Privacy Policy
Last updated: December 7th, 2022
WHO WE ARE
The 40/40 Club (“Company”, “we”, “our”, or “us”) operates the website The4040Club.com and each of its subsites and mobile applications (collectively “Site”) and provides the content (including email and electronic communications) and services (collectively “Services”) offered on or through the Site. “Platform” means the Site and its Services.
ABOUT THIS DOCUMENT
This Privacy Notice explains how we collect, use, share, and protect information about users of the Platform, and the choices users have about how we collect and use certain information about them.
External Websites: This Privacy Notice does not apply to the websites of external parties to which the Platform links. We do not endorse, and are not responsible for the content of such websites, their policies or practices, or any product or service that they offer. Any activity you perform on such external websites will be subject to the privacy policies and other terms and conditions expressed therein. We recommend that you review external website terms before providing any personal information to them.
MODIFICATIONS
We modify this Privacy Notice from time to time in accordance with the “Policy Changes” section below.
CHILDREN
By using the Platform, you represent that you are at least 13 years old. The Service is a general audience service. Our content is not directed towards children who are under the age of 13, nor do we knowingly collect personal information from children under the age of 13. If we become aware that a child under the age of 13 has provided us with personal information without parental consent, that information will be deleted. Parents who have questions about personal information that has been submitted by a child under the age of 13 should email us at the address provided in the “How to Contact Us” section.
WHAT WE COLLECT
We collect information about you through your interactions with our Platform, including personal information you provide us directly as well as information we, or one of our service providers, observe about how you use our Platform. This information is collected by cookies, which are small text files that are placed on your computer by websites that you visit, and are widely used in order to make websites work, work more efficiently, and provide information to the owners of the website. You may refuse the use of cookies by selecting the appropriate settings on your browser. For further information on how to disable cookies in different browsers, click here. If you are located in the UK or European Economic Area (EEA), you may also decline to consent to the use of cookies. However, please note that if you do this, you may not be able to use the full functionality of our websites. You can obtain more information about our use of cookies here.
Categories of data we collect:
Contact/Identification: Name, email, phone, mailing address, birthday, gender.
Purchases: Number of tickets purchased, ticket purchase time, transaction amount, venue name, event date, artist, billing address.
Payment: Credit card information is requested to complete online purchases through our Platform (this information is briefly stored in the memory of our web server and is then sent straight to our credit card processor; we do not store it after it has been sent to the credit card processor, with the exception of the last 4 digits of the card used to make the purchase, which is utilized to ensure the correct individual is picking up tickets, wristbands, or pre-paid VIP bar cards). Credit card information is also requested for VIP table purchases. Additionally, unique transaction IDs are recorded for customer support and to process refund requests; however, they do not contain any personally identifiable information. Further, our restaurants located in England offer pay by link options for purchases, which are processed by our credit card processor. We also maintain a record of the amount spent in our restaurants and nightlife/daylife venues.
Reservation Notes: Information relating to your reservation (for example, seating preferences, food and beverage preferences, and allergy information), whether you showed up for your reservation, venue, reservation date and time, party size, amount spent. Please note that allergy information will not be collected without your consent.
Referrals: If you were referred to us by someone, we may keep a record of the referral source.
Age verification: We keep records of your age verification on our websites, verifying that you are old enough to consent to the processing of your personal information.
Correspondence: Contents of emails you send us, when you send/receive/view one of our emails, when you opt in or out of receiving emails from us.
Advocate Link: This is a URL that points to our website and includes a parameter that identifies the affiliate who sent the traffic to us.
Venue Admissions: We keep records regarding when a ticket, wristband, VIP bar card, party pass, pre-paid table, or reservation is fulfilled at a particular venue.
Music Preferences: Musical artists and genres that you have expressed an interest in.
Social Media: Contents of posts you make on our social media pages, likes and other interactions with our social media content, social media user name. You can control the information we receive from social media platforms such as Facebook, Instagram, Snapchat, and Twitter by using the privacy and data settings in your social media accounts.
Preferences/Settings: Time zone, language, and character size, among others.
Online Identifiers: IP address; mobile device advertising identifier, tracking tags from AdRoll, Facebook, Google Ads, Google Analytics, MailChimp.
Platform Usage: Date stamp, URL of the last webpage visited before visiting our Platform, and URL of the first page visited after leaving our Platform, pages viewed, time spent on a page, click through, clickstream data, queries made, search results selected, comments made, search history, type of service requested, purchases made, among others.
Do Not Call: Whether you have asked to be placed on a do not call list, and do not call reasons.
Cookies: Information collected through cookies, pixel tags, and other tracking technologies.
General geographic location: Based on IP address blocks, AWS CloudFront headers, and/or browser location API, which can identify general geographic regions.
Geolocation data: Based on information provided through use of the Rewards Program, if you choose to allow geolocation data to be provided to us.
SOURCES OF DATA
Web Forms: Most of the personal information we collect comes through various forms across our Platform. Certain fields on these forms are mandatory in order for us to complete the associated transactions. Mandatory fields are indicated with an asterisk.
Browsers: We also collect data from your browser. This data collection occurs automatically as a consequence of your browser interacting with our servers. This data is captured in logs.
Cookies: See the section titled “Online Tracking and Your Choices” below for information about our cookie policy.
Rewards Program: We also collect data from users of our Rewards Program regarding their use of our Services, reward redemption, and preferences regarding our various venues. This data collection occurs automatically through your use of the Rewards Program.
External parties: We collect personal information from service providers such as, but not limited to, OpenTable (restaurant reservations), Seven Rooms (restaurant reservations), Slerp (online order service), Deliveroo (order delivery service), Hotpoint (photo booths), Wireless Social (Wi-Fi access), Facebook (Facebook lead forms, contact information for matching), Paytronix (software used for our Rewards Program), and Hotspot International (photo booths). We only receive your information from these services if you give them consent to share it with us.
Ticket Redemptions: We keep a record of when you check-in to one of our venues via scanning your ticket, through a guest list check-in, or through our VIP table reservation check-in system.
WHY WE COLLECT YOUR PERSONAL INFORMATION
We collect this information for the following purposes:
Commercial Transactions: We use your contact/identification information, in conjunction with your payment information through our payment processor, to complete online purchases and communicate any relevant information after the purchase is complete, and to facilitate order deliveries where applicable. We also pay some of our affiliates commissions when an affiliate refers someone to us who then makes a purchase. The advocate link allows us to track which referrals came to us through which affiliate, so that we can calculate commissions.
Improve Platform/Services: We use several categories of information listed above to help us understand how users interact with our Platform, so we can improve user experience and improve our product offerings. The analytics tools we use to analyze this data have the capability of identifying individual users under some circumstances; however, we only use these capabilities to generate sample data reports. We do not use these capabilities to identify individuals.
Marketing/Promotions: We send promotional emails from time to time to users who opt-in to receive such emails (you can unsubscribe any time by clicking the “unsubscribe” link at the bottom of the email). We send promotional emails in relation to your birthday; however, these are based on the month and day of your birthday only (not your birth year). We use social media usernames to assist us in de-duplicating contacts in our marketing database. This de-duplication helps us avoid sending duplicate advertising to the same person through multiple e-mail addresses. We also create custom audiences for social media advertising. If you are in the Rewards Program and allow the App to use your geolocation data, the Rewards Program will also sort information in the App by city for your use.
Legal Compliance: We collect birth dates and addresses to help us comply with certain regulations such as age restrictions on attending some of our venues and consent for processing personal information, and online communications.
LAWFUL BASES
We have determined that we have the following legal bases to collect and process personal information of users who are in the UK and EEA:
Contract: We process personal information in order to complete contractual obligations such as selling/honoring tickets to events, making/honoring reservations (for VIP tables) at events and restaurants, and honoring employment contracts.
Legal Obligation: We process personal information in order to meet legal obligations with various regulatory authorities which impose certain restrictions on us, such as age restrictions on some of our venues.
Legitimate Interests: We process personal information in order to advance legitimate interests such as communicating information about our products and services. When we rely on our legitimate interests as a reason for processing your personal information, we have already considered whether or not those interests are overridden by your rights, and have concluded that they are not. Our legitimate interests do not automatically override your interests – we will not use your personal information for activities where our interests are overridden by the impact on you (unless we have your explicit consent or are otherwise required or permitted by law). In determining whether our legitimate interests override your rights, we consider the nature of both your interests and ours, the impact the processing will have on you, and any safeguards which are or could be put in place. Our legitimate interests for processing your personal information include:
Reservations and orders: We may use your personal information to complete and administer your reservations and orders.
Customer service: We use your personal information to provide customer service to you.
Direct marketing activities: We use your personal information for marketing activities, such as marketing communications and running sweepstakes or contests. When we send you marketing communications, we include an unsubscribe link that you can use if you do not want us to send you future marketing communications.
Analytics, improvement, and research: We use personal information to conduct research and analysis so that we can improve our products and services, enhance the user experience, and improve our website. The analytics tools we use to analyze this data have the capability of identifying individual users under some circumstances; however, we only use these capabilities to generate sample data reports. We do not use these capabilities to identify individuals.
Cybersecurity, fraud detection, and prevention: We use personal information to help prevent fraud and other illegal activities, to investigate and detect fraud, and for the authentication of users.
Payments: We use personal information to collect payments for purchases made from us.
Recordkeeping: We use personal information to keep internal records and maintain records of reservations, contracts, user preferences, and complaints, to help us run our business efficiently and provide a higher level of service to our guests.
Operating our websites: We use your personal information to operate our Site.
Consent: We send promotional emails to users who consent to receive promotional emails.
ONLINE TRACKING, INTEREST-BASED ADVERTISING, & YOUR CHOICES:
We use cookies, web beacons, and other tracking technologies to collect information about your behavior across our Platform, including, for example: your browser name/version, page views, IP address, and referring/exit pages. We also permit advertising partners to use cookies and similar tracking technology to collect information about your browsing activities over time and across different websites when you use our Site. We also use this information to audit customer interactions with our Site. We use advertising services provided by ad partners – Facebook, Snapchat, MailChimp, Pinterest, Google Analytics and AdRoll – to market our services to you on other websites and online services (sometimes referred to as “retargeting”). These service providers place a cookie on your browser when you visit our Site so that they can identify you and serve you ads on other sites around the web based on your browsing activity. We use the following tracking tools:
Session cookies: We use session cookies to keep you logged in while you use features of our Site. These disappear after you close your browser.
Persistent cookies: We also use persistent cookies, which stay in your browser and allow us to recognize you when you return to our Site. These allow us to remember your information, so you will not have to re-enter it multiple times, to better understand how you use our Platform, and otherwise enhance our Platform, products, and services.
Email tracking: In some of our email messages, we use a “click-through URL” linked to content on the Site. We track this click-through data to help us measure the effectiveness of our customer communications.
Analytics tools: We also use service provider analytics tools to assist us with analyzing and improving our service, to personalize advertising, and to improve ad delivery. These tools use cookies or similar technologies to track online behavior.
YOUR CHOICES:
Browser settings: Most Internet browsers allow you to change the settings to stop accepting cookies or to prompt you before accepting a cookie. If you set your browser to reject cookies, parts of our Site may not work for you. Please note, depending on your type of device or browser, it may not be possible to delete or disable all tracking mechanisms on your device.
“Do Not Track”: If you select a “Do Not Track” option in your browser, it may not have any effect on our collection of cookie information for analytic and internal purposes. We have no control over and cannot confirm whether our ad partners honor “Do Not Track” browser settings.
Opt-out of Interest-based advertising: Many advertising companies are members of the NAI or DAA which offer opt-out guidance and tools at https://optout.networkadvertising.org/ or info/choices or http://www.youronlinechoices.eu
To opt-out of interest-based advertising in mobile applications, visit http://youradchoices.com/appchoices.
Google Analytics. To opt out of Google Analytics, please go to https://tools.google.com/dlpage/gaoptout.
Adroll. To opt out of Adroll, please go to https://help.adroll.com/hc/en-us/articles/216599538-Opting-Out-of-Personalized-Advertising
Instructions for opting out of Google ads can be found here.
Instructions for opting out of Facebook ads can be found here.
Instructions for opting out of MailChimp ads or cookies, web beacons, and similar tracking technologies can be found here.
To learn more about cookies, web beacons, and similar tracking technologies, visit org).
EXTERNAL SITES & SOCIAL MEDIA:
Our Site contains links to external websites and includes social media features to interact with Facebook, Instagram, Snapchat, and Twitter. These external sites collect information about you and record information about your browsing behavior. Your interactions with these features are governed by the privacy policy of the company providing the feature, not by our privacy policy. We do not control what information these parties collect. Please review your privacy settings on your social media sites and think carefully before clicking on links which take you to an external website.
We use your personal information to deliver ads to you on social media platforms including Facebook, Instagram, Snapchat, and Twitter.
Please note that for users located in the UK or EEA, Facebook Ireland is a joint controller of your information showing actions you have taken on our Site or apps, which Facebook Ireland will use for ad targeting on our behalf and to improve and personalize ad delivery. Further information about how Facebook processes your information, the legal basis Facebook uses for processing, and ways you may exercise your data subject rights with respect to Facebook Ireland can be found at https://www.facebook.com/about/privacy. Facebook Ireland is responsible for enabling data subject rights (i.e., the right of access, right to rectification, right to be forgotten, right to data portability, etc.) with regard to personal information stored by Facebook Ireland after any joint processing has occurred.
DATA SHARING
We do not sell your personal information. However, there are still a few limited situations where we share personal information in order to operate our business:
External processing: We have service providers who help with some of our processing and storage. They also assist with monitoring our servers for technical problems. These external processors potentially access your information while doing their work, but they are not allowed to use any of your data for purposes unrelated to our products and services.
Business transitions: Upon the sale or transfer of the company and/or all or part of its assets, your personal information will likely be among the items sold or transferred. We will request a purchaser to treat our data under the privacy statement in place at the time of its collection.
Legal reasons: We will provide information to an external party if we believe in good faith that we are required to do so for legal reasons. For example, to respond to legal process, or comply with state and federal laws (or the applicable laws of foreign countries other than the United States).
Aggregate/Anonymized data: We share non-personal information (for example, aggregated or anonymized customer data) publicly and with our partners. For example, we publish trends about our events and venues. We take steps to keep this non-personal information from being associated with you and we require our partners to do the same.
Cross-border transfers: Your personal information will be collected, processed and stored by us or our service providers in the United States and other countries outside the UK and EEA. As a result, your personal information may be subject to legal requirements, including lawful requirements to disclose personal information to government authorities, in those jurisdictions.
OPTING-OUT
If you wish to opt-out of our marketing communications and data sharing practices, please email privacy@the4040club.com. Please note that even though you may opt-out of receiving marketing-related communications from us, we may still send you important administrative messages.
DATA RETENTION
We do not retain your personal information indefinitely. We employ a data retention policy which ensures we can complete our contractual and legal obligations, as well as meet our internal business needs. You may request more information about how we retain your personal information through a data request described in the following section.
YOUR RIGHTS TO YOUR DATA
ACCESS
You have the right to request a copy of the data we have on you and know how we use that information. If you wish to request this information, send an email to privacy@the4040club.com with the word “Access” in the subject line. The email account from which you send the email request must match the email account for the personal information record requested, if applicable. Depending on the amount and categories of data in the requested record, we will respond to your initial email with additional questions to verify that your identity matches the requested record. While we fully respect your right to request your data, we must verify your identity first.
CORRECTION
If you find any mistakes in your data record, you may request that we correct the record by emailing your corrections to privacy@the4040club.com. Please use the word “Correction” in the subject line. If we decide not to correct your data record, we will explain our reason(s) in writing within 30 days.
ERASURE
You have the right to request that we erase the data we possess regarding you. If you wish to exercise this right, send an email to privacy@the4040club.com with the word “Erase” in the subject line. If we decide not to erase your data record, we will explain our reason(s) in writing within 30 days.
RESTRICTION OF PROCESSING
In certain circumstances, you have the right to request that we restrict the processing of the personal information that we have collected about you; for example, where you believe that the personal information that we hold about you is not accurate or lawfully held.
RIGHT TO DATA PORTABILITY
In certain circumstances, you have the right to receive the personal information concerning you that you have provided us in a structured, commonly used, machine readable format, and the right to request that we transmit the data to another entity where technically feasible.
RIGHT TO OBJECT TO US PROCESSING YOUR DATA
In certain circumstances, you have the right to request that we stop processing your personal information.
RIGHT TO OBJECT TO US PROCESSING YOUR DATA FOR MARKETING PURPOSES
You have the right to request that we stop sending you marketing communications.
RIGHT TO NOT BE SUBJECT TO DECISIONS BASED SOLELY ON AUTOMATED DATA PROCESSING INCLUDING PROFILING
In certain circumstances, you have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects or similarly affects you.
RIGHT TO WITHDRAW CONSENT
We may seek to rely on your consent in order to process certain personal information. Where we do so, you have the right not to provide your consent, and the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of the processing conducted based on consent before its withdrawal.
COMPLAINTS
You have the right to file a complaint with a relevant data protection supervisory authority and the right to file a complaint in court if you feel we have violated this policy. If so, we will cooperate with the authority to resolve the issue.
SECURITY
We take security seriously and care about the integrity of your personal information. We use commercially reasonable methods to transmit your data securely including HTTPS, TLS/SSL protocol, and public key encryption. However, we cannot guarantee that unauthorized parties will never be able to defeat our security measures or use your personal information for improper purposes. In the event that any information under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
INTERNATIONAL DATA TRANSFERS
We are a global organization and provide services throughout the world. Sharing data cross-border is essential to our services so that you can receive the same high-quality services from us wherever you are. As a result, we will, in accordance with the law, transfer your personal information to other countries which may have different data protection standards than those in your country of residence.
Our Site is hosted in the United States. If you are accessing the site from the UK or EEA or other regions with laws governing data collection and use that differ from U.S. law, you should be aware that your data will be transferred outside the UK and EEA. When we transfer personal information from the UK and EEA to other countries, including to the U.S., we rely on service providers who use a variety of legal mechanisms to help ensure your data is appropriately protected such as Binding Corporate Rules or Standard Contractual Clauses. Unless we have your explicit consent, we will not transfer your personal information from the UK or EEA to other countries without appropriate safeguards (such as Binding Corporate Rules or Standard Contractual Clauses) in place.
POLICY CHANGES
We will modify this Privacy Notice from time to time. We will notify you of material changes to this Privacy Notice by posting the amended terms in accordance with applicable laws. If you do not agree with the proposed changes, you should discontinue your use of the Platform before the new Privacy Notice takes effect. If you continue using our Platform after the new terms take effect, you will be bound by the modified Privacy Notice.
HOW TO CONTACT US
If you have any questions about this Privacy Notice, please contact us:
By email at: privacy@the4040club.com.
By postal mail at:
The 40/40 Club
Attn: General Counsel
2 Pennsylvania Plaza, 19th Floor
New York, NY 10121
Company Name: The 40/40 Club
Email address: privacy@the4040club.com
PRIVACY NOTICE FOR CALIFORNIANS
California residents have certain rights and control over their personal information. The 40/40 ClubOperating LLC, doing business as The 40/40 Club, and its subsidiaries (“The 40/40 Club”, “Company”, “we”, “our”, “us”) provides this statement to California residents (“you”) to disclose how we collect and process personal information. If you have any questions about this Notice or our general Privacy Policy, you can direct your questions to privacy@the4040club.com.
We do not sell your personal information
In the preceding twelve (12) months, The 40/40 Club Has not sold any personal information, including personal information of anyone under 13 years old.
Your Rights
California residents have certain rights related to their personal information. To submit a request based on these rights, or to contact us with questions or concerns about our privacy policies and practices, please call our number, 212.832.4040, and inform the receptionist that you are calling regarding your privacy rights, or e-mail privacy@the4040club.com.
Upon receiving a request, we must first verify that the person making the request is the same person to whom the requested information pertains. In some instances, such as a request to delete personal information, we may first separately confirm that you would like for us to in fact delete your personal information before acting on your request.
California residents may exercise their rights themselves or may use an authorized agent to make requests on their behalf. If you use an authorized agent to submit a request, we may require that you provide us additional information demonstrating that the agent is acting on your behalf.
In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Data Access Rights
With respect to their personal information, California residents may exercise the rights described below.
1. Right to know what personal information is being collected, for what purposes and with whom it is shared in the preceding 12 months
As a California resident, you have the right to request information from us regarding:
what categories and specific pieces of personal information we have collected from or about you,
the categories of sources from which we collected the personal information,
the business or commercial purpose for collecting such personal information, and
the categories of external parties with whom we share personal information.
You can make these requests, free of charge, twice a year. We may deliver the requested information to you by mail or electronically. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
2. Right to say no to the sale of your personal information
As a California resident, you have the right to request that your personal information not be sold. As stated above, The 40/40 Club Does not sell personal information.
3. Right to non-discrimination of service or price
We do not discriminate against you for exercising any of your privacy rights, such as by denying you any product/service or charging you a different price or offering different service quality.
4. Right to deletion
You have the right to request that we delete any of your personal information that we have collected, subject to applicable legal exceptions.
We may deny your deletion request if retaining the personal information is necessary for us or our service providers to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug products to identify and repair errors that impair existing intended functionality;
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the personal information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
Comply with a legal obligation; or
Make other internal and lawful uses of that personal information that are compatible with the context in which you provided it.
Personal Information Collected Related to California Residents
The table below contains information about the categories of personal information we collect, process, and share. It covers personal information we have collected over the past 12 months as well as personal information we continue to collect going forward.
Categories of external parties to whom the information is disclosed
Identifiers (such as real name, postal address, email address, IP address, cookies, beacons, pixel tags, mobile ad identifiers, customer numbers, unique pseudonyms, user aliases, or similar identifiers). You provide us with this information when you enquire about or purchase our products and services. We may also collect this information as a consequence of maintaining our websites, offering our products and services online, and advertising online. Additionally, at certain of our venues we utilize ID scanners to verify age and authenticity of the ID card.
Advertising and marketing.
Service providers involved in processing or products, services, and communications; service providers involved in the provision, maintenance, and improvement of the Platform; service providers involved in providing advertising or analytics services to us; service providers involved in the provision and maintenance of our security and surveillance systems; law enforcement or courts of law.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (such as name, physical characteristics or description, address, telephone number). You provide us with this information when you enquire about or purchase our products and services. We may also collect this information as a consequence of maintaining our websites, offering our products and services online, and advertising online. Fulfilling orders and delivering services.