PRIVACY POLICY
This version is dated Tuesday 11th June 2024
This Great Bustard website (“Website“) is owned and operated by Pelham Pubs Limited (“we“, “us” or “our” being interpreted accordingly). This privacy policy gives you information about how we collect and use personal information relating to you as an identifiable individual (called “personal data“).
We may modify or update this privacy policy from time to time, for instance, if there is a change in the law or our business, so please check this Website regularly to make sure that you have seen the latest version.
Under data protection law, we are the controller responsible for your personal data. If you have any questions about this privacy policy, including any requests to exercise your legal rights (Section 8), please contact the us, using the contact information in Section 10.
- The types of personal data we collect.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data which includes name, username or similar identifier, title, date of birth and gender.
- Contact Data which includes email address and telephone numbers.
- Transaction Data which includes detail about booking deposits or credit card authorisations.
- Technical Data which includes cookies. Please see our Cookie Policy for further information.
- Profile Data in the event we set up a registration facility, we may ask you to provide information such as your username and password, interests and preferences.
- Marketing Data which includes your marketing and communication preferences.
This Website is not intended for children under 18 and we do not knowingly collect data relating to children.
- How is your personal data collected?
We use different methods to collect personal data about you including through:
- Your interactions with us. You may give us your personal data by making a booking or by corresponding with us. This includes personal data you provide when you:
- make a room, restaurant or event booking;
- you make a purchase from our shop;
- request marketing to be sent to you; or
- give us feedback, make an enquiry or contact us.
- Technical Data is collected from the following parties:
- analytics providers such as Google based outside the UK;
Contact, Financial and Transaction Data is collected from providers of technical, payment and delivery services such as SevenRooms, Rezcontrol and Trust Payments based inside the UK.
- Marketing data will be collected with your consent when you sign up to our newsletter through the me&u newsletter database.
- How we use your personal data
Legal basis
Data protection law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
- Performance of a contract with you: Where we need to perform a contract that we are about to enter or have entered into with you.
- Legitimate interests: Where it is necessary to pursue ours or a third party’s legitimate interests, for example to administer or operate our business, prevent fraud and give you a good customer experience. We balance these interests against your rights (e.g. privacy), so they are not unduly interfered with.
- Legal obligation: We may use your personal data where necessary for us to comply with a legal obligation.
- Consent: We may rely on your informed and freely given consent to use your personal data for a specified purpose, for example if you subscribe to receive marketing communications from us.
Purposes for which we will use your personal data
The table below provides a description of all the ways we use the various categories of your personal data and our legal basis for doing so.
Purpose/Use |
Type of data |
Legal basis |
To register you as a customer |
(a) Identity (b) Contact |
Performance of a contract with you |
To process your booking or reservation, including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with you which will include dealing with your enquiries, requests and complaints |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and manage our relationship with you |
To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation) (b) Necessary to comply with a legal obligation |
To use data analytics to improve our Website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing |
(a) Technical (b) Usage |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy) |
To send you relevant marketing communications. |
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
Necessary for our legitimate interests (to carry out direct marketing via email newsletters, etc.) or having obtained your prior consent to receiving direct marketing communications. |
Direct marketing
You may be asked if you would like to receive newsletters and other direct marketing communications from The Great Bustard and Pelham Pubs Limited telling you about offers, events or other news by email, post or other means.
We may also analyse your Identity, Contact, Technical, Usage and Profile Data to see what offers may be of particular interest so we can make our marketing communications more relevant to you.
Third-party marketing
We will not sell or rent your personal data and will seek your express consent before we share your personal data with any third party for their own marketing purposes.
Cookies
As you interact with our Website, we may set cookies. For more information about the cookies we use and how to change your cookie preferences, please see our cookie policy.
- Sharing your personal data
We may share your personal data with certain third parties for the purposes set out in the above table ‘Purposes for which we will use your personal data’. These third parties will be:
- Suppliers or service providers (called ‘processors’) who process data on our behalf and under our instructions to support our business, such as providers of back-end IT services (booking engines, – e.g SevenRooms and Rezcontrol), payment processors (e.g., Trust Payments) or data hosting companies. We will have a written contract with those processors under which they provide certain guarantees regarding security of the personal data they handle and have other obligations in accordance with data protection law.
- Business partners, suppliers and subcontractors who handle your personal data for the purpose of entering into or performing a contract with you or to enable us to provide a service to you.
- Professional advisers or service providers (such as lawyers or insurers) if we need to exercise, establish or defend our legal rights or in connection with any legal proceedings or claims (including prospective legal claims).
- Regulatory authorities, courts, police or law enforcement if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property or safety of us, our clients or others. We may also exchange information with certain service providers or other companies and organisations for the purposes of fraud prevention or investigation.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.
- Other third parties who we tell you about or with whom you may ask us to share your personal data from time to time.
We require all third parties with whom we share your personal data to maintain adequate security and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
- International transfers
We will not send your personal data outside the United Kingdom (UK) or European Union or European Economic Area (EU/EEA).
- Data security
We have put in place appropriate security measures to prevent your personal data from being corrupted or lost or accidentally or unlawfully used, disclosed or accessed without authorisation. We will notify you of a data security breach where we are legally required to do so. Please note that if you access or send personal data over the internet or using public Wi-Fi, it may not be 100% secure.
- Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for or to satisfy any legal, tax or accounting requirements that we are subject to. We may retain your personal data for up to 6 years in the event of a complaint and/or if there is a reasonable prospect of a legal claim for which we may need to retain it. To determine the appropriate retention periods for personal data, we use criteria based on regulatory guidance and applicable law.
In some circumstances you can ask us to delete your data: see Section 8 below for further information regarding your legal rights.
- Your legal rights
Data protection laws gives you a number of rights in relation to your personal data. These are to:
- Request access to your personal data (known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you;
- Request correction of the personal data that we hold about you;
- Request erasure of your personal data in certain circumstances, particularly where there is no good reason for us continuing to process it;
- Object to processing of your personal data where we are relying on a legitimate interest as the legal basis for that particular use, subject to certain conditions;
- To object to us processing your personal data to sent you direct marketing;
- Request the transfer of your personal data to you or to a third party (if you initially provided consent for us to use it or where we used the information to perform a contract with you); and
- Request restriction or suspension of our processing of your personal data in certain scenarios (e,g. you dispute the data’s accuracy).
- If we are relying on consent to process your personal data, you can also withdraw your content at any future date. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent, and it may mean that we may not be able to provide certain products or services.
If you wish to exercise any of the rights set out above, please contact us using the details in Section 10.
You will not usually have to pay a fee to access your personal data or to exercise any of the above rights. However, we may reject (or charge a reasonable fee for) any unfounded, vexatious, repetitive or excessive request. Before we can respond, we may also ask for further information to prove your identity or to locate the specific personal data that your request relates to.
We will usually respond to all legitimate requests within one month. Occasionally, however, it could take us up to a further two months to respond in full if your request is complex.
- Complaints
If you think we have used your personal data unlawfully, you have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO“), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
- Contact details
If you have any questions about this privacy policy, the use of your personal data or if you want to exercise your rights as described above, please contact our privacy manager at the following address:
- Email address: info@thegreatbustard.uk