Table of Contents
Who processes your Personal Data ?
Which Personal Data do we process and for what purpose?
Overview of processing activities
How long do we keep Personal Data for ?
Protection and storage of your data
Links to other websites
Supervisory authority and applicable law
Grafter Offices (“Grafter”, “we”, “us” and “our”) is committed to protecting the privacy of our users and customers. When you visit our websites, social media pages (or subdomains) through computer or mobile devices (“Apps”), make a reservation, communicate with us, purchase products from us, and/or visit or stay at one of our hotels, we collect personal data from and about you.
Collectively, we refer to the websites, Apps and social media pages operated by as “Online Services”.
Grafter is the collective term we use for a number of different legal entities all of which are affiliates of or involved in the business carried on by Grafter Offices (see our website at https://grafteroffices.com for further details).
It is also intended to assist you in making informed decisions when using our Online Services and our products and services. Please take a minute to read and understand the policy.
If you want to know more or if you have any queries, please write to us at:
41 Leeson Street Lower
Or send an email to firstname.lastname@example.org
- Who Processes Your Personal Data?
Our group companies and their employees;
Successors in title to our business;
Third party consultants, contractors or other service providers who may access your personal information when providing services listed below (including but not limited to support services) to us;
Government bodies and law enforcement agencies and in response to other legal and regulatory requests;
Auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate.
- Which Personal Data Do We Process, and For What Purposes Do We Process Personal Data?
Personal data is any data that identifies you as an individual. The types of personal data we collect, and process include the following:
Contact details – such as name, age, phone or address
Identity documents – such as passport information or other identify cards
Financial information – any debit/credit card details you provide and financial transactions you make with us;
Health information where disclosed and relevant to the provision of services (such as details regarding allergies);
Preferences – such as special requests, service issues and other preferences for your stay;
Event attendance details – records of attendance at any events hosted by us, including any CCTV footage
Technical information – such as information about the device you use to interact with us (including the unique device identifier, hardware model, operating system and version, and mobile network information, in the case of our mobile App); and
Communication – when you contact us, such as to send an enquiry or make a request, any correspondence or application may be kept and added to your personal information.
Uses made of your personal data (see schedule 1 below for further details)
We use your personal data in order to:
Pursue our legitimate interest to enhance and manage your customer experience with us, provide you with information, products or services that you request from us or which we feel may interest you, run customer loyalty programmes, advertise our services or where you have consented to be contacted for such purposes (our list of services below);
Administer our business and improve our products and services by analysing, responding to and acting on the data provided, including surveys you complete and issues you have raised with us via the Channels;
Carry out our obligations arising from any contracts entered into between you and us;
Contact you for marketing purposes where you have consented to be contacted for such purposes;
Comply with legislation;
Prevent or detect fraud;
Notify you about changes to our services
Ensure network, IT and information security
Provide third parties with anonymized statistical information about our users (but those third parties will not be able to identify any individual user from that information)
Gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our Online Services, newsletters and email subscriptions (you may unsubscribe at any time).
Personal Data submitted to us through the Channels or our website will be used for the purposes specified in this policy, and in Schedule 1 below. “Channels” means the following applications, websites and other relevant properties, via which you complete surveys and send or receive messages to or from us:
Facebook / Facebook Messenger / Instagram Messenger
- We Collect, Store and Process Personal Data at Three Different Stages:
Before you decide visit one of our premises and
When you stay or have stayed in one of our hotels, or visited one of our bars, restaurants or entertainment venues.
When you engage with us through the use of third-party feedback management applications in some of our venues
(i) Before you decide visit one of our premises
(ii) When you use one of our workspaces, or stay or have stayed in one of our hotels, or visited one of our bars, restaurants or entertainment venues
When you make a reservation, you will have to provide us with your name, your (email) address, phone number, the dates you are staying with, or visiting us and a credit card token or other payment information if applicable. We use this personal data to process the reservation, for billing purposes, and to allow us to communicate with you about your reservation. When you stay or have stayed in one of our hotels, or visited one of our bars, restaurants or entertainment venues, we will collect personal data about your preferences, use of our services, and location. We will retain this information for two year from the date of your visit, or for as long as you are opted in to marketing from us.
(iii) Where you choose to engage with us through the use of surveys or third-party feedback management applications in some of our venues
We may collect, store and use the following kinds of Personal Data via the use of ServiceDock: (LeapChat Ltd.)
a.) Information that you or the Channels provide to us when commencing a survey (including your email address, profile pictures, name and gender);
b.) Information that you or the Channels provide to us when completing a survey or messaging us via the Channels (including the timing, frequency and pattern of service use);
c.) Information contained in or relating to any communication that you send to us via the Channels;
d.) Information about your computer, tablet, smartphone or similar device (IP address and domain), your internet browser and your operating system (system settings), using standard data collection techniques such as cookies; and
e.) Any other Personal Data that you choose to send to us.
Regardless of which Grafter Offices workspace you engage with, your personal data will be stored in: (i) centralized systems which are under the control of Grafter Office Operations and accessible for authorized staff of Press Up Entertainment Group (Grafter’s partner company) , and (ii) local systems controlled solely by the relevant business. We want to get to know you, because that enables us to make your experience with us more pleasant, so you may one day decide to return to our workspace, hotels, bars, and restaurants or entertainment venues.
4b. How Long Do We Keep Personal Information For?
We will generally retain your personal information for as long as is necessary for the purpose it was collected unless we need to retain it for legal purposes or in accordance with commercial practice and regulatory requirements. Generally, where there is no legal requirement, we retain all physical and electronic records for a period of 2 years after your last contact with us. Exceptions to this rule are:
CCTV records which are held for no more than [30 days] unless we need to preserve the records for crime prevention;
Information that may be relevant to any legal claims (for example personal injury claims) may be retained until the limitation period for those types of claims has expired. It is important to ensure that the personal information we hold about you is accurate and up-to-date.
4c. Use of Children’s Data
Our partner company Press Up Hospitality offers some services to children via the Captain Americas and wagamama brands which are primarily targeted at children, and others that are intended for users of all ages and their families including activities that may collect information from children. Below we summarize potential instances of collection and outline how and when we will provide parental notice and/or seek parental consent. In any instance that we collect personal information from a child, we will retain that information only so long as reasonably necessary to fulfil the activity request or allow the child to continue to participate in the activity, and ensure the security of our users and our services, or as required by law. In the event we discover we have collected information from a child in a manner inconsistent with the GDPR’s requirements, we will either delete the information or immediately seek the parent’s consent for that collection.
Registration for Kids Club
Children up to the age of 12 can be registered for our Kids Club on our Captain Americas and wagamama websites. Every year on the child’s birthday we will send a birthday card to your child’s registered postal address with a voucher for a free kid’s meal.
During the registration process, we ask for the Parents name and email address for notification and security purposes, as well as the child’s first name and date of birth, (for age verification purposes) and a postal address.
We occasionally run in-venue competitions where we collect data. Unless specified with an option to tick a consent box, this information will not be used to market to you. This information is only collected to inform you if you are a lucky prize winner. Data will not be retained after the closing date of any such competition.
About the Collection of a Parent or Legal Guardian’s Email Address
This information is collected for notification and security purposes. If you believe your child is participating in a Kids Club activity that collects personal information and you or another parent/guardian have NOT received an email confirming subscription to the kids club, please feel free to contact us at email@example.com. We will not use parent emails provided for parental consent purposes to market to the parent, unless the parent has expressly opted in to email marketing or has separately participated in an activity that allows for such email contact.
When Information Collected From Children Is Available to Others
We may share or disclose personal information collected from children in a limited number of instances, including the following:
We may share information with our service providers if necessary for them to perform a business, professional, or technology support function for us.
We may disclose personal information if permitted or required by law, for example, in response to a court order.
Parental Choices and Controls
At any time, parents can refuse to permit us to store personal information from their children in association with a particular account, and can request that we delete from our records the personal information we have collected in connection with that account. Please keep in mind that a request to delete records may lead to a termination of a membership, or other service.
Where a child has registered for a Captain Americas or wagamama’s Kids Club, we use one method to allow parents to access, change, or delete the personally identifiable information that we have collected from their children:
Parents can contact us to request access to, change, or delete their child’s personal information by sending an email to us at firstname.lastname@example.org. A valid request to delete personal information will be accommodated within 30 days as per the GDPR legislation.
Parents of Captain Americas or wagamama’s Kids Club members may contact us directly at: email@example.com
In any correspondence, please include the child’s name and the parent’s email address. To protect children’s privacy and security, we will take reasonable steps to help verify a parent’s identity before granting access to any personal information.
- Your Choices and Rights
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our products or services, then you can contact us using the contact details below.
We endeavour to keep your data accurate, complete and up to date. If your information that we hold is inaccurate, you can let us know. We will make the necessary amendments, erase or block the relevant Data as you request and notify you within one month of your request that relevant action has been taken. All requests should be addressed to firstname.lastname@example.org
You may also request in writing copies of your Data held by us. Please quote your name and address and provide brief details of the information you would like. We may also request proof of identification to verify your access request. We will provide you with a copy of the data held by us as soon as practicable and within one month after the request in writing is received and verified by us, unless the complexity of the matter requires a longer period of time to comply with your request. All access requests should be addressed to email@example.com
We recognise that you have certain rights as a ‘data subject’ and we are committed to upholding these. These include the right to be informed, the right to rectification, the right to access, the right to restrict processing, the right to data portability, the right to object and the right to withdraw consent.
We want to be as transparent as possible in our processing. Please get in touch with us by emailing firstname.lastname@example.org to find out more or to exercise your information rights.
- Protection and Storage of Your Data
We have used and will continue to use reasonable endeavours to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored on a virtual private server that is secured by means of state-of-the-art protection measures.
Please be aware that communications over the internet, such as emails/webmail are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the world wide web/internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
A strictly limited amount of people have access to your personal data. In any instance that we collect personal information from you, we will retain that information only so long as reasonably necessary to fulfil the activity request or to allow you to continue to use our services, and ensure the security of our users and our services, or as required by law. Please keep in mind that a request to delete records may lead to a termination of a membership, or other service provided by us.
Please refer to http://www.allaboutcookies.org if you require information about cookies in general or would like to know how to disable cookies on the website.
- Links to Other Websites
Our Online Services may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please review those policies before you submit any data to those websites.
We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.
- Supervisory Authority and Applicable Law
With respect to the processing of your personal data, Grafter Operations is the ‘main establishment’ of Grafter. This means that the data protection authority of Ireland shall have jurisdiction with respect to the cross-border processing of your personal data in which Grafter Operations. Notwithstanding the foregoing you shall be entitled to lodge a complaint with the competent supervisory authority in the territory of a Grafter Operations business.
The processing of your personal data by Grafter and our partner company Press Up Entertainment Group business(s) shall be subject to the laws of Ireland, including the General Data Protection Regulation, when it applies from 25 May 2018 onwards. The applicability of the laws of Ireland and General Data Protection Regulation shall be without prejudice to any provisions that may apply to a particular processing activity under local mandatory data protection law. The Office of the Data Protection Commissioner regulates data protection in Ireland. Further information can be found at www.dataprotection.ie
In case you have any questions in relation to this Privacy Statement, you may send an email to email@example.com
We have done our best to make sure that this Privacy Statement explains the way in which we process your personal data, and rights you have in relation thereto. We may change this Privacy Statement from time to time to make sure it is still up to date. To make sure you consult the most recent version of our Privacy Statement, please check the Privacy Statement published on our website.
- Changes to this Privacy Statement
Grafter Officers reserves the right to change this Privacy Statement. Grafter Offices will provide notification of the material changes to this Privacy Statement through the Company’s websites at least fifteen (15) business days prior to the change taking effect.
If you want to know more or if you have any queries, please write to us at:
41 Leeson Street Lower