The Manor Privacy Policy At The Manor (Manor), the privacy of your Personal Data and information is of the utmost importance. This Privacy Policy details Manor policies with respect to the handling of personally identifiable information ("PII") submitted to or otherwise collected by this website. Please read this Privacy Policy in its entirety, as it includes important information regarding your PII and other information. Index 1. Introduction 2. General Provisions 3. PII We Collect 4. Credit Card Processing Data Security 5. Use of Cookies 6. Use of Password 7. Posted Information 8. Updating and Correcting Information 9. Automatic Collection Of Information 10. Our Use Of Your Information 11. Retention Of Your Personal Information 12. Data Protection Officer 13. European Union Data Rights 1. Introduction 1.1) The Manor website is an online service for managing events, memberships, member profiles, and social communications amongst Members. 1.2) The LS Venues platform is used by Venue Owners to host and manage venue websites with event management and social functions. Member Profiles are portable across all venues in the LS Venues platform. As such, your data privacy is managed by the LS Venues platform. Venue Owners have agreed to terms and conditions that bind them to this Privacy Policy ("Policy") while indemnifying the LS Venues owners against any deviations from this policy on their part. 1.3) If you do not agree with this Policy, you may not access or use The Manor website. Each time you visit The Manor website or provide us with information, by doing so you are accepting the terms of this Policy. 1.4) We reserve the right to modify this Policy at any time. The latest Policy will always be available at this URL and posting a new Policy to this URL constitutes our notification to you of the change. We encourage you to check this page periodically. The Policy shall become effective immediately upon its availability at this URL. 2. General Provisions 2.1) We are committed to maintaining the security of your information and have reasonable measures in place to protect against the loss, misuse and alteration of the information you provide, which is under our control. This Policy is meant to ensure that all current and future information collected from our users is secure and we use best practices to protect our systems. While 'perfect security' does not exist on the Internet, our technical experts work hard to ensure your secure use of our services. While we make diligent effort to ensure the integrity and security of our network and systems, and as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the internet. You assume the risk of such breaches to the extent that they occur despite our reasonable security measures. 2.2) While this Policy states our high standards for maintenance of Data and we have made commitments to meet them, we are not in a position to guarantee these standards. There may be factors beyond our control that may result in disclosure of data. As a consequence, we disclaim any warranties or representations relating to maintenance or nondisclosure of Data. 2.2.1) This Policy applies only to transactions and activities in which you engage and Data gathered on LS Venues websites. This Policy does not apply to other entities that we do not own or control, such as persons that are not our employees, agents, or assigns. 2.2.2) All Member Profile information is stored securely. Some information is visible to other Members on LS Venues websites, while other information is visible to Site or Group Administrators only. PII you provide to us that is not for display on your Profile, such as your real name, full address, email address, or other identifying data will be kept strictly private, visible only to Site and Group Administrators and door check-in staff as required. We do not sell, lease, or disclose any PII and we hold this information in the strictest privacy to be used only in the intent that it was disclosed. 2.3) LS Venues websites may use Data to customize and improve your user experience on the LS Venues websites. We will make all reasonable efforts to avoid disclosure of your Data to third parties unless provided for otherwise in this Policy. Examples of how your data may be disclosed: A) We obtain your consent, such as when you choose to opt-in or opt-out to the sharing of specific Data B) To comply with law or other legal obligations such as responding to subpoenas, or other requests from public and government agencies, including laws and other legal obligations outside a party's country of residence C) We find that your use of LS Venues websites violates this Policy, our Terms of Service, or other usage guidelines or as deemed reasonably necessary by us to protect the legal rights, privacy, and/or property of LS Venues staff or our Members D) As necessary to perform the functions provided by LS Venues websites, such as to complete payment transactions E) To investigate, prevent, or take action regarding potential or suspected illegal activities, fraud, threats to the personal safety of any person, or violations of LS Venues Terms of Service 2.3.1) In the case of a merger, acquisition, or internal reorganization of LS Venues or The Manor, the new ownership will be able to use the Data in the same manner as identified under this Policy. 3. Personal Identifying Information (PII) We Collect 3.1) LS Venues websites collect PII for the following purposes: A) Credit card or digital payment transactions to add funds to profile account B) Membership application and Member Profile validation C) Online Membership Agreements 3.2) To add funds to LS Venues profile accounts, we may collect the following information: A) Credit card information (card number, security code, billing zip code) 3.3) Membership application and Member Profile may collect the following information: A) First and Last name (visible only to site and group administrators and door checkin staff) B) Screen name C) City and State D) Email (visible only to site administrators) E) Birthday (day and year may optionally be kept private and visible only by site and group administrators) F) Gender and Orientation G) Drinking and smoking preferences H) Answers to lifestyle interest survey I) Your connection and relationship to other Member Profiles 3.4) Online Membership Agreements may collect the following information: A) Email Address B) First and Last Name 4. Credit Card Transaction Data Security 4.1) All credit card information is sent and received using SSL Encryption. Credit card information is tokentized and/or encrypted and is handled entirely by our payment vendor, Square, using industry standard security practices. 4.2) The LS Venues websites and the servers that host them never receive or store your credit card information in any way. 5. Use of Cookies 5.1) We use cookies to facilitate site security and a more user friendly experience. A cookie is a tiny data file that resides on your computer allowing the website to recognize you as a member when you return to our site using the same computer and web browser. 5.2) LS Venues websites use a single required cookie that identifies your login session to the LS Venues web server. It automatically expires after a period of time and is updated periodically while you are logged in to prevent cookie hijacking. You have the ability to accept or decline cookies in your web browser. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you decline cookies, you will not be able to login to LS Venues websites. 6. Control Of Your Password 6.1) By logging into LS Venues websites, you have full access to your personal information and your personal information is secured by your password. Your password is under your control. Do not share your password with anyone. It is your responsibility to keep your password confidential and LS Venues and The Manor cannot be held liable for any loss or misuse of your password. 6.2) If you lose control of your password you may lose substantial control over your PII. Therefore, if your password has been compromised for any reason, you are required to immediately change your password. 6.3) We strongly urge you to periodically change your password to help reduce the risk of unauthorized access to your account information. 6.4) If you forget your password, please use the Forgot Password link to generate a new random password for you and send it by email. You must change your password immediately after using it to login. 6.5) If you do not provide your email address in your Profile data, then the password reset process can be done in-person by providing your user name and driver's license. 7. Posted Information 7.1) LS Venues websites allow you to post information that can be viewed by other authenticated members of the site. PII, such as real names, ID's, and email address are visible only to LS Venues staff, Venue Owners, Venue Owner's authorized staff, and Group Administrators of groups you have joined. Other non-identifying information you post is generally visible to other logged in members, unless specific security controls have been provided to limit the access to such information. 7.2) LS Venues has no control over the use of Data that you voluntarily post in Member Areas of the Site, such as photos and comments posted in chat rooms (collectively, "Unsolicited Information"). All Unsolicited Information shall be deemed to be non-confidential. You should be aware that if you voluntarily disclose Unsolicited Information online, that Unsolicited Information can be collected and used by authenticated Members. For example, if you post your email address in comments or posts in chat rooms, you may receive unsolicited messages from others. 7.3) LS Venues reserves the right, at its sole discretion, to reject, refuse to post, or remove any posting or communication (including email) by you, or to restrict, suspend, or terminate your access to all or any part of LS Venues websites at any time, for any or no reason, with or without prior notice, and without liability. 7.4) LS Venues cannot control the actions of other Members with whom you may choose to share your information. Therefore, we cannot and do not guarantee that information and content you post on LS Venues websites will not be viewed by unauthorized persons. While we take the upmost care of your privacy and have technical safeguards to prevent disclosure, we are not responsible for circumvention of any privacy settings or security measures of LS Venues websites. You understand and acknowledge that, even after removal, copies of your content may remain accessible in cached and archived pages or if other Members have copied or stored your content. To learn more about social networking safety tips, visit the link below: http://onguardonline.gov/socialnetworking.html 8. Updating/Correcting Personal Information 8.1) You may correct or update your personal information by editing your profile information on any LS Venues website or, in some cases, by requesting that Venue staff update your information. 8.2) Even if you update or remove your information from our live database, your Data may be retained in backup files and archives, stored securely for a maximum of 1 year.. 8.3) If you remove your profile, a summary version of your contact information is retained in order to contact you if necessary. If you wish for this information to also be removed, you may request removal by contacting LS Venues staff. Some data, such as customer order history and credit card transaction history, may not be removable for a period, as required to respond to chargebacks or refund requests. 8.4) If, for any reason, you cannot log into LS Venues websites to view or correct your Data, you may request access or a correction by sending an email request to LS Venues at support@lsvenues.com. Please note that, consistent with local law, LS Venues may retain PII for auditing purposes, to troubleshoot problems, assist with investigations, enforce our policies, or comply with legal requirements. 9. Automatic Collection of Information 9.1) LS Venues does not automtically collect or store any information about your computer hardware, software, IP address, or other anlytics information. 10. Our Use of Your Information 10.1) LS Venues may internally use PII to improve our marketing efforts, to statistically analyze platform usage, to improve our content and service offerings, as well as to customize our sites' content and layout. We believe these uses allow us to improve LS Venues sites and better tailor your online experience to meet your needs. 10.2) We may also use your email address to deliver information to you that, in some cases, is targeted to your interests. 10.3) LS Venues and Venue Owners may also send periodic updates to members via email. You may unsubscribe from any marketing messages easily by clicking the "Unsubscribe" link. 10.4) We use PII to resolve disputes, troubleshoot problems, and enforce our Terms Of Service. 10.5) LS Venues may use your PII, including email address, to reach you in order resolve credit card transaction disputes as well as any other customer support issues. 11. Retention of Your Personal Information 11.1) LS Venues retains Data you have given us indefinitely, unless you request that we delete that information. You may request that your Profile be disconnected from any LS Venues site by clicking Remove Profile in the profile management screen. You may also request that your Profile be deleted by accessing the LS Venues website. If you delete your profile via LS Venues, your Profile will automatically be removed from all LS Venues sites. We may still retain information necessary to resolve credit card transaction disputes for up to 180 days after your last credit card transaction. If you ever file a chargeback, we may retain certain PII for up to 3 years in order to handle any possible activity around your chargeback. 12. Data Protection Officer 12.1) Please contact the LS Venues Data Protection Officer for any questions related to this Policy by emailing support@lsvenues.com or by clicking the Contact link in the footer of any LS Venues website. 13. European Union User Rights 13.1) European Union (EU) residents have the following statutory rights in relation to their personal data. 13.2) The rights to data subject access include the following: A) Know whether a third party holds any personal data about them. B) Receive a description of the data held about them and a copy of the data. C) Be informed of the purpose(s) for which that data is being processed, and from where it was received. D) Be informed whether the information is being disclosed to anyone apart from the original recipient of the data and, if so, the identity of those recipients. E) Data subjects can ask that their personal data be transferred to them or to a third party in machine readable format (Word, PDF, etc.). However, such requests can only be fulfilled if the data in question is: 1) provided by the data subject to LS Venues websites, 2) is processed automatically, and 3) is processed based on consent or fulfillment of a contract. F) If the data is being used to make automated decisions about the data subject, to be told what logic the system uses to make those decisions and to be able to request human intervention. 13.2.1) LS Venues websites must provide a response to data subjects requesting access to their data within 30 calendar days of receiving the Data Subject Access Request unless local legislation dictates otherwise. Please contact the LS Venues Data Protection Officer for assistance at support@lsvenues.com. In order to establish the correct User identity, LS Venues may require the User to provide official government issued proof of identity or require a secondary digital validation. 13.2.3) You have the following choices to modify or delete your personal information from our database: A) Login and modify or delete your profile B) Send an email to support@lsvenues.com 13.2.4) In the event that LS Venues becomes aware that site security is compromised or nonpublic user information has been disclosed to unrelated third parties as a result of external activity, including but not limited to external security attacks, LS Venues shall take reasonable measures as it deems appropriate, including but not limited to internal investigation and reporting and notification to and cooperation with law enforcement authorities, notwithstanding other provisions of this Policy. If you become aware of such a breach, please email support@lsvenues.com to create an emergency support ticket. If LS Venues becomes aware that a user's personal information provided to LS Venues has been disclosed in a manner not in accordance with this Policy, LS Venues shall make reasonable efforts to notify the affected user as soon as reasonably possible and as permitted by law indicating what information has been disclosed to the extent that LS Venues can identify such information. 13.3) If a Member requires deletion of their data they must delete their account. When Members delete their account or decide to no longer participate in the Services, the majority of data will be deleted upon Member confirmation. The remainder of the Data will be deleted after 180 days. 13.3.1) Upon account deletion, Member data will remain in backups for 180 days. 13.3.2) Members may email support@lsvenues.com to request data deletion, cancel their Member account, or to send a GDPR Data Subject Request form. 13.4 Data Subject Access Request Procedure (DSAR) 13.4.1) A Data Subject Access Request (DSAR) is any request made by an individual or an individual's legal representative, for information held by the Company about that individual. The Data Subject Access Request provides the right for data subjects to see or view their own personal data as well as to request copies of the data. 13.4.2) A Data Subject Access Request must be made in writing. In general, verbal requests for information held about an individual are not valid DSARs. In the event a formal Data Subject Access Request is made verbally to a staff member of the Company, further guidance should be sought from Data Protection Officer, who will consider and approve all Data Subject Access Request applications. 13.4.3) A Data Subject Access Request can only be made via any of the following methods: email, post, or corporate website. DSARs made online must be treated like any other Data Subject Access Requests when they are received, though the Company will not provide personal information via social media channels. 13.5) In order to be able to respond to the Data Subject Access Requests in a timely manner, the data subject should: A) Submit his/her request using a Data Subject Access Request Form. B) Provide LS Venues with sufficient information to validate his/her identity (to ensure that the person requesting the information is the data subject or his/her authorized person). C) Subject to the exemptions referred to in this document, LS Venues will provide information to data subjects whose requests are in writing (or by some other method explicitly permitted by the local law), and are received from an individual whose identity can be validated. Requests are more likely to be successful where they are specific and targeted at particular information. D) Factors that can assist in narrowing the scope of a search include identifying the likely holder of the information (e.g. by making reference to a specific LS Venues website and function), the time period in which the information was generated or processed (the narrower the time frame, the more likely a request is to succeed), and being specific about the nature of the data sought (e.g. a copy of a particular form or chat messages from a particular chat room). 13.6) Possible examptions to the above include: A) An individual does not have the right to access information recorded about someone else, unless they are an authorized representative, or have parental responsibility. B) LS Venues is not required to respond to requests for information unless we are provided with sufficient details to enable the location of the information to be identified, and to satisfy as to the identity of the data subject making the request. C) In principle, LS Venues will not normally disclose the following types of information in response to a Data Subject Access Request: 1) Information about other people - A Data Subject Access Request may cover information which relates to an individual or individuals other than the data subject. Access to such data will not be granted, unless the individuals involved have previously given consent to the disclosure of their data in one of the scenarios detailed above, such as communications from other users. 2) Repeat requests - Where a similar or identical request in relation to the same data subject has previously been complied with within a reasonable time period, and where there is no significant change in personal data held in relation to that data subject, any further request made within a three month period of the original request will be considered a repeat request. 3) Publicly available information - The Company is not required to provide copies of documents which are already in the public domain, such as stories, forum contributions, and other Member generated content. 4) Opinions given in confidence or protected by copyright law 5) Privileged documents - Any privileged information need not be disclosed in response to a DSAR. In general, privileged information includes any document which is confidential (e.g. a direct communication between a client and his/her lawyer) and is created for the purpose of obtaining or giving legal advice. 13.7) There are situations where individuals do not have a right to see information relating to them. For instance, individuals do not have the right to data if the information is kept only for the purpose of statistics or research, and where the results of the statistical work or research are not made available in a form that identifies any of the individuals involved. 13.7.1) Requests made for other, non-data protection purposes can be rejected and, if done so, the reasons for the rejection must be clearly set out in writing.