your data is to allow us to carry out our duties in line with your contract of employment. If you do not provide us with the data needed to do this, we will unable to perform those duties eg ensuring you are paid correctly. We may also be prevented from confirming, or continuing with, your employment with us in relation to our legal obligations if you do not provide us with this information eg confirming your right to work in the UK or, where appropriate, confirming your legal status for carrying out your work via a criminal records check.
Sharing your data
Third parties such as social networks or review websites and apps that you use in connection with our site may also collect, use, and share information about you. This Policy does not cover such third-parties or their services, and we do not take any responsibility for how such third parties may use any information they collect. For information about third-party privacy practices, please consult with them directly.
Third parties we may be required to share your data with include, but are not limited to:
MailChimp, Survey Monkey, Square, WordPress, Resova, Xero and PayPal.
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
International Data Transfers
If you are located in the United Kingdom or the European Union, we will only transfer your personal data if:
- The country your personal data is being transferred to has been deemed to have adequate data protection by the European Commission or, if you are in the United Kingdom, by the United Kingdom adequacy regulations; or
- We have implemented appropriate safeguards in respect of the transfer. For example, the recipient is a party to binding corporate rules, or we have entered into standard EU or United Kingdom data protection contractual clauses with the recipient.
TripAdvisor Review Express
We may also use the email provided during booking to forward you a review request after your experience via TripAdvisor’s Review Express service. This is expected to be a one-off email request.
TripAdvisor recognises the value and importance in protecting our guests’ information therefore, email addresses submitted for Review Express are not used for any other purpose and you will not be subscribed to general TripAdvisor email campaigns.
If you are not comfortable with us using Review Express to contact you for a review after a game, then please let us know in writing via firstname.lastname@example.org.
Protecting your data
We are committed to ensuring that your personal information is secure. Your personal information is contained behind secured networks and is only accessible by a limited number of people who have special access rights to such systems and are required to keep the information confidential. All personal data is password protected.
All transactions are processed through a secure gateway provider and financial details are not stored or processed on our servers. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. Whilst we take every precaution to protect your information and communication with us, the internet is not completely secure and you use it to communicate with us at your own risk.
Where we share your data with third parties, we review their policies to ensure that your data is held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
Should a data breach occur, we will notify you via email within 72 hours of becoming aware of it, where feasible.
How long we keep your data for
We use your information to provide you with the products and services you have selected and for a variety of other reasons. In each case, the length of time that we need to keep the information may be different, but we will only keep the information for as long as we need it and if you haven’t opted-in to anything, we will delete your data as soon as is reasonably practicable. Anonymised data from your custom may remain in our system indefinitely as a statistic.
We have a legal obligation to keep data regarding invoices for 7 years. This includes the name of the person who paid for the invoice/booking, their contact details (phone number and email), the name of the company on whose behalf they have made the booking (if applicable), the time and date of the booking and the amount paid to TimeSquared Ltd for the service.
Third Party Links
The minimum age to use our website is 16 years of age. We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data their parent or guardian may contact us on email@example.com.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. You can read more about this in our Subject Access Request policy which is available from your line manager.
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
- the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
- the right to portability. You may transfer the data that we hold on you for your own purposes
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
- the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact Hannah Betts on firstname.lastname@example.org.
Changes to this Policy
TimeSquared Ltd. reserves the right to amend this policy from time to time by updating the relevant webpage. Amendments will take effect when posted on the Website and TimeSquared social media. You should check this page from time to time to ensure that you are happy with any changes.
Making a complaint
If you have any complaints about how we process your personal data, please contact us through the contact methods listed in the Contact Information section so that we can, where possible, resolve the issue. If you feel we have not addressed your concern in a satisfactory manner you may contact a supervisory authority. You also have the right to directly make a complaint to a supervisory authority. The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.