Logo for 'The Exchange' bar and kitchen with stylized roof above the text.

Privacy Policy

Last Updated: 2025
Vision and Flow LTD (“we”, “us”, “our”) manages The Exchange London and is committed to protecting your information in line with UK GDPR and the Data Protection Act 2018.
By using our website or booking our venue, you agree to this policy.

1. Data Controller

Vision and Flow LTD
The Exchange London
Project Road, Barking Riverside, IG11 0YP
Email: info@visionandflow.co.uk

We determine how your personal data is collected and used.

2. Information We Collect

We collect the following categories of personal data:

a. Information You Provide
• Contact details (name, email, phone number)
• Booking details (event type, dates, requirements)
• Payment information (processed by secure third parties)
• Communications (emails, contact forms)

b. Automatically Collected Data
• Cookies and analytics data
• IP address and device details
• Pages viewed and access times

c. Third-Party Sources
• Payment processors
• Booking platforms
• Analytics providers

3. How We Use Your Information

We use your information for:

a. Managing Your Booking
• Responding to enquiries
• Confirming bookings
• Scheduling events
• Customer support

b. Payments & Administration
• Processing payments
• Deposits and refunds
• Internal record keeping

c. Service Improvement
• Website performance
• Troubleshooting
• Enhancing customer experience

d. Marketing (with your consent)
• News, offers, updates
• Event announcements

e. Legal Compliance
• Safety and venue obligations
• Financial reporting

4. Legal Basis for Processing

We rely on:

Contract – To manage your booking
Legitimate Interests – Venue safety, fraud prevention, service improvement
Consent – Marketing and non-essential cookies
Legal Obligation – Tax, safety, and compliance requirements

5. Data Sharing

We do not sell or rent your data.
We may share information with trusted providers, including:
• Payment processors
• Website hosting
• Email services
• Analytics tools
All partners must comply with UK GDPR.

6. International Transfers

If data is transferred outside the UK, we ensure:
• Adequate protection by law, or
• Approved safeguards (such as Standard Contractual Clauses)

7. Data Retention

We keep data only as long as required for bookings, legal obligations, and support.

Typical retention:
• Booking records: up to 7 years
• Enquiries: up to 2 years
• Analytics: 12–26 months

After this, data is deleted or anonymised.

8. Your Rights

You can request:

• Access to your data
• Correction of inaccurate information
• Deletion (where permitted)
• Restriction of processing
• Objection to marketing or legitimate-interest processing
• Data Portability
• Withdraw Consent at any time

Contact: info@visionandflow.co.uk

9. Cookies & Tracking

We use cookies for:
• Website functionality
• Security
• Analytics and performance

You can manage cookies through your browser settings.

10. Security Measures

We implement:
• Encryption
• Access controls
• Secure hosting
• Continuous monitoring
• Staff training

Although no system is fully secure, we take reasonable steps to protect your data.

11. Complaints

If you have concerns, you may contact:

Information Commissioner’s Office (ICO)
www.ico.org.uk
0303 123 1113

We encourage you to contact us first.

12. Updates to This Policy

We may update this policy occasionally. The version shown on this page is the most current.