The Dock (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect via our website, how we use it, and your rights. Our website is built on Squarespace, and we comply with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

Information We Collect

We collect the following categories of personal data:

• Contact details: Your name, email address, phone number and other information you provide in booking forms or enquiry forms.

• Payment information: When you place a deposit, we collect payment details (processed by our third-party payment providers). We receive only limited payment data (such as the last four digits of your card, card type and expiration date) from our processor squarespace.com and never store your full card details. Your billing address may also be collected for payment processing.

• Technical data: We automatically collect data about your visit (e.g. IP address, browser type, pages visited, clicks and time on page) via cookies and similar technologies. This is used to improve site performance and security.

• Marketing data: If you subscribe to updates or newsletters, we collect your email and name for marketing communications.

Every data protection law requires that we disclose what personal data we collect. We will not collect more information than is necessary for the purposes below.

How We Use Your Information

We use your information for the following purposes (lawful basis shown in brackets):

• Bookings and payments: To process your booking, deposits and payments (necessary for contract performance).

• Communications: To respond to your enquiries and provide updates about your booking (legitimate interest and contract).

• Email marketing: To send you newsletters, offers or updates about The Dock if you have opted in. We only send marketing emails to individuals who have specifically consented or are existing customers who have not opted out (the “soft opt-in” exception). Every marketing message will include a simple way to unsubscribe or opt out (as required by law).

• Improving our services: To analyse how our site is used and how customers interact with it (legitimate interest).

We will only use your data for the purposes described and as permitted by law. In all cases, we identify the legal basis (consent, contract, or legitimate interest) under UK GDPR for processing your data.

Cookies and Tracking

We use cookies and similar technologies on our website. Cookies are small files stored on your device that help us remember your preferences and understand how our site is used. We provide clear information about our cookie use and obtain consent when required. You can control or delete cookies through your browser settings.

Sharing Your Data

We do not sell your personal information. However, we share data with trusted service providers who help us operate:

• Squarespace: Our website platform. Squarespace processes data under our instructions (they act as a data processor).

• Payment processors: We use Stripe and PayPal to handle deposits. They process your payment details under their own privacy policies, and we only receive limited transaction data (like last four card digits) as noted above.

• Email/marketing services: Any email newsletters are sent via a third-party mailing service (e.g. Mailchimp), which processes subscriber data on our behalf.

• Analytics providers: We may use analytics tools (such as Google Analytics) to monitor site usage. These services may receive anonymized usage data.

• Legal and tax partners: Where required by law (e.g. tax authorities) or to enforce our legal rights, we may disclose data to government or legal entities.

We list categories of third parties we share with to be transparent. In all cases, we ensure our partners are GDPR-compliant and provide adequate security.

International Data Transfers

The Dock is based in London (UK), but our website and services may involve servers outside the UK/EU (e.g. Squarespace or payment servers in the US). When transferring data internationally, we rely on legal safeguards: either UK Government adequacy decisions or standard contractual clauses as required by UK GDPR. We take steps to ensure your personal data is protected according to UK/EU standards.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes above or as required by law. For example, we may keep booking and payment information for several years for accounting and legal reasons, then we delete or anonymize it. You can ask us for details about retention periods.

Data Security

We implement technical and organizational measures to protect your data. This includes secure data storage, encrypted connections (TLS/SSL) on the website, and compliance with standards like PCI-DSS for payment data. We review our security practices regularly and train our staff on data protection. If you suspect any data breach, please contact us immediately.

Your Rights

Under UK GDPR, you have rights regarding your personal data. These include the right to:

• Access the personal data we hold about you.

• Correct any inaccuracies in your information.

• Erase your data (in certain circumstances).

• Restrict or object to our processing of your data (e.g. for marketing).

• Portability: Receive a copy of your data in a standard format.

• Withdraw consent at any time (if processing was based on consent).
  
  

We will respond to any such request in accordance with the law. Notably, if you have consented to marketing, you can withdraw it as easily as you gave it. You also have the right to complain to the UK data protection authority (the ICO) if you believe our processing violates your rights.

Email Marketing Communications

We respect your inbox. We send marketing or promotional emails only to those who have opted in, or under the soft opt-in rule for existing customers. Each email will clearly identify The Dock as the sender and include an easy unsubscribe link. You can also object to direct marketing and we will stop such communications promptly.

Children’s Privacy

Our services are not directed at children. Under UK law, only children age 13 or older can give legal consent for online data processing. We do not knowingly collect personal data from anyone under 13 without parental consent. If we become aware that we have inadvertently collected data from a child under 13, we will delete it immediately. If you are under 18, please obtain consent from a parent or guardian before providing us with personal information.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us via the Bookings/Enquiry form on our website. The Dock (London, UK) is the data controller responsible for your information. 

We take your privacy seriously and continually review our policies to comply with the latest regulations. By using our website or providing us with personal data, you agree to the terms of this Privacy Policy and our use of cookies. You should check this page periodically for updates.