Privacy Notice
King Street Townhouse is committed to protecting your privacy. Please take the time to review this notice which explains what personal data we collect about you, how we use it, and your rights.
King Street Investments Limited (“King Street Townhouse”, “we” or “us”) is the controller of the personal data collected via or in connection with www.kingstreettownhouse.co.uk and any associated apps and services (the “Site”), and when you visit our premises.
If you are a resident of California, please also refer to Section 13. “California Privacy Supplement” for information about the categories of personal information we collect and your rights under California privacy laws.
1. What personal data we collect and how
Personal data, or personal information, means any information about an individual from which that person can be identified.
Personal data we collect directly. We collect personal data from you when you provide it to us directly and through your use of the Site, including:
- Name and contact information - information you provide to us when you use our Site e.g. your name, contact details, gender, and any information which you submit as part of a webform e.g. asking to be contacted about a product or service.
- Booking information – information you provide when making a booking at our hotel, restaurant, spa or gym such as dates of your stay or visit, guest names, and any special requests or preferences.
- Records of your communications and interactions with us, such as when you email, call, or otherwise contact us, we collect and maintain a record of your contact details, communications and our responses. We also maintain records of communications and information that you post in chat sessions, forums and in other areas of the Site, and on our social media channels.
- Sweepstakes, contest and promotions information, such as information you provide us when you participate in a competition or promotion.
- Events e.g. if you register for or attend an event that we host or sponsor, we may collect information related to your registration for and participation in such event.
- Marketing and communications data e.g. records of your preferences about receiving marketing and communications from us e.g. if you sign up for a newsletter.
- Information relating to your health, which you may agree to provide us with in connection with your use of our gym and/or spa facilities and treatments.
Personal data collected automatically. We automatically collect personal data related to your use of our Site and interactions with us and others, e.g. using cookies and pixel tags, as well as information we derive about you and your use of the Site. We also collect information when you visit our premises. This includes:
Device and browsing information. We use cookies, log files, pixel tags and other tracking technologies to automatically collect information when users access or use our Site. This can include IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider, referring and exiting URLs, operating system, language, clickstream data, and similar device and usage information. For more information, see Section 4 “Cookies and Personalisation” below.
- Activities and usage information related to your use of the Site, such as links clicked, searches, features used, items viewed, time spent within the Site, files uploaded, products and items you view and items you add to your basket.
Location information. We may collect or derive location information about you, such as through your IP address. With your permission, we may also collect geolocation information from your device. You may turn off location data sharing through your device settings.
- CCTV. We operate CCTV on our premises and process personal data contained in CCTV recordings.
Personal data we receive from other sources. In some circumstances, we may receive personal data from third parties, including:
- Social media monitoring: If you visit our pages on social media sites, we collect information such as what you click on and view, your comments, likes and reactions, your location (country/region), details of your device and internet connection, your social media profile details and user ID.
- Demographic information: We may receive demographic information from third party advertising partners to help us better personalise ads. See section 4 “Cookies and Personalisation” for more information.
- Booking details: If you book a stay or experience via a third party booking engine, we will receive details of your booking from that third party.
2. How we use personal data
Depending on how you use our Site, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:
- Respond to your requests. To manage and respond to any queries and requests for information you make to us, to manage your booking and prepare for your stay or visit.
- Manage our relationship with you. To notify you of service-related matters such as changes to our terms or privacy policy.
Personalise your treatment and enable your use of gym. To determine appropriate spa treatments and enable you to use our gym facilities.
- Personalise content and experiences. To personalise the Site and show you content we think you will be most interested in.
- Operate and improve the Site and our business. To display the Site and its fonts (which may include Google Fonts), improve and maintain the Site, and monitor its usage, to better understand how users access and use the Site, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our business operations, to develop services and features, and for internal quality control and training purposes.
- Events. If we run or sponsor events we may collect personal data in connection with your attendance.
- Research and customer satisfaction. For market research and surveys.
- Marketing and advertising. To send you marketing messages and show you targeted advertising, where we have your consent or are otherwise permitted to do so.
- Security and protection of rights. For security purposes, to prevent, detect, and investigate fraud, criminal activity and other unauthorised activities and access, and where necessary to protect ourselves, our business and third parties.
Compliance with law and legal process. To comply with the law and our legal and regulatory obligations, to respond to legal process and in relation to legal proceedings.
- Internal business operations. For general business and operational support, e.g. to consider and implement mergers, acquisitions, reorganisations, bankruptcies, and other business transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.
Legal bases under EU/UK data protection laws. We rely on the following legal bases under data protection law to process your personal data:
- Because the processing is necessary to perform a contract with you, or take steps prior to entering into a contract with you (e.g. where you express and interest in purchasing products or services from us).
- Because we have obtained your consent (e.g. if you consent to receive marketing from us or agree to the use of non-essential cookies or agree to provide us with health-related information so that we can determine appropriate spa treatments and/or allow you to use our gym). If you have consented to a processing activity, you can withdraw your consent at any time. We explain how to do this in the Cookies and Personalisation section (section 4) and Marketing section (section 5) of this policy. To withdraw consent to our use of your health-related information please contact us at Spa@kingstreettownhouse.co.uk.
- Because it is in our legitimate interests as an e-commerce provider to maintain, promote and protect our business and services. We are always seeking to understand more about our customers in order to offer the best products and customer experience. We use information about you to tailor your view of the Site, to make it more interesting and relevant in respect of the products, services and offers on view.
- In very limited cases, because it is necessary to comply with a legal obligation which we are subject to.
3. Who do we share personal data with?
We may share your personal data with third parties, for the purposes described above, in the following circumstances:
- With other companies in our group of companies.
With our suppliers and service providers who process the data on our behalf, e.g., payment processors.
- With our professional and legal advisors.
- With third parties engaged in fraud prevention and detection.
- With third party platforms, providers and networks. We may disclose or make available personal data to third party platforms and providers that we use to provide our Site and its features. We may also make personal data available to third parties in support of our marketing, analytics, advertising and campaign management. See Section 4 “Cookies and Personalisation” for more information.
- With law enforcement or other governmental authorities, e.g., to report a fraud, crime or in response to a lawful request.
- In relation to mergers, acquisitions, investments and asset transfers, personal data will be transferred to the other party to the transaction. We may also share certain personal data as part of the preparation for the transaction with lenders, auditors, and third-party advisors, including lawyers and consultants.
- To comply with legal obligations. We may share personal data with third parties to comply with our legal and compliance obligations and to respond to legal process e.g. in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement and government bodies. This may include responding to national security or law enforcement disclosure requirements and disclosures that we are required to make under applicable laws, such as the names of sweepstakes and contest winners.
- Otherwise where we have your consent or are legally permitted to do so.
4. Cookies and Personalisation
Cookies and tracking technologies. We and our third party service providers use cookies, pixels, local storage objects, log files, APIs, and similar technologies to automatically collect browsing activity, device and similar information within our Site.
We use this information to provide functionality on the Site, to understand and measure Site performance, to understand how users access, use and interact with others, and to deliver targeted advertising and content on our Site and third party sites.
We also use it to identify and resolve bugs and errors in our Site and to assess, secure, protect, optimise and improve the performance of our Site.
Personalised advertising. We work with third parties, such as ad networks, social media platforms, analytics and measurement services and others to personalise content and display advertising within our Site, and to manage our advertising on third party sites, mobile apps and online services.
For example, you may see ads for our Site on third party websites, including on social media. These ads may be tailored to you using cookies and similar technologies which track your web activity on our Site and across other websites and online services, to enable us to serve ads to customers who have visited our Site.
We may also engage third parties, including social networks to show ads to our customers, or users who match the demographic profile of our customers. This may involve sharing information, such as your name, email address, and other contact information with these third parties so that we can better target ads and content to you across third party sites, platforms and services. These third parties may also help us to enhance our customer lists with additional demographic or other information, so we can better target our advertising and marketing campaigns.
If you do not want to see personalised ads you can change your cookie preferences by adjusting your browser settings, as explained in our Cookies Policy [insert link] , and by adjusting your privacy settings on third party websites and platforms.
Industry ad choice programs. You can get more information about personalised advertising and opt out of personalised advertising by participating third party ad companies through industry ad choices programs, including:
- UK/EU: http://youronlinechoices.eu
- US: http://aboutads.info
- Canada: http://youradchoices.ca
Please note that opting out of cookies and trackers on our Site does not mean that you will no longer see ads from us. You may continue to see generic or “contextual” ads.
Please see our Cookie Policy here for further information about the use of cookies on our Site and the choices you have.
5. Marketing.
We love to communicate with you. Depending on your marketing preferences, we may use your personal data to send you marketing messages by email, SMS, phone and post. Some of these messages may be tailored to you, based on your previous browsing activity, and other information we hold about you.
If you no longer want to receive marketing communications from us (or would like to opt back in!), you can change your preferences at any time by contacting us (details below), clicking on the ‘unsubscribe’ link in any email, or (where relevant) updating your settings in your account. If you unsubscribe from marketing, please note we may still contact you with service messages from time to time (e.g. to respond to requests from you, and information about your legal rights).
6. Transfers of personal data to other countries
We use service providers, and have group companies, in countries around the world. Your personal data may therefore be processed in countries outside of Europe, including in countries where you may have fewer legal rights in respect of your data than you do under local law. If we transfer personal data outside the UK/European Economic Area we will ensure that your privacy rights are adequately protected by appropriate safeguards, which may include the European Union’s standard contractual clauses and UK equivalent. Please contact us if you would like more information about these safeguards.
7. Retention
We will keep your personal data in line with our data retention policy, for as long as we need it for the purposes set out above, so this period will vary depending on your interactions with us.
8. Security
We implement appropriate technical and organisational security safeguards to protect your data from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We also maintain ISO 27001 and PCI DSS (Payment Card Industry - Data Security Standard) security certifications.
However, please be aware that it is impossible for any company to guarantee the absolute security and integrity of the information that has been transmitted to its website.
9. Children
Our Site is not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18.
10. Your Rights
You have choices regarding our processing of your personal data as described in this section.
Your rights under data protection laws: You have the right to:
Ask for a copy of your personal data, make corrections to your personal data, and in some cases e.g. where our purposes for processing have come to an end, ask us to delete it.
- Object to our use of your personal data in certain situations, including where we use your personal data for direct marketing. See section 5 “Marketing” for details of how to opt out of direct marketing.
- Transfer your personal data, in certain circumstances, to another provider, in a commonly used format.
- Complain to the data protection regulator in your country. In the UK this is the Information Commissioner’s Office (www.ico.org.uk).
We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are several limitations to these rights, and there may be circumstances where we are not able to comply with your request.
You can exercise your rights by contacting customer.experience@thehutgroup.com.
US residents. If you are a California resident, please review our California Privacy Supplement (section 13) below, for specific information about your rights under California privacy laws and how to exercise them. Residents of certain other US states including Virginia have additional rights under applicable privacy laws, subject to certain limitations, which may include:
- The right to correct inaccuracies in your personal information, taking into account the nature and purposes of the processing of the personal information.
- The right to delete your personal information provided to or obtained by us.
- The right to confirm whether we are processing your personal information and to obtain a copy of your personal information in a portable and, to the extent technically feasible, readily usable format.
The right to opt out of (as applicable) the “sale” of your personal data, targeted advertising, and any processing of personal information for the purposes of making decisions that produce legal or similarly significant effects.
- The right to submit an appeal if we deny your request.
You can opt out of targeted advertising on our Site as set out in Section 4 “Cookies and Personalisation”, and opt out of direct marketing as set out in Section 5 “Marketing”. To exercise your other rights please contact customer.experience@thehutgroup.com.
11. Changes to this Notice
This Notice is current as of the Effective Date stated above. We may change this Notice from time to time, so please be sure to check back periodically. If we make material changes we will alert you e.g. by posting a prominent notice on the Site or via email.
12. Contact Us
If you have any queries on any aspect of our Privacy Notice, please contact us on the details below:
Telephone: 0161 813 1481
Email: customer.experience@thehutgroup.com
Our EU representative is The Hut.com (Poland) sp. z o. o.
The Hut.com (Poland) sp. z o. o. can be contacted at EURep@thehutgroup.com.
13. California Privacy Supplement
Consumers residing in California have additional rights in relation to their personal information under California privacy law, including the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section applies to you. This section does not address or apply to our handling of publicly available information or other personal information that is exempt under the CCPA.
Categories of personal information collected and disclosed. Whilst our processing of personal information varies based upon our relationship and interactions with you, the table below identifies, generally, the categories of personal information (as defined by the CCPA) that we may collect, and have in the past twelve months collected, about California residents, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose.
Categories of Personal Information | Categories of Third Party Disclosures | |
---|---|---|
Identifiers | Includes direct identifiers, such as name, alias, user ID, username, account number or unique personal identifier; email address, phone number, address and other contact information; IP address and other online identifiers. | • vendors and service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • advertising networks • data analytics providers • social networks • internet service providers • operating systems and platforms • others as required by law or directed by you |
Customer Records | Includes e.g. name, account name, user ID, contact information, account number. For example, this may include information collected when an individual registers for an account or contacts us about our products and services. | • vendors and service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • internet service providers • operating systems and platforms • others as required by law, or as otherwise directed by you |
Commercial information | Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies. For example, this may include demographic information that we receive from third parties in order to better understand and reach our customers. | • vendors and service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • advertising networks • data analytics providers • social networks • internet service providers • operating systems and platforms • others as required by law, or as otherwise directed by you |
Internet and electronic network activity information | Including, but not limited to, browsing history, clickstream data, search history, and information regarding interactions with an internet website, application, or advertisement, including other usage data related to your use of any of our Site or other online services. | • vendors and service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • advertising networks • data analytics providers • social networks • internet service providers • operating systems and platforms • others as required by law, or as otherwise directed by you |
Geolocation data | Location information about a particular individual or device e.g., derived from your IP address. | • vendors and service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • advertising networks • data analytics providers • others as required by law, or as otherwise directed by you |
Audio, visual and other electronic data | Includes audio, electronic, visual, thermal or similar information, such as thermal screenings and CCTV footage (e.g., collected from visitors to our stores, offices and premises; photographs and images (e.g., that you provide us or post to your profile) and call recordings (e.g., of customer support calls). | • vendors and service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • advertising networks • data analytics providers • social networks • internet service providers • operating systems and platforms • business customers/clients • others as required by law, or as otherwise directed by you |
Professional information | Includes professional and employment-related information such as current and former employer(s) and position(s), job application information, business contact information and professional memberships). | • vendors and service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • advertising networks • data analytics providers • social networks • internet service providers • operating systems and platforms • others as required by law, or as otherwise directed by you |
Profiles and inferences | Including inferences drawn from any of the information identified above to create a profile reflecting a consumer’s preferences, characteristics, behavior or attitudes. | • vendors and service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • advertising networks • others as required by law, or as otherwise directed by you |
Protected classifi-cations | We collect some information that is considered a protected classification under California/federal law, such as your gender, date of birth, citizenship, and marital status. | • vendors and service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • advertising networks • data analytics providers • social networks • internet service providers • operating systems and platforms • others as required by law, or as otherwise directed by you |
Sensitive personal information | In limited circumstances, we may collect: Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account. | • vendors and service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • others as required by law, or as otherwise directed by you |
Sales and sharing. California privacy laws define a "sale" as disclosing or making available to a third-party personal information in exchange for monetary or other valuable consideration, and “sharing” broadly includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” (as defined by the CCPA): identifiers and internet and electronic network activity information to/with third-party advertising networks, analytics providers, and social networks. We do so in order to improve and evaluate our advertising campaigns and better reach customers and prospective customers with more relevant ads and content. We do not sell or share sensitive personal information, nor do we sell or share any personal information about individuals who we know are under sixteen (16) years old.
Sources of personal information. In general, we may collect personal information from the following categories of sources:
- Directly from the individual
- Advertising networks
- Data analytics providers
- Social networks
- Internet service providers
- Operating systems and platforms
- Fraud prevention service providers
- Data brokers
- Business customers/clients
Purposes of collection, use and disclosure. As described in more detail in Section 2 “How we use personal data” and Section 3 “Who do we share personal data with”, we collect, use, disclose and otherwise process the above personal information for the following business or commercial purposes and as otherwise directed or consented to by you:
- Respond to your requests
- Provide recommendations
- Manage our relationship with you
- Personalize content, ads and experiences
- Operate and improve the Site and our business
- Events
- Research and customer satisfaction
- Marketing and advertising
- Security and protection of rights
- Compliance with law and legal process
- Internal business operations
Sensitive personal information. Notwithstanding the above, we only use and disclose sensitive personal information as reasonably necessary (i) to perform our services requested by you, (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents, (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct, (iv) to verify or maintain the quality and safety of our services, (v) for compliance with our legal obligations, (vi) to our service providers who perform services on our behalf, and (vii) for purposes other than inferring characteristics about you. We do not use or disclose your sensitive personal information other than as authorized pursuant to section 7027 of the CCPA regulations (Cal. Code. Regs., tit. 11, § 7027 (2022)).
Retention. We retain personal information only as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection.
CCPA rights. Under the CCPA, California residents have the following rights (subject to certain limitations):
- The right to opt-out of our sale and sharing of your personal information.
- The right to limit our use or disclosure of sensitive personal information to those authorized by the CCPA.
- The right to the deletion of your personal information that we have collected, subject to certain exceptions.
- The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
- The right to correct inaccurate personal information that we maintain about you.
- The right not to be subject to discriminatory treatment for exercising their rights under the CCPA.
Submitting CCPA requests. California residents may make requests to access/know, correct and delete their personal information maintained by us online by emailing customer.experience@thehutgroup.com. Once we receive your request, we will take steps to verify it by asking you to provide information related to your account or your recent interactions with us. We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor. If you would like to use an authorized agent to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid authorization to submit requests on your behalf and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.
Opt-out requests.
California residents may exercise their right to opt out online by submitting an opt out request to customer.experience@thehutgroup.com. We will apply your opt out based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request.
For more information about our privacy practices, you may contact us as set out in the “Contact Us” section above.