Privacy policy.

We take your privacy seriously.

Introduction


Grafter House (“Grafter”, “we”, “us” and “our”) is committed to protecting the privacy of our users and customers. When you visit our websites, social media pages (or subdomains) through computer or mobile devices (“Apps”), make a reservation, communicate with us, purchase products from us, and/or visit or stay at one of our hotels, we collect personal data from and about you.

Collectively, we refer to the websites, Apps and social media pages operated by as “Online Services”.

Grafter is the collective term we use for a number of different legal entities all of which are affiliates of or involved in the business carried on by Grafter House.

We have developed this Privacy Policy to explain how we manage and process your personal data and to ensure we do so in compliance with our obligations under applicable data protection laws. This Privacy Policy describes what personal data is collected and for what purposes. It also states what rights you have under applicable data protection law.

It is also intended to assist you in making informed decisions when using our Online Services and our products and services. Please take a minute to read and understand the policy.

If you want to know more or if you have any queries, please write to us at:

Grafter House
41 Leeson Street Lower
St. Kevin’s
Dublin 2

Or send an email to hello@grafterhouse.com

Who Processes Your Personal Data?

Your information may, for the purposes set out in this privacy policy, be disclosed to the following, including others:

  • Our employees;

  • Our affiliates;

  • Our group companies and their employees;

  • Successors in title to our business;

  • Third party consultants, contractors or other service providers who may access your personal information when providing services listed below (including but not limited to support services) to us;

  • Government bodies and law enforcement agencies and in response to other legal and regulatory requests;

  • Auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate.

Which Personal Data Do We Process, and For What Purposes Do We Process Personal Data?

Personal data is any data that identifies you as an individual. The types of personal data we collect, and process include the following:

  • Contact details – such as name, age, phone or address

  • Identity documents – such as passport information or other identify cards

  • Financial information – any debit/credit card details you provide and financial transactions you make with us;

  • Health information where disclosed and relevant to the provision of services (such as details regarding allergies);

  • Preferences – such as special requests, service issues and other preferences for your stay;

  • Event attendance details – records of attendance at any events hosted by us, including any CCTV footage

  • Technical information – such as information about the device you use to interact with us (including the unique device identifier, hardware model, operating system and version, and mobile network information, in the case of our mobile App); and Communication – when you contact us, such as to send an enquiry or make a request, any correspondence or application may be kept and added to your personal information.

  • Uses made of your personal data (see schedule 1 below for further details)

We use your personal data in order to:

  • Pursue our legitimate interest to enhance and manage your customer experience with us, provide you with information, products or services that you request from us or which we feel may interest you, run customer loyalty programmes, advertise our services or where you have consented to be contacted for such purposes (our list of services below);

  • Administer our business and improve our products and services by analysing, responding to and acting on the data provided, including surveys you complete and issues you have raised with us via the Channels;

  • Carry out our obligations arising from any contracts entered into between you and us;

  • Contact you for marketing purposes where you have consented to be contacted for such purposes;

  • Comply with legislation;

  • Prevent or detect fraud;

  • Notify you about changes to our services

  • Ensure network, IT and information security

  • Provide third parties with anonymized statistical information about our users (but those third parties will not be able to identify any individual user from that information)

  • Gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our Online Services, newsletters and email subscriptions (you may unsubscribe at any time).

Personal Data submitted to us through the Channels or our website will be used for the purposes specified in this policy, and in Schedule 1 below. “Channels” means the following applications, websites and other relevant properties, via which you complete surveys and send or receive messages to or from us:

  • Facebook / Facebook Messenger / Instagram Messenger

  • Email

  • Telephone

We Collect, Store and Process Personal Data at Three Different Stages:

  1. Before you decide visit one of our premises and

  2. When you stay or have stayed in one of our hotels, or visited one of our bars, restaurants or entertainment venues.

  3. When you engage with us through the use of third-party feedback management applications in some of our venues

(1) Before you decide visit one of our premises

When you visit our websites, we collect information about your use of the website. This includes both information we collect directly from you, and information we collect about your browsers session on our websites. This information may constitute ‘personal data’ under applicable law. We use this information to provide you with (personal) offers, both on our website and via advertisements on other websites you visit. The information about your use of the website comprises http header information which your browser transmits to our webserver, information collected through the use of cookies and log information which displays the pages that you visited on our Website.

(2) When you use one of our workspaces, or stay or have stayed in one of our hotels, or visited one of our bars, restaurants or entertainment venues

When you make a reservation, you will have to provide us with your name, your (email) address, phone number, the dates you are staying with, or visiting us and a credit card token or other payment information if applicable. We use this personal data to process the reservation, for billing purposes, and to allow us to communicate with you about your reservation. When you stay or have stayed in one of our hotels, or visited one of our bars, restaurants or entertainment venues, we will collect personal data about your preferences, use of our services, and location. We will retain this information for two year from the date of your visit, or for as long as you are opted in to marketing from us.

(3) Where you choose to engage with us through the use of surveys or third-party feedback management applications in some of our venues:

We may collect, store and use the following kinds of Personal Data via the use of ServiceDock: (LeapChat Ltd.)

a.) Information that you or the Channels provide to us when commencing a survey (including your email address, profile pictures, name and gender);

b.) Information that you or the Channels provide to us when completing a survey or messaging us via the Channels (including the timing, frequency and pattern of service use);

c.) Information contained in or relating to any communication that you send to us via the Channels;

d.) Information about your computer, tablet, smartphone or similar device (IP address and domain), your internet browser and your operating system (system settings), using standard data collection techniques such as cookies; and

e.) Any other Personal Data that you choose to send to us.

Regardless of which Grafter House workspace you engage with, your personal data will be stored in: (i) centralized systems which are under the control of Grafter Office Operations and accessible for authorized staff of Press Up Entertainment Group (Grafter’s partner company) , and (ii) local systems controlled solely by the relevant business. We want to get to know you, because that enables us to make your experience with us more pleasant, so you may one day decide to return to our workspace, hotels, bars, and restaurants or entertainment venues.

How Long Do We Keep Personal Information For?

We will generally retain your personal information for as long as is necessary for the purpose it was collected unless we need to retain it for legal purposes or in accordance with commercial practice and regulatory requirements. Generally, where there is no legal requirement, we retain all physical and electronic records for a period of 2 years after your last contact with us. Exceptions to this rule are:

CCTV records which are held for no more than [30 days] unless we need to preserve the records for crime prevention;
Information that may be relevant to any legal claims (for example personal injury claims) may be retained until the limitation period for those types of claims has expired. It is important to ensure that the personal information we hold about you is accurate and up-to-date.


Use of Children’s Data

Our partner company Press Up Hospitality offers some services to children via the Captain Americas and wagamama brands which are primarily targeted at children, and others that are intended for users of all ages and their families including activities that may collect information from children. Below we summarize potential instances of collection and outline how and when we will provide parental notice and/or seek parental consent. In any instance that we collect personal information from a child, we will retain that information only so long as reasonably necessary to fulfil the activity request or allow the child to continue to participate in the activity, and ensure the security of our users and our services, or as required by law. In the event we discover we have collected information from a child in a manner inconsistent with the GDPR’s requirements, we will either delete the information or immediately seek the parent’s consent for that collection.

Registration for Kids Club

Children up to the age of 12 can be registered for our Kids Club on our Captain Americas and wagamama websites. Every year on the child’s birthday we will send a birthday card to your child’s registered postal address with a voucher for a free kid’s meal.

During the registration process, we ask for the Parents name and email address for notification and security purposes, as well as the child’s first name and date of birth, (for age verification purposes) and a postal address.

Competitions

We occasionally run in-venue competitions where we collect data. Unless specified with an option to tick a consent box, this information will not be used to market to you. This information is only collected to inform you if you are a lucky prize winner. Data will not be retained after the closing date of any such competition.

About the Collection of a Parent or Legal Guardian’s Email Address

This information is collected for notification and security purposes. If you believe your child is participating in a Kids Club activity that collects personal information and you or another parent/guardian have NOT received an email confirming subscription to the kids club, please feel free to contact us at hello@grafteroffices.com. We will not use parent emails provided for parental consent purposes to market to the parent, unless the parent has expressly opted in to email marketing or has separately participated in an activity that allows for such email contact.

When Information Collected From Children Is Available to Others

We may share or disclose personal information collected from children in a limited number of instances, including the following:

  • We may share information with our service providers if necessary for them to perform a business, professional, or technology support function for us.

  • We may disclose personal information if permitted or required by law, for example, in response to a court order.

    Parental Choices and Controls

  • At any time, parents can refuse to permit us to store personal information from their children in association with a particular account, and can request that we delete from our records the personal information we have collected in connection with that account. Please keep in mind that a request to delete records may lead to a termination of a membership, or other service.

  • Where a child has registered for a Captain Americas or wagamama’s Kids Club, we use one method to allow parents to access, change, or delete the personally identifiable information that we have collected from their children:

  • Parents can contact us to request access to, change, or delete their child’s personal information by sending an email to us at hello@grafteroffices.com. A valid request to delete personal information will be accommodated within 30 days as per the GDPR legislation.

  • Parents of Captain Americas or wagamama’s Kids Club members may contact us directly at: hello@grafterhouse.com

  • In any correspondence, please include the child’s name and the parent’s email address. To protect children’s privacy and security, we will take reasonable steps to help verify a parent’s identity before granting access to any personal information.

Your Choices and Rights

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our products or services, then you can contact us using the contact details below.

We endeavour to keep your data accurate, complete and up to date. If your information that we hold is inaccurate, you can let us know. We will make the necessary amendments, erase or block the relevant Data as you request and notify you within one month of your request that relevant action has been taken. All requests should be addressed to hello@grafterhouse.com

You may also request in writing copies of your Data held by us. Please quote your name and address and provide brief details of the information you would like. We may also request proof of identification to verify your access request. We will provide you with a copy of the data held by us as soon as practicable and within one month after the request in writing is received and verified by us, unless the complexity of the matter requires a longer period of time to comply with your request. All access requests should be addressed to hello@grafterhouse.com

We recognise that you have certain rights as a ‘data subject’ and we are committed to upholding these. These include the right to be informed, the right to rectification, the right to access, the right to restrict processing, the right to data portability, the right to object and the right to withdraw consent.

We want to be as transparent as possible in our processing. Please get in touch with us by emailing hello@grafterhouse.com to find out more or to exercise your information rights.

Protection and Storage of Your Data

We have used and will continue to use reasonable endeavours to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored on a virtual private server that is secured by means of state-of-the-art protection measures.

Please be aware that communications over the internet, such as emails/webmail are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the world wide web/internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

A strictly limited amount of people have access to your personal data. In any instance that we collect personal information from you, we will retain that information only so long as reasonably necessary to fulfil the activity request or to allow you to continue to use our services, and ensure the security of our users and our services, or as required by law. Please keep in mind that a request to delete records may lead to a termination of a membership, or other service provided by us.

Cookies

Please read our full Cookie Policy here.

Please refer to http://www.allaboutcookies.org if you require information about cookies in general or would like to know how to disable cookies on the website.

Links to Other Websites

Our Online Services may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please review those policies before you submit any data to those websites.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

If you submit any information to us via social media facilities controlled by us, we shall deal with it according to this Privacy Policy.

Supervisory Authority and Applicable Law

With respect to the processing of your personal data, Grafter Operations is the ‘main establishment’ of Grafter. This means that the data protection authority of Ireland shall have jurisdiction with respect to the cross-border processing of your personal data in which Grafter Operations. Notwithstanding the foregoing you shall be entitled to lodge a complaint with the competent supervisory authority in the territory of a Grafter Operations business.

The processing of your personal data by Grafter and our partner company Press Up Entertainment Group business(s) shall be subject to the laws of Ireland, including the General Data Protection Regulation, when it applies from 25 May 2018 onwards. The applicability of the laws of Ireland and General Data Protection Regulation shall be without prejudice to any provisions that may apply to a particular processing activity under local mandatory data protection law. The Office of the Data Protection Commissioner regulates data protection in Ireland. Further information can be found at www.dataprotection.ie

General

In case you have any questions in relation to this Privacy Statement, you may send an email to hello@grafterhouse.com

We have done our best to make sure that this Privacy Statement explains the way in which we process your personal data, and rights you have in relation thereto. We may change this Privacy Statement from time to time to make sure it is still up to date. To make sure you consult the most recent version of our Privacy Statement, please check the Privacy Statement published on our website.

By using this website or submitting personal information to us through or in connection with this website, you signify your consent to our use of your personal information in accordance with this privacy policy. If you do not agree with this privacy policy, you must not use this website or our partner website (Press Up Hospitability) or any other associated website, or submit information to us through or in connection with this website. All of our services with the exception of the Captain America’s & Wagamama kids club are intended for users aged 18 years or older. If you do not meet these age requirements you must not use our services or submit your personal data to us. If we discover personal data belonging to a person aged younger than 18 years we will destroy that data immediately.

Changes to this Privacy Statement

Grafter House reserves the right to change this Privacy Statement. Grafter House will provide notification of the material changes to this Privacy Statement through the Company’s websites at least fifteen (15) business days prior to the change taking effect.

If you want to know more or if you have any queries, please write to us at:

Grafter House
41 Leeson Street Lower
St. Kevin’s
Dublin 2