Privacy Policy
The Deep Privacy Policy
Privacy Policy
The Deep is committed to being transparent about how it handles personal information, to protecting the privacy and security of personal information and to meeting its data protection obligations under the General Data Protection Regulation (‘GDPR’). Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed.
The purpose of this privacy policy is to make you aware of how and why we will collect and use personal information. We are required under the GDPR to notify you of the information contained in this privacy policy.
Our privacy policy explains our data processing practices and the ways in which your personal information is used, in both electronic and paper formats. It applies to information we collect about:
· people who visit our website
· people who subscribe to our newsletter
· people who request a service from us, e.g. tickets, restaurant bookings & experience days
· people who contact us via telephone, email or social media
· people who visit The Deep
· people who provide a service to us, e.g. individuals or sole traders
· potential tenants of The Deep’s Business Centre
· job applicants
Your privacy matters to The Deep so please do take the time to get to know our practices – and if you have any questions please contact us on info@thedeep.co.uk.
How we collect & use your information
People who visit our website
When someone visits www.thedeep.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of our website. This information is only processed in a way which does not identify anyone. This data is kept indefinitely. Here is a link to the relevant part of Google’s privacy policy: www.support.google.com/analytics/answer/6004245?hl=en.
The search engine on our website is powered by Bluestorm Design. No user-specific data is collected. Search queries and results are logged anonymously to help us improve our website and search functionality. We also use Bluestorm Design to help maintain the security and performance of our website. To deliver this service it processes the IP addresses of visitors to The Deep’s website.
Here is a link to their privacy policy www.bluestormdesign.co.uk/information/privacy-policy.
Cookies
What is a cookie?
Cookies are delicious biscuits that can be eaten with a cup of tea or a latte, however, cookies can also be little files of data that are stored on your computer or handheld device, and unfortunately it’s the latter we are dealing with here! Most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’). Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier. If a website doesn’t use cookies, it will think you are a new visitor every time you move to a new page on the site – for example, when you enter your login details and move to another page it won’t recognise you and it won’t be able to keep you logged in.
What to do if you don’t want cookies to be set
Some people find the idea of a website storing information on their computer or mobile device a bit intrusive. Although this is generally quite harmless you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you may lose some functionality of the website if you do so. You can block cookies by going into your browser's control panel/preferences.
People who subscribe to our newsletter
We use Mail Chimp to deliver regular emails to our customers who have subscribed to our newsletter. We gather statistics around email opening rates and clicks using industry standard technologies to help us monitor and improve our newsletter. For more information, here is a link to their privacy policy: www.mailchimp.com/legal/privacy/.
You can unsubscribe from our newsletter at any point. Please either click the unsubscribe link in any newsletter you have received or email us at info@thedeep.co.uk.
People who request a service or make a booking with us
We provide many services, such as ticket bookings both online and in person at The Deep, as well as group bookings, education bookings, restaurant bookings, weddings and other ad hoc events and services. We also have an online shop.
Some parts of our booking services may require personal information, such as name, contact details, food allergies and/or payment details for us to be able to provide the service to you. We only ask for relevant information and never store any payment details. Your information is not used, stored or shared with any third parties.
For those visitors who voluntarily Gift Aid their admission, the donor’s name and address are submitted securely to HMRC and need to be retained in line with HMRC’s requirements.
Our online shop provider is Bluestorm Design. We also use a bespoke software system created by Bluestorm Design to manage our restaurant bookings, here is a link to their privacy policy www.bluestormdesign.co.uk/information/privacy-policy.
Our ticketing system is provided by TOR Systems, here is a link to their website with all of their contact details, www.torsystems.co.uk/contact-us.
We use software provided by RA Software to manage our Business Centre and ad hoc events, here is a link to their website with all of their contact details, www.ra-is.co.uk/business-centre-software.
Our broadband is provided by The One Point Ltd (www.theonepoint.co.uk/privacy-policy) and our managed IT service is provided by Procom Professional Services (Holdings) Ltd (www.procom-it.com).
People who contact The Deep
People who call us
We do not record our telephone calls, however we may use some information you provide to us to carry out any requested service such as completing a booking, answering a query or resolving an issue.
People who email us
We monitor all emails sent to us, including file attachments, for viruses or malicious software.
We may use some information you provide to us to carry out any requested service, completing a booking, answering a query or resolving an issue.
People who contact us via social media
We may use some information you provide to us to carry out any requested service, such as answering queries or providing you with a competition prize.
Please be aware that when you post online in public forums on third party social media sites such as Facebook, Twitter, Instagram and TripAdvisor, you should know that others may use, tag and/or re-publish your information.
Links to privacy policies of sites we use:
Facebook - www.facebook.com/privacy/explanation
Twitter – www.twitter.com/en/privacy
Instagram – www.instagram.com/ (at the bottom of the page)
TripAdvisor – www.tripadvisor.com
People who make a complaint to us
We take all complaints very seriously. We will only use the personal information we collect to process and resolve the complaint, which may involve communicating with you the outcome. We also use this information to check on the level of service we provide.
People who visit The Deep
CCTV
CCTV systems are in place in some areas of The Deep for public safety. Signs notifying you that CCTV is in operation are displayed in these areas alongside contact details for further information. Images captured by CCTV are not kept for longer than is necessary but may be shared with relevant legal authorities if required.
Accidents
If during your visit you have an accident, we will keep a record of this to comply with our Health & Safety practices. We may also need to keep the records for legal reasons and may need to share this information with our insurers, the health & safety executive or any other relevant authority. Accident record information is then collated anonymously to help improve our service to you by identifying areas of improvement. Once anonymised this data is kept indefinitely.
Borrowing of equipment
If during your visit you would like to hire some equipment from The Deep (such as a wheelchair, a hearing loop or audio guide), we will require some personal details from you so that we may contact you in case the equipment is not returned to us.
Lost property
Your lost property may contain personal data (such as a lost wallet containing identification cards) so we keep these in a locked safe and destroy after 3 months.
Volunteers & work placements
We use your personal data to manage your time with us and to make sure we are complying with all of our legal and health & safety responsibilities and obligations to you. This could include contacting you about a placement you’ve applied for or we think you might be interested in, aspects of your placement, providing you with a reference or to recognise your contribution.
Customer comment cards
We use this information to reply to your query and we would opt you into any marketing updates you have requested. We then anonymise this data and use it to monitor the levels of service we provide to you and to pass on recognition to our team members.
People who provide a service to us
We keep all information relating to suppliers safely and securely in our software systems and will only request the information we need to fulfil any contract we have with you.
Potential tenants of The Deep’s Business Centre
To be able to deal with enquiries from potential tenants, we may need to take some details from you, which may include documents to confirm your identity and to compile tenancy agreements which are contracts. This information will be kept securely and will only be available to those that have a justifiable need to access it.
We use software provided by RA Software to manage our Business Centre and ad hoc events, here is a link to their website with all of their contact details, www.ra-is.co.uk/business-centre-software.
Job applicants
As part of any recruitment process, we collect and process personal information, or personal data, relating to job applicants. This personal information may be held on paper or in electronic format and applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency. It is non-contractual.
The Deep, uses and processes a range of personal information about you during the recruitment process. This includes:
· your contact details, including your name, address, telephone number and personal e-mail address
· personal information included in a CV, any application form, cover letter or interview notes
· references
· information about your right to work in the UK and copies of proof of right to work documentation
· copies of qualification certificates
· copy of driving licence
· other background check documentation
· details of your skills, qualifications, experience and work history with previous employers
· information about your current salary level, including benefits and pension entitlements
· your professional memberships
We may also collect, use and process the following special categories of your personal information during the recruitment process:
· whether or not you have a disability for which The Deep needs to make reasonable adjustments during the recruitment process
· information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation
How do we collect personal information regarding job applicants?
We collect personal information about you during the recruitment process either directly from you or sometimes from a third party such as an employment agency. We may also collect personal information from other external third parties, such as references from current and former employers, information from background check providers, information from credit reference agencies and criminal record checks from the Disclosure and Barring Service (DBS). Other than employment agencies, we will only seek personal information from third parties during the recruitment process once an offer of employment or engagement has been made to you and we will inform you that we are doing so, or at another time with your agreement.
You are under no statutory or contractual obligation to provide personal information to The Deep during the recruitment process. Your personal information may be stored in different places, including on your application record, in our HR management system and in other IT systems, such as the e-mail system.
Why and how do we use the personal information of job applicants?
We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:
· where we need to do so to take steps at your request prior to entering into a contract with you, or to enter into a contract with you (1)
· where we need to comply with a legal obligation (2)
· where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests (3).
We need all the types of personal information listed under ‘What types of personal information do we collect about job applicants?’ primarily to enable us to take steps at your request to enter into a contract with you, or to enter into a contract with you (1), and to enable us to comply with our legal obligations (2). In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests (3). Our legitimate interests include: pursuing our business by employing employees, workers and contractors; managing the recruitment process; conducting due diligence on prospective staff and performing effective internal administration. We have indicated, by using (1), (2) or (3) next to each type of personal information listed above, what lawful basis we are relying on to process that particular type of personal information.
The purposes for which we are processing, or will process, your personal information are to:
· manage the recruitment process and assess your suitability for employment or engagement
· decide to whom to offer a job
· comply with statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK
· comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations
· ensure compliance with your statutory rights
· ensure effective HR, personnel management and business administration
· monitor equal opportunities
· enable us to establish, exercise or defend possible legal claims
Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.
What if you fail to provide personal information as part of the job application process?
If you fail to provide certain personal information when requested, we may not be able to process your job application properly or at all, we may not be able to enter into a contract with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory rights.
Why and how do we use the sensitive personal information of job applicants?
We will only collect and use your sensitive personal information, which includes special categories of personal information and information about criminal convictions and offences, when the law additionally allows us to.
Some special categories of personal information, i.e. information about your health, and information about criminal convictions and offences, is also processed so that we can perform or exercise our obligations or rights under employment law and in line with our data protection policy.
We may also process information about your health and information about any criminal convictions and offences where we have your explicit written consent. In this case, we will first provide you with full details of the personal information we would like and the reason we need it, so that you can properly consider whether you wish to consent or not. It is entirely your choice whether to consent. Your consent can be withdrawn at any time.
The purposes for which we are processing, or will process, health information and information about any criminal convictions and offences, are to:
· assess your suitability for employment or engagement
· comply with statutory and/or regulatory requirements and obligations, e.g. carrying out criminal record checks
· comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations
· ensure compliance with your statutory rights
· ascertain your fitness to work
· ensure effective HR, personnel management and business administration
· monitor equal opportunities
We will only use your personal information for the purposes for which we collected it, i.e. for the recruitment exercise for which you have applied. However, if your job application is unsuccessful, we may wish to keep your personal information on file in case there are future suitable employment opportunities with us. We will ask for your consent before we keep your personal information on file for this purpose. Your consent can be withdrawn at any time.
Where The Deep processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring in recruitment and in line with our data protection policy. Personal information that we use for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is entirely your choice whether to provide such personal information.
We may also occasionally use your special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.
Who has access to the personal information of job applicants?
Your personal information may be shared internally within The Deep for the purposes of the recruitment exercise, including with members of the HR department, members of the recruitment team, managers in the department which has the vacancy and IT staff if access to your personal information is necessary for the performance of their roles.
We will not share your personal information with third parties during the recruitment process unless your job application is successful and we make you an offer of employment or engagement. At that stage, we may also share your personal information with third parties (and their designated agents), including:
· external organisations for the purposes of conducting pre-employment reference and employment background checks
· the DBS, to obtain a criminal record check
· former employers, to obtain references
· professional advisors, such as lawyers
We may also need to share your personal information with a regulator or to otherwise comply with the law.
We may share your personal information with third parties where it is necessary to take steps at your request to enter into a contract with you, or to enter into a contract with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).
How long does The Deep keep the personal information of job applicants?
We will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed.
If your application for employment or engagement is unsuccessful, we will generally hold your personal information for one year after the end of the relevant recruitment exercise but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to six years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, County Court or High Court. If you have consented to us keeping your personal information on file for in case there are future suitable employment opportunities with us, we will hold your personal information for a further six months after the end of the relevant recruitment exercise, or until you withdraw your consent if earlier.
If your application for employment or engagement is successful, personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with the privacy notice for employees, workers and contractors.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.
In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.
Your rights in connection with your personal information
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
· request access to your personal information - this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
· request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected
· request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
· restrict the processing of your personal information - this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
· object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
· data portability - this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
If you wish to exercise any of these rights, we may need to request specific information from you in order to verify your identity. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
If you believe that The Deep has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
Transferring personal information outside the European Economic Area
The Deep will not transfer your personal information to countries outside the European Economic Area.
Automated decision making
Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention. We do not envisage that any recruitment decisions will be taken about you based solely on automated decision-making, including profiling.
How does The Deep protect your personal information?
The Deep has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities.
Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
We also have in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator such as the Charity Commission) and you of a suspected breach where we are legally required to do so.
How long will The Deep keep your personal information?
We will only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purpose for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
When your information is no longer required under our retention policies, we will ensure it is disposed of in a secure manner.
How to amend your information
Under the General Data Protection Regulations (GDPR), you have rights as an individual which you can exercise in relation to the information we hold about you. You can read more about these rights here www.ico.org.uk/for-the-public/.
To correct, amend, update or ask about any information you have given us, or to withdraw consent you have previously given, please contact us info@thedeep.co.uk or write to us at the address below:
Data Protection
The Deep
Tower Street
Hull
HU1 4DP
We may need to verify your identity before actioning your request.
This privacy policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of The Deep’s collection and use of personal information, however we are happy to provide any additional information or explanation needed. Any requests for this should be sent to info@thedeep.co.uk or please write to us at the postal address given above.
Our web site may contain links to other web sites which are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.
The Deep reserves the right to update or amend this privacy policy at any time. We will issue a new privacy policy when we make significant updates or amendments.
We are registered with ICO under the name EMIH limited (number – Z736672X).
Last updated 23.05.18
DigiTickets Privacy Policy
Who we are
In this privacy policy references to "we", "us" and "our" are to The Deep. References to "our Website" or "the Website" are to thedeep.digitickets.co.uk.
Information collected and its use
The information we collect via the Website may include:
- Any personal details you knowingly provide us with through forms and our email, such as name, address, telephone number etc.
- In order to effectively process credit or debit card transactions it may be necessary for the bank or card processing agency to verify your personal details for authorisation outside the European Economic Area (EEA). Such information will not be transferred out of the EEA for any other purpose.
- Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates on products and offers).
- Your IP Address, this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website. This information is used to monitor your usage of the Website.
- Information about your device such as your web browser, screen resolution and operating system. This information is used to ensure we continue to support the different devices used by our customers.
- Data recorded by the Website which allows us to recognise you and your preferred settings, this saves you from re-entering information on return visits to the site. Such data is recorded locally on your computer through the use of cookies. Most browsers can be programmed to reject, or warn you before downloading cookies, information regarding this may be found in your browsers 'help' facility.
We do not store any credit card details.
What we do with your information
Any personal information we collect from this website will be used in accordance with the Data Protection Act 1998 and other applicable laws. The details we collect will be used:
- To process your order, to provide after sales service (we may pass your details to another organisation to supply/deliver products or services you have purchased and/or to provide after-sales service);
- In certain cases we may use your email address to send you information on our other products and services. In such a case you will be offered the option to opt in/out before completing your purchase.
We may need to pass the information we collect to other companies for administrative purposes. We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use the Website and issuing our e-mails for us. Third parties will not be allowed to use your personal information for their own purposes.
Cookie Policy
Like many websites we use cookies to store and then retrieve small bits of information on your computer when you visit. This information is used to make the site work as you expect it to. It is not personally identifiable to you, but it can be used to give you a more personalised web experience.
Some of the information stored is put there by other companies whose software we have added to the site, and this can also impact your experience of other websites you may visit after leaving ours.
If you continue to use this site without taking action to prevent the storage of this information, you are effectively agreeing to this use.
If you want to learn more about the general uses of cookies, including how to stop them being stored by your computer, please visit Cookiepedia - all about cookies.
Below is a list of the different types of cookies used on this site, and an explanation of what they are used for. If you would like any more information, please get in touch.
Cookie |
Name |
Expiration Time |
Purpose |
Shopping Basket |
PHPSESSID |
24 minutes |
This cookie is used to keep track of what items are in a user's shopping basket. |
Cookie Consent |
dtAnalyticsConsent |
1 year |
This cookie is used to monitor the users consent for analytical cookies on our site. No user data is collected without this being enabled. |
Google Analytics |
_ga |
2 years |
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. |
_gid |
24 hours |
||
_gat_tracker-name |
1 minute |
||
Microsoft Clarity |
_clck |
1 year |
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site and how they interact with the website. |
_clsk |
1 year |
||
CLID |
1 year |
||
ANONCHK |
1 year |
||
MR |
1 year |
||
MUID |
1 year |
||
SM |
1 year |
||
New Relic |
__cfduid |
1 year |
This cookie is used to collect information about visitor's experience of the site in terms of performance. This helps us to monitor that our systems are working quickly and effectively, and to identify any problematic areas. |
Your Rights
You have the right to request a copy of any information that we currently hold about you. In order to receive such information please send your contact details including address to the following address:
The Deep
Tower St, Hull
HU9 1TU
Other websites
This privacy policy only covers this website. Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.