Privacy policy

This privacy policy governs how Cassia Bath Ltd handles personal data. Cassia Bath Ltd is a company registered in England and Wales (company number 12864794) with a registered office at 27 Benjamin Street, BA15 1FW.

We believe strongly in people’s rights to privacy – it’s why we don’t use Facebook or collect cookies for the purpose of website analytics on our website.  We will keep any information we collect about our clients to an absolute minimum.

When you use our services, you will share some information with us. We want to be upfront about the information we collect, how we use it, who we share it with and the choices we give you to control, access and update your information.

For the purposes of data protection legislation, we are the data controller of your personal data.  

Please read this privacy policy carefully. 

Questions, comments and requests regarding this privacy policy are welcomed and should be sent to hello@cassiacommunity.co.uk

 

Summary

We keep to a minimum the information we hold about you

We use your data to provide our services to you, respond to your enquiries, manage our relationship with you, meet our legal obligations.

We delete your data when it is no longer needed for these things.

We do not collect cookies for the purpose of website analytics on our website.

We do not give your details to third parties without your consent.

The personal information we collect and use

Billing Contacts and Members

We process data relating to those individuals or organisations who pay for Cassia services (“Billing Contacts”) and those individuals who are employed by, work for or who contract with Billing Contacts (“Members”). Sometimes we obtain the contact details of members through their employer under the lawful basis of legitimate interests. In the course of providing you with a workspace, we will have your personal information.

For example: 

Contact Information: when you register for an account we collect your first and last name, username, password and email address.

Usage information: We collect information about how you use our wi-fi. 

Device and browser data: we collect information from the device and application you use to access your account. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type. If you are on a mobile device we also collect the UUID for that device 

Log data: our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.

Billing information: we require Billing Contacts to provide billing details, a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). We use a third party payment gateway to collect, store and process billing information. We do not store this information and all payment pages use TLS technology. 

How we use your personal information

We process personal data about you: 

  • with your consent; and/or 

  • to fulfil our contractual responsibility to deliver the services to you; and/or 

  • to pursue our legitimate interests of improving the services we offer and developing new service features; and/or 

  • to comply with a legal obligation

Category of personal data

Contact Information and ID

Purpose for processing

We use your contact information to: 

  • provide you with office facilities

  • bill you for your use of the office facilities

  • provide you with support

  • send you information relating to news and events

  • perform anti money laundering checks

  • to ask you to carry out surveys so you can let us know how we’re doing

Legal basis for processing

  • Fulfilment of a contract

  • Legitimate interests

  • Legal requirement

Usage of Information

Purpose for processing

We collect information about your wi-fi usage so that we can monitor its speed and any abuse. We also log information relating to access cards to monitor activity.

Legal basis for processing

  • Performance of a contract

  • Legitimate interests

  • Category of personal data

  • Device and browser data


Log data

Purpose for processing

We use log data for many different business purposes which include: 

  • monitoring abuse and troubleshooting.

  • Creating new services, features, content or make recommendations

  • Tracking behaviour at the aggregate/anonymous level to identify and understand trends in the various interactions with our services

  • Fixing bugs and troubleshooting product functionality

Legal basis for processing

  • Legitimate interests

CCTV Images

Purpose for processing

  • To prevent and record any criminal activity to promote a safe working environment for everyone.

Legal basis for processing

  • Legitimate interests

Sharing and transferring your personal information

We may share your information or data with trusted third parties who help provide certain aspects of our services. In particular, we engage third parties to:

  • facilitate customers in making credit/debit card payments

  • log any errors and issues with our website 

  • provide accountancy services to us 

  • keep you connected with us 

We enter into confidentiality and data processing terms with our partners to ensure they comply with high levels of confidentiality and best practice in privacy and security standards and we regularly review these standards and practices.

We also share information or data in order to: 

  • meet any applicable law, regulation, legal process or enforceable governmental request 

  • enforce applicable policies, including investigation of potential violations

  • defect, prevent, or otherwise address fraud, security and technical issues 

  • protect against harm to the rights, property or safety of our users, the public or to us and/or as required or permitted by law 

We may transfer your personal information to third parties which are located outside the European Economic Area (EEA). Any transfer of your personal information outside of the EEA will be subject to a European Commission approved contract as permitted under Article 46(5) of the General Data Protection Regulation that are designed to help safeguard your privacy rights. 

We will not otherwise transfer your personal data outside of EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more counties. 

If you would like more information about who we share your personal information with, please contact us.

Retaining your personal information

We will hold on to your information for as long as is needed to be able to provide the services to you. 

If you hold an account with us we do not delete the data in your account unless you haven’t used your account for 2 years or more, unless retaining the data is required for tax purposes. Otherwise, you are responsible for and control the time periods for which we retain your data. There are controls in your account where you can delete data. 

If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required, or it is no longer needed to provide the services to you.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. 

We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. 

Cassia Day Pass User Policy · Last Updated January 2021 

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. 

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org External-link-alt. Get Safe Online is supported by HM Government and leading businesses.

Control over your personal information 

Under the General Data Protection Regulation, you have a number of important rights available to you for free. In summary, those include rights to: 

  • Be informed about how your personal information is being used

  • Access the personal information we hold about you

  • Request that we port elements of your data to another service provider

  • Request us to correct any mistakes in your information which we hold

  • Request the erasure of personal information concerning you in certain situations

  • Receive the personal information concerning you which you have provided to us, in a structured format

For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation. If you would like to exercise any of these rights, please:

  •  email us at hello@cassiacommunity.co.uk

  • let us have enough information to identify you; 

  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); 

  • let us know the information to which your request relates.

  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and

  • let us know the information to which your request relates.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information. If you are not happy with how we manage your personal data, you have the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at www.ico.org.uk/concerns

Changes to this privacy notice

This privacy notice was published on January 2021.

Any changes we make to this notice will be posted on this page.