Privacy Policy

Privacy Notice

Last updated: 24 May 2024

1. Introduction

This Privacy Notice provides details about our processing of your personal data, including how and why we use your personal data and how we keep it safe. It also explains the rights you have over your personal data.

The controller responsible for processing your personal data is the Soho House company or affiliated company ('we', 'us' and 'our') with which you have dealings as a website visitor, member or membership applicant, customer or prospective customer, an attendee at one of our events, a subscriber to our publications or newsletters or with which you otherwise engage or communicate. Specific information relating to the types of personal data processed and our purposes of processing that data is set out below.

This Privacy Notice covers all jurisdictions in which we operate and/or in which, or to which, we offer our goods or services. We set out specific data protection information in relation to some of these jurisdictions in the Appendices to this Privacy Notice.

You should read this Privacy Notice so that you know what we do with your personal data. Please also read any other privacy notice that we may provide to you from time to time that may apply to our use of your personal data in specific circumstances.

Please see the 'How to contact us' section at 16 below for details about how to contact us.

2. Explanation of terms

In this Privacy Notice:

'personal data' (also referred to in this Privacy Notice as 'personal information') means any information that relates to you from which you can be directly or indirectly identified;

'process' means any activity relating to personal data, including collection, use, sharing, storage and transmission; and

'controller' is a legal term and refers to the company that makes decisions about how and why your personal data is processed and is therefore responsible for ensuring that the processing is done in accordance with relevant data protection laws.

3. How do we obtain your information?

Most of the personal information we process is provided to us directly by you when you engage with us, such as when you apply to be a member, complete our web forms in order to make an information request, make an enquiry, attend an event, book a room and stay with us, purchase our goods or services or when you subscribe to our newsletter.

We process personal information about you when you use or interact with our website or apps (as applicable) ("Sites"), create an account, generate or make any content on, or upload to, a Site, including preferences you set (such as choice of language), photographs and videos you upload, conversations and connections you have with other users and comments you make via our messaging services.

When you visit, use or navigate our Sites, we may process certain information about you automatically. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our services, and other technical information which may identify you. This information is primarily needed to maintain the security and operation of our Sites, and for our internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies, which you can read more about in our Cookie Policy

We may also collect personal information from available sources in the public domain and from other third parties, such as other members (e.g., if relevant, your proposers for membership).

In certain circumstances, we will also require certain personal data in order to manage our relationship with you/provide you with our services (e.g., your payment card details to take payment or certain information to enable you to create an account with us).

Please note that we may combine the personal data that you provide to us with other information we collect about you when you make a reservation through third-party services, such as online restaurant/hotel reservation websites, so that we may process your requests.

Where we don't need your personal data, we will make this clear, for instance we will explain if any data fields in our forms are optional and can be left blank.

If you submit any personal information relating to another person, you represent that you are authorised by that person to do so and to permit us to use the information in accordance with this Privacy Notice.

4. What information do we collect?

We collect personal data about you, including the following:

Identity and Contact Information: first name, last name, title, postal address, email address and telephone numbers, driving licence, passport, CCTV and photographs.

Personal Details: age, gender and date of birth.

Information collected when you contact us: includes information in emails and other communications with us such as feedback and surveys.

Employment Data: employment details, including employment status, job title, employment address, telephone number and previous employment details.

Diversity, Equality and Inclusion Data: sexual orientation, religion, gender identity and ethnicity and race.

Preferences: Preferred language, direct marketing and cookie preferences.

Nationality: nationality and citizenship.

Financial Data: bank account details, tokenised payment card data and billing information.

Technical Data: device identifiers such as internet protocol (IP) address, usernames or similar identifiers, geolocation data, usage and login data.

Health and Medical Information: Health and disability information and dietary requirements.

Payment information

Any credit/debit card payments and other payments you make through our Sites will be processed by our third-party payment providers. The payment data you submit will be securely stored and encrypted by our payment service providers using up to date industry standards. Please note that aside from card information tokenisation, we do not directly process or store the debit/credit card data that you submit; this is handled by our third-party payment provider.

We may arrange that card or payment data you submit in support of a membership application, subscription fee, ticket purchase and/or F&B purchase at any of our operations is stored for the purpose of processing your application, initiating your membership and collecting your subscription fees if your initial application for membership is successful. If you are put on to a membership waiting list, please note that this data may be stored for later use to initiate your membership and subscription. We store and use card or payment information for the purpose of processing any future payments that you make as a member for additional goods and services.

You may choose to opt out of us holding your card or payment data, although this means that you will need to re-supply us with card/payment details to initiate your membership subscription fee, or for the purpose of making any future purchases.

5. What are our lawful bases for processing your personal data?

We ensure that we have a lawful basis or bases for processing your personal data. Our lawful bases for processing your personal data (which are based on data protection law requirements in the United Kingdom (UK) and European Economic Area (EEA)) are as follows:

o It is necessary in our legitimate interests. We have a legitimate business interest in processing your personal data. Our legitimate interests are in:
o Evaluating and processing your membership application and contacting proposers indicated within your application.
o Providing our products and services.
o Analysing, managing, evaluating and improving our business.
o Dealing with your queries and feedback.
o Improving our guests'/members' experiences
o Managing reservations
o Operating our facilities and events.
o Ensuring the security of our premises, facilities and property.
o Detection and prevention of crime.
o Maintaining the security of our websites.
o Communicating with you regarding your reservation.
Where we rely on legitimate interests, we have balanced our rights against your interests, fundamental rights and freedoms and determined that our legitimate interests are not overridden in those circumstances.

o It is necessary to comply with a legal obligation. We collect and process some information about you to comply with our legal obligations (e.g., in relation to accounting and tax requirements) and keep records as required by law.

o It is necessary for the performance of a contract between you and us or to take steps at your request prior to entering into the contract, for example, we will need to process your personal data to fulfil a transaction with you to provide our goods or services.

o In rare cases, it may be necessary to process your personal data to protect your or another person's vital interests (i.e. your life) – e.g. in emergency circumstances when communicating with first responders or medical professionals – or because it is necessary for the performance of a task in the public interest.

o In limited circumstances, we may request your consent to process your personal data.

When we process particularly sensitive personal data (also known as special categories of personal data) – e.g., health/disability data, sexual orientation, ethnicity/race or religious beliefs – we have an additional lawful basis for the processing of such personal data based on data protection law requirements in the UK and EEA. In the limited circumstances where we process such personal data:

o We will request your explicit consent to do so.
o It is necessary for the establishment, exercise or defence of legal claims.
o It is necessary for reasons of substantial public interest.
o The personal data is manifestly made public by you.
o There may also be very rare occasions where we need to process this information to protect your or another person's vital interests (i.e., your or the other person's life) where you are physically or legally incapable of giving consent.

6. How and why do we use your information?

Please see the table below for details of the different purposes for which we use your personal data, as well as the lawful basis or bases relied upon for each purpose of use:

Purpose
To evaluate your membership application: We will process your data in order to assess your suitability for membership or to check you maintain the conditions of Soho House's membership, when you are asking for the renewal of your membership.

Lawful basis or bases
This processing is necessary for the performance of a contract and for Soho House’s legitimate interests.

For special categories of data this processing is conducted with your explicit consent.

Purpose
Fulfilment of reservation: We may process information relating to your bookings. This includes bookings in our Houses, restaurants, spas and gyms. The data may be processed for the purpose of completing your room reservation/restaurant reservation.

Lawful basis or bases
This processing is necessary for the performance of a contract and is necessary for the purposes of our legitimate interests.

For special categories of data this processing is conducted with your explicit consent.

Purpose
Reservation communications: To communicate with you about your visit to our Site and Digital Channels, Soho Houses, spas, restaurants, gyms and Soho Works sites.

Lawful basis or bases
This processing is necessary for the purposes of our legitimate interests.

For special categories of data this processing is conducted with your explicit consent.

Purpose
Purchases: To process transactions, Soho House must collect data such as your name, purchase, and payment information.

Lawful basis or bases
This processing is necessary for the performance of a contract and Soho House’s Legitimate Interests

Purpose
Events: We also collect information regarding Soho House events, attendance and ticketing which we require for the purposes of completing your ticket purchase and attendance at the event. Soho House also uses personal information about attendees to plan and host corporate events, host online forums and social networks in which event attendees may participate.

Lawful basis or bases
This processing is necessary for the performance of a contract and is necessary for the purposes of our legitimate interests.

For special categories of data this processing is conducted with your explicit consent.

Purpose
Response to enquiries: We may process information contained in or relating to any communication that you send to Soho House. This data may include the communication content and metadata associated with the communication.

Lawful basis or bases
This processing is necessary for the purposes of our legitimate interests to respond to your queries.

For special categories of data this processing is conducted with your explicit consent.

Purpose
Marketing and promotions: To communicate news and promotions to you relating to Soho House’s products and services, or other marketing or promotional activities.

Lawful basis or bases
This processing is carried out with your consent.

Purpose
To understand your preferences and interests: To be able to improve the member’s experience.

Lawful basis or bases
This processing is necessary for the purposes of our legitimate interests in improving our services.

For special categories of data this processing is conducted with your explicit consent.

Purpose
To enable you to socialise on our Site: For example, through Soho Connect and our messaging platform and by allowing other members to identify you via your shared interests if you consent to this through our Site preferences.

Lawful basis or bases
This processing is necessary for the purposes of our legitimate interests.

We will only allow other members to see your shared interests with your consent.

For special categories of data this processing is conducted with your explicit consent.

Purpose
Proposers: To contact proposers you have indicated within your application.

Lawful basis or bases
This processing is necessary for the purposes of our legitimate interests in processing your membership application.

Purpose
Internal business purposes: For our internal business purposes, such as data analysis, audits, market research, developing new products, improving our services, obtaining statistical information, identifying usage trends and visiting patterns, determining the effectiveness of our promotions and meeting contractual obligations.

Lawful basis or bases
This processing is necessary for the purposes of our legitimate interests in improving our products and services and for performing a contract.

Purpose
Your Preferences: To understand your preferences and interests and be able to improve your experience of our goods and services

Lawful basis or bases
This processing is necessary for the purposes of our legitimate interests.
For any special categories of personal data processed: explicit consent

Purpose
Our Sites: To improve, promote and develop our Sites and promote popular conversations, programs and campaigns on the Sites.

Lawful basis or bases
This processing is necessary for the purposes of our legitimate interests.

Purpose
Administrative and other communications: To send you important information regarding our Sites, changes to our terms, conditions, and policies, or other administrative information (e.g., information about your reservations, such as reservation confirmations), to enforce our terms and conditions and policies, to provide you with customer/user support and to contact you for public health reasons and to comply with government guidelines, regulations and mandates.

Lawful basis or bases
This processing is necessary for the purposes of our legitimate interests, and it is necessary to comply with a legal obligation.

For any special categories of personal data processed: explicit consent, legal claims, public information, vital interests and substantial public interest.

Purpose
Our legal duties: To comply with legal and regulatory requirements or demands in accordance with applicable law, a court order, subpoena, or other legal process.

Lawful basis or bases
This processing is necessary to comply with a legal obligation.

Purpose
Corporate Arrangements: To facilitate the sale or potential sale of our business or part of our business.

Lawful basis or bases
This processing is necessary for the purposes of our legitimate interests.

1. Do we share the information we receive?

· Sharing within our group

As a global organisation, we may share your personal data with our group and affiliated companies in order to provide our services and benefits to you, such as to enable you to avail of membership services outside your home country or for our general business management and corporate reporting purposes. With your consent, other group or affiliated companies may send information about their products or services to you. We also share personal data where support or functions are provided by other group and affiliated companies, such as in relation to customer services, website hosting and IT support and maintenance.

· Sharing outside our group

We may also share your personal data with third party service providers outside our group to provide us with services, such as
o card processing or payment service providers;
o credit reference agencies;
o IT suppliers and contractors (e.g. data hosting providers)
o analytics providers/ web analytics providers;
o providers of digital advertising services;
o event organisers and
o providers of CRM, marketing and sales software solutions.

We carry out due diligence to check that these service providers have appropriate security in place to protect your personal data and we enter into written contracts with them to impose appropriate security obligations on them.

We may also share your personal data with third parties who act as controllers of that data.

We may share your personal data with:
· consultants and professional advisors, including our lawyers and accountants;
· prospective sellers, buyers or other third parties if we transfer, purchase, reorganise, merge or sell any part of our business;
· business partners;
· courts and court-appointed persons/entities;
· trade associations;
· our insurers; and
· government departments and statutory and regulatory bodies, including data protection regulators, law enforcement and tax/revenue offices.

2. Is your personal data sent outside your home country?

Soho House is a global organisation that operates in many countries. We may share your personal information with other group or affiliated companies, our service providers, and other third parties that may be located in other countries. Although the data protection laws of these various countries may differ from those in your own country, we will take appropriate measures to ensure that your personal information is handled as described in this Privacy

Notice and in accordance with the applicable law.

If we transfer your personal data outside the UK or EEA (including to our group or affiliated companies), we will implement appropriate safeguards for that transfer in accordance with the applicable law, such as implementing standard contractual clauses for data transfers approved by the relevant data protection authorities or by transferring your data to countries which have been deemed by the relevant data authorities to provide adequate levels of data protection. If you would like to receive more information on the safeguards that we implement, including copies of relevant clauses of data transfer contracts, please contact us as indicated below.

3. How do we protect your personal data?

We take the security of the personal information we collect seriously. We have implemented and maintain technical and organisational security measures (as required by applicable data protection laws) to protect your personal information from accidental or unlawful destruction, damage, loss, alteration or unauthorised disclosure or access.
Unfortunately, the transmission of information over the internet or public communications networks can never be completely secure and we therefore cannot 100 per cent guarantee the security of personal data that you provide to us online.

4. For how long will we keep your information?

We will keep your personal data only for as long as is necessary for the purposes outlined in this Privacy Notice, or for the duration required by any legal, regulatory, accounting or reporting requirements, whichever is longer. We will only ever retain your personal data for a limited period of time.

To determine the appropriate retention period for your personal data, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it, applicable legal requirements or operational retention needs and whether we can achieve those purposes through other means.
Upon expiry of the applicable retention period, we will securely destroy your personal data in accordance with applicable laws and regulations. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.

5. Automated decision making

Automated decisions are where a computer makes decisions about you without a person being involved. Profiling is the recording and analysis of a person's psychological and behavioural characteristics, to assess or predict their capabilities or to assist in identifying or classifying categories of people.

Soho House does not make automated decisions about, or profile, its clients or customers.

6. What are your personal data protection rights?

Certain applicable data protection laws give you specific rights in relation to your personal data. In particular, if the processing of your personal data is subject to data protection law in the UK and EEA, you have the following rights in relation to your personal data:

Right of access: If you ask us, we will confirm whether we are processing your personal data and, subject to certain conditions, we will provide you with a copy of that personal data along with certain other details such as the purpose(s) of the data processing.

Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. Please help us to keep your personal data up to date by letting us know of any changes to your personal data (including changes to your contact details) as soon as possible.

Right to erasure: Subject to certain conditions, you may ask us to delete or remove your personal data, such as where we no longer need the personal data for the purposes for which it was collected or our legal basis for the processing is your consent and you withdraw consent.

Right to restrict processing: You may ask us to restrict or 'block' the processing of your personal data in certain circumstances, such as where you contest the accuracy of the personal data or object to us processing it. We will tell you before we lift any restriction on processing.

Right to data portability: You have the right to obtain from us (or to have transferred to another controller) your personal data that we process by automated means on the basis of your consent or necessity for a contract with you. We will provide the personal data in a structured, commonly used and machine-readable format.

Right to object: You may object to our processing your personal data, and we will stop processing your personal data if (i) we are relying on a legitimate interest to process your personal data, unless we demonstrate compelling legitimate grounds for the processing or (ii) we are processing your personal data for direct marketing purposes.
Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your personal data carried out before we received notice that you wished to withdraw your consent.

7. Right of complaint to your data protection authority

If you have a concern about our privacy practices, including the way we handled your personal data, we would appreciate the opportunity to put it right. However, you may be able to make a complaint to your data protection regulator.

If you are located in the UK, you have the right to complain to the Information Commissioner's Office (ICO) (https://ico.org.uk/).

If you are located in the EEA, you have the right to complain to the competent data protection authority for your jurisdiction, a list of which can be found at https://edpb.europa.eu/about-edpb/board/members_en.

8. Third party notices

This Privacy Notice may contain links to other third party websites. We are not responsible for the content of these other sites and you should read the privacy notices provided by such websites.

9. Changes to this Privacy Notice

We keep our Privacy Notice under regular review. Any changes we may make to our Privacy Notice in the future will be posted to this Site. Please check back frequently to see any updates or changes to this Privacy Notice.

10. How to contact us

If you have any questions about this notice or how we handle your personal data, please contact our Data Protection Officer at [email protected].

APPENDIX 1

PRIVACY NOTICE (ISRAEL)

1. Your personal data protection rights

If the Israeli data protection and privacy laws are applicable to your personal data, Section 12 of the Privacy Notice is replaced as follows:
12. What are your personal data protection rights?
Under Israeli data protection and privacy laws, you have the following rights in relation to your personal data:

·   Right of access: If you ask us, we will confirm whether we are processing your personal data and subject to certain conditions, we will provide you with a copy of that personal data along with certain other details such as the purpose(s) of the data processing.

·   Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. Please help us to keep your personal data up to date by letting us know of any changes to your personal data (including changes to your contact details) as soon as possible.

2. Database Owner

Please note that the equivalent term under the Israeli data protection and privacy laws for "Controller" is "Database Owner".

APPENDIX 2

PRIVACY NOTICE (BRAZIL)

1. Children's data

In compliance with the Brazilian Data Protection Law ('LGPD'), the processing of personal data of children (up to 12 years old) and adolescents (between 12 and 18 years old) will only be carried out in their best interests and, specifically, in relation to children, always with the specific and express consent given by at least one parent or legal guardian. We reserve the right to request proof of your age, at any time, to confirm if we are in compliance with the terms of this Privacy Notice, as well as to cancel any non-compliant accounts (if any). If you are a parent or guardian and believe we have collected children’s personal information in a manner not permitted by local laws, please contact us as set forth in this Privacy Notice and we will take corrective action required by local laws.

2. Your personal data protection rights

If the LGPD is applicable to your personal data, Section 12 of the Privacy Notice is replaced as follows:

12. What are your personal data protection rights?

Under LGPD, you have the following rights in relation to your personal data:

·The right to anonymization, blocking or elimination of data that is unnecessary, excessive, or processed in disagreement with the local law;

·The right to obtain information of the public and private entities with which the controller performed shared use of data; and

·The right to obtain information on the possibility of not providing consent and on the consequences of the refusal.

·In addition to the above rights, you may object to processing based on one of the cases of exemption from consent, in case of non-compliance with LGPD's provisions.

APPENDIX 3

PRIVACY NOTICE (HONG KONG)

This privacy notice relates to website visitors, members or membership applicants, customers or prospective customers, attendees at our events, subscribers to our publications or newsletters or with which you otherwise engage or communicate ('you' or 'your' being interpreted accordingly) living in Hong Kong:
Personal Data (Privacy) Ordinance

We comply with the Personal Data (Privacy) Ordinance ('Ordinance'). You may wish to visit the official website of the Office of the Privacy Commission for more information about this Ordinance.

Supply of personal data

Please note that it is mandatory for you to provide the below categories of personal data which are marked with an asterisk:

·Name and contact details (including home and/or business email, telephone, and address, including country)*
· Gender
· Age/date of birth*
· Occupation, title and employer*
· Payment information, including data about your billing name and address and method of payment, such as bank account details and payment card information*
· Preferred language
· Photos/videos
· Geolocation data
· Online account information, including your log-in details*
· Technical and usage information (such as your IP address, account settings, time zone setting and location) and information about your use of our Sites*
· Enquiry information*
· Feedback and surveys
· Health/disability information
· Dietary requirements
· Religious beliefs
· Your direct marketing and communication preferences
· Information provided by you using our messaging services
· Any other information you provide to us voluntarily

Membership Applicants:
· Identification documents (such as your driving licence, birth certificate or passport). If you are under 27 years old, we will require you to attach to your application a copy of your passport, driving licence or birth certificate in order to allow us to verify whether you are eligible to the reduced under-27-years membership fee, pursuant to the House rules, available here.*
· Nationality*
· Information you provide about your work, skills and/or interests
· Any other information you provide to us voluntarily to support your application or that you disclose in your user profile on our Sites

Members:
· Identification documents (such as your driving licence, birth certificate or passport)*
· Nationality*
· Membership information and information about your (current and past) use of our facilities (including check in/out time and visit log information)*
· CCTV and keycard information*
· Addition guests' names and identification documents*
· Reservation fulfilment information, including details of your bookings with us*
· Information about the products and services you have purchased from us*
· Information about your sign up to our events*
· Information you provide about your work, skills and/or interests

Website Visitors, Event Attendees, Customers, and Publication Subscribers:
· Information about your sign up to, and attendance at, our events*
· Information about your subscriptions to our publications*
· Information you provide about your work, skills and/or interests

In the event that you do not provide such personal data, we may not be able to provide you with our products and services.

Direct Marketing
We intend to use your personal data collected from you (including your name and contact details) for direct marketing purposes (e.g. to communicate news and promotions to you relating to our products and services) and that we may not so use the data unless we have received your consent or indication of no objection.

We do not give your data to third parties for their use in direct marketing. If we ever want to do this, we will obtain your separate consent.

You may opt-out from receiving marketing communications from us at any time, free-of-charge, by contacting our Data Protection Officer at [email protected] or 180 The Strand, London, WC2R 1EA

Personal data protection rights

If Hong Kong law is applicable to your personal data, Section 12 of the Privacy Notice is replaced as follows:

12. What are your personal data protection rights?
Under Hong Kong law, you have the following rights in relation to your personal data:
You have the right to request access to and correction of information held by us about you. If you wish to access or correct your personal data, please contact our Data Protection Officer at [email protected].

In accordance with the Ordinance, we are entitled to charge a reasonable fee for processing any data access or correction requests.

APPENDIX 4

PRIVACY NOTICE (UNITED STATES)

This privacy notice relates to website visitors, members or membership applicants, customers or prospective customers, attendees at our events, subscribers to our publications, or newsletters, or with which you otherwise engage, or communicate ('you' or 'your' being interpreted accordingly) living in the United States and amends the Privacy

Notice in the following respects:
The following information is added to the Privacy Notice:

“Do Not Track” requests
Our Sites currently do not respond to “do not track” or similar signals.
Third-Party websites and social media

Our Sites may contain links to other websites, including those of third parties or partners.

While we seek to link only to sites that share our high standards and respect for privacy, we cannot be responsible for the privacy practices other websites use. By accessing other third party websites or applications through our Sites, you are consenting to the terms and privacy policies of those websites. It is possible that other parties may collect personally identifiable information about your online activities over time and across different websites when you use our Sites.

Our Sites may include social media features, such as Facebook “Likes” or “Recommend” buttons, Pinterest, Twitter, Tumblr, and YouTube. These social media features may require cookies to be set to function properly. These features may also collect personal information such as your IP address. These features are governed by the privacy notice/policy of the social media platform. Please review the privacy notice/policy of the social media platforms to learn how they protect your information.

Users only of legal age of majority
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this service or on or through any of its features/register on the services or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal data from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13 without verifiable parental consent, please contact us at [email protected].

APPENDIX 5

PRIVACY NOTICE (CALIFORNIA)

We adopt this supplemental privacy notice to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (the 'CCPA'). This notice applies solely to website visitors and members who reside in the State of California. Any terms defined in the CCPA have the same meaning when used in this notice.
What information do we collect?
We may collect the personal information categories listed in below:
If you a California resident, please also refer to Appendix 5 'Privacy Notice (California)'.

Personal Information Category
Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers.
Source
Directly from you. For example, from forms you complete.

Sold or Shared
We do not sell or share this information.

Personal Information Category
Categories of personal information described in Cal. Civ. Code § 1798.80(e), such as name, signature, physical characteristics or description, address, telephone number, bank account number, credit card number, debit card number, or any other financial information.

Source
Directly from you. For example, from forms you complete.

Sold or Shared
We do not sell or share this information.

Personal Information Category
Characteristics of protected classifications under state or federal law, such as age, citizenship, and sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions).

Source
Directly from you. For example, from forms you complete.

Sold or Shared
We do not sell or share this information.

Personal Information Category
Commercial information, such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Source
Directly from you. For example, from forms you complete. Indirectly from you. For example, from observing your actions on our Site.

Sold or Shared
We do not sell or share this information.

Personal Information Category
Biometric information

Source
No

Sold or Shared
We do not sell or share this information

Personal Information Category
Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.

Source
Indirectly from you. For example, from observing your actions on our Site.

Sold or Shared
We do not sell or share this information

Personal Information Category
Geolocation data

Source
Directly from you. For example, from forms you complete. Indirectly from you. For example, from observing your actions on our Site.

Sold or Shared
We do not sell or share this information

Personal Information Category
Audio, electronic, visual, thermal, olfactory, or similar information.

Source
Directly from you. For example, from video you upload to our Sites.
Indirectly from you. For example, from observing your actions on our Sites (from CCTV footage).

Sold or Shared
We do not sell or share this information

Personal Information Category

Inferences drawn from other personal information to create a profile about a consumer reflecting a consumer’s preferences, characteristics, and trends.

Source
Indirectly from you. For example, we may combine various piece of personal information to develop inferences.

Sold or shared
We do not sell or share this information

Personal Information Category
Sensitive Personal Information (sexual orientation data, data related to race and ethnic origin, disability data, account login information, financial account information, debit and credit card numbers with any required security code, password, or credentials allowing access to an account, and geolocation data).

Source
Directly from you. For example, from forms you complete.

Sold or shared
We do not sell or share this information.

Personal information does not include: publicly available information lawfully made available from government records, deidentified or aggregated consumer information, or information excluded from the CCPA.

How do we use your personal information?
We may use or disclose the personal information as discussed in this Privacy Notice.
We will not collect additional categories of personal information or use the personal information we collect for material different, unrelated, or incompatible purposes without providing you with notice.

What are your personal data protection rights?
Residents of the California have certain rights. Please note that the below rights are not absolute, and we may be entitled to refuse requests, wholly or in part, where exceptions under applicable law apply.

Right to Access
You have the right to access personal information that we may collect or retain about you. If requested, we shall provide you with a copy of your personal information which we collected as permitted by the CCPA.

You also have the right to receive your personal information in a structured and commonly used format so that it can be transferred to another entity ('data portability').

Right to Know
You have the right to request that we disclose the following about your personal information, as defined by the CCPA:

· The specific personal information we may collect;
· The categories of personal information we may collect;
· The categories of sources from which we may collect your personal information;
· The business purpose(s) for collecting or sharing your personal information;
· The categories of personal information we may disclose for business purposes; and
· The categories of third parties to whom we may share your personal information.

Right to Opt-Out/Do Not Sell My Personal Information
You have the right to opt-out of sharing your personal information with third parties for some purposes, including sharing that may be defined as a sale under applicable laws. You can opt-out of this sharing by clicking on the “Do Not Sell or Share My Information” link at the bottom of our homepage and submitting a request via the authorized methods.
You also may have a right to opt-out of the use of curtained automated decision-making technology.

Do Not Share or Disclose My Sensitive Personal Information
We collect sexual orientation data, data related to race and ethnic origin, disability data, account login information, financial account information, debit and credit card numbers with any required security code, password, or credentials allowing access to an account, and geolocation data.

Right to Deletion
In certain circumstances, you have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (instructions and description below), we will delete, and, as applicable, direct our service providers to delete, your personal information from our records, unless an exception applies.
We may deny your request to delete your personal information if retaining the information is necessary for us or our service providers, subject to certain exemptions in the CCPA.

Right to Correct/Right to Rectification
In certain circumstances, you have the right to request correction of any inaccurate personal information. Upon verifying the validity of a valid consumer correction request, we will use commercially reasonable efforts to correct your personal information as directed, taking into account the nature of the personal information and the purposes of maintaining your personal information.

Right to Non-Discrimination
We will not discriminate against you for exercising any of your rights under the CCPA. Unless permitted by the CCPA, we will not:
· Deny you goods or services;
· Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
· Provide you with a different level or quality of goods or services; or
· Suggest that you receive a different price or rate for goods or services or a different level or quality of goods or services.

California Shine the Light Law
California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact [email protected].

Exercising Your Rights
If you are a resident of California, you can exercise any of your rights as described in this Notice and under the CCPA by emailing us at [email protected]. Except as provided for under applicable privacy laws, there is no charge to exercise any of your legal rights.

However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may (as permitted under the CCPA):
· Charge a reasonable fee taking in account the administrative costs of providing the information or taking the action requested; or
· Refuse to act on the request and notify you of the reason for refusing the request.

What Personal Information Do I Provide to Verify My Identity?

We take the privacy of your personal information seriously and want to ensure that we provide only you or your authorized agent with your personal information. Applicable law also requires that we verify the identity of each person who makes a request to know what personal information we have about you or to delete the personal information we have about you. To verify your identity, we may ask you to provide your:

· First name*
· Last name*
· Middle initial
· Email address
· Phone number
· Order number
· *required field

How Do You Verify My Identity?
We may verify your identity in a few different ways in order to balance the requirements of the CCPA and our obligation to keep your information private. When you make your request, you may be asked to answer a few questions about yourself to help us validate your identity. This is a two-step process using information unique to you, such as an order number, a product in an order, an address or email address, etc.
In some instances, we may ask you to provide other documentation to verify your identity. If this happens, we will reach out to you directly with this request.

What If You Can’t Verify My Identity?
If we can’t verify your identity, we will not be able to process your request to know what personal information we have about you or to delete the personal information we have about you. If we are unable to verify your identity with a high degree of certainty, we will only be able to provide a report with category-level information and we may not be able to delete some of your information.

How to Submit a Request Using an Authorized Agent
An authorized agent is a person or business who has authorization to request to know what personal information we have about you, to delete the personal information we have about you, or to opt out of the sale of personal information on behalf of a California resident. Authorized agents use the same links described above to submit requests.
If you are submitting a request on behalf of another person, we require a valid power of attorney or other documentation demonstrating your authority to submit this request. This can be a letter or other documentation signed by the California resident authorizing you to submit this request. You can download a sample letter from the request form.

How Do I Send You My Documentation?
If you submit a request via email at [email protected], you must include the appropriate above listed documentation in order for us to act on your request.

Response Timing and Format
We will confirm receipt of a request within 10 days and provide information about how we will process the request. We endeavor to substantively respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosure we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If you wish to appeal our decision, please submit your appeal to the above contact information. Please clearly denote that it is an appeal.

APPENDIX 6

PRIVACY NOTICE (INDIA)

This privacy notice relates to website visitors, members or membership applicants, customers or prospective customers, attendees at our events, subscribers to our publications or newsletters or with which you otherwise engage or communicate ('you' or 'your' being interpreted accordingly) residing in India and amends the Privacy Notice in the following respects:

1. Application of the privacy notice

The privacy notice shall apply to the collection and processing of personal data. 'Personal data' as used in this privacy notice means any information about you or in relation to you, through which you may be identified and includes, but is not limited to, any data collected online as well as information collected through offline means and digitized subsequently.

2. Legal basis for processing

We may process your personal data on the basis of one or more grounds for processing outlined below:

· Consent: We may request your consent for the processing of your personal data, where relying upon the same. Our request for consent will be specific, informed and express and will provide the personal data being processed, purposes and processing in line with this privacy notice. You have the option of requesting that this notice and/or this privacy notice be provided to you in English or any other Indian language.

You may provide such consent directly to us or through a Consent Manager (which is compatible with our platform), in accordance with law. In the event that you provide such consent through a Consent Manager, we may process your personal data to verify that you have provided appropriate authority to the Consent Manager for providing consent on your behalf.

· Legitimate Use: We may process your personal data for certain legitimate uses. For example, you may voluntarily submit your personal data on our website or otherwise provide it to us voluntarily, for example, by (i) submitting your personal data through the membership ‘Sign Up’ page, (ii) providing information using the ‘Contact Us’ feature, (iii) physically visiting one of our spaces or (iv) otherwise emailing or contacting us. We may process your personal data for the purposes of fulfilling your request pertaining to our services, providing services to you, for contacting you and/or for purposes as indicated under ‘How We Use Your Information’. In such cases, we would not require further consent from you for processing your personal data.

· Legal Obligations: We may process your personal data for legal compliance i.e., for fulfilling our obligations under any law, for complying with judgments or orders of courts or appropriate authorities and continue to store your personal data for such period required by such law, order or direction, thereof. In such cases, we would not require further consent from you for processing your personal data.

· Emergencies: We may process your personal data for responding to medical emergencies, for providing medical treatment during disasters, epidemics, public health situations or for taking other measures to secure safety to any person during disasters or other breakdown of public order. In such situations, we would not require further consent from you for processing your personal data.

· Employment: We may process your personal data for responding to your queries and actions in regard to gaining fresh or new employment with us. The personal data shared with us for the purposes of employment will be collected under a deemed voluntarily shared consent. In such situations, we would not require an express consent from you for processing your personal data.

3. Special provisions for Children or Persons with Disabilities

If you are under 18 (eighteen) years of age ('Child') or a person with a disability and providing your personal data to us, we will require consent from your parent or legal guardian for processing of such personal data, in accordance with the legal requirements surrounding such consent. The parental consent thus obtained will be verified and reviewed by us pursuant to which we will process your personal data, and as the case may be, provide you services. We will not:

· process any personal data in a manner that is likely to cause any detrimental effect on the well-being of a Child; or

· undertake any processing which involves tracking, behavioural monitoring of a Child or conduct targeted advertising at a Child.

4. Cross-border transfers

We may share your personal data or store the same with third parties located outside India, in such countries or territories, and with such third parties, who ensure the same or similar level of data protection that is adhered to by us under Indian law. We will not transfer or share your personal data with third parties in such territories or countries, which are restricted by the Government for the purposes indicated under ‘How and why do we use your information’.

5. Security of Personal Data

We will implement appropriate technical, organizational as well as security measures to protect your personal data, by implementing reasonable security practices and procedures. Our information security management systems are aligned with at least best industry-standard practices and procedures or those specifically required by Indian laws.

We will report any cyber security incident affecting our systems and/or networks to the relevant supervisory authorities as appropriate and in accordance with their stated practices and procedures. Where such incidents involve your personal data, in addition to appropriate authorities, we may notify you about such incidents in such form, manner and containing such information as required by law.

6. Disclosure of Personal Data

We may share or disclose your personal data with third parties in the manner provided by law including with:

To our affiliates or group companies for the purposes described in this notice;

To third-party service providers such as payment service providers, credit reference agencies, IT suppliers and contractors, web service and analytics providers, digital advertising service providers, providers of CRM and other software solutions, legal advisors, and other service providers to enable them to provide services required for processing and delivery of products and services to you;

To our third-party service providers who provide services such as website hosting, email delivery, auditing, fraud detection and other services;

To third parties, to permit them to send you marketing communications, for the purpose of data or website analysis, market research, sticky quotient, website analytics, advertising and development purposes consistent with your choices if you have opted into such sharing; and
Such data available in reports and other materials provided by you and/or your company may be shared pursuant to an engagement with another business partner and/or a supplier.
We may also use and disclose your personal data as we believe to be necessary or appropriate:

· to comply with applicable law, which may include laws outside your country of residence, to respond to requests from public and government authorities, which may include authorities outside your country of residence, to cooperate with law enforcement or for other legal reasons;

· to enforce our terms and conditions;

· to enforce or protect our contractual or other legal rights or to defend or bring legal proceedings, threats or notices of legal proceedings thereof; and

· to protect our rights, privacy, safety or property, and/or that of our affiliates and other users.

In addition, we may use, disclose or transfer your information to a third party if necessary for a reorganization, restructuring, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) approved by a court or other legal authority.

7. Your Rights

You have the following rights with regard to your personal data processed by us:

· Where we are processing your personal data on the basis of consent, you have the right to withdraw such consent at any time by writing an email to us at the coordinates provided in this notice.

· You have the right to request a summary of personal data being processed by us and processing activities undertaken with respect to such personal data, along with identities of third parties with whom your personal data is shared and related information;

· You have the right to request correction, updating, erasure of your personal data being processed by us in the form and manner prescribed by law. We will modify, update or erase your information on the basis of your request, unless otherwise required to do so under law;

· You have the right to readily available means of raising grievances with regard to any processing of your personal data by us by writing to us at the details outlined in this notice. In the event that you are not satisfied with the response provided, you have a right to approach any data protection authority or board in accordance with law;

· You have the right to nominate another individual who would exercise your rights with regard to your personal data being processed by us in the unfortunate event of death or incapacity, in accordance with law.

8. Grievance Redressal

You may reach out to our designated officer below in case of any queries, concerns or grievances you may have regarding our processing of your personal data. The details of the same have been specified below.

Data Protection Officer
Email Address: [email protected]

APPENDIX 7

PRIVACY NOTICE (MEXICO)

This privacy notice relates to website visitors, members or membership applicants, customers or prospective customers, attendees at our events, subscribers to our publications or newsletters or with which you otherwise engage or communicate residing in Mexico and amends the Privacy Notice in the following respects:

I. For purposes of Mexican law, this is your Privacy Notice (Aviso de Privacidad).

Ii. The address of the controller in Mexico is located at Calle Versalles No. 28, Colonia Juárez, Cuauhtémoc, CDMX, C.P. 06600.

Iii. The following sensitive personal data is going to be processed by us:

· Health/disability information.
· Dietary requirements.
· Religious beliefs.

Iv. With respect to the processing of your personal data, only the following are considered to be the primary purposes:

Website visitors, customers or prospective customers, membership applicants, members, attendees at our events, subscribers to our publications or newsletters or other individuals who engage or communicate with us:

· Processing purchases and transactions.
· Dealing with and responding to enquiries and communications.
· Managing our business, operating our Sites, providing, and evaluating our messaging services, facilities, and events.
· Providing our goods and services.
· Our internal business purposes and technical operations, troubleshooting, data analysis, audit and testing.
· Sending you important information regarding our Sites, changes to our terms, conditions, and policies, or other administrative information.
· Enforcing our terms and conditions and policies.
· Providing you with customer/user support and to contact you for public health reasons.
· Complying with government guidelines, regulations, and mandates.
· Obtaining legal advice and/or to protecting us, our staff, members and customers and the public against injury, theft, legal liability, fraud, abuse, and other misconduct.
· Complying with legal and regulatory requirements or demands in accordance with applicable law, a court order, subpoena, or other legal process.
· Facilitating the sale or potential sale of our business or part of our business.

Membership applicants
· Acknowledging, confirming, and dealing with your membership application and assessing your suitability for membership (and where necessary put you on our waiting list).
· Evaluating your application.
· Automatically creating a user account in our system with the data provided by you.
· If you have opted into receiving SMS/WhatsApp messages from us, we may also send messages to you and collect mobile data on you about membership and the membership application process.

Members
· Providing you with membership services, administering your membership account, contacting you regarding your use of the services (including sending confirmations or pre-arrival messages) and assisting you with meetings, events or celebrations.
· Checking you maintain the conditions of membership when you are asking for the renewal of your membership.
· Enabling you to create a member account and log in to it via our Sites.
· Processing information relating to your bookings, including completing your room reservations, providing services to you and answering any queries you may have.
· Keeping proper records of your stays at our locations and data related to such transactions.
· Collecting information regarding your visits to our locations, restaurants, spas, workspaces, and gyms for capacity planning purposes and to comply with government guidelines, regulations, and mandates.
· If you have opted into it, sending SMS/WhatsApp messages to you and collecting mobile data about your membership and use of our services.
· Processing information about you when you act as a proposer for a prospective new member.
· Enabling you to socialise on our Sites and our messaging platform and to allow other members to identify you via your shared interests if you consent to this through our Site preferences.

Website visitors, event attendees, customers, and publication subscribers
· Enabling you to create an account and log in to it via our Sites.
· Completing your ticket purchase for attendance at our events.
· Planning and hosting corporate events and hosting online forums and social networks in which event attendees may participate.
· Assessing access and the suitability of our locations and/or events and for catering purposes.

All of the other purposes are considered as secondary purposes and do not give rise to, or are not necessary for, a legal relationship between the controller and the data subjects.

In the event that you do not want your personal data to be processed for these secondary purposes, please send an email to the following email address [email protected], indicating your refusal to permit the use of your personal data for the above-listed secondary purpose or purposes.

V. Additionally, in relation to the rights described in Section 12 of the Privacy Notice, you also have the following right with respect to your personal data: limitation on use and disclosure of your personal data. Please note that the right of data portability is not applicable in Mexico.

In order to exercise any of your rights with respect to your personal data, please follow the following procedure:
· Submit a request in writing to us through the following email [email protected], which must contain the following information:
o your full name and email, or other appropriate means to communicate the response to your request;
o the documents that prove your identity or, where appropriate, that of your legal representative;
o a clear and precise description of the personal data with respect to which you seek to exercise any of your rights; or the statement that you wish to limit the use and disclosure of your personal data; and
o any other element or information that facilitates the location of the personal data, as well as any other document required by current regulations at the time of submitting the request.
· You may also request further information on the procedure to exercise your rights by contacting us at the above email address.

We will respond to your requests in accordance with the terms, conditions and deadlines established under the applicable law.

6. With respect to the use of cookies to process your personal data, please note that these cookies may be disabled in accordance with the settings on the use of cookies on the browser or internet service you are using (for more information on how to disable such cookies, please see here.

7. We reserve the right to modify and/or update this privacy notice, in some or all of its parts, at its sole discretion, in which case it will communicate it by publishing the updated version with the last date of modification on the Sites, where it will be updated and displayed so that you can review it at any time.

8. Date of the last update: May 24th 2024.

APPENDIX 8
PRIVACY NOTICE (TÜRKIYE)

This privacy notice relates to website visitors, members or membership applicants, customers or prospective customers, attendees at our events, subscribers to our publications or newsletters or with which you otherwise engage or communicate, living in Türkiye and amends the Privacy Notice in the following respects:
Processing of sensitive personal data
If Turkish law is applicable to your personal data, the information relating to 'sensitive personal data' (also known as 'special categories of personal data') in Section 5 of the Privacy Notice is replaced as follows:
1. What are our lawful bases for processing your personal data?

Sensitive personal data:

Personal data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive personal data.

We may process data relating to your race, ethnic origin, religion, sect or other beliefs, appearance and dress and health on the basis of your explicit consent.

Purposes of processing:
On the other hand, personal data relating to health and sexual life may be processed without your explicit consent only for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of confidentiality.

For website visitors, customers or prospective customers, membership applicants, members, attendees at our events, subscribers to our publications or newsletters or any other individuals who otherwise engage or communicate with us - we may process your sensitive personal data for the purposes detailed in Section 6, 'How and why do we use your information?' in the Privacy Notice.

For membership applicants - in addition to the purposes detailed at Section 6, 'How and why do we use your information?' in the Privacy Notice, we may also process your sensitive personal data for the purposes detailed in Section I, 'For what additional purposes do we use membership applicant information?' of the Privacy Notice.

For members - in addition to the purposes detailed at Section 6, 'How and why do we use your information?' in the Privacy Notice we may also process your sensitive personal data for the purposes detailed Section II, 'For what additional purposes do we use member information?' of the Privacy Notice.

For website visitors, event attendees, customers, and publication subscribers - in addition to the purposes detailed at Section 6, 'How and why do we use your information?' in the Privacy Notice, we may also process your sensitive personal data for the purposes detailed Section III, 'For what additional purposes do we use your personal information?' of the Privacy Notice.

Data sharing
If Turkish law is applicable to your personal data, the following information is added to Section 7 of the Privacy Notice:
2. Do we share the information we receive?

We are a global organization that operates in many countries. Therefore, we can share your personal data among our group and affiliated companies, service providers, other third parties, public institutions and organizations, consultants and law offices established in Türkiye and/or the European Union/European Economic Area (“EEA”) and/or other countries by complying the requirements established under Article 8 and 9 of the Personal Data Protection Law numbered 6698 (“PDPL”) to fulfil the purposes established under this Section 7 (Do we share the information we receive?). We have implemented and maintain appropriate technical and organisational security measures with respect to such data sharing.

Legal grounds

If Turkish law is applicable to your personal data, the following information is added to Section 6 of the Privacy Notice as follows:

Personal data transfers within Türkiye

Your personal data is transferred by us to our group and affiliated companies, our business partners, third party service providers, suppliers, public institutions and organizations, consultants and law firms established in Türkiye based on the legal grounds listed below to fulfil the purposes established under Section 7 (Do we share the information we receive?). We have implemented and maintain appropriate and adequate security measures with respect to such data transfers.

Legal grounds:
· Processing of personal data is explicitly provided for by the law.
· Processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of the contract.
· Processing is necessary for us to fulfil our legal obligations.
· Processing is mandatory for the establishment, exercise, or protection of a right.
· Processing is mandatory for the protection of the life or physical integrity of the data subject who is unable to provide his/her consent due to actual impossibility or whose consent is not legally valid.
· Personal data has been made public by the data subject.
· Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.

Your name, surname, email address and/or telephone number are processed within the scope of advertising and marketing activities upon your explicit consent and transferred to the third-party service providers and suppliers.

Sensitive personal data (such as health data) can only be transferred with your explicit consent in line with the conditions for data transfer stipulated under the PDPL.

Cross-border personal data transfers

If Turkish law is applicable to your personal data, Section 8 of the Privacy Notice is replaced as follows:

3. Is your personal data sent outside your home country?

In order to fulfil the purposes established Section 7 (Do we share the information we receive?), Soho House transfers your personal data among our group and affiliated companies, its service providers, and other third parties located outside Türkiye and
in case of the existence of a legal ground listed under Section 6 (Personal data transfers within Türkiye), personal data can be transferred outside Türkiye without your explicit consent under the following conditions:

· If the recipient country to which personal data will be transferred has an adequate level of protection; or
· In the absence of an adequate level of protection, the data exporter and the data importer undertake an adequate level of protection in writing and obtain the Personal Data Protection Authority’s approval (or approval of Binding Corporate Rules).

Sensitive personal data (such as health data) may be transferred outside Türkiye with your explicit consent in line with the conditions for data transfer stipulated under the PDPL.

Your personal data protection rights

If Turkish law is applicable to your personal data, Section 12 of the Privacy Notice is replaced as follows:

4. What are your personal data protection rights?

You have the following rights regarding your personal data under the PDPL:

· To learn whether any of your personal data is being processed;
· To request information if personal data has been processed;
· To learn the purpose of the processing personal data and whether they are used in compliance with the purpose;
· To know the third parties to whom your personal data is transferred within the country or abroad;
· To request the rectification of your incomplete or inaccurate data (if any);
· To request the erasure or destruction of your personal data;
· To request reporting of the transactions of rectification or disposal to third parties to whom your personal data have been transferred;
· To object to the occurrence of an unfavourable result against you as a result of analyzing the data processed solely through automated systems; and
· To claim compensation.

In order to exercise the aforementioned rights, you shall convey your request in writing, along with the information that will enable your identification, to us through the following means of communication:
a. via e-mail to [email protected],;
b. via mail to the address Evliya Çelebi, Meşrutiyet Cd. No:56, 34430 Beyoğlu/İstanbul, Türkiye; or
c. via our application form.

In order for your request to be responded quickly, “Personal Data Information Request” should be written on the application envelope and/or the subject of the email.

Your submitted requests will be responded within 30 (thirty) days from the date of receipt of your request, depending on the nature of the request. If the information and documents you submit to us are incomplete or incomprehensible, we will contact you to clarify your request.

Privacy Policy

Stay in touch