Welcome to Central Hall Westminster, book a site visit with us today Enquire now
CENTRAL HALL WESTMINSTER
Home Privacy Policy

 

Privacy Notice

Please read this privacy notice carefully. It explains who we are, how and why we collect,

store, use and share personal information, your rights under the UK General Data

Protection Regulation (UK GDPR) and the Data Protection Act 2018, and how to contact us

or the Information Commissioner’s Office if you have a complaint.

This notice applies only to our processing activities. It does not cover third-party websites or

services that we link to. We recommend you review the privacy policies of those third

parties to understand how they handle your personal information.

Who we are

Central Hall Westminster Limited (company number 03802387) (“we”, “us”, “our”) collects,

uses and is responsible for certain personal information about you. When we do so, we are

regulated under the UK General Data Protection Regulation (UK GDPR) and the Data

Protection Act 2018, and we act as the ‘controller’ of that personal information for the

purposes of those laws.

The personal information we collect and use

Information collected by us while dealing with your enquiries, arranging and managing your

request to hire our venue, your confirmation of hire, and/or to attend an event taking place

within our venue.

We collect the following personal information when you provide it to us:

  • Your name, address and email address and any other contact details you give us when you make an enquiry using our contact form
  • Your dietary preferences, including those of your guests
  • Your accessibility requirements, including those of your guests
  • Payment details
Cookies

We use non‑essential cookies only with your consent. You can manage or withdraw consent at

any time via our cookie controls. See our Cookie Policy for details of each cookie, purpose, and

retention.

Challenge 25 (Age Verification)

When you purchase or attempt to purchase age‑restricted products, we may carry out

age‑verification checks under our Challenge 25 policy. This may involve visually assessing your

age and reviewing an identity document such as a passport or driving licence. We process this

information to comply with our legal obligations relating to the sale of age‑restricted goods and

to prevent unlawful underage sales. We do not retain copies of ID documents, and any

information processed during the age‑verification check is used solely for this compliance

purpose.

CCTV surveillance

We operate CCTV systems at our premises for the purposes of security, safety, and crime

prevention. Cameras are clearly visible and typically positioned in reception areas, lift

lobbies, and other common areas.

The lawful basis for processing CCTV footage is our legitimate interests in ensuring the

safety of staff, visitors, and property.

Footage may be used in internal investigations and, where necessary, shared with law

enforcement or regulatory authorities. We retain CCTV recordings for a 30-day retention

period unless required for an investigation.

You have the right to request access to personal data captured by CCTV, subject to

applicable exemptions. For more information, please contact dpo@chwvenue.com

Information collected from other sources

We may receive personal information about you from third parties, such as individuals or

organisations hiring or using our facilities. This information may include:

  • Names of guests
  • Dietary preferences
  • Specific requirements (e.g., accessibility needs, space for prayer)

We collect this information to ensure we can provide appropriate services and meet any

specific requirements during your visit. The lawful basis for processing this data is our

legitimate interests in delivering a safe and tailored experience, and, where applicable,

contractual necessity.

This information will be used solely for the purposes described in this Privacy Policy and will be

retained for a period of three to five years unless a longer retention period is required to comply

with legal or regulatory obligations.

How we use your personal information

We use your personal information for the following purposes:

  • To provide goods and services to you or your organisation
    Lawful basis: Contractual necessity
  • To collect and process payments
    Lawful basis: Contractual necessity and legal obligation
  • To inform you of other goods and services that may interest you
    Lawful basis: Consent (or legitimate interests, subject to PECR rules)

  • To inform you about changes and improvements to our products/services

    Lawful basis: Legitimate interests

  • To help ensure a safe and secure environment
    Lawful basis: Legitimate interests

We will only use your personal information for the purposes stated above and in accordance

with UK GDPR and the Data Protection Act 2018.

Who we share your personal information with

We may share your personal information with trusted third-party service providers to

deliver the services you require. These include:

  • Atlas – cleaning services
  • Custard – PR services
  • Green & Fortune – catering services
  • Trojan Security – security services
  • White Light – AV production services
  • Kaika Tech – IT provider
  • Max Wi-Fi – IT provider
  • Microsoft – IT provider
  • Kaseya – IT provider
  • Focus Group – Unified Communications
  • Xero – Finance application
  • Ivvy – CRM

The providers listed act as processors and process personal information only on our instructions

under written Article 28 UK GDPR contracts that require confidentiality, appropriate security,

assistance with rights, restrictions on sub‑processors, and deletion/return of data at contract end.

In addition, we may share personal information:

  • With law enforcement or regulatory authorities where required by law or to prevent crime.
  • With enforcement officers, courts, or professional advisers to enforce our legal rights.
Whether information must be provided by you, and if so why

We require certain personal information, such as your contact details, to respond to your

enquiry and arrange or manage any booking. The lawful basis for processing this

information is contractual necessity.

If you do not provide the required information, we will be unable to proceed with your

booking.

How long your personal information will be kept

We will retain your personal information only for as long as necessary to fulfil the purposes

for which it was collected, including any legal, accounting, or reporting requirements.

  • •Enquiry: If no further contact is made, we will keep your data for up to three to five years from the date of your enquiry.
  • Contracted events or ongoing correspondence: We will keep your data for up to six years, in line with our legal obligations and record-keeping requirements.

After these periods, your data will be securely deleted unless we are required to retain it for

longer by law.

Reasons we can collect and use your personal information

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act

2018, we rely on the following lawful bases to collect and use your personal data. In some

cases, more than one lawful basis may apply:

  • To perform or enter a contract with you
    For example, to manage bookings and provide agreed services and to complete necessary onboarding steps once a job offer has been accepted.
  • Our legitimate interests
    In operating and marketing our facilities, working with service partners to deliver services, and ensuring the safety and security of our premises. Managing recruitment activities, such as reviewing applications and assessing candidates, which typically relies on legitimate interests rather than consent or contract at the pre‑offer stage. General administrative purposes. We always balance these interests against your rights and freedoms.
  • To comply with our legal obligations
    For example, for tax, accounting, or regulatory requirements. Right‑to‑work checks, equality monitoring, and other employment law requirements.
  • To protect your vital interests or those of another person
    For example, in an emergency affecting your health or safety.
  • Where you have given consent
    Case studies and testimonials, where your name, image, feedback, or story is used for promotional or marketing purposes. This type of processing requires freely given, specific, informed, and unambiguous consent Certain types of marketing communications or optional services. You can withdraw consent at any time.
Transfer of your information outside the UK / EEA

Some of the third‑party systems and applications we use to operate our business may store or

process personal information in countries outside the United Kingdom (UK) or the European Economic Area (EEA). This means that your personal information may be transferred to, or accessed from, jurisdictions that do not have the same data protection laws as the UK.

Where we transfer personal information to a country that has not been recognised by the UK

government as providing an adequate level of data protection, we will ensure that appropriate

safeguards are in place in accordance with UK GDPR requirements. These safeguards may include

the use of the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU

Standard Contractual Clauses, or other legally recognised transfer mechanisms.

These measures are designed to protect your privacy rights and to provide you with enforceable

rights and effective legal remedies if your personal information is misused.

If you would like further information about international data transfers or the safeguards we use,

please contact us (see “How to contact us” below).

Your rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act

2018, you have a number of important rights free of charge. These include the right to:

  • Fair processing and transparency over how we use your personal information (as explained in this Privacy Notice).
  • Access your personal information and certain supplementary details.
  • Correct any mistakes in your personal information.
  • Request erasure of personal information in certain circumstances.
  • Receive personal information you have provided to us in a structured, commonly used, machine-readable format and transmit it to another controller (data portability), where applicable.
  • Object to processing for direct marketing at any time.
  • Object to automated decision-making that has legal or similarly significant effects.
  • Object in other situations to our continued processing of your personal information.
  • Withdraw consent at any time, where processing is based on consent.
  • Restrict processing in certain circumstances.

For more details, see the ICO guidance on individual rights: https://ico.org.uk/for-the-public/.

If you wish to exercise any of these rights, please:

  • Contact us (see “How to contact us” below) and provide enough information to identify you (e.g. account number, booking reference).
  • Specify the information your request relates to.

We respond to rights requests within one month (extendable by two further months where

requests are complex or numerous); we may ask for information to verify your identity.

Security and data breaches

We have appropriate security measures to prevent personal information from being lost,

used, or accessed unlawfully. Access is limited to those with a genuine business need and

subject to confidentiality obligations.

We have procedures to deal with suspected data breaches and will notify the ICO within 72

hours and inform affected individuals where legally required.

For advice on protecting your information online, visit www.getsafeonline.org.

Please note that sending information over the internet is not completely secure, and any

data you send is at your own risk.

How to complain

We hope that we can resolve any query or concern you raise about our use of your

information.

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act

2018, you have the right to lodge a complaint with a supervisory authority. In the UK, this is

the Information Commissioner’s Office (ICO). You can contact the ICO via their website at

https://ico.org.uk/make-a-complaint/ or by telephone on 0303 123 1113.

Changes to this privacy notice

This privacy notice was published on 22nd of May 2018 and last updated on 24th of March

2026.

We may update this policy from time to time to reflect changes in law, technology, or our

practices. When updates occur, the latest version will always be posted on this page.

How to contact us

Please contact us if you have any questions about this privacy notice or the information, we hold about you.

If you wish to contact us, please send an email to dpo@chwvenue.com or write to Central

Hall Westminster, Storey’s Gate, London, SW1H 9NH or call 020 7222 8010.

Please note: This Privacy Notice applies only to the activities of Central Hall Westminster

Limited.

If you are looking for the Privacy Notice for the Methodist Central Hall Westminster, please

visit their website or contact them directly for details of their privacy practices.