PRIVACY POLICY
PenniBlack Collective
PenniBlack LDN Ltd (trading as PenniBlack Collective), 3 West Drive, Tooting, London SW16 1RP
info@penniblackcollective.co.uk
About This Policy
The PenniBlack Collective understands that your privacy is important to you. This policy explains how personal data is collected, held and used when you engage with the Collective as a whole — for example, when booking services across multiple brands, communicating with a Collective coordinator, or attending a Collective showcase event.
PenniBlack LDN Ltd (Company No. 12397094) is the Data Controller for all brands within the PenniBlack Collective, including PenniBlack Catering & Events, Raquel's Staffing & Bar, VENN Productions, Free Spirit Wellness, and any future member brands. Each brand also maintains its own Privacy Policy covering the specific data it collects in delivering its services.
This Collective Privacy Policy applies specifically to data collected at the Collective level — through the Collective website, coordinator communications, multi-brand bookings, and Collective events.
What Personal Data We Collect
When you engage with the PenniBlack Collective directly, we may collect:
Name and job title
Business or organisation name
Contact details including email address and telephone number
Business address and invoice address
Details of the event or project you are enquiring about
Information about which Collective brands you are interested in or have engaged
Payment information for multi-brand bookings invoiced by PenniBlack LDN Ltd
Booking and project history across multiple Collective brands
Correspondence with the Collective coordinator
Marketing preferences and communication preferences
Where you book services from multiple brands within the Collective under a single agreement, your contact and booking information will be shared between the relevant brands solely for the purpose of coordinating and delivering your event. Each brand will handle your data in accordance with its own Privacy Policy.
How We Use Your Personal Data
Performance of a contract
Where you engage the Collective for a multi-brand event, we use your personal data to coordinate, plan and deliver those services, issue combined invoices and manage the overall client relationship.
Legitimate interests
We use your contact details and engagement history to manage our relationship with you, respond to your enquiries, send operational and project communications, and maintain records of the services delivered across the Collective. We have a legitimate interest in operating the Collective effectively and providing a seamless multi-brand experience.
Consent — marketing
Where you opt in to receive communications from the Collective — including news about our brands, upcoming events, showcases and new services — we will contact you on this basis. You may opt out at any time by contacting us or using the unsubscribe option in any marketing communication. Opting out of Collective-level communications does not automatically opt you out of communications from individual brands you have separately engaged.
Legal obligation
We may process personal data to comply with financial, tax and other legal obligations.
Data Sharing Between Collective Brands
Where you book a multi-brand event through the Collective, your name, contact details and relevant event information will be shared with the individual brands engaged to deliver your event. This is necessary to coordinate the services you have requested and is done on the basis of contract performance.
Your data will only be shared with brands within the Collective that are directly involved in your booking. It will not be shared with all Collective brands as a matter of course, and will not be shared with any brand for marketing purposes without your consent.
Each brand within the Collective operates under the Data Controller authority of PenniBlack LDN Ltd and handles shared data in accordance with the same data protection standards.
Collective Events and Showcases
When you attend a PenniBlack Collective event, showcase or industry gathering, we may collect your name and contact details for guest list management, post-event follow-up and, where you have consented, marketing purposes. Photography or filming may take place at Collective events for promotional purposes. Where identifiable individuals feature in images we intend to publish, we will seek consent.
Future Member Brands
As the PenniBlack Collective grows to include additional brands, those brands will be subject to the same data protection standards and will operate under the Data Controller authority of PenniBlack LDN Ltd. Any new brand joining the Collective will publish its own Privacy Policy. This Collective Privacy Policy will be updated to reflect any material changes to how data is shared or processed at the Collective level.
Your Rights Under UK GDPR
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:
The right to be informed about how your personal data is collected and used
The right to access the personal data we hold about you
The right to rectification — to have inaccurate or incomplete data corrected
The right to erasure — to ask us to delete your personal data
The right to restrict processing of your personal data
The right to object to us using your personal data for a particular purpose
The right to data portability — to receive a copy of your data in a portable format
Rights relating to automated decision-making and profiling
For more information about your rights, contact the Information Commissioner's Office at ico.org.uk or your local Citizens Advice Bureau. You have the right to lodge a complaint with the ICO at any time.
How Long We Keep Your Data
We will not keep your personal data for longer than is necessary in light of the reason it was collected. Financial and booking records are retained in accordance with HMRC requirements. Marketing preferences and contact records may be retained for as long as you remain an active contact of the Collective, or until you request deletion. We will retain your personal data for a minimum of six (6) years following your last interaction with us, after which it will be securely deleted or anonymised.
How We Store and Protect Your Data
All personal data held by PenniBlack LDN Ltd is stored securely in the United Kingdom and is fully protected under the UK GDPR. We use HTTPS encryption for all data transmission and maintain regular security reviews. Access to personal data is restricted to authorised staff only, and access permissions are reviewed and updated when staff responsibilities change.
Do We Share Your Data?
The PenniBlack Collective will not share your personal data with any third parties for commercial purposes. In limited circumstances we may be legally required to share personal data if involved in legal proceedings or complying with a court order, legal obligation or government authority instruction.
Information Collected via Our Website
We collect personal information submitted through our website in the following ways:
Contact and enquiry forms — name, email address, telephone number and message content
Quotation request forms — event details, contact information and any additional information you provide
Newsletter and mailing list sign-up forms — name and email address
Event registration forms — name, contact details and any information relevant to the event
Information submitted via website forms is used to respond to your enquiry, process your request, or add you to our mailing list where you have consented. We will not use information submitted via contact forms for marketing purposes without your explicit consent.
Cookies and Website Tracking
Our website uses cookies and similar tracking technologies to help the site function correctly, to understand how visitors use it, and — where you have consented — to support our marketing activity.
What are cookies?
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently and to provide information to website owners.
Types of cookies we use
Essential cookies — necessary for the website to function. These cannot be disabled.
Analytics cookies — help us understand how visitors interact with our website (for example, via Google Analytics). These are only set with your consent.
Marketing cookies — used to track visitors across websites to enable us to show relevant advertising (for example, via Meta Pixel or LinkedIn Insight Tag). These are only set with your consent.
When you first visit our website, you will be shown a cookie consent banner. You can choose which categories of cookies to accept. You can change your preferences at any time via the cookie settings link in our website footer.
Third-party analytics and advertising
the PenniBlack Collective may use third-party analytics and advertising tools including Google Analytics, Meta Pixel and LinkedIn Insight Tag. These tools may collect information about your visit including pages viewed, time spent, and interactions. Data collected through these tools is subject to the privacy policies of the respective providers. You may opt out of Google Analytics tracking at any time by installing the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.
Third-Party Service Providers
In operating our business, we use carefully selected third-party service providers who may process personal data on our behalf. These providers act only on our instructions, are subject to appropriate confidentiality obligations, and are required to handle data in accordance with UK GDPR.
Such providers may include:
Email marketing platforms (for example, Mailchimp or similar) — used to manage mailing lists and send marketing communications
Cloud storage and productivity tools (for example, Google Workspace or Microsoft 365)
Accounting and invoicing software (for example, Xero or QuickBooks)
Booking and event administration software
IT support and website hosting providers
We will always ensure that any third-party provider we use meets appropriate data protection standards. We do not sell, rent or trade your personal data to third parties for their own commercial purposes.
International Data Transfers
We store personal data in the United Kingdom wherever possible. However, some of our third-party service providers may store or process data in countries outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place — such as standard contractual clauses approved by the ICO — to ensure your data remains protected to the same standard as it would be in the UK.
Data Breaches
We take the security of your personal data seriously. In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will follow our obligations under UK GDPR, including notifying the Information Commissioner's Office within 72 hours where required, and informing affected individuals without undue delay where the breach is likely to result in a high risk to those individuals.
Children's Data
Our services are primarily directed at adults acting on behalf of organisations, businesses or as individual event clients. We do not knowingly collect personal data from children under the age of 13. Where an event involves minors and it is necessary to collect information about participants, we will do so only with appropriate parental or organisational consent and in accordance with UK GDPR requirements.
ICO Registration
PenniBlack LDN Ltd is registered with the Information Commissioner's Office (ICO) as a Data Controller. Our ICO registration number is available on request and can be verified at the ICO public register at ico.org.uk/ESDWebPages/Search.
How to Contact Us
Data Controller: PenniBlack LDN Ltd | 3 West Drive, Tooting, London SW16 1RP
Email: info@penniblackcollective.co.uk | Tel: 0800 121 8921 | Website: penniblackcollective.co.uk
To make a Subject Access Request, to withdraw consent, or to request deletion of your personal data, please contact us in writing using the details above. We will respond within one month.
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in the law or our business practices. This policy was last updated in June 2026. The current version will always be available on our website.