Privacy & Cookies
Privacy Policy
1. WHO ARE WE?
This website is operated by Kindred Hospitality Ltd, a company registered in England and Wales (company number 10657116). Our registered address is Bradmore House, Queen Caroline Street, London, W6 9BW.
Kindred is the data controller responsible for your personal data. We are registered with the UK Information Commissioner’s Office (ICO) under reference ZB087383.
Kindred is a community-first hospitality and events venue in Hammersmith. We are an open-access space. Anyone can book our spaces, eat and drink with us, use our coworking facilities, or hold an event with us.
We also operate the Campfire Card, a loyalty scheme open to residents of the W6 postcode area. If you apply for or hold a Campfire Card, we collect and use your personal data in connection with the scheme as described in this policy.
If you have any questions about this policy or how we handle your data, please contact us using the details in Section 13.
2. THE PERSONAL DATA WE COLLECT
We collect personal data about you in the following ways.
When you make a booking or enquiry
When you visit Kindred, we may collect personal data through your booking, your payment, and any feedback or correspondence you share with us.
If you use our coworking facilities, we record your arrival and departure through our sign-in system. This allows us to know who is in the building at any given time for the safety and security of everyone on the premises. The lawful basis for this is our legitimate interests in maintaining a safe environment.
We operate CCTV at Bradmore House, covering internal and external areas of the building including all outdoor spaces. Footage is recorded for the safety and security of our staff, customers and premises. The system is managed in-house, with access restricted to authorised personnel, and is also monitored remotely by a third-party security firm in connection with our intruder and fire alarm system. Recordings are retained for 50 days and then automatically overwritten. Footage may be retained for longer where it relates to a specific incident. It will only be shared with law enforcement where we are legally required to do so. The lawful basis for CCTV is our legitimate interests in maintaining a safe and secure environment.
When you apply for or hold a Campfire Card
To apply for a Campfire Card, you complete a form on our website. We collect your name, contact details, and address to verify that you live in the W6 postcode area. If your application is approved, we retain your details as a card holder record and use them to manage your benefits and send you scheme-related communications and invitations.
If your application is not approved, we will let you know and will not retain your details beyond what is needed to handle your enquiry.
When you contact us
If you contact us by phone, email, social media, or in person, we collect the personal data contained in that communication.
When you use our website
When you visit our website we automatically collect certain technical information about your device and how you interact with our site. We do this through cookies and similar technologies. Section 9 explains this in more detail.
When you sign up for marketing
If you agree to receive marketing from us, we collect your name, email address, and communication preferences.
3. HOW WE USE YOUR PERSONAL DATA, AND OUR LAWFUL BASIS
Data protection law requires us to have a lawful basis for processing your personal data. We rely on the following.
To fulfil a booking or contract
We use your personal data to take and manage your bookings, process payments, send booking confirmations, and provide customer service. Without this we cannot provide the service you have asked for.
For our legitimate interests
We use your personal data for legitimate business purposes where these do not override your rights. This includes responding to enquiries and complaints, keeping our systems secure, understanding how our website is used, operating CCTV and our coworking sign-in system for the safety of everyone on our premises, and analysing how we can improve what we offer. You have the right to object to processing based on legitimate interests, as set out in Section 11.
To send you marketing
Where you have made a booking or enquiry with us, we may send you emails about similar services, offers and events at Kindred. We do this on the basis that you were given a clear opportunity to opt out when your details were collected and did not do so. You can opt out at any time by clicking the unsubscribe link in any email or by contacting us.
If you hold a Campfire Card, we will also send you information about your benefits, scheme updates and related invitations. You can opt out of these at any time by contacting us.
To comply with the law
We use your personal data where required by law, for example to keep financial records as required by HMRC, or to respond to lawful requests from authorities.
4. MARKETING COMMUNICATIONS
If you have agreed to receive marketing, we will send you news, offers and information about Kindred that we think will interest you. You can opt out at any time by clicking the unsubscribe link in any email, or by contacting us using the details in Section 13. Opting out of marketing will not affect booking-related communications.
5. WHO WE SHARE YOUR PERSONAL DATA WITH
We share your personal data only where necessary. We require all third parties to keep it secure and use it only for the purposes we specify. We share data with the following categories of recipient.
Service providers
We use third-party service providers to help us run our business. These include providers of booking and reservation management, payment processing, website hosting, email and marketing communications, guest relationship management, coworking sign-in, analytics, and advertising. These providers process your data on our behalf and are not permitted to use it for their own purposes.
For website analytics we use Google Analytics (GA4), provided by Google. For advertising measurement we use Meta Pixel, provided by Meta. For payment processing we use Square. We use a third-party invoicing platform to issue invoices and manage financial records. These platforms are named specifically because you may wish to review their own privacy policies or exercise rights directly with them.
The Campfire Card scheme
Your Campfire Card data is processed using a combination of our website, a card holder database, and our guest communications platform. Data collected through the scheme is used solely to verify eligibility, manage your card holder record, and send you scheme-related communications and invitations.
CCTV monitoring
Our CCTV system is monitored remotely by a third-party security firm under a contract that requires them to keep footage secure and use it only for security purposes.
Professional advisers
We share data with our accountants, lawyers and other professional advisers where necessary.
Authorities and regulators
We will share personal data with authorities or regulators where we are legally required to do so, or where necessary to protect the safety of our staff or customers.
Business transfers
If we sell or transfer our business or assets, personal data may transfer to the buyer as part of that transaction.
6. PAYMENT INFORMATION
Payments are processed by Square, our payment provider. Your card details are encrypted at the point of payment and are never stored on our systems. Square uses tokenisation, meaning your actual card number is replaced by a secure token throughout the transaction. Square is a Level 1 PCI DSS compliant provider.
If you store a card for future use, that information is held securely by Square. We can see only the card type and last four digits. We never have access to your full card number or CVV.
We also accept payment by bank transfer for invoiced transactions. Our bank details appear on our invoices for this purpose. If you pay by bank transfer, your payment details are processed through our banking provider and invoicing system and are not stored beyond our legal obligations.
For more information about how Square handles payment data, see Square’s privacy notice at squareup.com.
7. TRANSFERRING YOUR DATA OUTSIDE THE UK
Some of our service providers are based outside the UK, including in the United States. Where your personal data is transferred outside the UK we take steps to ensure it remains protected to the standard required by UK data protection law.
We rely on the following safeguards depending on the provider: the UK Extension to the EU-US Data Privacy Framework, or the UK Addendum to the EU Standard Contractual Clauses. Both are legally recognised mechanisms for protecting personal data transferred to the US.
If you would like more information about the safeguards in place for any specific provider, please contact us using the details in Section 13.
8. HOW WE KEEP YOUR DATA SECURE
We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or damage. No data transmission over the internet can be guaranteed to be completely secure, but we take reasonable steps to protect the information we hold.
9. COOKIES
A cookie is a small text file placed on your device when you visit a website. We use cookies and similar technologies to help our website function, understand how it is used, and support our advertising.
Your choices
When you first visit our website you will be shown a cookie banner. Strictly necessary cookies are always active as the website cannot function without them. All other cookies are only set if you choose to accept them. You can change your preference at any time using the cookie settings link on our website.
The cookies we use
| Cookie or technology | Provider | Purpose | Duration |
|---|---|---|---|
| Strictly necessary cookies | Kindred | Enable core website functions, including load balancing for our enquiry and landing page forms. Cannot be switched off | Session and persistent |
| Google Analytics (GA4) | Help us understand how visitors use our website so we can improve it | Up to 13 months | |
| Meta Pixel | Meta (Facebook) | Helps us measure the effectiveness of our advertising on Meta platforms (Facebook and Instagram) | Up to 3 months |
Managing cookies
You can also manage cookies through your browser settings. If you block all cookies some parts of our website may not work properly.
10. HOW LONG WE KEEP YOUR PERSONAL DATA
We keep your personal data only for as long as we need it, or as long as the law requires. The table below sets out our retention periods by category.
| Category | Retention period |
|---|---|
| Booking and event records | 3 years from the date of the booking |
| Enquiry data that does not convert to a booking | 6 months from the date of the enquiry |
| Special requirements such as dietary or access needs | Deleted as soon as they are no longer needed for your specific visit |
| Financial records | 6 years from the end of the relevant financial year, as required by HMRC |
| Marketing data for active subscribers | Retained while you remain an active subscriber |
| Marketing data for unsubscribed contacts | Suppression records kept indefinitely to prevent accidental re-addition; all other data deleted within 30 days of unsubscribe |
| General correspondence and enquiries | 6 months to 2 years depending on the nature of the correspondence |
| Booking-related correspondence | 3 years |
| Complaints | 3 years from the date of resolution |
| Data protection requests | 3 years from the date of resolution |
| Bank details provided for refund purposes | Deleted once the refund is confirmed |
| Campfire Card holder data | Deleted within 30 days of leaving the scheme, except for financial records kept for 6 years in line with HMRC requirements |
| Payment and transaction records | 6 years in line with HMRC requirements |
| CCTV footage | 50 days, after which footage is automatically overwritten. Footage relating to a specific incident may be retained for longer until the matter is resolved |
| Coworking sign-in records | 3 years |
When data is no longer needed we delete or anonymise it. If you have questions about retention periods please contact us using the details in Section 13.
11. YOUR RIGHTS
Under UK data protection law you have the following rights.
- Right of access. To receive a copy of the personal data we hold about you
- Right to rectification. To have inaccurate or incomplete data corrected
- Right to erasure. To ask us to delete your data in certain circumstances
- Right to restrict processing. To ask us to pause our use of your data in certain circumstances
- Right to data portability. To receive certain data in a machine-readable format
- Right to object. To object to processing based on our legitimate interests, or to direct marketing at any time
- Right to withdraw consent. Where we rely on consent, to withdraw it at any time without affecting any processing already carried out
To exercise any of these rights, contact us using the details in Section 13. We may need to verify your identity before responding and will do so within one calendar month.
If you have a complaint about how we have handled your personal data, please contact us and we will respond in accordance with our data protection complaints procedure.
You also have the right to complain to the ICO at ico.org.uk or on 0303 123 1113. We would appreciate the chance to address your concerns first.
12. CHANGES TO THIS POLICY
We may update this policy from time to time. When we do, we will update the date at the top of this page. Where changes are significant we will take reasonable steps to let you know.
13. HOW TO CONTACT US
For any questions about this policy, or to exercise your rights, please contact us.
- Email: hello@wearekindred.com
- Post: Kindred Hospitality Ltd, Bradmore House, Queen Caroline Street, London, W6 9BW
- Phone: 020 3146 1370
Policy last updated May 2026