GDPR & Privacy Policy 

Introduction 

At The Auction Rooms, we value and respect the privacy of our website visitors, clients, and members. This Privacy Policy outlines how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. 

 

Accountability and Transparency 

We comply with GDPR’s accountability principle by: 

  • Maintaining detailed records of our data processing activities. 

  • Documenting the types of personal data we process, purposes of processing, third-party sharing, and implemented security measures. 

These records are available to the Information Commissioner’s Office (ICO) upon request and help ensure responsible handling of personal data. 

 

Information We Collect 

We may collect and process the following types of data: 

  1. Personal Data Provided by You

  1. Name, email address, phone number, and business details provided when contacting us, registering for updates, or booking services. 

  1. Website Usage Data

  1. Non-personal information such as IP addresses, browser type, and usage analytics, collected through cookies or similar technologies. 

  1. Visitor Data

  1. Details such as name and contact information collected for occasional visitors to our coworking spaces, ensuring health, safety, and evacuation compliance. 

 

How We Use Your Data 

We use your data to: 

  • Respond to enquiries and provide requested services. 

  • Process bookings and manage contracts. 

  • Communicate updates, promotions, or newsletters. 

  • Improve website functionality and user experience. 

  • Comply with legal obligations and protect our business interests. 

 

Cookies and Tracking Technologies 

Our website may use cookies or similar tracking technologies to enhance your browsing experience. These technologies collect non-personal information such as: 

  • Usage patterns 

  • Preferences 

  • Interactions with our website 

Cookies are small text files stored on your device that help us improve website functionality and personalise your experience. 

Types of Cookies We Use: 

  1. Essential Cookies

  1. Necessary for the operation of our website (e.g., login functionality). 

  1. Performance Cookies

  1. Track website usage statistics to help us improve performance. 

  1. Functionality Cookies

  1. Remember your preferences for a more personalised experience. 

Managing Cookies: 

You can modify your browser settings to disable cookies or alert you when cookies are being used. However, disabling cookies may limit certain website features and functionality. 

For more information on how to manage cookies, visit your browser's support page. 

 

Third-Party Links 

Our website may include links to external websites or services. These third-party platforms operate independently and are governed by their own privacy policies. We are not responsible for their practices or content and encourage you to review their privacy policies before providing personal information. 

 

Lawful Bases for Processing 

We process personal data under the following bases: 

  • Contract: To provide services as agreed in our contracts. 

  • Consent: For newsletters and promotions where explicit consent is obtained. 

  • Legal Obligation: For regulatory compliance (e.g., health and safety). 

  • Legitimate Interests: To improve services, secure premises, and enhance user experience, ensuring individual rights are not overridden. 

For special category data (e.g., health data), we rely on GDPR Article 9 conditions, such as explicit consent or compliance with employment law. 

 

Sharing Data with Third Parties 

We collaborate with trusted third parties for service delivery: 

  • Squarespace: Website hosting and form submissions. 

  • OfficeRnD: Workspace management and memberships. 

  • Salto: Key card access. 

  • Mailchimp: Newsletter management. 

All processors comply with GDPR and maintain strong security measures. 

 

Your Rights Under GDPR 

You have the following rights regarding your data: 

  1. Right to Be Informed: Transparent information provided at collection. 

  1. Right to Access: Request access to your data within one month. 

  1. Right to Rectification: Request corrections to inaccurate or incomplete data. 

  1. Right to Erasure: Request deletion of data under specified circumstances. 

  1. Right to Restrict Processing: Request limited use of your data in certain situations. 

  1. Right to Object: Object to direct marketing or other specific uses of your data. 

  1. Right to Withdraw Consent: Revoke consent for data processing at any time. 

 

Data Retention and Disposal 

We retain data only as long as necessary for its purpose. Outdated data is securely deleted or anonymised in compliance with GDPR. Retention policies are regularly reviewed to ensure alignment with business and statutory needs. 

 

Data Security 

We implement: 

  • Encryption for data in transit and storage. 

  • Role-based access controls. 

  • Regular audits and updates to IT systems. 

 

Data Breaches 

If a breach poses a risk to your rights, we will: 

  1. Notify the ICO within 72 hours

  1. Inform affected individuals without undue delay if risks are high. 

 

Privacy by Design 

We integrate data protection into all processes by: 

  • Limiting data collection to what is necessary. 

  • Conducting Data Protection Impact Assessments (DPIAs) for high-risk processing. 

  • Training staff on GDPR principles. 

 

Management Responsibility 

Our leadership team supports GDPR compliance by: 

  • Promoting accountability and a positive data protection culture. 

  • Ensuring all staff are trained in GDPR principles. 

  • Leading privacy-by-design initiatives in business processes. 

 

Changes to This Policy 

This policy may be updated periodically to reflect changes in services or legal requirements. Updates will be noted with the effective date. 

 

Contact Us 

If you have questions or concerns, contact us: 

  • Phone: +44 7710 021 840 

  • Address: 22 Queen Street, Edinburgh.