As you know, everything we do at The Hot Breakfast is highly personalised. In order to deliver that service, we need to handle your personal information: we assure you that we’ll always do so in as transparent a manner as possible, as well as in accordance with best practice and current data protection legislation.
This page sets out what data we collect, why we collect it, how it is used and processed and what your rights are. Please direct any comments or queries to firstname.lastname@example.org.
What We Mean When We
… use capitalised terms is set out at the bottom of this page.
Data controller: When you contract with us as a Member, or apply for Membership, or attend one of our Events, or use our Website, we are the data controller and are responsible for your personal data.
Your Personal Data
This is the personal data about Members and Friends that we may collect from you:
Application Form: The personal details that you provide when submitting an Application Form. These include your name, email address, phone number, sex, ethnicity, date of birth, public profile, dietary requirements, information about your work and interests and other information that you elect to provide to support your Application. We may supplement this information by collecting data from public sources, such as LinkedIn and Companies House.
We also collect information about your debit/credit card and bank account information provided by you to our payment service providers, that we require for the purpose of recording and processing your Application Form (and administering your Membership). For further details please also refer to the section below headed “Payment Information”.
Event Reservations: In respect of any Event, we will collect the first and last name of the Member and/or Friend attending the Event, their email address, billing and payment information (where applicable), any dietary requirements, and responses to any questions that we may pose in relation to individual Events, which are designed to optimise the Event experience.
Referrals: If you were referred to The Hot Breakfast by a third party, we gather your first name, surname and email address. We may supplement this information by collecting data from public sources, such as LinkedIn and Companies House.
Other shared information: Personal details you choose to give us, whether in person, in written or oral correspondence, by participating in surveys or otherwise visiting and interacting with this Website or any other websites we operate, and personal data that you provide to us when you attend one of our Events. We may also gather personal data about you via other correspondence and interactions. This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and resulting communications.
How we use your personal data
We use your personal data:
Application Forms and Online Profiles: To acknowledge, review and administer your Application (and where applicable put you on our Membership waiting list) and, in the case of Members’ Online Profiles, to administer your Membership, provide you with curated services and administer your account. Such use of your personal data is necessary in order to assess and implement your request to become a Member and thereafter to deliver our services in accordance with our Agreement with you.
For the avoidance of doubt, no information provided in an Application Form or Online Profile is made publicly available by us, subject to sharing your full name, occupation and email address with those you meet at our Events (which we will not do if requested otherwise) and to advising our venue partners of any relevant dietary requirements.
Event Bookings: If you, or your Friend, is/are attending an Event, to administer and deliver it, for example to process a payment, make relevant introductions, ensure that everyone is fed/watered appropriately and that any access requirements are met, and provide related services.
Public profiling: In marketing and publicity campaigns, if you agree to take part in interviews, member profiles, blogs or social media campaigns. Your consent to the disclosure of any personal data that you provide is implied in such participation, which also waives your right to receive any payment from us in connection with that marketing or publicity.
Referrals: If you were referred to us by a third party then we will use your full name and email address (as provided by your referee) to send you one direct email about our services.
Newsletter subscription: Names and email addresses are used by us in order to deliver our newsletter to Subscribers’ inboxes.
Business requirements: As necessary for certain Legitimate Business Interests, which may include:
responding to any enquiries or complaints you make;
administering our Website, including helping ensure that it is presented in the most effective manner for you and your device;
conducting analytics to inform our marketing strategy and enable us to enhance and personalise the experience we offer to our Members and in our communications;
if you ask us to delete your personal data or to be removed from any of our lists and we are required to fulfil your request, to keep basic personal data to identify you and prevent further unwanted processing;
we may anonymise, aggregate and de-identify the personal data that we collect and use such anonymised, aggregated and de-identified data for our own internal business purposes, including sharing it with our current and prospective Members, newsletter subscribers, business partners, our affiliated businesses, agents and other third parties for commercial, statistical and/or market research purposes, for example to allow those parties to analyse patterns among groups of people, and conducting research on demographics, interests and behaviour;
for internal business/technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep our Website and information systems secure; and
to (a) comply with legal obligations, (b) respond to requests from competent authorities; (c) enforce our Table Rules; (d) protect our operations or those of any of any affiliated businesses; (e) protect our rights, safety or property, and/or those belonging to any affiliated businesses, you or others; and (f) enforcing or defending legal rights, or preventing damage.
You have the right to object at any time to processing of your personal data that is based on our Legitimate Business Interests on grounds relating to your particular situation.
Surveys: To contact you in connection with surveys and use any information you choose to submit in response, provided that you gave us your consent to being contacted in this way at the time you provided us with the personal data that we use.
Other: If you consent to its use for other purposes at the time of providing your personal data then we may use it accordingly.
Disclosing your personal data
The Hot Breakfast is committed to treating all personal data with absolute respect. We maintain all records and personal data in the strictest confidence. Exceptions to this rule apply to:
Facilitating connections following Breakfasts: When you attend a Breakfast, we will or may share your full name, email address and job title after the event with the other attendees unless you tell us you would prefer to be omitted either prior to or at the Breakfast.
Direct introductions: We will only make direct introductions between Members when we have received prior consent from both parties to make the introduction.
Service providers: We work with various third parties to help us to deliver our services, including (without limitation) event venues, catering suppliers, hosts, coaches, facilitators, card processing or payment services, IT suppliers and contractors (including data hosting providers), web analytics providers, providers of digital advertising services, marketing and sales software solutions. Where appropriate, we will disclose personal data to such third parties on a strictly need-to-know basis, who may then access, process or store your personal data in the course of performing their responsibilities to us and solely in order to perform the services we have hired them to provide.
Business transfers: If we sell our business or our company assets are acquired by a third party, personal data held by us about our Members, Applicants, Subscribers and other customers may comprise one of the transferred assets.
Administrative and legal reasons: if we need to disclose your personal data (i) to comply with a legal obligation and/or judicial or regulatory proceedings, a court order or other legal process; (ii) to enforce our T&Cs, Table Rules or other applicable contract terms that you are subject to; or (iii) to protect us, our Members, Applicants, or contractors against loss or damage. This may include (without limit) exchanging information with the police, courts or law enforcement organisations.
Payment handling: Any credit/debit card payments and other payments you make through our Website will be processed by our third party payment providers and the payment data you submit will be securely stored and encrypted using up to date industry standards. Please note that we do not ourselves directly process or store the debit/credit card data that you submit.
Storage of payment data: We shall arrange that payment data you submit in support of an Application Form is stored while we review your Application. If it is successful (or if you are put on to a Membership waiting list), please note that this data will then be used to process your Joining Fee and for the purpose of processing any future payments that you make as a Member for additional goods and services. We will store this data in accordance with our legal obligations under applicable law and only for so long as legally permitted. You may choose to opt out of us holding your card or payment data although this means that you will need to re-supply us with card/payment details to initiate your membership subscription fee or for the purpose of making any future purchases.
Transfers of payment data: Your personal data may be transferred to, and stored in, countries other than the country in which the information was originally collected (including the United States and other destinations outside the European Economic Area (“EEA”)) to our payment providers for the purposes described above. Please note that these countries may not provide the same legal standards for protection of your personal data that you have in the United Kingdom or EEA. Where we transfer your personal data to countries outside the EEA we will act in accordance with good business practice in order to ensure that your personal data will continue to be protected, implement appropriate safeguards where appropriate.
Password protection: All Applicants are required to create a password when applying for Membership, which approved Members can then use in conjunction with their email address to access and update their Online Profile, including personal data. Members are responsible for doing everything they reasonably can to keep their login details secure.
Security measures: We will take appropriate measures technical and organisational security measures to protect the personal data that you submit to us against unauthorised and/or unlawful access or loss, destruction or damage, but we cannot guarantee the security of personal data that you provide to us online because the electronic transmission of information over the internet or public communications networks can never be completely secure.
Personal data retention
In the case of Applicants who become Members, we retain personal data provided in Application Forms, related searches and Online Profiles for the duration of their Membership, plus three years.
In the case of Applicants who do not proceed to become Members, we retain personal data provided in Application Forms and related searches for up to one year.
When you request or consent to receive marketing communications (including our newsletter), we will keep the personal data required to provide such communications until you unsubscribe.
Determination of period: To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process it, applicable legal requirements or operational retention needs, and whether we can achieve those purposes through other means.
Expiry of retention period: Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.
Your Personal Data Protection Rights
Certain applicable data protection laws give you specific rights in relation to your personal data. In particular, if the processing of your personal data is subject to European data protection legislation, you have the following rights in relation to your personal data:
Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details such as the purpose of the data processing. If you require additional copies, we may need to charge a reasonable administration fee.
Right to rectification: If your personal data is inaccurate or incomplete, and you cannot correct it directly yourself (e.g. through your Online Profile), you are entitled to ask that we correct or complete it. If we shared the corrected personal data with others, we will tell them about the correction where possible and appropriate. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to erasure: You may ask us to delete or remove your personal data, such as where our legal basis for the processing is your consent and you withdraw consent. If we shared your data with others, we will tell them about the erasure where possible and appropriate. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data with so you can contact them directly. We may continue processing personal data where this is necessary for a Legitimate Business Interest.
Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the personal data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to data portability: You have the right to obtain personal data that you consented to give us or that was provided to us by you as necessary in connection with an agreement between us and you. We will provide you with your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing your data before we received notice that you wished to withdraw your consent.
Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the UK data protection authority (the Information Commissioner’s Office). Please note that exercising these rights may affect our ability to deliver services, and we cannot be held liable for any consequential failure to fulfil our contractual provisions to you. If you wish to exercise any of these rights please contact us at email@example.com. We may also need to ask you for further information to verify your identity before we can respond to any request.
Application Form means the online application process to become a Member of The Hot Breakfast, which is set out on our website at www.thehotbreakfast.com/apply, as amended from time to time.
Events mean the events and services organised by The Hot Breakfast, which include, without limitation, our Breakfasts (Walks, Feasts and the À La Carte service) and Parties.
Friend means a person attending one of our Events as the guest of a Member (whether that Member is present at the Event or not).
Legitimate Business Interests means the interests of The Hot Breakfast, as relate to its Purpose, taking account of any likely impact of the enactment of those interests on others, including rights under data protection laws.
Member means an individual who has applied, and been accepted, for membership with The Hot Breakfast on the basis of the T&Cs.
Online Profile means the personal information provided by a Member online, which is held privately by The Hot Breakfast for the purposes of providing an optimum service to the Member.
Subscriber means a subscriber to our monthly newsletter, the “Breakfast Bulletin”.
Table Rules mean the code of conduct available [here] that we ask and require all Members and any Friends to subscribe to when attending our Events or participating in matters relating to The Hot Breakfast in order to safeguard the interests and benefits of the Community, and which form a part of our T&Cs.
T&Cs means the terms and conditions applicable to Membership and/or attending one of our Events, available [here].
Website means The Hot Breakfast’s online domain, www.thehotbreakfast.com, as updated from time to time.