Privacy Policy

Last updated: January 2026

1. INTRODUCTION

1.1 Our Commitment to Privacy

The LX Room is committed to protecting and respecting your privacy. This privacy policy explains what personal data we collect about you, how we use it, who we share it with, and your rights in relation to your personal data. Please read this privacy policy carefully so that you are fully aware of how and why we are using your data.

1.2 About Us

The LX Room platform, including our website at www.thelxroom.com (the "Website") and our mobile application "The LX Room" (the "App") (together, our "Platform"), is operated by LX Room Limited. We are a company incorporated in England and Wales (company number 16658589) with our registered office address at The LX Room, 2 Old Court Mews, 311a Chase Road, London, United Kingdom, N14 6JS ("The LX Room", "we", "us", "our").

1.3 Data Controller

For the purposes of the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), LX Room Limited is the data controller of your personal data. This means we are responsible for deciding how we hold and use your personal data.

1.4 How to Contact Us

If you have any questions about this privacy policy or our privacy practices, please contact us at:

Email: info@thelxroom.com
Postal Address: LX Room Limited, 2 Old Court Mews, 311a Chase Road, London, United Kingdom, N14 6JS

1.5 Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post any updates on our Platform and update the "Last Updated" date at the top of this policy. Where appropriate, we will notify you of significant changes by email. We encourage you to review this privacy policy regularly to stay informed about how we are protecting your personal data.


2. PERSONAL DATA WE COLLECT

2.1 What is Personal Data?

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

2.2 Categories of Personal Data We Collect

We collect and process the following categories of personal data about you:

  • Identity Data: Name, username, date of birth, gender, profile photograph
  • Contact Data: Email address, telephone number, delivery address, billing address
  • Financial Data: Bank account details, payment card details (processed securely by our payment processors), salary information (for membership vetting purposes only)
  • Occupation Data: Current occupation, employer, professional background (for membership vetting purposes only)
  • Account Data: Username, password, membership status, account preferences, communication preferences
  • Transaction Data: Details of your membership subscription, payment history
  • Technical Data: IP address, browser type and version, device type, operating system, time zone settings, browser plug-in types and versions, location data, and other technology on the devices you use to access the Platform
  • Usage Data: Information about how you use our Platform, including pages viewed, features accessed, time spent on pages, click-through rates, search queries
  • Profile Data: Your interests, preferences, feedback, survey responses, and any other information you choose to include in your member profile
  • Communication Data: Content of messages you send or receive through the Platform, including communications with Suppliers, and any correspondence with us via email, phone, or social media
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties, and your communication preferences
  • Verification Data: Photographic identification documents (such as passport or driving licence) provided during the membership application process
2.3 Special Categories of Personal Data

If you choose to provide us with any special categories of personal data, we will only process such data where you have given us your explicit consent to do so, or where we have another legal basis under applicable data protection laws.

2.4 Children's Privacy

Our Platform is not intended for children under 18 years of age, and we do not knowingly collect personal data from children. If you are under 18, please do not use the Platform or provide any personal data to us. If we learn that we have collected personal data from a child under 18, we will delete that information as quickly as possible.


3. HOW WE COLLECT YOUR PERSONAL DATA

We use different methods to collect personal data from and about you, including:

3.1 Direct Interactions

You provide us with personal data directly when you:

  • Apply for membership to The LX Room
  • Create and complete your member or supplier profile
  • Subscribe to our membership service
  • Browse or make inquiries about offerings from Suppliers
  • Contact us by email, phone, through the Platform, or via social media
  • Message or communicate with Suppliers through the Platform
  • Participate in surveys, promotions, or competitions
  • Provide feedback or contact our customer support team
  • Update your account settings or preferences

The personal data you provide may include your name, email address, telephone number, date of birth, occupation, information regarding your wealth and income, profile photograph, photographic identification, delivery address, payment information, and any other information you choose to provide.

3.2 Automated Technologies and Interactions

As you interact with our Platform, we automatically collect Technical Data and Usage Data about your equipment, browsing actions, and patterns. We collect this data by using cookies, server logs, and similar technologies. For more information about the cookies we use and the purposes for which we use them, please see our Cookie Policy (https://www.thelxroom.com/cookie-policy).

3.3 Third Parties and Publicly Available Sources

We may receive personal data about you from various third parties and public sources, including:

  • Identity and Contact Data from publicly accessible sources such as social media platforms (e.g., LinkedIn, Instagram) when we verify the information you have provided to us during the membership application process
  • Technical Data from analytics providers such as Google Analytics
  • Payment and Financial Data from payment service providers
  • Identity and Contact Data from Suppliers when you inquire about or purchase their offerings
  • Marketing and Communications Data from third-party marketing platforms we use to communicate with you

We may also collect information from social media platforms if you interact with us on those platforms or reference them in communications with us.


4. HOW WE USE YOUR PERSONAL DATA

4.1 Legal Bases for Processing

We will only use your personal data when the law allows us to. Under UK GDPR, we must have a legal basis for processing your personal data. The legal bases we rely on are:

  • Consent: You have given us clear consent to process your personal data for a specific purpose
  • Contract: The processing is necessary for us to perform our contract with you or to take steps at your request before entering into a contract
  • Legal Obligation: The processing is necessary for us to comply with the law
  • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless your interests and fundamental rights override those interests
4.2 Purposes for Which We Use Your Personal Data

We use your personal data for the following purposes and legal bases:

  • To Process Your Membership Application
    • Legal basis: Contract (to take steps at your request prior to entering into a contract)
    • Purposes: To review and verify your membership application, including verifying your identity and assessing your eligibility for membership
  • To Provide the Platform and Our Services
    • Legal basis: Contract (to perform our contract with you)
    • Purposes: To create and manage your account, provide access to the Platform, enable you to view Supplier offerings, facilitate communications between you and Suppliers, process your membership subscription payments
  • To Communicate with You
    • Legal basis: Contract and Legitimate Interests (to keep our Members informed and provide customer service)
    • Purposes: To send service-related communications (account confirmations, subscription receipts, important updates to the Platform or our terms), respond to your inquiries, provide customer support, notify you of changes to our services
  • To Improve and Develop Our Platform
    • Legal basis: Legitimate Interests (to improve our services and user experience)
    • Purposes: To analyse how you use the Platform, understand user preferences and trends, test new features, conduct research and analysis, troubleshoot technical issues, enhance Platform security and functionality
  • To Administer and Protect Our Business
    • Legal basis: Legitimate Interests (to run our business efficiently and securely) and Legal Obligation
    • Purposes: To manage our internal operations, maintain our records, conduct data analysis and testing, perform system maintenance, ensure Platform security, protect against fraud and unauthorised access, enforce our Terms of Use
  • To Verify Your Identity and Prevent Fraud
    • Legal basis: Legitimate Interests (to protect our business and Members from fraud and maintain Platform integrity) and Legal Obligation
    • Purposes: To verify your identity during the application process, prevent fraudulent applications or activity, ensure compliance with legal obligations
  • To Send Marketing Communications
    • Legal basis: Consent (where required) or Legitimate Interests (for our own marketing to existing customers)
    • Purposes: To send you information about new features, Supplier offerings, events, or other updates that may be of interest to you
  • To Comply with Legal and Regulatory Obligations
    • Legal basis: Legal Obligation
    • Purposes: To comply with applicable laws and regulations, respond to legal requests from authorities, comply with court orders or regulatory requirements
  • To Handle Legal Claims
    • Legal basis: Legitimate Interests (to protect our legal rights)
    • Purposes: To establish, exercise, or defend legal claims, protect our rights and interests, and take appropriate action against those who violate our Terms of Use
4.3 Legitimate Interests

When we process your personal data based on our legitimate interests, we carefully balance our interests against your rights and freedoms. We do not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted by law. Our legitimate interests include:

  • Operating and improving our Platform
  • Providing excellent customer service
  • Maintaining Platform security and preventing fraud
  • Understanding our Members' needs and preferences
  • Developing new features and services
  • Protecting our business and legal rights
  • Being efficient about how we fulfil our legal and contractual duties
4.4 Marketing Communications

We may send you marketing communications if:

  • You have created a membership account with us and have not opted out of receiving marketing, or
  • You have given us your consent to receive marketing communications

You have the right to opt out of receiving marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email we send you
  • Adjusting your communication preferences in your account settings
  • Contacting us at info@thelxroom.com

Please note that even if you opt out of marketing communications, we will still send you service-related communications that are necessary for your use of the Platform (such as account confirmations, subscription receipts, and important service updates).


5. HOW WE SHARE YOUR PERSONAL DATA

5.1 Sharing Through the Platform

When you use the Platform to inquire about or engage with Supplier offerings, certain personal data will be shared with the relevant Supplier to facilitate the transaction. This may include your name, contact details, and any information you choose to include in your messages or inquiries. You understand and acknowledge that:

  • Suppliers will receive personal data you provide when you contact them or express interest in their offerings
  • The LX Room is not responsible for how Suppliers use or protect your personal data once shared
  • You should review Suppliers' own privacy policies before engaging with them
  • Transactions are directly between you and the Supplier, and The LX Room is not a party to those transactions unless the Supplier is The LX Room
5.2 Third-Party Service Providers

We share your personal data with trusted third-party service providers who perform services on our behalf. These providers are contractually obligated to:

  • Process your personal data only on our instructions
  • Implement appropriate security measures
  • Not use your personal data for their own purposes
  • Comply with data protection laws

Our third-party service providers include:

  • Payment Processors: To process membership subscription payments and handle financial transactions securely
  • IT and Cloud Service Providers: To host our Platform, store data, and provide technical infrastructure
  • Analytics Providers: Such as Google Analytics, to help us understand how users interact with our Platform
  • Email and Communication Providers: To send service and marketing emails on our behalf
  • Customer Support Tools: To manage and respond to your inquiries efficiently
  • Identity Verification Services: To verify your identity during the membership application process
  • Marketing and Advertising Partners: To deliver targeted marketing communications (where you have consented)
5.3 Business Transfers

If The LX Room is involved in a merger, acquisition, asset sale, or other business transaction, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Platform of any change in ownership or control of your personal data, and any choices you may have regarding your personal data.

5.4 Legal Requirements and Protection of Rights

We may disclose your personal data to third parties if we are required to do so by law or if we believe in good faith that such disclosure is necessary to:

  • Comply with legal obligations, court orders, or regulatory requirements
  • Enforce our Terms of Use or other agreements
  • Protect the rights, property, or safety of The LX Room, our Members, Suppliers, or the public
  • Prevent or investigate fraud, security issues, or technical problems
  • Respond to lawful requests from public authorities, including law enforcement
5.5 Aggregated or Anonymous Data

We may share aggregated or anonymised data that does not identify you personally with third parties for research, marketing, analytics, or other purposes. This data cannot be used to identify you.


6. INTERNATIONAL DATA TRANSFERS

6.1 Data Storage and Processing

Your personal data is primarily stored and processed within the United Kingdom. However, some of our third-party service providers may be located in or process data in countries outside the UK.

6.2 Safeguards for International Transfers

When we transfer your personal data outside the UK, we ensure that it is protected by requiring all third parties to implement appropriate safeguards, such as:

  • Adequacy Decisions: Transferring data to countries that have been deemed by the UK government to provide adequate data protection
  • Standard Contractual Clauses (SCCs): Using ICO-approved standard contractual clauses with recipients in countries without adequacy decisions
  • Other Safeguards: Implementing other legally approved transfer mechanisms as appropriate
6.3 Further Information

If you would like more information about the safeguards we have in place for international data transfers, please contact us at info@thelxroom.com.


7. DATA SECURITY

7.1 Security Measures

We have implemented appropriate technical and organisational security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and testing
  • Access controls limiting who can access your personal data
  • Secure authentication and password requirements
  • Regular staff training on data protection and security
  • Secure backup and disaster recovery procedures
7.2 Access Restrictions

We limit access to your personal data to employees, contractors, agents, and third-party service providers who have a legitimate business need to access it. They are subject to strict contractual confidentiality obligations and may be disciplined or have their contracts terminated if they fail to meet these obligations.

7.3 Data Breach Procedures

We have procedures in place to deal with any suspected personal data breach. If a breach occurs that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) as required by law.

7.4 Your Responsibility

While we take reasonable steps to protect your personal data, please remember that no method of transmission over the internet or electronic storage is 100% secure. You are responsible for:

  • Keeping your account password confidential and secure
  • Not sharing your login credentials with others
  • Logging out of your account when finished
  • Notifying us immediately if you suspect unauthorised access to your account


8. DATA RETENTION

8.1 Retention Principles

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

8.2 Determining Retention Periods

To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorised use or disclosure
  • The purposes for which we process the data and whether we can achieve those purposes through other means
  • Applicable legal, regulatory, tax, accounting, or other requirements
8.3 Specific Retention Periods
  • Membership Application Data: If your application is rejected, we will retain your application data for up to 12 months for record-keeping purposes, after which it will be securely deleted
  • Active Member Data: We retain your personal data for the duration of your active membership
  • Former Member Data: After you cancel your membership, we will retain your personal data for up to 7 years to comply with legal and regulatory requirements (such as tax and accounting obligations), after which it will be securely deleted or anonymised
  • Marketing Data: If you opt out of marketing communications, we will retain your contact details on a suppression list to ensure we do not contact you again
  • Legal Claims Data: Where we need to retain data to establish, exercise, or defend legal claims, we will retain such data for the duration of the legal proceedings plus any applicable limitation periods
8.4 Deletion and Anonymisation

At the end of the retention period, we will securely delete or anonymise your personal data so that it can no longer be associated with you.


9. YOUR RIGHTS

9.1 Overview of Your Rights

Under UK data protection laws, you have the following rights regarding your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances
  • Right to Data Portability: You have the right to request that we transfer your personal data to you or to another organisation in a structured, commonly used, and machine-readable format
  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances, including processing for direct marketing purposes
  • Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing, you have the right to withdraw your consent at any time
  • Right Not to be Subject to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects
9.2 How to Exercise Your Rights

You can exercise any of these rights by contacting us at info@thelxroom.com. To protect your privacy and security, we may need to verify your identity before processing your request.

9.3 Response Timeframes

We will respond to your request without undue delay and within one month of receipt. In some cases, such as complex requests or multiple requests, we may extend this period by a further two months. If we do this, we will notify you and explain the reason for the delay.

9.4 Fees

We will not charge a fee for processing your data request unless:

  • Your request is clearly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee, or
  • You request further copies of the same information, in which case we may charge a reasonable fee based on administrative costs
9.5 Right to Refuse

In some circumstances, we may not be able to comply with your request, for example where:

  • An exemption applies under data protection laws
  • We need to retain the data to comply with a legal obligation
  • The request is manifestly unfounded or excessive

If we refuse your request, we will explain why and inform you of your right to complain to the ICO.

9.6 Specific Rights Details

Right of Access (Subject Access Request) You can request details of the personal data we hold about you, including:

  • The purposes of processing
  • The categories of personal data
  • The recipients or categories of recipients
  • The retention period
  • Your rights regarding your data
  • Information about the source of the data
  • Whether we use automated decision-making

Right to Rectification It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You can update your account information at any time through your account settings or by contacting us.

Right to Erasure You can request that we delete your personal data where:

  • The personal data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The personal data has been unlawfully processed
  • The personal data must be erased to comply with a legal obligation

Please note that we may not always be able to comply with an erasure request, for example where we need to retain data to comply with legal obligations or to establish, exercise, or defend legal claims.

Right to Restrict Processing You can request that we restrict processing of your personal data where:

  • You contest the accuracy of the personal data
  • The processing is unlawful but you do not want the data erased
  • We no longer need the data but you need it to establish, exercise, or defend legal claims
  • You have objected to processing and we are verifying whether our legitimate grounds override yours

Right to Data Portability You can request that we provide your personal data to you or transfer it to another organisation in a structured, commonly used, machine-readable format where:

  • We are processing your data based on consent or contract, and
  • The processing is carried out by automated means

Right to Object You can object to our processing of your personal data where:

  • We are processing it based on legitimate interests
  • We are using it for direct marketing purposes
  • We are using it for research or statistical purposes

If you object to processing based on legitimate interests, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or we need to process the data to establish, exercise, or defend legal claims.


10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies on our Platform. For detailed information about the cookies we use and how to manage your cookie preferences, please see our Cookie Policy (https://www.thelxroom.com/cookie-policy).


11. THIRD-PARTY LINKS AND SERVICES

11.1 Third-Party Websites

Our Platform may contain links to third-party websites, including Supplier websites, social media platforms, and other external sites. We are not responsible for the privacy practices or content of these third-party websites.

11.2 Leaving Our Platform

When you click on a link to a third-party website, you will leave our Platform. We encourage you to read the privacy policy of every website you visit before providing any personal data.

11.3 Social Media Features

Our Platform may include social media features and widgets (such as share buttons or interactive mini-programs). These features may collect your IP address, track which pages you visit on our Platform, and set cookies. Social media features are either hosted by a third party or hosted directly on our Platform. Your interactions with these features are governed by the privacy policy of the company providing them.

11.4 No Control Over Third Parties

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.


12. COMPLAINTS AND REGULATORY AUTHORITY

12.1 How to Complain

If you have concerns about how we handle your personal data or believe we have not complied with data protection laws, please contact us first at info@thelxroom.com. We will investigate your complaint and respond to you promptly.

12.2 Right to Complain to the ICO

If you are not satisfied with our response or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113
Website: www.ico.org.uk

12.3 Our Commitment

We take all complaints seriously and are committed to resolving any issues in accordance with data protection laws.


13. SUPPLEMENTARY PRIVACY NOTICES

13.1 Additional Notices for Specific Processing Activities

In some cases, we may provide you with additional privacy notices or terms that supplement this privacy policy for specific processing activities. For example, if we collect personal data for a particular purpose such as a competition or survey, we may provide you with a separate notice explaining how we will use that data.

13.2 Suppliers

Suppliers who register on our Platform will be subject to additional data processing terms as set out in our Terms of Use and any separate Supplier agreements. Suppliers are responsible for their own compliance with data protection laws when processing Member personal data.


14. CONTACT INFORMATION

14.1 Questions and Concerns

If you have any questions, concerns, or requests regarding this privacy policy or our data protection practices, please contact us:

Email: info@thelxroom.com
Postal Address: LX Room Limited, 2 Old Court Mews, 311a Chase Road, London, United Kingdom, N14 6JS
Company Number: 16658589

14.2 Updates

We recommend checking this privacy policy periodically for any updates or changes. The "Last Updated" date at the top of this policy indicates when it was last revised.

BY USING THE LX ROOM PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.

Member Application Form

Fields marked with an asterix (*) are compulsory.

Please Note:
01
The club reserves the right to verify the information provided by candidates.
02
The club reserves the right not to proceed with any application that the committee considers unsuitable. No explanation will be given for the refusal of a candidate.
03
The committee requires all members to pay by direct debit.
04
Membership is £60 per month.
05
A £190 joining fee is payable upon joining, making the initial payment £250.
06
You may cancel your membership at any time.
07
You are 18 years of age or older.
08
All the information provided in your application is complete, true and accurate.