PRIVACY POLICY

Last updated: April 2025

1. INTRODUCTION

At 21Soho, we are committed to respecting and protecting your privacy. This policy explains how we collect, use, and store personal data — whether you're a guest, visitor, supplier, employee, or someone who interacts with our venue or website.

We comply with the UK General Data Protection Regulation (UK GDPR) and are committed to being transparent, fair, and accountable in how we handle personal information.

2. DATA PROTECTION PRINCIPLES

We follow six key principles when handling your personal data. We will ensure that your data is:

  1. Used lawfully, fairly, and transparently

  2. Collected for specific, clear purposes

  3. Limited to only what's necessary

  4. Accurate and kept up to date

  5. Stored only as long as needed

  6. Handled securely

3. WHO THIS POLICY APPLIES TO

This policy covers:

  • Customers & Guests: People attending our shows, booking tickets, or using our bar or venue services.

  • Visitors: Anyone entering the venue (including guests at events or meetings).

  • Suppliers & Contractors: Individuals or organisations providing services to us.

  • Employees & Freelancers: Staff or contracted workers employed by 21Soho.

4. WHAT PERSONAL DATA WE COLLECT

Depending on your relationship with us, we may collect:

  • Contact details: Name, email address, phone number

  • Booking information: Tickets purchased, dates of attendance

  • Payment data: Billing address and partial payment info (via secure third-party systems)

  • CCTV footage: For security purposes within our venue

  • Employment-related data (for staff): CVs, bank details, emergency contacts, tax and payroll info

5. HOW WE COLLECT YOUR DATA

We collect your information in several ways, including:

  • Directly from you (e.g., when you make a booking, apply for a job, or contact us)

  • Through our ticketing partners (e.g., Dice, Ticket Tailor, Eventbrite)

  • Security systems (e.g., CCTV)

  • Publicly available sources (e.g., for supplier due diligence)

6. LEGAL BASES FOR PROCESSING

We only use your personal data when the law allows. The most common lawful bases include:

  • Consent: Where you've agreed to receive marketing emails or newsletters

  • Contractual obligation: To provide services like event access or to process job applications

  • Legal obligation: For tax, employment law, or health & safety compliance

  • Legitimate interest: To manage operations, monitor venue security, and improve customer experience

7. HOW WE USE YOUR DATA

We use your data to:

  • Confirm bookings and manage ticketing

  • Keep the venue and our guests safe (via CCTV)

  • Manage business relationships (suppliers, partners)

  • Administer employment and freelance agreements

  • Send relevant communications (where consent is given)

We do not sell your data or use it for profiling.

8. WHO WE SHARE YOUR DATA WITH

We only share data when necessary and always ensure appropriate safeguards are in place. Examples include:

  • Ticketing platforms (like Dice or Eventbrite)

  • Payroll and accounting providers

  • Legal or regulatory authorities (only if required by law)

9. CCTV MONITORING

We use CCTV inside the venue for security, safety, and crime prevention. This footage may be shared with authorities if legally required. Footage is stored securely and only accessed by authorised personnel.

10. HOW WE PROTECT YOUR DATA

We implement security measures such as:

  • Restricted access to data

  • Secure cloud storage

  • Regular updates and audits

  • Staff training on data protection

11. DATA RETENTION

We only keep your data as long as necessary:

  • Booking and customer info: up to 6 years (for tax/legal reasons)

  • CCTV: typically 30 days (unless needed for an investigation)

  • Employment records: as required by law

Once it's no longer needed, your data is securely deleted.

12. YOUR RIGHTS

You have the right to:

  • Access your data

  • Correct inaccurate or incomplete data

  • Ask for your data to be deleted (in some cases)

  • Object to certain types of processing

  • Withdraw consent (where processing is based on consent)

To make a request, contact us using the details below.

13. COOKIES & WEBSITE USE

We may use cookies or tracking technologies on our website to improve your browsing experience. You can manage your cookie preferences via your browser settings. A separate Cookie Policy is available if needed.

14. CONTACT US

If you have questions about this policy or want to exercise your rights, contact:

Data Privacy Contact
21Soho, 3-5 Sutton Row, London W1D 4NR
Email: info@21soho.com

15. COMPLAINTS

If you’re not satisfied with how we handle your data, you can contact the Information Commissioner’s Office (ICO):

www.ico.org.uk