Legal

Privacy Policy

Last updated: March 8, 2026

1. Introduction

PYAANO ("we," "us," or "our") operates a members-only creative house in North West London. We are committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you apply for membership, become a member, or visit our premises.

2. Data Controller

PYAANO is the data controller responsible for your personal data. For questions about this policy or your data rights, contact us at: hello@pyaano.polsia.app

3. What Personal Data We Collect

We collect and process the following categories of personal data:

  • Application Information: Name, email address, phone number, creative discipline, biographical information, Instagram handle, and referral source
  • Membership Data: Membership status, payment information, membership dates, and preferences
  • Profile Photos: Optional photos uploaded during application or membership setup
  • Waiver Signatures: Digital signatures on liability waivers and agreements
  • Entry Logs: QR code scans recording date, time, and member ID when accessing premises
  • Communications: Emails and messages exchanged with PYAANO staff

4. How We Use Your Data

We process your personal data for the following purposes:

  • Membership Management: To process applications, manage memberships, and provide access to facilities
  • Contractual Performance: To fulfil our obligations under the membership agreement
  • Safety & Security: To maintain premises security, track entry/exit for safety, and comply with health & safety obligations
  • Communications: To send membership updates, event information, and respond to inquiries
  • Legal Compliance: To comply with legal obligations, including tax, health & safety, and insurance requirements

5. Legal Basis for Processing

We process your data under the following legal bases:

  • Contract Performance: Processing necessary to perform our membership contract with you
  • Legal Obligation: Processing required to comply with legal duties (e.g., health & safety, tax reporting)
  • Legitimate Interests: Processing necessary for our legitimate business interests (e.g., security, fraud prevention) that do not override your rights
  • Consent: Processing based on your explicit consent (e.g., optional profile photos, marketing communications)

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Applications: Unsuccessful applications are retained for 12 months, then deleted
  • Active Memberships: Data retained for the duration of membership plus 6 years for legal/tax purposes
  • Entry Logs: QR scan logs retained for 90 days for safety purposes, then automatically deleted
  • Waivers: Retained for 7 years from signature date for legal/insurance purposes

7. Data Sharing

We do not sell your personal data. We may share your data with:

  • Service Providers: Payment processors, email service providers, and IT infrastructure providers (all bound by GDPR-compliant data processing agreements)
  • Legal Authorities: When required by law, court order, or legal process
  • Emergency Services: If necessary to protect safety or prevent harm

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at hello@pyaano.polsia.app. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. This includes encrypted data storage, secure server infrastructure, and access controls limiting data access to authorised personnel only.

10. Cookies

Our website uses minimal essential cookies for functionality (session management, security). We use a privacy-focused analytics pixel that stores a visitor ID in your browser's local storage to track page views without collecting personal identifiable information. You can disable this by clearing your browser's local storage.

11. International Transfers

Your data is primarily stored within the UK/EEA. If we transfer data outside the UK/EEA, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses, adequacy decisions).

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

14. Contact Us

For questions, concerns, or to exercise your data rights, contact us at:
hello@pyaano.polsia.app

Back to Home