At BaseStack we use your personal information in order to fulfil our commitment to providing an unparalleled gaming experience in connection with all of your interactions during your booking with us (the “Purpose”). As part of that undertaking, we are committed to safeguarding the privacy of the personal information that we gather.
During the membership registration process you will be asked to provide some personal information for our records. The statement below explains how we as the data controller and in some instances the processor will collect and process this data. Your registration data will form part of your record with us.
1. The Application of this Policy
This Policy applies to personal information regarding BaseStack members and the use of that personal information in any form, whether oral, electronic and/or written.
This Policy gives effect to our commitment to protect your personal information and has been adopted by all of the separate and distinct legal entities that manage, operate, or provide services to the various locations operating under or in connection with the BaseStack brand around the world.
While this Policy is intended to describe the broadest range of our personal information processing activities, those processing activities may be restricted by the laws of a particular country/region. In such a case, we may adjust our internal policies and/or practices to reflect the requirements of local law.
2. Types of Personal Information We Collect
“Personal information” in this Policy means information that identifies or is capable of identifying you as an individual. The types of personal information that we may process (which may vary by jurisdiction based on applicable law) include:
- your name, gender, personal and work contact details, business title, date and place of birth, image, nationality;
- contact details (including postal and e-mail address and telephone number);
- the personal data of any parent or guardian or emergency contact (including their name and contact details. You should show them a copy of this Policy and tell them that you have given their details to us);
- biometric information, voice recognition (e.g., Alexa), facial recognition;
- your financial details, credit card details, payment method details and your account details and credentials;
- any information necessary to fulfil special requests or respond to medical emergency (e.g., health conditions that require specific support);
- information, feedback or content you provide regarding your marketing preferences, in surveys, sweepstakes, contests or promotional offers, or to our websites or apps and those of third parties;
- information collected whilst at a BaseStack Location through the use of closed circuit television systems, internet systems (including wired or wireless networks that may collect data about your computer, smart or mobile device, including for example IP addresses or other online identifiers or your location), card access key and other security and technology systems;
- information collected whilst you contact us by website, telephone or other means including access via a BaseStack app;
- any other information required to comply with applicable local laws.
Much of the personal information we process is information that you or someone acting on your behalf knowingly provides to us. However, in other instances, we may process personal information that we are able to infer about you based on other information you provide to us or during our interactions with you, or personal information about you that we receive from a third party (such as your parent or guardian, for example).
There may be instances in which the personal information that you provide to us or that we collect is considered Sensitive Personal Information under the privacy laws of some countries or regions, e.g. if you inform us of any special needs due to your health condition, which is necessary for us to accommodate your needs. In that case we will always obtain your consent before processing any such Sensitive Personal Information, in accordance with GDPR art. 9(2)(a).
Those laws define “Sensitive Personal Information” to mean personal information from which we can determine or infer an individual’s:
- racial or ethnic origin,
- political opinions,
- religious beliefs or other beliefs of a similar nature,
- membership in a trade union or professional association,
- physical or mental health or condition,
- medical treatment,
- genetic data,
- biometric information, and
- information about an individual’s sexual life or sexual orientation.
In some very rare instances, financial records may constitute Sensitive Personal Information where you are visiting a BaseStack location. If we rely on consent to process your Sensitive Personal Information, you have the right to withdraw that consent at any time. We only process Sensitive Personal Information in your jurisdiction if and to the extent permitted or required by applicable law. Save to the extent required by law, you are not obliged to provide BaseStack with any of your Sensitive Personal Information.
3. How We Use Personal Information
Subject to applicable laws, we may collect, use, process and disclose portions of your personal information on the basis of GDPR art. 6(1)(b) for the entering or performance of our contract with you including to:
- carry out our obligations arising from any contracts entered into between you and us (or which you enter into with our contracting partners) and to provide you with the information, products and services that you request from us, including to manage the Esports gaming services provided to you;
- anyone involved in the process of making your BaseStack Booking arrangements;
- process credit applications (for example, in the context of your Booking a visit to a BaseStack location);
- provide and charge for BaseStack Services, Activities and other goods and services;
- receive payments or provide refunds;
We may use the personal data described above for the following purposes on the legal basis of GDPR art. 6(1)(c) to ensure compliance with a legal obligation such as:
- to meet legal and regulatory requirements;
- for tax purposes;
We may use the personal data described above for the following purposes on the legal basis of GDPR art. 6(1)(f) where it is for a legitimate interest such as:
- for internal operations, including data analysis, research, statistical and survey purposes (in anonymised form where appropriate) and direct marketing and sales promotions (although please see Section 6 below for more information about how we conduct direct marketing);
- manage your registration for membership;
- facilitate services on your behalf;
- administer general record keeping;
- to provide for the safety and security of the BaseStack team, gamers and other visitors;
- for risk management and other internal record keeping purposes;
- to respond to any questions or other matters raised by you in relation to us, our Website or any of our Services and Activities;
- where necessary as part of any restructuring or sale of our business or assets;
- to ensure the functionality of our Website;
- to maintain, improve and understand your use of our Website, or keep a record of your Service or Activity preferences;
- to provide you with information regarding our products and services, where you have consented to be contacted for such purposes or it is otherwise lawful for us to do so (as set out below);
- to respond to questions/requests for information from you to us;
- to test and evaluate new products and services; and
- to carry out reporting and analysis on our user levels
- to check and monitor our outcomes.
When we process your personal information, as detailed above, we do this because of legal obligations we are subject to or because the information is required to fulfil services obligations to you.
BaseStack uses and retains your personal information for as long as is necessary to fulfil the purpose for which it is being processed, and in line with our legal and regulatory obligations. For example, registration records are retained and accessible for a period of at 6 months following the date of your latest play, after which they will be securely archived and personal information in records may be maintained for longer periods if subject to a legal hold or to satisfy specific country/region requirements.
4. Disclosures of Personal Information
From time to time, we may disclose your personal information in accordance with applicable law.
Circumstances where we might make such disclosure (in addition to those described in Part 3 above) include:
- Service Providers and Suppliers outside BaseStack.
We may outsource the processing of information to third parties. When we do outsource the processing of your personal information to third parties or provide your personal information to third-party service providers, those third parties are required by us to provide the same level of protection for your personal information as provided in the terms and conditions of this Policy, with appropriate security measures. The categories of third-party service providers and suppliers to which your information may be transferred to include the following:
Any bank or financial institution you authorise us to share information with (for Direct Debit purposes, for example).
Eagle Eye – CCTV provider
We save data to cloud services including Microsoft cloud services, Sharepoint, Onedrive.
Where we hold personal information about you or you participate in a BaseStack survey or marketing, we may disclose this personal information to other companies to process the information in order to better understand your preferences and interests, thereby enabling us to provide a better service to you. If your personal information is used for direct marketing purposes, you have the right to object to that by contacting us using the contact information provided under Section 13 below. Further information about how we conduct direct marketing may be found at Section 6 below.
As we continue to develop our business, we may sell BaseStack sites and or other assets, or cease being the manager or franchisor of a BaseStack site. In those circumstances, we may include the personal information collected about you, or control of that personal information, as a business asset in any such transfer. Also, in the unlikely event that we, or substantially all of our assets, are acquired, personal information collected about you, or control of such information, may be one of the transferred assets.
We will disclose any personal information we have concerning you if we are compelled to do so by a court or lawfully requested to do so by a governmental entity, or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We will also retain personal information collected and process such personal information to comply with accounting and tax rules and regulations and any specific data retention laws. We may share it with others for our own good governance obligations, or in order to enforce or to protect our rights, property, or safety, or that of our customers or other persons with whom we have a business relationship.
5. Transfers of Personal Information
The majority of any processing of your personal information will be conducted by BaseStack within the country of your visit and membership registration in accordance with applicable local laws.
However, as an international business, we may centralise aspects of our data processing activities in accordance with applicable laws, which may result in the transfer of your personal information from one country to another. The jurisdictions where that information will be processed may or may not have laws that seek to preserve the privacy of personal information. Nevertheless, whenever your personal information is transferred within the BaseStack companies, your personal information will be processed in accordance with the terms and conditions of this Policy and applicable laws. Currently, BaseStack operates in the following jurisdictions, all of which are bound by or have implemented the European Union data privacy regulations (GDPR):
- United Kingdom.
Additionally, some of the third-party suppliers to which we transfer your personal information may be based in different locations, some of which may have lower standards of data protection than in the country in which you register with us. When we do transfer personal information to such third parties, we ensure appropriate safeguards are in place, and oblige those third parties to protect your personal information in accordance with the terms and conditions of this Policy, with appropriate security measures. These third parties broadly fall into two groups: (i) locally provided suppliers supporting individual BaseStack Locations operating in the countries in which BaseStack operate; or (ii) service providers supporting BaseStack as a whole, who may be located in or outside of countries we operate in. For example, CCTV footage may be processed by our provider partners outside of the country you are registered with us.
6. Information Collected Online
If you access the BaseStack website, you may wish to know the following:
- You can browse without revealing who you are
You can always visit our websites without logging in or otherwise revealing who you are.
When you visit our websites, we collect information about how you use those websites. Examples of such information include the Internet Protocol address automatically assigned to your computer each time you browse the Internet, the date and time of your visit, the pages you access and the amount of time you spend on each page, the type of Internet browser you use, your device’s operating system and the URL of any websites that you visited before and after visiting our website. That information is not linked to you as an individual unless you create a user profile, but we may keep records of the type of device being used.
We use cookie technology on our websites to allow us to evaluate and improve the functionality of our websites. These cookies do not reveal your identity, they will identify your browser or device, but not you, when you visit our websites.
You can change or block cookies within the settings for your Internet browser. Blocking them may however restrict your use of the features of our website.
Our website may also contain plug-ins and other features that integrate third party social media platforms into our websites. You will be able to activate them manually. If you choose to use these, the operators of these social media sites may be able to identify you, they may be able to determine how you use our website and they may link and store this information with your social media profile. The data protection policies of these social media platforms will cover what they will be doing with your personal data. If you activate these plug-ins and other features, you will be doing so at your own risk.
You can create a user profile on our BaseStack website to, among other things, facilitate your online transactions, and to tailor your experience on our websites to your interests. This allows us to make more appropriate recommendations to you. We may use the information you provide in your user profile to populate other databases maintained by us and our service providers, as applicable. By creating a user profile, you are agreeing that we may use the personal information you provide for these purposes.
You can view, update or remove any personal information that you have provided to us for inclusion in your user profile by amending your user profile online or emailing firstname.lastname@example.org. If you subsequently elect to remove your user profile, we reserve the right to use any personal information previously provided by you for inclusion in your user profile for record keeping and quality assurance purposes (unless we are required by law to delete or cease to process or use your personal information). Even if you choose not to create a user profile, you can still use our websites to search for and review Services and Activities.
If you visit a BaseStack website and decide to engage with one of our service providers, you may be seamlessly linked to websites maintained by third parties with whom we have contracted to provide those services. If you click on a link found on our websites or on any other website, you should always look at the location bar within your browser to determine whether you have been linked to a different website. This Policy, and our responsibility, is limited to our own information collection practices. We are not responsible for, and cannot always ensure, the information collection practices or privacy policies of other websites maintained by third parties or our service providers where you submit your personal information directly to such websites. In addition, we cannot ensure the content of the websites maintained by these third parties or our service providers, even if accessible using a link from our websites. We urge you to read the privacy and security policies of any external websites before providing any personal information while accessing those websites.
We want you to feel confident about registering with BaseStack and we are committed to protecting the information we collect. We are required to keep your personal data secure in accordance with relevant local legislation. We have implemented appropriate administrative, technical, and physical security procedures to help protect the personal information you provide to us. Only authorised employees are permitted to access personal information, and they only may do so for permitted business functions.
The personal information we collect from you online is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of personal information that may affect you so that you can take the appropriate actions for the due protection of your rights.
Where permitted by law, we may work with other companies to share advertisements or marketing that we think you may find relevant and useful. This may include advertisements displayed on our own websites or apps or communications sent by us, or advertisements from us displayed on other companies’ websites. The advertisements you see may be based on information collected by us or third parties and/or may be based on your activities on our websites or third-party websites.
7. Minor Children
We recognise the importance of protecting privacy where children are involved. Our website and Apps sells products or services for Activities that children may participate in with parental or guardian consent however other than for booking purposes we do not knowingly solicit or collect personal information from children. If you are under 16 or a minor in the jurisdiction in which you are accessing our website, you may only use our website and booking system with the consent of your parent or guardian.
When you download or register to use one of our apps, you may submit personal information to us such as your name, address, email address, phone number, date of birth, username, password and other registration information, financial and credit card information, personal description and/or image.
Further, when you use our apps, we may collect certain information automatically, including technical information related to your mobile device, your device’s unique identifier, your mobile network information, the type of mobile browser you use and information about the way you use the app.
Depending on the particular app you use and only after you have agreed to such collection, we may also collect information stored on your device, including contact information, friends lists, login information (where necessary to allow us to communicate with other apps at your request), photos, videos, location information or other digital content. You own any original pictures and videos you may post but you grant us the indefinite right to use them and let us share them anywhere around the world without paying you for that. Further details of the kinds of information we collect is set out in the privacy notice for each individual app. If you are under the age of 16 (or a minor in the jurisdiction in which you are accessing our apps, you may only use our app and booking system with the consent of your parent or guardian.
You may always choose what personal information (if any) you wish to provide to us. However, if you choose not to provide certain details, some of your experiences with us may be affected (for example, we cannot take a reservation without a name).
If you provide us with your contact details (e.g., postal address, email address, telephone number or fax number), we may contact you to let you know about the products, services, promotions and events offered that we think you may be interested in. Additionally, where you have consented to us doing so, we may also share your personal information with carefully-selected third parties, who may communicate directly with you. You can always choose whether or not to receive any or all of these communications by contacting us as described in Section 13 below or following the “unsubscribe” instructions contained in the communications.
If you have an account with us, we ask you to indicate your communication preferences at the time you apply or when you create your user profile. We may also ask you to indicate how you would like to receive any offers, marketing and promotional information (e.g., via email or regular mail) and whether you would be willing to participate in surveys. Once you have indicated your preferences, you can always change them.
In some jurisdictions, in addition to you agreeing to this Policy, data privacy laws may require us to obtain a separate consent before we send you information that you have not specifically requested. In certain circumstances, your consent may be implied (e.g., where communications are required in order to fulfil your requests and/or where you have volunteered information for use by us). In other cases, we may seek your consent expressly in accordance with applicable laws (e.g., where the information collected is regarded to be Sensitive Personal Information under local regulations).
We will abide by any request from you not to send you direct marketing materials. When such a request is received, your contact details will be “suppressed” rather than deleted. This will ensure that your request is recorded and retained unless you provide a later consent that overrides it.
10. Updating or Accessing Your Personal Information
Under GDPR data protection law in Europe, you have various rights in relation to the personal information about you that we process. These include:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to the existence of automated decision making and profiling.
Further details on your GDPR rights can be found here.
With some limited exceptions, you have rights to access and update personal information held about you. If you want to inquire about any personal information we may have about you, you can do so by contacting us at the addresses set out in Section 13 below. Please be sure to include your full name, address and telephone number and a copy of a document evidencing your identity (such as an ID card or passport) so we can ascertain your identity and whether we have any personal information regarding you, or in case we need to contact you to obtain any additional information we may require to make that determination. Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.
You may request that we correct, delete, and/or stop or restrict processing or using personal information that we hold about you by sending a letter or email to the addresses set out in Section 13 below. If we agree that the personal information is incorrect, or that the processing should be stopped, we will delete or correct the personal information. If we do not agree that the personal information is incorrect we will tell you that we do not agree, explain our refusal to you and record the fact that you consider that personal information to be incorrect in the relevant file(s).
You may also seek to exercise your right to data portability by contacting us at the addresses set out in Section 13 below.
Finally, you may in some circumstances have the ability to object to the processing of your personal information on the grounds of your particular situation. You may do so by contacting us at the addresses set out at Section 13 below. If we agree that you are entitled to so object, we will cease to process your personal information.
If you are unhappy with the way we have handled your request, you can escalate your concern to the Privacy Officer by sending an email to email@example.com
11. Changes to this Policy
This Policy may change. Where the Policy changes, we will take appropriate steps to bring the amendment to your attention.
12. Request for Access to Personal Information/Questions or Complaints
If you have any questions about this Policy, about the processing of your data described, or any concerns or complaints with regard to the administration of the Policy, or if you would like to submit a request (in the manner described in Section 10 above) to exercise your rights in relation to the personal information that we maintain about you, please contact us by email at firstname.lastname@example.org.
Should you have any complaints that are not resolved by the processes described in this policy, you have the right to lodge a complaint with the relevant data privacy regulator of the country in which you are registered with us.
13. How you can contact us
Post: 19 Berkeley Street, London W1J 8ED
We will do our best to respond to your request within 48 hours.