INDEX
LAST REVIEWED: 23rd January 2025
1. Who We Are
This Privacy Policy describes how personal data is collected, used, and shared by two legally separate, yet collaborating entities:
- The Glitch Collective Ltd. (“TGC”)
- Trading as “theglitch.co”
- Company No. 11078723, VAT No. GB431493505
- Registered Address: Unit 26A, Grow Studios, 86b Wallis Road, Hackney Wick, London E9 5LN, UK
- Growntree’s Desk Services (“GDS”)
- Operated by Gareth Rowntree (Sole Trader)
- Address: Unit 26B, Grow Studios, 86b Wallis Road, Hackney Wick, London E9 5LN, UK
(Collectively “we,” “us,” or “our”)
We operate in a symbiotic arrangement within adjacent units (26A and 26B) that share some facilities, and we may exchange relevant data to provide cohesive services (e.g., memberships, rentals, billing). Although we coordinate our operations, we remain legally separate and each entity is responsible for its own data processing activities or, where applicable, we may act as joint controllers (e.g., handling a joint subject access request).
Our services are primarily delivered through:
- [theglitch.co] (and its subdomain [behind.theglitch.co]), for TGC’s e-commerce and equipment rental, as well as GDS membership sign-ups and billing infrastructure.
By using our websites or services, you agree to the terms outlined in this Privacy Policy.
2. Scope of this Policy
This Policy applies to:
- E-Commerce and Equipment Rentals (provided by The Glitch Collective Ltd.)
- Membership Services, Desk/Storage Access, and Studio Facilities (provided by Growntree’s Desk Services, hosted and managed online via theglitch.co)
It covers information we collect both online (e.g., website sign-ups, digital forms) and offline (e.g., in-person sign-up sheets, phone interactions).
3. Data We Collect
- Account & Membership Data
- Name, Email, Phone Number, Date of Birth, Postal Address – collected during account creation or membership sign-up.
- Photo ID Scan – for 24/7 lab access tiers requiring key issuance or ID verification.
- Stored on a password-protected device belonging to the Studio Manager.
- Deleted upon confirmed termination of your membership/account, unless retention is required for legal or dispute resolution purposes.
- Payment & Transaction Details
- Payment Method/Details (handled via third-party processors: Stripe, PayPal, Zettle, bank transfers); we typically do not store full card information ourselves.
- Invoices & Receipts – retained for accounting and legal compliance.
- Bookings & Usage
- Equipment Rental History – items rented, dates, incident reports.
- Lab/Studio Bookings – dates/times, facilities used, add-on services.
- Communications & Support
- Emails, Messages, Phone Calls – we may keep records of support-related correspondence.
- Newsletter/Marketing Opt-In – separate checkboxes for TGC marketing and GDS marketing. You can unsubscribe at any time.
- Website & Analytics
- Cookies & Tracking – including Google Analytics, Jetpack, etc., for site usage, user preferences, and maintaining login sessions.
- IP Address, Device Info – collected automatically for security and analytics.
- CCTV Footage (On-Site)
- TGC is responsible for CCTV operation within the premises, primarily for security and insurance compliance. Footage is stored internally and accessed only as needed (e.g., investigating an incident).
4. How We Use Your Data
We use your personal data for:
- Membership Management (GDS)
- Processing and renewing memberships, verifying ID where required, and facilitating desk/workshop bookings.
- E-Commerce & Equipment Rentals (TGC)
- Managing product orders, shipping, returns, and rental tracking.
- Communications
- Sending confirmations, invoices, or updates about orders, rentals, or bookings.
- Responding to inquiries and providing support.
- Marketing & Newsletter
- Only if you opt in via our separate checkboxes for TGC and/or GDS marketing.
- You can unsubscribe any time by following instructions in the email or contacting us directly.
- Analytics & Site Improvement
- Monitoring site usage, membership levels, booking frequencies to optimize services.
- Legal & Regulatory Compliance
- Meeting tax, accounting, insurance, and other obligations.
- Investigating or preventing fraudulent or illegal activity.
5. Legal Basis for Processing
We rely on multiple lawful bases under the UK GDPR and equivalent international laws:
- Contractual Necessity: To fulfill orders, memberships, or rentals you’ve requested.
- Legitimate Interests: For security (CCTV via TGC), analytics, site functionality, and operational needs.
- Consent: For optional marketing communications and non-essential cookies.
- Legal Obligations: Compliance with tax, accounting, or other regulatory requirements.
6. Data Sharing & Transfers
- Third-Party Service Providers
- Payment Processors (Stripe, PayPal, Zettle) handle financial transactions.
- Shipping/Logistics providers for physical deliveries.
- Analytics tools (Google Analytics, Jetpack).
- We share only the minimum necessary data with each provider.
- No Data Selling
- We do not sell or rent personal data to unrelated third parties.
- International Transfers
- If data is transferred outside the UK/EEA, we rely on Standard Contractual Clauses or equivalent safeguards.
- Between Our Entities (TGC & GDS)
- We may share necessary data (e.g., membership sign-up info, booking details) to provide a cohesive user experience.
- Each entity is responsible for its own respective processing, or we may act as joint controllers where we jointly decide on data usage (e.g., membership billing, user inquiries).
- If you submit a data subject request, we will jointly coordinate to fulfill it.
7. Data Retention
- Duration
- We generally keep personal data for as long as needed to provide services or to comply with legal obligations.
- Membership Data is typically retained for up to 6 years after account termination to satisfy tax, accounting, or dispute resolution requirements.
- Account Termination
- If you request account closure, we will deactivate your account and delete data not required by law or for legitimate business purposes.
- Photo ID Scans are deleted upon confirmed account termination (unless legally required to retain them).
- Requesting Deletion
- You may request erasure of your personal data (see Section 8). We will remove or anonymize all information not subject to statutory retention.
8. Your Rights
Where applicable (e.g., under GDPR), you may:
- Access & Portability – Request a copy of your data in a portable format.
- Rectification – Correct inaccurate or incomplete information.
- Erasure (“Right to be Forgotten”) – Ask us to delete your personal data if no overriding legal requirement exists.
- Restriction of Processing – Request we limit certain uses of your data (e.g., while you contest accuracy).
- Objection – Object to data processing based on legitimate interests (e.g., direct marketing) if you feel it impacts your fundamental rights.
- Withdraw Consent – For any processing based on consent (e.g., marketing emails, non-essential cookies).
How to Exercise These Rights
- Email contact@theglitch.co with the subject line: “Data Request – [Your Name].”
- Specify which right(s) you wish to exercise (e.g., access, erasure, restriction).
- We may need to verify your identity (e.g., by requesting a copy of ID or matching account info).
- We will respond to valid requests within 1 month (or up to 2 months for complex cases), in compliance with GDPR guidelines. If your request concerns data held separately by GDS or TGC, we will jointly address the request as appropriate.
9. Cookies & Tracking Technologies
- Types of Cookies
- Essential Cookies: Required for site functionality (logins, shopping cart).
- Analytics Cookies: Google Analytics, Jetpack for site performance monitoring.
- Preference Cookies: Remember user settings (language, region, etc.).
- Consent & Cookie Banner
- We display a cookie banner on initial visit to gather consent for non-essential cookies.
- If local law requires explicit opt-in, we will provide options to accept or reject analytics cookies.
- Managing Cookies
- You can disable or delete cookies via browser settings. Note that some features may be limited if you disable essential cookies.
10. Children’s Privacy
Our services are not intended for children under 16. We do not knowingly collect personal data from minors without parental/guardian consent. If you believe a minor has provided data without consent, contact us so we can remove it.
11. Security Measures
- Technical Protections
- SSL/TLS encryption on our websites, secure payment gateways, firewalls, controlled access to databases.
- Organizational Measures
- Internal policies ensure staff handle personal data responsibly.
- Access is limited to those with a legitimate operational need.
- No 100% Guarantee
- While we strive to protect data, no system is impenetrable. You share data at your own risk.
12. Third-Party Links
Our site may contain links to external websites. We are not responsible for the content or privacy practices of such sites. We encourage you to review each external site’s policy.
13. Changes to This Policy
We may update or modify this Privacy Policy at any time. If we make significant changes that affect how we handle your personal data, we will notify registered users via email or post a prominent notice on our website. Continued use of our services after these updates indicates your acceptance of the revised Policy.
14. Contact Us
For questions, requests, or concerns regarding this Privacy Policy or your data:
The Glitch Collective Ltd.
Unit 26A, Grow Studios, 86b Wallis Road
Hackney Wick, London E9 5LN, UK
Email: contact@theglitch.co (Please note in the subject line if your query relates specifically to Growntree’s Desk Services.)
If your concern involves a GDPR data subject request, TGC and GDS will jointly review and respond to ensure all data across both entities is handled properly.