At Brown & Bye, we understand that we have a responsibility to protect and respect your privacy and look after your personal data.
Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
For clarity, Brown & Bye may be both data controller and data processor for your personal data under certain circumstances. In this document, “we”, “our”, or “us” refer to Brown & Bye.
We must advise that this policy is subject to change, so please check our website on a regular basis for any further changes.
Who are we?
Brown & Bye is based in Bristol, UK, offering a bar/cafe/restaurant/venue-hire and showroom for collectibles and furniture.
Brown & Bye have a registered address at Unit 3, The Boathouse Gasworks Lane, Bristol, BS15AT.
Our company number is 10796767.
Our VAT number is 274131520.
How the law protects you
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent, correspondence of a billing contracts, to enable billing and remittance, and to contact you for customer service purposes.
How do we collect personal data from you?
We collect personal data in the following ways:
1. Information we process because we start a working relationship and you purchase food, drinks or furniture from us:
When you hire Brown & Bye, a working relationship is formed between you and us. The service we provide to you necessarily entails you providing us with personal information in order to undertake agreed work and future billing.
If you provide us with personal data about a third party (for example your own clients, customers, staff or suppliers), you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.
We shall continue to process this information until the working relationship between us ends or is terminated by either party.
2. Information we process with your consent:
Through certain actions when otherwise there is no working relationship between us, such as when you ask us to provide you with more information about our venue, you provide your consent to us to process information that may be personal information.
Wherever possible, we aim to obtain your explicit consent to process this information. Sometimes you might give your consent implicitly, such as when you write to us requesting a response.
We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by writing to us at Unit 3, The Boathouse, Gasworks Lane, Brunel Quay, Bristol BS1 5AT or by email at firstname.lastname@example.org. If you do so, we shall not be able to provide our services further.
3. Information we process for the purposes of legitimate interests:
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so. Where we process your information on this basis, we do after having given careful consideration to:
- whether we could achieve the same objective by other means
- whether processing (or not processing) might cause you harm
- whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so
For example, we may process your data on this basis for the purposes of:
- record-keeping for the proper and necessary administration of our business
- protecting and asserting your rights, our rights, or the rights of any other third party
- insuring against or obtaining professional advice that is required to manage business risk
- protecting your interests where we believe we have a duty to do so
4. Information we process because we have a legal obligation:
We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
This may include your personal information.
What type of data do we collect from you?
During initial enquiries, the personal data that we may collect from you may includes your name, email address and phone numbers. We collect the data you have given to us in order to reply with the information you need.
We record your request and our reply in order to increase the efficiency of our business.
Whether correspondence is from initial enquiries, or ongoing working relationship, we record personally identifiable information associated with any correspondence we have with you so as to be able to track our communications with you to provide a high quality service.
Why do we collect your data?
We use information about you in the following ways:
- To help us identify you and any bookings you hold with us;
- To provide customer care, including responding to your requests if you contact us with a query;
- To administer accounts, process payments and keep track of billing and payments;
- To carry out marketing and statistical analysis;
- To review job applications;
- To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- To inform you of service and price changes;
- To comply with our contractual obligations we have with you.
How long will we keep your data?
Personal data collected from initial enquiries may be stored so as to be able to affectively respond to you should you contact us again.
We will keep your personal data for the duration of the period you are a client of Brown & Bye. We shall retain your data only for as long as necessary in accordance with applicable laws.
On ending your working relationship, we may keep your data for up to 1 year. We may keep it for research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.
We may not be able to delete your data before this time due to our legal and/or accountancy obligations.
Who has access to your personal data?
Your personal data is accessible only to employees of Brown & Bye.
Where we store your personal data:
We follow accepted standards to store and protect the personal data we collect, including the use of encryption if appropriate.
Personal information is stored in online databases for which data is encrypted via SSL/TLS when transmitted from servers to browsers. Our database backups are also encrypted.
Although personal information is stored on some third party systems (see below), these third parties do not share that data or generally know what type of data being store. The data is only used by the account owner and invited users as we intend to use it.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.
Do third parties have access to your data?
For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes.
We may pass your personal data to third parties for the provision of services on our behalf. However, we will only ever share information about you that is necessary to provide the service and ensure your personal data is secure and will not be used for any marketing purposes. For complete transparency, please refer to third parties we use along with your data below:
- MailChimp – for the management and sending or marketing emails. We share your name and email address when opted in, with a easy unsubscribe option available on each email.
We may share your personal data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of Brown & Bye, our customers, or others. This includes but is not limited to exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction and dispute policies. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our agreed obligations with you. It may also mean that we shall be unable to provide our services or process the cancellation of your service.
You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There may be legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.
Our Privacy Notice shall be made clear to you at the point of collection of your personal data.
We will not contact you for marketing purposes unless you have given us your prior consent.
Accessing and updating your data
You must maintain the accuracy of your information and ensure all your details, including but not limited to, name, address, phone number and email address are kept up to date at all times. You must do this by emailing email@example.com.
You have the right to access the information we hold about you. Please email your requests to firstname.lastname@example.org so that we can obtain this information for you.
At any time you may review or update or request that we remove personally identifiable information that we hold about you. To obtain a copy of any information you may send us a request at email@example.com
After receiving the request, we will tell you when we expect to provide you with the information. This will be within one month of the request.
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Links to other websites
We agree to take reasonable measures to protect your data in accordance with applicable laws.
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Please email any questions or comments you have about privacy to us at firstname.lastname@example.org
Your right to make a complaint
If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done using the following details
Information Commissioner’s Office
Tel: 0303 123 1113
Our registration reference number is ZB290845