Last Updated: 20/10/23

Privacy Policy

1. INTRODUCTION

Welcome to our Privacy Policy. We are committed to protecting and respecting your privacy.

This Privacy Policy provides information on how we collect and processes your personal data when you visit our venues, use our websites (including any data which you may provide through those websites when you contact us or provide feedback), make a booking, visit or interact with us via our WiFi facilities or social media pages, or when you use our certain third party banking mobile apps, or otherwise engage with us, including when you participate in our loyalty programme or other promotions (together, “Digital Services”). Please see the end of this Privacy Policy for our contact and legal information.

This Privacy Policy explains:

● why and how we may use the personal information that we have obtained from interactions you (or others) may have with us as a business or when you contact us;
● with whom we share your personal information; and
● the rights you have in connection with the information we use.

Please read the following carefully.

2. WHO WE ARE AND OUR ROLE

Except as mentioned below, we are the controller of your personal information. This means that we decide why and how your personal information is processed. Please see the section at the end of this Privacy Policy and our Terms of Use for our contact and legal information respectively.

We sometimes work with other organisations in connection with some of the processing activities described in this notice, such as social media platforms. Where that information is collected and sent to other organisations for processing that is for a common purpose or purposes, we will be making decisions together in relation to that particular processing and will be ‘joint controllers’ with the organisations involved. As joint controllers, we and the other organisations involved in making these decisions will be jointly responsible to you under data protection laws for this processing.
In other circumstances, the organisation receiving your information will be separately responsible to you and use your personal information in the ways described in its privacy policy (and not ours). For example:

• If you link your payment card to your loyalty programme account through a third party banking app, the relevant bank that issues that payment card and card scheme (American Express, Mastercard or Visa) will be processing your personal information in accordance with their privacy policies as separate controllers. Please see the relevant website of the bank or scheme for the relevant privacy policy.
• We may make WiFi services available in our venues and where we do, these are provided by our third party service provider, Purple WiFi. Purple WiFi is a separate controller of the personal information it collects during the course of its provision of those services. Please its privacy policy at https://purple.ai/privacy-policy/ for further information.

If you apply for a job through our websites, our separate Recruitment Privacy Policy will apply.

This Privacy Policy may change from time to time so please check this Privacy Policy occasionally to ensure that you are happy with any changes. For more information on changes to our Privacy Policy, please see section 14 (Changes to this Privacy Policy).

This Privacy Policy was last updated on the date set out at the end of this Privacy Policy.

3. PERSONAL INFORMATION WE COLLECT ABOUT YOU

Personal information you provide to us

When you interact with us online or offline we collect and use information about you in the course of providing you our services and with consumer support. We may collect some or all of the information listed below to help us with this:

• information that you submit online and offline including your name, contact details including postal address, e-mail address and telephone number(s), interests, insights and preferences, date of birth, age, gender, and login credentials. We collect this in a number of ways, including when you register for an account with us and/or make a booking online or offline;
• age verification information, including photo ID;
• financial details when booking a venue which includes the card-holder’s name and payment and gift card details;
• your orders, requests and transaction information, including information about your purchases, such as prices and product information, refunds, and promotions and gifts;
• your dietary preferences and allergy information;
• your username and password in relation to our websites and mobile apps;
• information that you submit via any contact forms on the website and any correspondence we have with you over email or phone;
• details of your marketing and in-app communication preferences;
• details when you enter a competition, promotion, or prize draw, including any personal information contained in the entry itself;
• additional details that you provide at one of our events, including images and information provided in surveys;
• the content of the reviews or testimonials you leave about us; and
• any correspondence or messages (including emails, SMS or chat or social media messages or comments) that you send to us;
• your social media activity including your social media handle, comments and ‘likes’ and the time and date of that activity; and
• any additional information that you choose to tell us.

Where we need to collect personal data where legally required to do so, or perform a contract we have with you (or take pre-contract steps you have requested), and you do not provide us with your personal information, we may be unable to provide products or services to you. This may also lead to us having to cancel your booking.

You are under no statutory or contractual obligation to provide us with your personal information; however, we require at least the information above in order for us to deal with you as a prospective customer or customer in an efficient and effective manner. Where the law allows, we may combine information we receive from other sources with information you give to us and information we collect about you.

Information we collect about you including using automated methods

We collect CCTV footage and date and time information when you pass an area in which we or a company on our behalf operates CCTV surveillance or makes CCTV recordings (including from body-worn cameras). Such footage may include criminal offence or health data.

We also collect data on the use and consumption of gifts and promotions, as well as your booking history. We also collected information about your most visited venue amongst the venues that we operate.

We may automatically collect information about your use of the Digital Services, such as the number and duration of visits to the Digital Services and details of which particular pages or parts have been visited. We may also anonymise any personal information we receive about you by amending it, combining it with other data or by using other anonymisation techniques such as ‘hashing (“Anonymised Information”). After we anonymise your information, it will not be attributable to you.

We also automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform as well as mobile identifiers cookie, tracking pixel and beacon identification information. Please see our Cookie Policy for further information (“Technical Information”).

We use any collected Technical Information and Anonymised Information to analyse how the Digital Services are functioning and how it is used by users, for insight purposes and to help us maintain and improve the Digital Services on an ongoing basis. We also use this information to provide our services, including through our mobile applications and when you pay at our venues. We may share Anonymised Information with third parties that we work with, including our commercial partners.

We may record calls you make to our customer services team for quality and training purposes, and for the purposes of handling complaints and legal claims. We collect information about your behaviour at our venues and, if you have been banned, details of the reasons and period for which you have been banned.

Information we collect about you in connection with our loyalty programme

If you participate in our loyalty programme, we collect details relating to your participation including the period of your participation, the number of points and other benefits you have earned and details of when you have earned them, the points and other rewards you have redeemed and when you have redeemed them, your refer-a-friend activities and your favourite venues.

In certain circumstances, we provide you the option to link your bank account and/or card payment method to our loyalty programme. This is facilitated via our third-party providers, such as Bink, and utilises open banking APIs. Where your banking provider supports this facility, and you choose to link your account or card payment method to our loyalty programme we and your banking provider will receive data about the transactions you make across our venues as well as where you redeem your loyalty rewards.

We use this information to reward you with loyalty points or other loyalty benefits for qualifying purchases, provide you with redeemable rewards and to analyse your spending habits across our venues in order to better suggest offers we think will be of interest to you.

Your banking provider may also use this information as a controller and in accordance with its own privacy policy which we recommend that you read prior to linking your account/card payment method to our loyalty programme.

Information we collect about you from other sources

We may also obtain the following Personal Information about you from the following sources:

Apple Pay / Google Pay / Apple Pay / Google Pay / PayPal / Payment card schemes (American Express, Mastercard and Visa)
Contact, financial, technical data and transaction data

Purple WiFi
Contact and biographical data

Daisy WiFi
Contact Data

Acteol
Contact, loyalty and transaction data

Reputation.com
Contact and review data

Orderbee
Contact, financial, transaction data

Zonal Apps
Contact, financial, transaction data

Eagle Eye
Contact Data

Design My Night
Contact, bookings, ticketing, dietary data (including data relating to allergies and food preferences

Fatsoma
Contact, ticketing data

Zonal EPOS
Financial, transaction data

Sport Insight Media
Contact data

Bink
Contact, financial, technical data and transaction data

Your banking provider
Transaction data (if you link your payment card to our loyalty programme) and contact data (if you join the loyalty programme through an app provided by certain banking providers

Social media sites e.g. Facebook
Contact, biographical and interests data

Pubwatch
Contact data & details of your past behaviour at third party venues

4. HOW AND WHY WE USE YOUR PERSONAL INFORMATION

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and complies with data protection laws.

Data protection law requires us to have a valid reason to process your personal information for each of the different purposes for which we use that information. The law refers to each reason as a ‘lawful basis’. The purposes for which we use your personal information and the lawful basis on which we rely to process it for each purpose is as follows:

Where you have provided CONSENT

We may use and process your personal information where you have consented for us to do so for the following purposes:

• to make electronic marketing communications including by email, SMS and, in relation to our mobile apps, push notices, where you opt-in to receive such communications following a request;
• to access location, camera, photos, videos, contact lists, or other information from your mobile device accessed through our mobile apps;
• to collect personal information from non-essential cookies used on our websites for the purposes described in our Cookie Policy;
• to link your card payment method to our loyalty programme and use the transaction data we receive to administer our loyalty programme. Your consent for this purpose will also permit the card scheme relevant to your card to monitor your transactions and share details of qualifying purchases with us so that we can provide you with the relevant points.

We may also rely on consent to use your name and image for publicity purposes. If you do not agree, the photographs will be deleted or the image will be modified so you will be unidentifiable.

You may withdraw your consent for us to use your information in any of these ways at any time. Please see section 13 (Your Rights) for further details.

Where necessary to comply with our LEGAL OBLIGATIONS

We will use your personal information to comply with our legal obligations:

● to check and verify your age and your identification information using an ID scan machine for the prevention and detection of crime and disorder to the extent required by law;
● to respond or assist the public authorities or the police and other criminal investigation bodies where required by law;
● to keep a record relating to the exercise of any of your rights relating to our processing of your personal information;
● to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists to be able to comply with your request);
● to anonymise or delete your personal information when it is no longer required for the purposes described in this Privacy Policy;
● to comply with court orders or other notices where failure to do so would result in us breaking the law; and
● to handle and resolve any complaints we receive relating to our processing of your personal information as described in this Privacy Policy.

Where it is in your VITAL INTERESTS

We will use your personal information where it is in your vital interests to do so, for example, in relation to any emergency medical treatment you require whilst visiting our venues.

Where there is a LEGITIMATE INTEREST

We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:

Processing necessary for us to promote our business and measure the reach and effectiveness of our campaigns

● to contact you with marketing information by post or by phone (if you are not registered with the Telephone Preference Service (including the Corporate Telephone Preference Service, where relevant);
● to contact you with marketing information by email and SMS (if you are a corporate customer or where you were presented with an opportunity to opt-out of such contact but did not do so);
● to tailor communications (including recommendations) to you based on your location, interests, and previous bookings and to personalise our services, products and content for you;
● to communicate targeted advertising to you in social media. You may receive advertising based on information about you that we have provided to a social media platform, or allowed it to collect using cookies on our website or code in our applications (or a combination of the two). For some of our marketing campaigns, we may use this information to exclude you from receiving advertising, if we believe it will not be relevant to you. You may also receive advertising because, at our request, the platform has identified you as falling within a group whose attributes we have selected or a group that has similar attributes to the individuals whose details it has received from us (or a combination of the two);
● to process your location in order to locate the nearest venue;
● for analysis and insight conducted to inform our marketing and business strategies, and to enhance your user experience;
● to ensure your dietary preferences are respected (and, where these are allergies or other medical conditions, to establish, bring or defend any legal claims); and
● to identify and record when you have received, opened or engaged with our Digital Services and/or our electronic communications (please see our Cookie Policy for more information);

Processing necessary for us to respond to changing market conditions and the needs of our users

● to analyse, evaluate and improve our Digital Services and/or other of our products and services so that your visit and use of them are more useful (we will generally use data amalgamated from many people so that it does not identify you personally);
● to undertake market analysis and research (including contacting you with user or customer surveys) so that we can better understand your use of the Digital Services and our products; and
● to share personal information (including images) with (and to receive information from) ‘Pubwatch’ members (which include other hospitality providers, the police, and the council) to identify and prohibit from entering our venue certain customers who have been barred in order to ensure that our venues remain safe.

Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively

● to maintain the security of our staff, customers, venues, premises and property;
● to process payments made by you to us;
● to administer the Digital Services and our products, and for internal operations, including troubleshooting, testing, training, and statistical purposes;
● for cookies that are essential for our website to function properly (please see our Cookie Policy for more information);
● for the detection and prevention of fraud and other criminal activities (and in relation to any CCTV footage containing criminal offence of health data, we rely on the corresponding condition for processing under the Data Protection Act 2018);
● for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
● to record CCTV footage and date and time information when you pass an area in which we or a company on our behalf operates CCTV surveillance or makes CCTV recordings (including from body-worn cameras) to ensure the safety of our employees and venue visitors;
● for the purposes of corporate restructure or reorganisation or sale of our business or assets;
● for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;
● to enforce or protect our contractual or other legal rights or to establish, bring or defend legal proceedings (and in relation to any allergy or other health data we process about you, we rely on the corresponding condition for processing under the UK GDPR);
● to inform you of updates to our terms and conditions and policies; and
● for other general administration including managing any reports you make, your queries, complaints, or claims, and to send service messages to you.

Where necessary for us to carry out PRE-CONTRACT STEPS you have requested or for the performance of our CONTRACT

We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract, for the following purposes:

● to respond to your request for a booking for one of our venues;
● to administer the core elements of our loyalty programme as described in the terms applicable to that programme, including to keep track of the points and other benefits you have earned and the rewards you have redeemed;
● to send communications to you about your booking (including information about your booking status and to request payment information relating to your booking);
● to register you for and connect you to our guest WiFi service within our venues; and
● to respond to your customer service requests and enquiries.

5. MARKETING

We may collect your preferences to receive marketing information directly from us by phone, email, or SMS in the following ways:

● if you register for an account on our website or mobile applications, we will ask you if you would like to opt in to receive marketing information directly from us;
● if you make a booking with us via the designmynight website and you opt in to receive marketing information;
● if you do not complete a purchase and you have opted-in to receive marketing information, we may send a reminder to you about your incomplete purchase or ask why you did not complete the purchase so that we may better refine the service we offer.

From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.

You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above at any time. Please see Your rights below for further details on how you can do this.

Please allow up to 10 working days for your email preferences to take effect.

6. DISCLOSURE OF YOUR PERSONAL INFORMATION BY US

We may disclose your information to our third party service providers, agents and subcontractors (“Suppliers”) for the purposes set out above. Our Suppliers can be categorised as follows:

Recipient / relationship to us
Industry sector (& sub-sector)

Advertising, PR, digital and creative agencies
Media (Advertising & PR)

Card-linked loyalty and other service providers that support our loyalty programmes
IT (Banking & Loyalty)

CCTV service providers
IT (Security)

Cloud software system providers, including database, email, ordering, booking, age/identity verification software (e.g. GB Group plc), customer relationship and document management providers
IT (Cloud Services)

Facilities and technology service providers including scanning and data destruction providers
IT (Data Management)

Legal, security and other professional advisers and consultants
Professional Services (Legal & Accounting)

Market and customer research providers
Media (Market Research)

Operators of bars, pubs and other hospitality venues, including members of National Pubwatch and local ‘pubwatch’ schemes
Hospitality (Bars & Pubs)

Payment card schemes
Financial Services (Payments)

Social media platforms
Media (Social Media)

Website and data analytics platform providers
IT (Data Analytics)

Website and app developers
IT (Software Development)

Website hosting services providers
IT (Hosting)

Wifi service providers
IT (Networking)

Payment (including gift card) processors e.g. PayPal, Google Pay and Apple Pay.
PayPal. Google Pay and Apple Pay operate secure servers to process your payment details. They encrypt your credit or debit card information and authorise payment directly. We only keep the last four digits of your credit or debit card in order for you to recognise and choose your payment method without having to type in payment details each time. To understand how our payment processors use your information, we recommend that you read their privacy policies at https://www.paypal.com/uk/legalhub/privacy-full, https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en and https://www.apple.com/uk/legal/privacy/data/en/apple-pay/
Financial Services (Payments)

When sending your information to third parties, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

When we share your personal information with any third parties that are controllers of that information, they may disclose or transfer it to other organisations in accordance with their data protection policies. This does not affect any of your data subject rights as detailed below. In particular, where you ask us to rectify, erase or restrict the processing of your information, we take reasonable steps to pass this request on to any such third parties with whom we have shared your personal information.

We may disclose your personal information to other third parties as follows:

  • any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event; and
  • if we are under, or consider that we have, a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police and other law enforcement bodies, tribunals, regulators, local or central government or related agencies.

7. WHERE WE STORE YOUR PERSONAL INFORMATION

Your personal information may be transferred to countries outside the UK. Those countries may not have similar data protection laws to the UK and so may not protect the use of your personal information to the same standard.

Where we transfer your information outside of the UK, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Policy. These steps include:

• relying on decisions issued by the relevant UK Secretary of State (or other relevant person) declaring that a country or a company certifying to an international framework is adequately protective of personal information to a degree that allows us to safely transfer your personal information to that country or company;
• imposing contractual obligations on the recipient of your personal information using standard clauses issued by the UK Information Commissioner’s Office (or other relevant body); or
• relying on ‘binding corporate rules’ put in place by recipients of your personal information that have been approved by relevant data protection regulators.

Please contact us using the details at the end of this Privacy Policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
If you use our services whilst you are outside the UK, your information may be transferred outside the UK in order to receive those services.

8. THE PERIOD FOR WHICH WE KEEP YOUR PERSONAL INFORMATION

If we collect your personal information, the length of time for which we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.

We will always retain your personal information for the period that you have an active account with a Website or App. If you do not hold an account, we retain your personal information for 2 years from the date we collect it or, where applicable, the date you are unsubscribed from our marketing lists, if later.

Your account will become ‘inactive’ if you do not engage with us for more than 2 years, for example, if you do not log into your account, make a purchase with us, engage with our direct marketing campaigns, earn loyalty points or redeem any vouchers. After that 2 year period ends (or at any point you choose to delete your account with the relevant Website or App using the relevant settings), we will anonymise the records we hold about you so that we no longer hold your personal information (to find out more about the personal information we anonymise, please see ‘Personal information we collected about you’ above). The only exceptions to these periods and our retention of your personal information are where:

● the law requires us to hold your personal information for a longer period, or delete it sooner;
● you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see section 13 (Your Rights) below);

● you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see section 13 (Your Rights) below);
● we obtain your proof of identity documentation (e.g. driving licence, passport, card bearing PASS hologram, or military ID) which we retain for no more than 31 days from the date of our receipt or, if you are subject to a ban from a venue, for the period for which you have been banned; or
● we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible.

9. SECURITY AND LINKS TO OTHER SITES

We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. When we have provided (or you have chosen) a password allowing you access to certain parts of our Digital Services, you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties.

If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session for your security. In addition, we recommend that you take the following security measures to enhance your online safety: When creating a password, we recommend you use at least 8 characters with a combination of letters and numbers and at least one special character. We recommend you frequently change your password. Keep your passwords private. Remember, anyone you knows your password may access your account. Avoid using the same password for multiple online accounts. We will never ask you to confirm any account or credit card details via email. If you receive an email claiming to be from us asking you to do so, please ignore it and do not respond.

Our Digital Services may contain links to websites run by other organisations which we do not control. This Privacy Policy does not apply to those other websites‚ so we encourage you to read their privacy policies. We are not responsible for the privacy policies and practices of other websites (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.

In addition, if you linked to our Digital Services from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.

10. COOKIES

‘Cookies’ are small pieces of information sent to your computer or device and stored on its hard drive to allow the website and applications to recognise you when you visit it.

If you are using our websites, it is possible to switch off cookies by setting your browser preferences.

We also use other similar technologies across our websites, applications and emails to recognise you. These include web beacons, tracking pixels, pixel tags and software development kits (SDKs). These technologies are used for a variety of purposes such as facilitating payment, enhancing app navigation, analysing and optimising usage and associated with our marketing and advertising efforts, including targeting advertising through our third parties and partners.

For more information on how we use cookies and how to switch them off on your device, please visit our Cookie Policy.

11. AUTOMATED DECISION MAKING

We do not envisage that any decisions that have a legal or significant effect on you will be taken about you using purely automated means, however we will update this Privacy Policy and inform you if this position changes.

12. SOCIAL MEDIA PLATFORMS

We use a number of different social media platforms to communicate with you and to promote products and services. We process your personal information using these platforms in a variety of ways, as follows:

Pages. We use your personal information when you post content or otherwise interact with us on our official pages on Facebook, Instagram, TikTok and other social media platforms. We also use the Page Insights service for Facebook and Instagram to view statistical information and reports regarding your interactions with the pages we administer on those platforms and their content. Where those interactions are recorded and form part of the information we access through these Page Insights services, we and the relevant platform are joint controllers of the processing necessary to provide that service to us.

Single sign-on. Some of our mobile apps use a feature provided by social media and other digital service providers that allow you to register and login to our account with the app using the same login details you have already set up with those providers. This feature is known as a ‘single sign-on service’. We are responsible for any use we make of the personal information we receive from the platform using this feature.

Data from your profile. When you use single sign-on services, you may be prompted to confirm that you are happy to share with us your name, email address and certain other personal information you hold with those providers. You may be asked if you would like to share information with us that goes beyond what is needed to log you into your account. For example, you may be asked if you would like us to use your contact details or date of birth for direct marketing purposes. We will only use your personal information in this way if you agree.

Cookies. We use cookies and similar technologies in our Digital Services to collect and send information to Facebook about actions you take on our website and applications. In particular, Meta (who operates the Facebook and Instagram platforms) uses this information to provide services to us and also for further processing for its own business purposes. We and Meta are joint controllers of the processing involved in collecting and sending your personal information to Meta using cookies and similar technologies as each of us has a business interest in Meta receiving this information. You can find out more about these technologies by visiting our Cookie Policy. The services we receive from Meta that use this information are delivered to us through Meta Business Tools, which include Meta Pixel, Facebook Login, Facebook SDK, Social Plugins and Website Custom Audiences. These tools allow us to target advertising to you within Meta’s social media platforms by creating audiences based on your actions on our Digital Services and applications and allow Meta to improve and optimise the targeting and delivery of our advertising campaigns for us.

Our relationship with Meta. As we are joint controllers with these platforms for certain processing, we and each platform have:

• entered into agreements in which we have agreed each of our data protection responsibilities for the processing of your personal information described above;
• agreed that we are responsible for providing to you the information in this privacy notice about our relationship with each platform; and
• agreed that each platform is responsible for responding to you when you exercise your rights under data protection law in relation to that platform’s processing of your personal information as a joint controller.
Meta also processes, as our processor, contact information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing Meta carries out when it display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to a platform operated by Meta. These advertisements may include forms through which we collect contact information you give to us.

Further information. The Meta company that is a joint controller of your personal information is Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. For further information regarding Meta and its use of your personal information, please see:

• Meta’s Controller Addendum for Page Insights and UK Controller Addendum for Business Tools which include information regarding how our and Meta’s responsibilities to you are allocated as controllers of your personal information;
• Meta’s Privacy Center including its Privacy Policy at https://www.facebook.com/privacy which include details of the legal reasons (known as ‘lawful bases’) on which each platform relies to process your personal information, together with details regarding your data protection rights; and
• Meta’s help pages regarding its Page Insights and Business Tools and its terms and conditions relating to those tools.

Our relationship with Tiktok. To find out more about our relationship with TikTok, please see the terms of the data sharing arrangement we have with TikTok and the TikTok Privacy Policy.

13. YOUR RIGHTS

You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 1 calendar month from either:

● the date that we have confirmed your identity; or
● where we do not need to do this because we already have this information, from the date we received your request.

You have the following rights, some of which may only apply in certain circumstances:

To have your information corrected if it is inaccurate and to have incomplete personal information completed
If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us using any of the details described at the end of this Privacy Policy.

To object to processing of your personal information
Where we rely on our legitimate interests as the lawful basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this Privacy Policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.

To withdraw your consent to processing your personal information
Where we rely on your consent as the lawful basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

To restrict processing of your personal information
You may ask us to restrict the processing of your personal information in the following situations:

• where you believe it is unlawful for us to do so; or
• you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.

In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

To have your personal information erased
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this Privacy Policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request

To request access to your personal information and how we process it
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this Privacy Policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

Rights relating to automated decision making, including profiling
You may also contest a decision made about you based purely on automated processing by contacting us using the information at the bottom of this Privacy Policy. We do not currently process your personal information to make such decisions about you and will update this policy/notify you if that changes.

To complain to a data protection regulator
You have the right to complain to the UK data protection regulation, the Information Commissioner’s Office (ICO), if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.

14. CHANGES TO THIS PRIVACY POLICY

We may review this Privacy Policy from time to time and any changes will be notified to you by posting an updated version on our websites and/or by contacting you by email, as appropriate. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on our website at www.stonegategroup.co.uk, whichever is the earlier. We recommend you regularly check for changes and review this Privacy Policy whenever you visit or use any of our Digital Services. If you do not agree with any aspect of the updated Privacy Policy you must immediately notify us and cease using our services.

15. CONTACT US

Please direct any queries about this Privacy Policy or about the way we process your personal information to our Privacy Manager using our contact details below.

Our email address for data protection queries is c.datarequest@stonegatepubs.com or alternatively you can contact us using the web form on our websites.

16. LEGAL INFORMATION

We are Stonegate Pub Company Limited.

We are a limited company incorporated in the Cayman Islands with UK company registration number FC029833 (and UK establishment number BR014816) and our registered office address is Conyers Trust Company (Cayman) Limited, Cricket Square, PO BOX 2681, Grand Cayman, Ky1-1111, Cayman Islands.

Our main trading address is 3 Monkspath Hall Road, Solihull, West Midlands B90 4SJ.