Privacy Policy

The Deep is committed to being transparent about how it handles personal information, to protecting the privacy and security of personal information and to meeting its data protection obligations under the General Data Protection Regulation (‘GDPR’). Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed. The purpose of this privacy policy is to make you aware of how and why we will collect and use personal information. We are required under the GDPR to notify you of the information contained in this privacy policy. Our privacy policy explains our data processing practices and the ways in which your personal information is used, in both electronic and paper formats. It applies to information we collect about:

• people who visit our website
• people who subscribe to our newsletter
• people who request a service from us, e.g. tickets, bookings & experience days
• people who contact us via telephone, email or social media
• people who visit The Deep
• people who provide a service to us, e.g. individuals or sole traders
• potential clients of The Deep’s Business Centre
• job applicants

Your privacy matters to The Deep so please do take the time to get to know our practices – and if you have any questions please contact us on info@thedeep.co.uk

How we collect & use your information

People who visit our website

When someone visits www.thedeep.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of our website. This information is only processed in a way which does not identify anyone. This data is kept indefinitely. Here is a link to the relevant part of Google’s privacy policy: www.support.google.com/analytics/answer/6004245?hl=en The search engine on our website is powered by Oyster Design<https://www.oysterdesign.co.uk/.> No user-specific data is collected. Search queries and results are logged anonymously to help us improve our website and search functionality. We also use Oyster Design to help maintain the security and performance of our website. To deliver this service, it processes the IP addresses of visitors to The Deep’s website.
 

Here is a link to their Privacy Policy https://www.oysterdesign.co.uk/privacy-policy.
 

Cookies

What is a cookie?

Cookies are delicious biscuits that can be eaten with a cup of tea or a latte, however, cookies can also be little files of data that are stored on your computer or handheld device, and unfortunately it’s the latter we are dealing with here! Most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’). Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier. If a website doesn’t use cookies, it will think you are a new visitor every time you move to a new page on the site – for example, when you enter your login details and move to another page it won’t recognise you and it won’t be able to keep you logged in.

What to do if you don’t want cookies to be set

Some people find the idea of a website storing information on their computer or mobile device a bit intrusive. Although this is generally quite harmless you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you may lose some functionality of the website if you do so. You can block cookies by going into your browser's control panel/preferences.
 

People who subscribe to our newsletter
 

We use Mail Chimp to deliver regular emails to our customers who have subscribed to our newsletter. We gather statistics around email opening rates and clicks using industry standard technologies to help us monitor and improve our newsletter. For more information, here is a link to their privacy policy: mailchimp.com/legal/privacy
You can unsubscribe from our newsletter at any point. Please either click the unsubscribe link in any newsletter you have received or email us at info@thedeep.co.uk

People who request a service or make a booking with us

We provide many services, such as ticket bookings both online and in person at The Deep, as well as group bookings, education bookings, weddings and other ad hoc events and services. We also have an online shop. Some parts of our booking services may require personal information, such as name, contact details, food allergies and/or payment details for us to be able to provide the service to you. We only ask for relevant information and never store any payment details. Your information is not shared with any third parties. For those visitors who voluntarily Gift Aid their admission, the donor’s name and address are submitted securely to HMRC and need to be retained in line with HMRC’s requirements.

Our online shop provider is Oyster Design.

Our ticketing system is provided by TOR Systems, here is a link to their website with all of their contact details www.torsystems.co.uk/contact-us 

The visitor sign in systems in both The Deep and our Business Centre are operated by Osbourne Technologies, here is a link to their privacy policy www.osbornetechnologies.co.uk/privacy

We use software provided by RA Software to manage our Business Centre and ad hoc events, here is a link to their website with all of their contact details www.ra-is.co.uk/business-centre-software

Our Business Centre also use Paxton Net 2 Access Control, here is a link to their privacy policy www.paxton-access.com/about/compliance-policies/

Our broadband is provided by The One Point Ltd (www.theonepoint.co.uk/privacy-policy) and our managed IT service is provided by Procom Professional Services (Holdings) Ltd (www.procom-it.com)
 

People who contact The Deep

People who call us

We do not record our telephone calls, however we may use some information you provide to us to carry out any requested service such as completing a booking, answering a query or resolving an issue.

People who email us

We monitor all emails sent to us, including file attachments, for viruses or malicious software. We may use some information you provide to us to carry out any requested service, completing a booking, answering a query or resolving an issue.

People who contact us via social media

We may use some information you provide to us to carry out any requested service, such as answering queries or providing you with a competition prize.
Please be aware that when you post online in public forums on third party social media sites such as Facebook, X, Instagram and TripAdvisor, you should know that others may use, tag and/or re-publish your information.
 

Links to privacy policies of sites we use:

• Facebook
• X 
• Instagram
• TripAdvisor
• TikTok
• Linkedin
• YouTube

People who make a complaint to us

We take all complaints very seriously. We will only use the personal information we collect to process and resolve the complaint, which may involve communicating with you the outcome. We also use this information to check on the level of service we provide.
People who visit The Deep

CCTV

CCTV systems are in place in some areas of The Deep for public safety. Signs notifying you that CCTV is in operation are displayed in these areas alongside contact details for further information. Images captured by CCTV are not kept for longer than is necessary but may be shared with relevant legal authorities if required.

Accidents

If during your visit you have an accident, we will keep a record of this to comply with our Health & Safety practices. We may also need to keep the records for legal reasons and may need to share this information with our insurers, the health & safety executive or any other relevant authority. Accident record information is then collated anonymously to help improve our service to you by identifying areas of improvement. Once anonymised this data is kept indefinitely.

Borrowing of equipment

If during your visit you would like to hire some equipment from The Deep (such as a wheelchair, a hearing loop or audio guide), we will require some personal details from you so that we may contact you in case the equipment is not returned to us.

Lost property

Your lost property may contain personal data (such as a lost wallet containing identification cards) so we keep these in a locked safe and destroy after 3 months.

Volunteers & work placements

We use your personal data to manage your time with us and to make sure we are complying with all of our legal and health & safety responsibilities and obligations to you. This could include contacting you about a placement you’ve applied for or we think you might be interested in, aspects of your placement, providing you with a reference or to recognise your contribution.

People who provide a service to us

We keep all information relating to suppliers safely and securely in our software systems and will only request the information we need to fulfil any contract we have with you.

Potential clients of The Deep’s Business Centre

To be able to deal with enquiries from potential tenants, we may need to take some details from you, which may include documents to confirm your identity and to compile tenancy agreements which are contracts. This information will be kept securely and will only be available to those that have a justifiable need to access it.

We use software provided by RA Software to manage our Business Centre and ad hoc events, here is a link to their website with all of their contact details www.ra-is.co.uk/business-centre-software

Job applicants

As part of any recruitment process, we collect and process personal information, or personal data, relating to job applicants. This personal information may be held on paper or in electronic format and applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency. It is non-contractual.

The Deep, uses and processes a range of personal information about you during the recruitment process. This includes:

• your contact details, including your name, address, telephone number and personal e-mail address
• personal information included in a CV, any application form, cover letter or interview notes
  references
• information about your right to work in the UK and copies of proof of right to work documentation
  copies of qualification certificates
• copy of driving licence
• other background check documentation
• details of your skills, qualifications, experience and work history with previous employers
• information about your current salary level, including benefits and pension entitlements
• your professional memberships

We may also collect, use and process the following special categories of your personal information during the recruitment process:

• whether or not you have a disability for which The Deep needs to make reasonable adjustments during the recruitment process
• information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation

How do we collect personal information regarding job applicants?

We collect personal information about you during the recruitment process either directly from you or sometimes from a third party such as an employment agency. We may also collect personal information from other external third parties, such as references from current and former employers, information from background check providers, information from credit reference agencies and criminal record checks from the Disclosure and Barring Service (DBS). Other than employment agencies, we will only seek personal information from third parties during the recruitment process once an offer of employment or engagement has been made to you and we will inform you that we are doing so, or at another time with your agreement.

You are under no statutory or contractual obligation to provide personal information to The Deep during the recruitment process. Your personal information may be stored in different places, including on your application record, in our HR management system and in other IT systems, such as the e-mail system.

Why and how do we use the personal information of job applicants?

• We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:
• where we need to do so to take steps at your request prior to entering into a contract with you, or to enter into a contract with you (1)
• where we need to comply with a legal obligation (2)
• where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests (3).

We need all the types of personal information listed under ‘What types of personal information do we collect about job applicants?’ primarily to enable us to take steps at your request to enter into a contract with you, or to enter into a contract with you (1), and to enable us to comply with our legal obligations (2). In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests (3). Our legitimate interests include: pursuing our business by employing employees, workers and contractors; managing the recruitment process; conducting due diligence on prospective staff and performing effective internal administration. We have indicated, by using (1), (2) or (3) next to each type of personal information listed above, what lawful basis we are relying on to process that particular type of personal information.

The purposes for which we are processing, or will process, your personal information are to:

• manage the recruitment process and assess your suitability for employment or engagement
• decide to whom to offer a job
• comply with statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK
• comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations
• ensure compliance with your statutory rights
• ensure effective HR, personnel management and business administration
• monitor equal opportunities
• enable us to establish, exercise or defend possible legal claims

Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.

What if you fail to provide personal information as part of the job application process?

If you fail to provide certain personal information when requested, we may not be able to process your job application properly or at all, we may not be able to enter into a contract with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory rights.

Why and how do we use the sensitive personal information of job applicants?

We will only collect and use your sensitive personal information, which includes special categories of personal information and information about criminal convictions and offences, when the law additionally allows us to.

Some special categories of personal information, i.e. information about your health, and information about criminal convictions and offences, is also processed so that we can perform or exercise our obligations or rights under employment law and in line with our data protection policy.

We may also process information about your health and information about any criminal convictions and offences where we have your explicit written consent. In this case, we will first provide you with full details of the personal information we would like and the reason we need it, so that you can properly consider whether you wish to consent or not. It is entirely your choice whether to consent. Your consent can be withdrawn at any time.

The purposes for which we are processing, or will process, health information and information about any criminal convictions and offences, are to:

• assess your suitability for employment or engagement
• comply with statutory and/or regulatory requirements and obligations, e.g. carrying out criminal record checks
• comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligation
• sensure compliance with your statutory rights
• ascertain your fitness to work
• ensure effective HR, personnel management and business administration
• monitor equal opportunities

We will only use your personal information for the purposes for which we collected it, i.e. for the recruitment exercise for which you have applied. However, if your job application is unsuccessful, we may wish to keep your personal information on file in case there are future suitable employment opportunities with us. We will ask for your consent before we keep your personal information on file for this purpose. Your consent can be withdrawn at any time.
Where The Deep processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring in recruitment and in line with our data protection policy. Personal information that we use for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is entirely your choice whether to provide such personal information.

We may also occasionally use your special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.

Who has access to the personal information of job applicants?

Your personal information may be shared internally within The Deep for the purposes of the recruitment exercise, including with members of the HR department, members of the recruitment team, managers in the department which has the vacancy and IT staff if access to your personal information is necessary for the performance of their roles.

We will not share your personal information with third parties during the recruitment process unless your job application is successful and we make you an offer of employment or engagement. At that stage, we may also share your personal information with third parties (and their designated agents), including:

• external organisations for the purposes of conducting pre-employment reference and employment background checks
• the DBS, to obtain a criminal record check
• former employers, to obtain references
• professional advisors, such as lawyers

We may also need to share your personal information with a regulator or to otherwise comply with the law.

We may share your personal information with third parties where it is necessary to take steps at your request to enter into a contract with you, or to enter into a contract with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).

How long does The Deep keep the personal information of job applicants?

We will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed.

If your application for employment or engagement is unsuccessful, we will generally hold your personal information for one year after the end of the relevant recruitment exercise but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to six years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, County Court or High Court. If you have consented to us keeping your personal information on file for in case there are future suitable employment opportunities with us, we will hold your personal information for a further six months after the end of the relevant recruitment exercise, or until you withdraw your consent if earlier.

If your application for employment or engagement is successful, personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with the privacy notice for employees, workers and contractors.

Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.
In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.

Your rights in connection with your personal information

As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

• request access to your personal information - this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
• request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected
• request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
• restrict the processing of your personal information - this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
• object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
• data portability - this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.

If you wish to exercise any of these rights, we may need to request specific information from you in order to verify your identity. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.

If you believe that The Deep has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.

Transferring personal information outside the European Economic Area

The Deep will not transfer your personal information to countries outside the European Economic Area.

Automated decision making

Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention. We do not envisage that any recruitment decisions will be taken about you based solely on automated decision-making, including profiling.

How does The Deep protect your personal information?

The Deep has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities.

Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.

We also have in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator such as the Charity Commission) and you of a suspected breach where we are legally required to do so.

How long will The Deep keep your personal information?

We will only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purpose for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

When your information is no longer required under our retention policies, we will ensure it is disposed of in a secure manner.

How to amend your information

Under the General Data Protection Regulations (GDPR), you have rights as an individual which you can exercise in relation to the information we hold about you. You can read more about these rights here www.ico.org.uk/for-the-public

To correct, amend, update or ask about any information you have given us, or to withdraw consent you have previously given, please contact us info@thedeep.co.uk<mailto:info@thedeep.co.uk> or write to us at the address below:

Data Protection
The Deep
Tower Street
Hull
HU1 4DP

We may need to verify your identity before actioning your request.

This privacy policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of The Deep’s collection and use of personal information, however we are happy to provide any additional information or explanation needed. Any requests for this should be sent to info@thedeep.co.uk or please write to us at the postal address given above.

Our website may contain links to other websites which are outside our control and are not covered by this privacy policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.

The Deep reserves the right to update or amend this privacy policy at any time. We will issue a new privacy policy when we make significant updates or amendments.

We are registered with ICO under both Running Deep Limited (number - ZA577359) and EMIH Limited (number – Z736672X).

Last updated 31.10.23