Luxury Leisure Talarius are the main Data Controller for all data processing that occurs on this website. Under our data protection policy, we have strict standards to guarantee the security of any personally identifiable data that we gather from you whilst on this website.
Examples of data that we may gather whilst you are on this website include:
Additional data that we may request whilst on our website may include:
By visiting this website, you agree that we may gather this information and process it according to our Data Protection Policy.
Protection Regulations and Data Protection Bill 2018 which include the right to be informed. In nearly all instances we will ask for your explicit consent before we process your personal information and will at that time inform you of how we process this data, how long we keep it for and whether or not we share it.
Additionally, we recognise individual rights to access, rectify and erase your personal information. To ensure requests are dealt with efficiently and within the timeframes stipulated, access requests must be made via our website electronically or by using a pre addressed application form available from this venue.
Data Access Requests Policy and Process
This policy applies to the companies operating under the control of Luxury Leisure and Talarius Ltd and includes SAL and RAL Ltd. The policy is effective from 25th May 2018 and aims to ensure compliance with the General Data Protection Regulations (GDPR) and the Data Protection Bill 2018.
Rights of the Individual
Luxury Leisure Talarius recognise the rights of the individual as set out in GDPR. In summary they are the,
To ensure that all requests from data subjects are dealt with efficiently and within the timeframes stipulated within the regulation, one of the measures Luxury Leisure Talarius have taken is to employ a designated Data Protection Officer (DPO). Subject access requests will be dealt with by the DPO who will have responsibility for managing the company’s response to the request and ensuring that they are completed in line with the timescales set out in the regulation.
How to make a data access request:
The methods by which data subjects can make requests will be as follows: 1. through the provision of self-addressed access request forms in our venues that can be sent directly to the DPO; 2. by completing the form at the venue and the venue manager sending it (sealed) to the DPO in the internal mail (if the data subject has suitable ID) or 3. fill in the form below.
Verification of Identity
Before a data access request can be fulfilled, the identity of the person making the request has to be established. In other words, we have to ensure that the person making the request is the data subject and the data is confined to data relating to them. If the request is made at a venue and the data subject has a suitable form of ID (which is to be considered as the same as ID for the purposes of age verification. See below) then the venue manager (or most senior person present) can ask the data subject to complete the form and send it to the DPO directly or if the data subject would prefer, they can scan the completed form to GDPRgroup@luxuryleisure.co.uk along with an email confirmation that they have verified the ID of the person making request by having seen a passport, driver license or other accepted form of ID.
If the data subject does not have a suitable form of ID, they can take the form away and send it directly to the DPO and later attend a venue with ID. Staff at that venue can verify the identity of the person present and send an email confirmation to GDPRgroup@luxuryleisure.co.uk to confirm that they have seen the ID of the data subject and the person presenting it was in fact the data subject.
Timeframes – How long do we have?
Subject access requests will be fulfilled without delay but in any case within 1 month of the identity of the subject making the request being verified using reasonable means. There are circumstances in which the regulation allows for a further 2 months should the data be complex or sizeable. The response will be free of charge but we reserve the right to apply an administration charge where requests are manifestly unfounded or repetitive.
ID documents must contain a photograph from which the individual can be identified; state the individual’s date of birth; be valid, and legible. It should bear no visible signs of tampering or reproduction. Acceptable forms of identification include those that carry the PASS logo (e.g. Citizencard); a driving licence (including a provisional licence) with photograph, a passport and military identification cards (these must be carefully checked, under 18’s can carry military ID). Incidents involving suspected forged documents will be recorded and reported.