Privacy Policy
Last updated on 13 July 2026
This Privacy Policy explains how Kalogas (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our club, use our website at kalogas.org, book a gaming station, register for an event, or become a member. We are committed to processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
1. Data Controller
Kalogas is the data controller responsible for your personal data. This means we determine how and why your personal data is processed.
2. Contact information
For any privacy matter, including exercising your rights, contact us at:
- Email: info@kalogas.org
- 25 Canada Square, Canary Wharf, London, E14 5LQ, United Kingdom
- +44 20 7516 4000
If we appoint a data protection point of contact, their details will be published here.
3. Personal data we collect
Depending on how you interact with us, we may collect:
- Identity and contact data: name, email address, telephone number, and postal address where provided.
- Membership data: membership type, start and end dates, activation and renewal history, and cancellation records.
- Visitor data: records of single visits and attendance.
- Gaming station booking data: the stations or rooms you reserve, dates, and times.
- Event registration data: the events you sign up for, team details you provide, and attendance.
- Payment and transaction data: records of payments made, amounts, and dates. Card details are processed by our payment provider; we do not store full card numbers.
- Customer service communications: the content of enquiries, emails, and messages you send us and our replies.
- Technical and usage data: where you use our website, limited information such as IP address, device and browser type, and pages visited, collected through cookies and similar technologies (see Section 7).
4. Membership data
We process membership data to set up, manage, and end your membership, to apply the correct access and booking benefits, to handle renewals you choose to make, and to process cancellations and any refunds.
5. Visitor data
We process visitor data to admit you to the club, apply your single-visit access, and keep basic attendance records for safety and operational reasons.
6. Legal bases for processing
We rely on the following legal bases under Article 6 of the UK GDPR:
- Contract: to provide the club access, bookings, events, and memberships you purchase, and to manage payments, renewals, and cancellations.
- Legitimate interests: to run and secure our club and website, prevent misuse of equipment, keep basic attendance records, and respond to enquiries — where these interests are not overridden by your rights.
- Legal obligation: to comply with our legal and regulatory duties, including tax and accounting requirements.
- Consent: for optional cookies and for electronic marketing where consent is required. You can withdraw consent at any time.
7. Cookies and similar technologies
Our website uses cookies and similar technologies. In line with PECR and UK GDPR, non-essential cookies (including preference, statistics, and marketing cookies) are only set with your consent, which we request through our cookie banner. Strictly necessary cookies do not require consent.
8. Website analytics
We may use analytics to understand how our website is used and to improve it. Analytics cookies are only used with your consent. Where possible, analytics data is aggregated or pseudonymised.
9. Marketing communications
We will only send you electronic marketing (such as email updates about events and offers) where you have consented, or where permitted under the “soft opt-in” for existing customers under PECR in respect of our own similar services. Every marketing message includes a simple way to unsubscribe, and you can opt out at any time by emailing info@kalogas.org.
10. Data retention
We keep personal data only for as long as necessary:
- Membership and transaction records: retained for the duration of your membership and then for the period required by tax and accounting law (generally up to six years).
- Visitor and booking records: retained for a limited operational period and then deleted or anonymised.
- Enquiry and customer service records: retained for as long as needed to handle your query and a reasonable period afterwards.
- Marketing consents: retained until you withdraw consent or the record is no longer needed.
11. Data sharing
We do not sell your personal data. We may share it with:
- Service providers who process data on our behalf (see Section 12).
- Professional advisers, such as accountants and legal advisers, where necessary.
- Public authorities or law enforcement where we are legally required to do so.
12. Service providers and processors
We use trusted providers for functions such as payment processing, website hosting, email, and (with consent) analytics. These processors act on our instructions under written contracts that require them to protect your data and use it only for the agreed purposes.
13. International data transfers
We aim to keep personal data within the UK. Where a provider processes data outside the UK, we ensure appropriate safeguards are in place, such as an adequacy decision by the UK government or the International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses, so your data receives an equivalent level of protection.
14. Data security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse, including access controls, secure systems, and staff awareness. No system is completely secure, but we take our responsibilities seriously and review our measures regularly.
15. Your data protection rights
Under the UK GDPR, you have the right to:
- Be informed about how we use your data.
- Access the personal data we hold about you.
- Rectification of inaccurate or incomplete data.
- Erasure of your data in certain circumstances.
- Restrict processing in certain circumstances.
- Data portability for data you provided, where applicable.
- Object to processing based on legitimate interests or for direct marketing.
- Withdraw consent at any time where we rely on consent.
- To exercise any right, email info@kalogas.org. We will respond within one month, as required by law. We do not charge a fee in most cases.
16. Children’s and minors’ privacy
Kalogas welcomes younger players in line with our Terms of Service, and participation by under-18s may require parental or guardian consent. Where we collect data about a minor, we do so with appropriate consent and collect only what is necessary. We do not knowingly use children’s data for marketing. If you believe we hold a minor’s data without proper consent, contact us and we will address it.
17. Automated decision-making
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing, and we do not carry out profiling of this kind.
18. Policy updates
We may update this Privacy Policy from time to time. The “last updated” date shows the current version. Significant changes will be highlighted on our website.
19. Complaints procedure
If you have a concern about how we handle your personal data, please contact us first at info@kalogas.org so we can try to resolve it.
You also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office (ICO):
- Information Commissioner’s Office
- Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline: 0303 123 1113
- Website: ico.org.uk
- You can contact the ICO at any time, though we would welcome the chance to address your concern first.