MAYFAIR POINT PRIVACY POLICY

1. INTRODUCTION
   1. This privacy policy (Privacy Policy) sets out the ways in which we, Mayfair Point Limited (we, us, our), collect and use your personal data (your personal information) in connection with our business. It also explains what rights you have to access or change your personal data.
   2. Our website is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 18. If you are under the age of 18, please do not access our website at any time or in any manner. We will take appropriate steps to delete the personal information of persons under the age of 18.
2. ABOUT US
   1. We are a company registered in England under company number 02599000, with our registered address as set out below.
      
      You can contact us as follows:
      
      FAO:                       Business Centre Manager
      
      Address:                 Mayfair Point, 34 South Molton Street, London, W1K 5RG, UK
      
      Email:                     privacy@mayfairpoint.co.uk
       
3. INFORMATION WE MAY COLLECT ABOUT YOU
   1. Information that you provide to us.
      1. We will collect any information that you provide to us when you:
         1. make an enquiry, provide feedback, or make a complaint over the phone, by email or on our website;
         2. submit correspondence to us by post, email, or via our website;
         3. book meeting rooms, conference rooms, physical office and virtual office facilities on our website;
         4. create an account with us or otherwise register to be our client;
         5. update your profile and other account details;
         6. attend our premises;
         7. ask our staff for assistance, e.g. to make travel arrangements or restaurant reservations on your behalf;
         8. fill in a form, conduct a search, post content on the website, respond to surveys, participate in promotions or use any other features of the website;
         9. submit a CV, an application to a job vacancy or attend an interview or assessment; and
         10. ‘follow’, ‘like’, post to or interact with our social media accounts.
      2. The information you provide to us will include (depending on the circumstances):
         1. Identity and contact data: title, names, addresses, email addresses and phone numbers;
         2. Account profile data: if you’re registering for an account you may also provide a username, password, company name, and job title/position;
         3. Financial Data: when you are paying for the products or services we provide to you, you will also provide payment details, which may include billing addresses, credit/debit card details and bank account details;
         4. Identification and background data: in order to receive some of our services, you will need to provide certain identity documents such as a copy of your passport or driving licence, proof of home address in the form of a utility bill or bank statement, or proof of registered office address such as a letter from the HMRC or your accountant, to allow us to carry out identity and compliance checks;
         5. Employment data: if you are submitting a job application, you may also provide additional information about your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the UK, your national security number, your passport or other identity document details, and any other such similar information that you may provide to us; and
         6. Sensitive information: in some limited circumstances, for example when submitting a job application, using our services (e.g. office space) or asking our staff for assistance (e.g. to facilitate access to our premises, make reasonable adjustments necessary to enable you to use our premises, or make catering arrangements if you specify a particular dietary requirement), you may provide information about your race or ethnicity, religious beliefs, sexual orientation, health and whether or not you have any disability. We need to have further justification for collecting, storing and using this type of personal information. We process such personal information on the basis of your explicit consent or where it is needed in the public interest for equal opportunities monitoring.
   2. Information we collect about you:
   3. Information we receive from third parties
      1. In certain circumstances, we will receive information about you from third parties. For example:
         1. Brokers: we may receive information about you from brokers and other intermediaries (who are based both inside and outside the EU), in particular if you have indicated to such third parties that you would like to hear from us;
         2. Fraud detection agencies and publicly available sources: where permitted or required by law, we may receive information about you from third party service providers, financial crime compliance and KYC solutions providers based inside the EU and/or publicly available sources such as Companies House, to carry out identity and compliance checks;
         3. Service providers: we may collect personal information from our third party service providers based inside the EU, such as our email cloud service provider, email verification service provider, our workspace management software provider, our website developer, IT support provider, and payment services provider; and
         4. Website security: we will collect information from our website security service partners who are based inside the EU, about any misuse to the website, for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful.
      2. We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.
4. HOW WE USE INFORMATION ABOUT YOU
   1. We will use your information for the purposes listed below either on the basis of:
      1. performance of your contract with us and the provision of our services to you;
      2. your consent (where we request it);
      3. where we need to comply with a legal or regulatory obligation; or
      4. our legitimate interests or those of a third party (see the “Legitimate Interest” section below).
   2. We use your information for the following purposes:
      1. To provide access to our website: to provide you with access to our website in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);
      2. To register your account: when you sign up to use our website or our services, we will use the details provided on your account registration form (on the basis of performing our contract with you);
      3. To carry out identity and compliance checks: to comply with any client verification obligations and/or any other legislation or regulations applicable to the provision of our services, and to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interest to operate a safe and lawful business and to detect and prevent fraud, or where we have a legal obligation to do so);
      4. To provide virtual and physical office services: we use your information to administer your account, and to provide you with the relevant virtual or physical office services (which may include mail handling, telephone answering, scanning, faxing, photocopying, occasional administration, receptionist services, broadband, IT and telephony services, catering services, cleaning services, security services, and other services as agreed from time to time) (on the basis of performing our contract with you);
      5. To process and facilitate transactions with us: we will use your information to process transactions and payments, and to collect and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover debts due);
      6. Relationship management: to manage our relationship with you, which will include notifying you about changes to our terms of use or Privacy Policy, and asking you to leave a review or take a survey (on the basis of performing our contract with you, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated and study how our website and services are used);
      7. User and customer support: to provide customer service and support (on the basis of our contract with you or on the basis of our legitimate interests to provide you with customer service), deal with enquiries or complaints about the website and/or our services, and share your information with our service providers as necessary to provide customer support (on the basis of our legitimate interest in providing the correct products and services to our website users and to comply with our legal obligations);
      8. Recruitment: to process any job applications you submit to us (on the basis of our legitimate interest to recruit new employees or contractors);
      9. Marketing: to keep in contact with you about our news, events, new website features products or services that we believe may interest you, provided that we have the requisite permission to do so (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
      10. Analytics: to use data analytics to optimising the use of our website, to improve our website, products/services, and customer relationships (on the basis of our legitimate interests in personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you, developing our business, and informing our marketing strategy);
      11. Fraud and unlawful activity detection: to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and
      12. Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
   3. Legitimate Interest. As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have identified above. Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to the “Your Rights” section below.
5. WHO WE MIGHT SHARE YOUR INFORMATION WITH
   1. In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties such as:
      1. Your prospective and existing customers and clients: when you use our virtual office services or use our office space, our staff will provide your personal information to your prospective or existing clients e.g. to direct them to the relevant meeting room or connect them to you over the phone or via email;
      2. Our service providers: service providers we work with to deliver our business, who are acting as processors and provide us with:
         1. website development and hosting services based in the EU;
         2. workspace management software services based in the EU;
         3. payment services based in the EU;
         4. IT, system administration, and security services based in the EU;
         5. identity verification, fraud prevention and detection services based in the UK; and
         6. legal, accountancy, and other professional advisers based in the United Kingdom.
      3. Other third parties on the basis of your instructions: we may share your information and the personal information of others that you provide when you or your organisation requests such information to be shared, e.g. we may need to provide your contact details to taxi companies, restaurants, and other organisations if we make reservations on your behalf;
      4. Regulators and governmental bodies: HM Revenue & Customs, regulators, governmental bodies and other authorities acting as processors or joint controllers based in the United Kingdom, who require reporting of processing activities in certain circumstances;
      5. Prospective buyers of our business: any prospective buyer of our business or assets, only in the event that we decide to sell any of our business or assets; and
      6. Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
   2. We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.
6. COOKIES
   1. We use cookies to ensure that you get the most out of our website. Cookies are small amounts of information in the form of text files which we store on the device you use to access our website. Cookies allow us to monitor your use of the software and simplify your use of the website. For example, a temporary cookie is also used to keep track of your "session". Without that temporary cookie you would need to resubmit your log-in details for each webpage you visit on our website.
   2. If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the website.
   3. The names of the cookies used on our website and the purposes for which these cookies are used are set out in the table below:

       

      Cookie Name	Purpose	Duration
      PHPSESSID	To allow a user to stay logged in to our website without needing to submit log-in details for each page visited.	End of browser session
      __utmt	Used to throttle request rate.	10 minutes
      __utma	Used to distinguish users and sessions.	2 years from set/update
      __utmb	Used to determine new sessions/ visits.	30 mins from set/update
      __utmc	Operates in conjunction with the __utmb cookie to determine whether user is in a new session/visit.	End of browser session

   4. Our website may contain content and links to other sites that are operated by third parties that may also operate cookies. We don’t control these third party sites or cookies and this Privacy Policy does not apply to them. Please consult the terms and conditions and privacy policy of the relevant third party site to find out how that site collects and uses your information and to establish whether and for what purpose they use cookies.
7. HOW WE LOOK AFTER YOUR INFORMATION AND HOW LONG WE KEEP IT FOR
   1. We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
      1. ensuring the physical security of our offices, or other sites;
      2. ensuring the physical security of our paper files and hard copy documents;
      3. ensuring the physical and digital security of our equipment and devices by using appropriate password protection;
      4. maintaining a data protection policy for, and delivering data protection training to, our employees; and
      5. limiting access to your personal information to those in our company who need to use it in the course of their work.
   2. We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do. We look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example, we keep information about the due diligence about our clients that we are legally obliged to conduct for approximately 6 years.
8. HELP KEEP YOUR INFORMATION SAFE
   1. You can also play a part in keeping your information safe by:
      1. choosing a strong account password and changing it regularly;
      2. using different passwords for different online accounts;
      3. keeping your login and password confidential and avoiding sharing these details with others;
      4. making sure you log out of the website each time you have finished using it. This is particularly important when using a shared computer;
      5. letting us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission;
      6. keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software; and
      7. being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in ‘@mayfairpoint.co.uk’.
9. INTERNATIONAL TRANSFERS OF YOUR INFORMATION
   1. Our company is located in the UK.
   2. We do not transfer your personal data outside the European Economic Area (EEA) unless you instruct us to transfer your personal data to third parties located outside the EEA; such transfer is necessary to provide the services you have requested from us; or it is otherwise required or permitted by law.
   3. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions is implemented:
      1. Your personal data is transferred to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
      2. Your personal data is transferred to recipients on the basis of specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, European Commission: Model contracts for the transfer of personal data to third countries; and
      3. Your personal data is transferred to recipients based in the US that are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
   4. Please contact us using the contact details at the top of this Privacy Policy if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
10. YOUR RIGHTS TO THE INFORMATION WE HOLD ABOUT YOU
    1. You have certain rights in respect of the information that we hold about you, including:
       1. the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Policy;
       2. the right to ask us not to process your personal data for marketing purposes;
       3. the right to request access to the information that we hold about you;
       4. the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
       5. the right to withdraw your consent for our use of your information in reliance of your consent (refer to the “How we use information about you” section above to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Policy;
       6. the right to object to our using your information on the basis of our legitimate interests (refer to the “How we use information about you” section above to see when we are relying on our legitimate interests) (or those of a third party)) and there is something about your particular situation which makes you want to object to processing on this ground;
       7. the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances;
       8. in certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you; and
       9. the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence.
          
          Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your website user account or use of our services even when you have requested not to receive marketing communications.
    2. How to exercise your rights
       
       You may contact us via the details at the top of this Privacy Policy if you wish to action any of these additional rights and we will comply with your requests unless we have a lawful reason not to do so.
    3. What we need from you to process your requests
       1. We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
       2. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11. PROCESSING PERSONAL INFORMATION ON BEHALF OF OUR CLIENTS
    
    Please note that we also process personal data on behalf of our clients who use our services, including our virtual office, office space, team office, hotdesk, meeting room, and conference room services. In those situations, it is the client who determines the purposes and means of the processing of personal data. Whilst there is a written contract in place between us and our client which sets out our data protection obligations, we neither control what personal data our clients collect nor how they use it. We are not responsible for their privacy statements. This Privacy Policy neither applies to such clients’ use of personal data, nor to our processing of such personal data for such clients. Please consult the terms and conditions and privacy policy of the relevant client to find out how they use your information and to establish whether and for what purpose they collect it.
12. SHARING DATA DIRECTLY WITH THIRD PARTIES
    1. You might end up providing personal information directly to third parties as a consequence of your interactions with our website and other services offered by us. For example, you may provide personal information directly to other users of our office spaces. We are not responsible for how such third parties use personal data provided by you.
    2. Please be responsible with personal information of others when using our services. We are not responsible for your misuse of personal information, or for the direct relationship between you and others when takes place outside of our services.
13. THIRD-PARTY LINKS
    
    The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
14. CHANGES TO THIS PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES
    1. We may make changes to this Privacy Policy from time to time. We will post any changes to our site, or notify you of any material changes by e-mail.
    2. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by updating your profile account information or contacting us via the contact details at the top of this Privacy Policy.

This Privacy Policy was updated on 22 May 2018.