Privacy Notice
Bruton Capital LLP and its group companies Bruton Restaurants GmbH and Bruton Hospitality GmbH (hereinafter referred to jointly as “Bruton”, “we” or “us”) respect your privacy and are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
This privacy notice is provided in a layered format so you can click through to the specific areas set out below.
1. GENERAL INFORMATION
2. WEBSITE
3. PROPERTY OWNERS
4. TENANTS
5. SERVICE PROVIDERS / SUPPLIERS
6. FINAL PROVISIONS
1. GENERAL INFORMATION
Controller
The data controller responsible for the data processing activities in connection with the website www.brutoncapital.com (“website”) is Bruton Capital LLP, 1st Floor Senator House, 85 Queen Victoria Street, London EC4V 4AB, United Kingdom.
Bruton Capital LLP is also the data controller responsible for the data processing activities in connection with its asset management services for property owners and tenants.
The data controller responsible for the data protection activities in connection with the operation of certain Subway restaurants in Germany is Bruton Restaurants GmbH, Moselstr. 17, 60329 Frankfurt, Germany.
The data controller responsible for the data protection activities in connection with the operation of certain BrewDog bars in Germany is Bruton Hospitality GmbH, Moselstr. 17, 60329 Frankfurt, Germany.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Obligation to Provide Personal Data
Website:
With regard to the use of our website, there is generally no legal or contractual obligation to provide us with your personal data; however, it may be that we can only provide certain offers to a limited extent or not at all, if you do not provide the data required for this. If this should be the case, you will be informed of this separately.
Other areas:
We need some of your personal data to perform our contracts with you. We also need some information so that we can comply with our legal obligations. For example, we may need identity documents from you to meet our obligations to prevent fraud and money laundering.
If you do not provide the information required for these purposes, we will not be able to perform our contract with you and may not be able to provide services to you or continue to provide certain services to you. We will explain when this is the case at the point where we collect personal data from you.
No Automated Decision Making (Including Profiling)
We do not intend to use any personal data collected from you for any automated decision making process (including profiling).
Data Retention and Deletion
Unless an explicit retention period is specified below, we will retain your personal data for as long as necessary to fulfil the purpose(s) for which it was collected and to comply with applicable laws and your consent. Thereafter we will only retain personal data for as long as we are required to either due to the nature of the processing, or in order to enable us to comply with a legal or regulatory obligation to which we are bound.
Transfer and Storage of Personal Data
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) as long as it is in a country which has been assessed by the European Commission as having an adequate level of protection for personal data. Alternatively, for transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate safeguards, such as standard contractual clauses adopted by the European Commission, to protect your personal data. You may obtain a copy of the standard contractual clauses at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
According to the EU-UK Trade and Cooperation Agreement, transfers of personal data from the EEA to the UK are not treated as transfers to a third country until the earlier of the date on which the European Commission issues an adequacy decision regarding the UK or 1 May 2021 (which will automatically be extended to 1 July 2021 unless either side objects).
2. WEBSITE
Categories of Personal Data
During the use of our website, we might collect the following categories of personal data:
• Usage Data: When you visit our website, a log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
– the name and address of the requested content,
– the date and time of the query,
– the transferred data volume,
– the access status (content transferred, content not found),
– the description of the used web browser and operating system,
– the referral link, which indicates from which page you reached ours,
– the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
• Contact Form Data: When you use the contact forms on the website, we process the data transmitted (e.g. surname and first name, e-mail address, the time of transmission, and any other personal data that you may voluntarily communicate).
• Job Application Data: When you submit your job application via email (as stipulated on our website), we process the data transmitted in your application (e.g. gender, surname and first name, address, company, e-mail address, professional background and the time of transmission), including your CV and supporting documents. In connection with your application, we may also collect, store and use any information you provide to us during an interview.
Purpose and Legal Bases
We process the personal data described in more detail above in accordance with the provisions of the General Data Protection Regulation (“GDPR”), other relevant data protection regulations and only to the extent necessary.
The processing of usage data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection. The processing is carried out on the basis of Art. 6(1) lit. f GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.
Contact form data is processed for the purpose of making contact. By submitting your message, you agree to the processing of your transmitted data. Processing will be carried out on the basis of Art. 6(1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal.
Job application data is processed for the purpose of handling your application for job vacancies at BrewDog bars or Subway restaurants available at the website. The legal basis is Sec. 26(1)(1) German Data Protection Act (“BDSG”) or Sec. 26(3) BDSG in conjunction with Art. 9(2) lit. b GDPR insofar as special categories of personal data are concerned.
Data Retention and Deletion
Usage data will be retained for 7 days following the date of collection. Contact form data will be will be retained for the period required to process the query. Job application data from unsuccessful applicants will be deleted 6 months after the application procedure is concluded, unless you have explicitly consented to a longer retention period. Job application data from successful applicants will be transferred to our HR management system and retained during your employment in accordance with our privacy notice for employees.
Recipients of Personal Data
The following categories of recipients, which are usually processors, may receive access to your personal data:
• Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. cloud service providers, IT security);
• Internal HR staff for the handling of application data;
• State agencies/authorities, insofar as this is necessary for the fulfilment of a legal obligation;
• Persons appointed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures);
• Other group companies.
Apart from these cases, we will only share your personal data with third parties if you have given your express consent to do so in accordance with Art. 6(1) lit. a GDPR.
Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology
How do we use cookies?
We use cookies to improve your experience on the website, including distinguishing you from other users of the website.
What types of cookies do we use?
Our website uses the following types of cookies:
Functionality – We use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in.
| Provider | WPML (wp-wpml_current_language) |
| Purpose | Stores the current language. |
| Storage Period | 24 hours |
| Provider | WPML (wp-wpml_current_admin_language_{hash}) |
| Purpose | Stores the current WordPress administration area language. |
| Storage Period | 24 hours |
| Provider | WPML ( wpml_browser_redirect_test ) |
| Purpose | Tests if cookies are enabled. |
| Storage Period | 24 hours |
| Provider | WPML (_icl_visitor_lang_js ) |
| Purpose | Stores the redirected language. |
| Storage Period | 24 hours |
How to manage cookies
You can set your browser not to accept cookies. However, in a few cases, some of our website features may not function as a result.
3. PROPERTY OWNERS
Categories of Personal Data
For the conclusion or performance of a property management agreement, we may collect different categories of personal data about you, namely,
• first name/last name
• title
• contact details
• all personal data in connection with the property management agreement, either directly from you or from the company you are working for.
Purpose and Legal Bases
The personal data collected in those cases will be processed on the legal basis of Art. 6(1) lit. f GDPR (legitimate interest) to manage efficiently our business relationships and to prospect new clients or on the legal basis of Art. 6(1) lit. b GDPR for the performance of a contract (or in order to take steps prior to entering into a contract), where applicable.
Recipients of Personal Data
The following categories of recipients, which are usually processors, may receive access to your personal data:
• Service providers that require information in connection with the contractual object (e.g. craftsmen, cleaning personnel);
• Companies contracted to support our internal IT structure;
• State agencies/authorities, insofar as this is necessary for the fulfilment of a legal obligation;
• Persons appointed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures).
Apart from these cases, we will only share your personal data with third parties if you have given your express consent to do so in accordance with Art. 6(1) lit. a GDPR.
4. TENANTS
Categories of Personal Data
When you or the company you work for, enter into a lease agreement with a property owner we service, we may collect different categories of personal data about you, namely:
• contact details such as name, address, telephone number
• bank account and payment details
• all personal data in connection with the lease agreement, either directly from you, from the company you are working for of from the property owner.
Purpose and Legal Basis
We process this personal data for the performance of the lease agreement in the context of the property management agreement with the property owner. We process the personal data on the legal basis of Art. 6(1) lit. f GDPR (legitimate interest) to manage efficiently our business relationships.
Recipients of Personal Data
The following categories of recipients, which are usually processors, may receive access to your personal data:
• Service providers that require information in connection with the contractual object (e.g. craftsmen, cleaning personnel);
• Companies contracted to support our internal IT structure;
• State agencies/authorities, insofar as this is necessary for the fulfilment of a legal obligation;
• Persons appointed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures).
Apart from these cases, we will only share your personal data with third parties if you have given your express consent to do so in accordance with Art. 6(1) lit. a GDPR.
5. SERVICE PROVIDERS / SUPPLIERS
Categories of Personal Data
When you enter into a business relationship with us, the following personal data may be collected:
Property Management:
Name, contact details and all personal data in connection with the provision of goods and services either from you or from the company you are working for
Restaurants:
Name, contact details and all personal data in connection with the provision of goods and services either from you or from the company you are working for
Purpose and Legal Basis
This personal data will be used in order to manage the provision of goods and/or services. The legal basis is Art. 6(1) lit. b GDPR (performance of a contract).
Recipients of Personal Data
The following categories of recipients, which are usually processors, may receive access to your personal data:
• Service providers that require information in connection with the contractual objects or restaurants;
• Companies contracted to support our internal IT structure;
• State agencies/authorities, insofar as this is necessary for the fulfilment of a legal obligation;
• Franchisors in connection with the BrewDog bars and Subway restaurants;
• Persons appointed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures).
Apart from these cases, we will only share your personal data with third parties if you have given your express consent to do so in accordance with Art. 6(1) lit. a GDPR
6. FINAL PROVISIONS
Your Rights
Under the GDPR, you have a number of rights in relation to your personal data, namely, the right to request from the controller access to personal data and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability.
If you wish to exercise any of the rights set out above, please contact us via privacy@brutoncapital.com. You have the right to make a complaint to the competent supervisory authority in your country; you can find the contact details for your local supervisory authority here: https://edpb.europa.eu/about-edpb/board/members_en. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
Changes to the Privacy Notice and Your Personal Data
We keep our privacy notice under regular review.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Contact Us
If you have any questions about this privacy notice or our privacy practices, please contact us via privacy@brutoncapital.com.
