1. General

Marsham Club Limited (“we” or “our”) is committed to protecting and respecting your privacy. This policy sets out the basis on which personal information you provide will be processed or used by the Firm.

2. Data Controller

Marsham Club Limited is the data controller responsible for your personal data and is registered with the Information Commissioner’s Office (“ICO”) with reference number ZB863434.

3. Information we collect about you

The personal information we may collect and process about you may include:

1. Names and contact details
2. Addresses
3. Gender
4. Occupation
5. Date of birth
6. Biometric information (maybe used to identify someone)
7. Copies of passports or other photo ID
8. Marital status
9. Third-party information (such as family members or other relevant parties)
10. Payment details (including card or bank information for transfers and direct debits)
11. Financial data (including income and expenditure)
12. Transaction data (including more information about payments to and from you and details of products and services you have purchased)
13. Employment details (including salary, sick pay and length of service)
14. Credit history and credit reference information
15. Criminal records data (including driving or other convictions)
16. Information relating to compliments or complaints
17. Recordings (audio and video - phone calls, online calls, CCTV while in the building)
18. Records of meetings and decisions
19. Account access information
20. Website user information
21. Marketing preferences

We collect and process personal information about you for the following reasons:

1. Provision of services.
2. Enter into a contract for the performance of our services.
3. Comply with our legal obligations. For example, we need to verify your identity to comply with Anti-Money Laundering Legislation, prevent financial crime, or prevent fraud.
4. To provide you with information about our products and services (marketing)
5. Video recordings and video surveillance images are for the protection of the property and individuals on the premises, and the preservation of evidence

We will collect your personal information from you directly. These documents can be provided to us by email.

We may also obtain personal information from other sources, including:

1. Regulatory authorities
2. Publicly available sources
3. Previous employment
4. Credit reference agencies
5. Suppliers and service providers
6. Third parties, which may include providers of identification verification for anti-money laundering purposes.

5. How your information will be used

1. Information obtained in the course of providing our services
2. Provide you with information on any relevant servicing matters or changes to our policies or processes that may impact you.
3. To comply with UK law, verify your identity to protect against fraud, comply with relevant laws, and confirm your eligibility to use our services, where all of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
4. Improve our services, and
5. Provide you with information about our products and services (marketing).

6. Marketing

We may use your data for marketing purposes and may send you information updates on our products and services (marketing communications). All marketing activities will comply with the UK GDPR and Privacy and

Electronic Communications Regulations (PECR). PECR gives you specific privacy rights concerning electronic communications. Marketing communications covered by PECR may include telephone calls, fax, email, and/or texts.

Where we use marketing communications, we will provide you with information on how to opt out of each communication.

If you do not wish to receive marketing materials, you may opt out by contacting us directly to inform us of your wishes by emailing office@marshamclub.com.

7. Disclosure of your information

We will only disclose your personal information to third parties if we are legally obliged to do so or where we need to comply with our contractual duties, for instance, we may need to provide certain information to counter parties as part of the course of our services.

8. Data Storage and International Transfers

We use cloud-based storage providers to safely and securely store your data, which means that your information may be processed outside of the UK. We will take all steps to ensure that your data is treated securely and in accordance with this privacy policy.

9. Retaining your personal information

We are obliged to retain your information for a certain period. As such, we will retain your information for five years after the termination of our business relationship.

10. Your Legal Rights

10.1. Under the UK GDPR and Data Protection Act 2018, you have the right to:

1. Request access to your personal data (commonly known as a "data subject access request"):
2. Request correction of the personal data that we hold about you:
   You can request that we correct any incomplete or inaccurate data we hold about you. However, we may need to verify the accuracy of the new data you provide.
3. Request erasure of your personal data:
   1. You can ask us to delete or remove personal information where there is no good reason for us continuing to continue processing it.
   2. You can ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
      
      Note:
      We may not always be able to comply with this request if we are required by law to retain certain data for a minimum period. Please note that these requirements supersede any right to erasure requests under applicable data protection laws.
4. Object to the processing of your personal data:
   This is in situations where we are relying on a legitimate interest and there is something about your situation which makes you object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. We are under obligations to process and retain certain data to comply with UK laws.
   
   Please note that these requirements will supersede any right to objection requests under applicable data protection laws. If you still object to the processing of certain data, we may not be able to provide you
   with our services.
5. Request restriction of the processing of your personal data:
   You can request that we suspend the processing of your personal data in the following scenarios:
   1. If you want us to establish the data's accuracy.
   2. where our use of the data is unlawful, but you do not want us to erase it;
   3. where you need us to hold the data even if we no longer require it, as you need it to establish, exercise or defend legal claims; or
   4. You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it. Please note that any requests in relation to the restriction of the processing of your data means that we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your use of our services, but we will notify you if this is the case at the time.
6. Request the transfer of your personal data to you or a third party:
   We will provide you or an authorised third party with your personal information in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party.
7. Withdraw consent at any time where we are relying on consent to process your personal data
8. No fee is usually required.
   You will not have to pay a fee to access your personal information. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
9. Request restriction of the processing of your personal data:
   You can request that we suspend the processing of your personal data in the following scenarios:
   1. If you want us to establish the data's accuracy.
   2. where our use of the data is unlawful, but you do not want us to erase it
   3. where you need us to hold the data even if we no longer require it, as you need it to establish, exercise or defend legal claims; or
   4. You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it. Please note that any requests in relation to the restriction of the processing of your data means that we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your use of our services, but we will notify you if this is the case at the time.
10. Request the transfer of your personal data to you or a third party:
    We will provide you or an authorised third party with your personal information in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party.
11. Withdraw consent at any time where we are relying on consent to process your personal data
12. No fee is usually required.
    You will not have to pay a fee to access your personal information. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
13. Time limit to respond
    We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

11. If you fail to provide personal data

You are not obliged to provide us with your personal information. However, we require this information to comply with our legal obligations and provide our services. Without it, we will be unable to provide you with our services.

12. Complaints

You have the right to make a complaint at any time to the ICO.

Email: www.ico.org.uk.

Post Address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

However, we would appreciate the chance to address your concerns before you approach the ICO, so please contact us in the first instance.

13. Changes to Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.

V1.1 05/08/2025