Venue Hire


Your privacy is important to us. This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.

The data controller is Boxpark Ltd, 3rd Floor, 60 Worship Street, London, EC2A 2EZ

Our GDPR Data Officer can be contacted by email at or by post at the address above.

We are committed to providing you with relevant information about, and control over, how we process your personal information.

This policy explains what personal information we may record, why we do so, how you may control the use of your information and how we protect your information. Details of your legal rights and how to exercise them are also set out below.

This policy was last updated on 19th Dec 2023. Any future changes to our policy will be reflected here.


We will comply with the UK GDPR and the DPA 2018. Article 5 of the UK GDPR contains the data protection principles, which require that personal data shall be:

  • Processed lawfully, fairly and in a transparent way.
  • Collected for specified, explicit and legitimate purposes and not used in any way that is incompatible with those purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and, where necessary, kept up to date.
  • Kept for no longer than is necessary for the purposes we have told you about.
  • Kept securely.

We operate according to the principles of the UK General Data Protection Regulation, the Data Protection Act and the Privacy and Electronic Communications Regulations, regardless of the location of the data subject.


We collect information from you if;

  • you visit one of our sites, which stipulates on entry you need to sign up to the Boxpark Black Card
  • you subscribe to our newsletter
  • you submit an enquiry one of our forms
  • you book a ticket for an event
  • you book a table or make a corporate enquiry
  • you engage with us on social media
  • you enter prize draws or competitions
  • you choose to complete any surveys we send you
  • you fill in any forms e.g if you have an accident at any of our sites, lost property etc
  • you use our free wifi at any of our sites
  • you visit one of our sites which have CCTV systems operating for the security of both customers and staff
  • you visit one of our sites we may have photography / recording / filming taking place that may be used for promotional material


Any of the information we collect from you may be used in one or more of the following ways:

  • Black Card holders receive news via email about special offers and promotions, they can opt out of at any time
  • Black Card holders collect points when they spend money at Boxpark sites. We use information that we collect to award these points, to track any redemptions and to deliver redemption vouchers by email
  • Black Card holders will also receive location based push notifications by default when they are close to a Boxpark site (unless they already have global location services switched off on their device). These can be turned off for this feature by accessing the rear of the Black Card and disabling ‘Allow Notifications’, using your phone’s operating system
  • to respond via supplied contact details regarding your enquiry (email, telephone or post)
  • to personalise your experience (your information helps us to better respond to your individual needs)
  • to improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you
  • to send periodic emails about our company, product news or service information, etc.
  • to promote our tenants, events and sites over our social media channels
  • to administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering
  • if we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts.
  • to send you communications required by law or which are necessary to inform you about our changes to the services we provide you e.g. updates to this Privacy Policy
  • to create rich and engaging content for our website, social media and newsletters through the medium of photography and videography


BOXPARK Black Card: – Data is processed by our third-party data processor (Acteol Atreemo), which is secure and adheres to the GDPR.

Email subscriptions: Data is processed by our third-party data processor (Acteol Atreemo), which is secure and adheres to the GDPR.

Submitted enquires: (from any enquiry form): Data is processed by our third-party data processor (Acteol Atreemo), which is secure and adheres to the GDPR.

Ticket bookings: (from event booking forms): Data is processed by our third-party data processor (EventBrite & Access Tonic), which is secure and adheres to the GDPR.

Mobile food & drink orders: (from Mr Yum platform): Data is processed by our third-party data processor (Mr Yum / ME&U), which is secure and adheres to the GDPR.

Table & Private Hire Bookings: Data sent to our third-party data processor (Access Collins) is secure and adheres to GDPR regulation. 

Online Competitions: Data sent to our third-party data processor (Playable) is secure and adheres to GDPR regulation. 

Job Applications: Data is processed by our HR Software provider (Fourth HR and Harri) which are secure and adheres to the GDPR.

We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

We secure access to all areas of our website using ‘https’ technology.

We may also share your personal data with other processors in order to be able to provide you with our services, such as payments processors, marketing, and cloud storage solutions. We only do this when we have reason to do so and will never sell your data.

We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it, and we ensure that our vendors do the same by entering into Data Processing Agreements where appropriate.


See our Cookie Policy for information on the cookies we use.


We do not sell, trade, or otherwise transfer to outside parties any personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.


To provide our services, we may need to share your personal data with third parties and suppliers outside the UK. For instance, your personal data may be transferred to the USA due to our use of Google Analytics to track user engagement on our webpages. The laws of the U.S. and the laws of other countries may not offer the same protections as the laws of the UK, so we make sure to implement appropriate safeguards to ensure that your personal data is protected, as required under the applicable data protection legislation. For example, our contracts with our suppliers stipulate the standards they must follow to process personal data, and we may use the EU Standard Contractual Clauses and the UK’s International Data Transfer Agreement (or the ‘Addendum’) as is appropriate in each case.


Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.


When you attend one of our sites, our lawful reason for processing your personal information such as via CCTV (Closed Circuit Television) is that we have a legitimate interest in doing so. This means that we can process your personal information if

  • we have a genuine and legitimate reason; and
  • (ii) are not harming any of your rights and interests. Our legitimate interests in using CCTV cameras in our sites is to protect our guests, staff and assets from harm counteracting antisocial behaviour.

In some instances, such as when you register for our newsletter or register for a Black Card, our legal basis will be your consent. We will obtain your consent to our terms and conditions through a tick box on our website, and you are able to withdraw your consent at any time. You can do this by contacting

We may also process your personal data on the basis of a legal obligation, such as in situations where we need to make tax deductions or payments in the course of doing business with us.


You have rights under the data protection legislation and, subject to certain legal exemptions, we must comply when you inform us that you wish to exercise these rights. There is no charge unless your requests are manifestly unfounded or excessive. In such circumstances, we may make a reasonable charge or decline to act on your request. Before we action your request, we may ask you for proof of your identity. Once in receipt of this, we will endeavour to process the request without undue delay and within one calendar month. In order to exercise your rights please contact us at

You can contact us if you wish to complain about how we collect, store, and use your personal data. It is our goal to provide the best possible remedy with regard to your complaints.

However, if you are not satisfied with our answer, you can also contact the relevant competent supervisory authority. In the UK, the relevant supervisory authority is the ICO, contact details of which can be found below.

Your rights in connection with personal information are set out below:

Subject Access Request – You have a right to receive a copy of all the personal data we hold about you.

Rectification – If any of the personal data we hold about you is incomplete or inaccurate, you have a right to have it corrected.

Erasure – This is also known as the “right to be forgotten”. You have a right to ask us to delete your personal data where there is no good reason for us continuing to process it. However, certain criteria apply and if we have a legitimate reason to continue processing your personal data, we will not be legally required to delete it.

Objection – You have a right to object where we are relying on legitimate interests as our legal basis for processing your personal data but, in certain circumstances we may be able to continue with the processing. For example, if we have compelling legitimate grounds which override your interests, rights and freedoms or your personal information is needed for the establishment, exercise, or defence of legal claims. However, you have an absolute right to object to us processing your personal data for direct marketing purposes.

Restriction – You have a right to ask us to restrict the processing of your personal data in certain circumstances. For example, you may require us to suspend processing information about you whilst checks are made to ensure it is accurate.

Portability – You have the right to ask us to transfer any personal data you have provided to us to another party, subject to certain criteria being satisfied. We will provide this personal data in a structured, commonly used, and machine-readable format.

Right to withdraw consent – If you have given us your consent for the processing of your personal data, you can withdraw this at any time. Please note, the withdrawal has no effect on the legality of the data processing carried out in the past on the basis of your consent. To exercise your right to withdraw consent contact us at

Right to complain – If you are unhappy with the way in which your personal information has been or is being processed, you have the right to make a complaint about it to the Information Commissioner’s Office (ICO). They can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane


We will only keep your personal data for as long as is necessary to fulfil the purposes we collected it for, which may include satisfying any legal, accounting, or reporting requirements.

When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed.

When we determine that personal data can no longer be retained (or where we must comply you request us to delete your data in accordance with your right to do so) we ensure that this data is securely deleted or destroyed.


If any of your personal data changes whilst you are a user of our services, it is important that you update the information within your account to ensure that the data we hold about you is accurate and up to date.


If we decide to change our privacy policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.

This policy was last modified on 19th Dec 2023


If there are any questions regarding this privacy policy, you may contact our Data Protection Officer using the information below.

Data Protection Officer
3rd Floor
60 Worship Street