ID Scanner Policy

1.INTRODUCTION

1.1          The Deltic Group Limited (“we”, “us” or “our”) are committed to protecting and respecting your privacy.

1.2          This notice sets out the basis on which any personal data our ID scanners (each of which we shall refer to as “Scannet”) collect from you, or that you provide to us, will be processed by us.

1.3          This notice relates specifically to our processing of your personal data via Scannet. For further details about our wider policy on the processing of personal data generally, please refer to our privacy policy which is available on our website.

1.4          For the purpose of the General Data Protection Regulation 2016/679 (“GDPR”) and Data Protection Act 2018 the data controller is The Deltic Group Limited of Deltic Avenue, Rooksley, Milton Keynes MK13 8LW (with registration number 07870512).

2.INFORMATION WE MAY COLLECT FROM YOU

2.1          The Scannet machine collects a copy of your Passport, Driving Licence, PASS ID or other National Identification document. Scannet then checks your age and whether you are listed on its database of people who have been banned from this venue and checks if you are the subject of any alerts from other venues.

2.2          You are not obliged to allow us to collect such personal data, but it may be a condition of entry to the venue.

3.PURPOSE AND EXTENT OF PROCESSING

3.1          The Licensing Act 2003 covers four main principles, one of which is the protection of children from harm. This venue and its staff have a legal obligation to ensure that we do not serve alcohol to anyone under the age of 18 years old. Therefore, we need to verify your age. Additionally, we are required by law to prevent crime and disorder, prevent public nuisance and have an obligation to ensure public safety. To assist us in complying with these legal obligations, we may share your information:

3.1.1      with other venues should you be banned from this venue;

3.1.2      through Pubwatch, The Safer Clubbing at Night Network or other networks serving a similar function; or

3.1.3      with the police and local authorities in the event of an incident.

3.2          We do not use automated decision making: all decisions regarding entry to the venue are made at the discretion of the venue management team.

4.LEGAL BASES FOR THE PROCESSING

4.1          The processing of your personal data is necessary for our legitimate interests of operating a safe, legal and compliant venue in line with the principles detailed in paragraph 3.1.

4.2          If we are processing any personal data relating to criminal convictions and/or offences, we are doing so for the purpose of preventing or detecting unlawful acts. This is because the processing (a) is necessary for the purposes of the prevention or detection of an unlawful act, (b) must be carried out without the consent of the individuals involved so as not to prejudice those purposes, and (c) is necessary for reasons of substantial public interest.

5.SECURITY AND WHERE WE STORE YOUR PERSONAL DATA

5.1          Your personal data is stored securely on the individual Scannet unit. Details of customers are only shared externally within the secure Scannet network when a customer has been banned from the venue. This is done for the purpose of preventing crime (please see paragraph 4 above). The data that is shared is a copy of the identification document and a summary of the reason for the ban.

5.2          Your personal data is not transferred outside of the European Union.

6.HOW LONG WE STORE YOUR PERSONAL DATA

6.1          We will keep your information only for as long as it is required, being 31 days if your data is not the subject of an alert. Otherwise, if particular individuals are subject to an alert (say, because they are banned from the venue), then Scannet may store information about them for a longer period up to a maximum of 3 years. As an organisation, we may be required to keep personal data for longer if we are required to do so by law, say, due to ongoing criminal proceedings.

7.YOUR RIGHTS

7.2          The GDPR gives you the following rights:

7.2.1      Right to rectification. You have the right to rectification of inaccurate personal data.

7.2.2      The right to be forgotten. You have the right to obtain from us the erasure of your          personal data where: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or processed; (b) you withdraw your consent to processing for which we previously obtained your consent; (c) you object to the       processing provided there are no overriding legitimate grounds for the processing; (d) the personal data has been unlawfully processed; and (e) we are required to erase the personal data in order to comply with the law.

7.2.3      Right to restriction. You have the right to obtain from us the restriction of processing     where: (a) you contest the accuracy of the personal data we hold about you; (b) the             personal data has been unlawfully processed; (c) we no longer need the personal data      but they are required by you in limited circumstances; (d) you object to the processing pending the verification as to whether our legitimate grounds override those of the data subject.

7.2.4      Right to data portability. In certain limited circumstances, you have the right to receive personal data from us in a structured, commonly used and machine-readable format and the right to transmit it to a third-party organisation.

7.2.5      Right to object. You have the right to object to any of our processing. Please let us know if you object to any of our processing and we will work with you to try and resolve any issues you may have with our processing of your personal data.

7.2.7      Right to complain to the ICO. Whilst we prefer it if you approached us first about any complaints or queries you may have, you always have the right to lodge a complaint with the Information Commissioner’s Office.

7.2.8      Subject access right. Subject to exceptions, you have the right to access personal data we hold about you.  Your right of access can be exercised in accordance with the GDPR.

8.CONTACT

8.1          Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to customer.services@delticgroup.co.uk