OTLEY HALL EVENTS LIMITED
Privacy Policy
Please read this Privacy Policy carefully as it applies to any personal data you provide to Otley Hall Events Limited (‘Otley Hall’, ‘we’, ‘us’), a limited liability company incorporated in England and Wales with registered number 13153641 at registered address Otley Hall, Hall Lane, Otley, Suffolk, IP6 9PA, or which we collect about you, for example when you visit our website, http://otleyhall.co.uk/ (‘Website’) or use any of our services (‘Services’).
We use the term ‘personal data’ to mean any information relating to a person who can be identified, directly or indirectly, from that information alone or in conjunction with other information. Our collection and processing of personal data is regulated by the Information Commissioner under the General Data Protection Regulation (‘GDPR’). We always seek to comply with the data protection laws applicable to our processing of personal data, and as a UK company, UK GDPR and the UK Data Protection Act 2018 apply to our processing. We use GDPR to refer to either the UK or EU version as they are almost identical.
Otley Hall is dedicated to protecting our customers’ privacy. This Privacy Policy sets out what personal data we might collect, how we might collect, process and protect that data, the lawful grounds for that processing, and your related rights in relation to GDPR. Any personal data that we collect from you will only be used in accordance with this Privacy Policy.
How We Obtain Personal Data
You may provide us with personal data and we may collect personal data from you in the normal course of business:
You may provide us with personal data when you make an enquiry about our Services, for example for example your name, email and address, for example when you complete Website enquiry forms or opt-in requests for communications from us, or when you communicate with us by email, telephone, or via our social media platforms (‘Marketing Data’)
You may provide us with personal data when you become a customer for our Services, for example when booking tickets to attend an event or when booking your own private event at Otley Hall (‘Customer Data’)
You may provide us with personal data by using or after using our Services, such as names and photographs for our own digital marketing purposes (‘Service Data’)
You may provide us and our hosting partner, Squarespace, with personal data when you visit our Website, for example your IP address, a list of the pages you visit, and information about your browser, network, and device (‘Improvement Data’)
You may provide us with personal data when you apply for a position at Otley Hall (‘Recruitment Data’)
According to GDPR, we are the ‘controller’ of Marketing, Customer, Service, Improvement and Recruitment Data as we determine the purposes and essential means of its collection and processing.
When you provide us with personal data, you are confirming it is accurate and up-to-date. When you provide us with personal data about another person, for example a family member or a contact, you are confirming to us that you have their consent to do so, or are otherwise authorised to do so.
You provide us with personal data at your discretion. However, if you choose not provide us with the personal data that we need and request, the we may not be able to respond to your query.
Special categories data: Given the nature of our Service, we do not ask for ‘special categories’ of personal data such as information about your health, political opinions, racial origins or sexual life, or personal data relating to criminal convictions or offences. If however you choose to provide us with such personal data for any reason, then you must have full authority or consent to do so and agree that it will be dealt with according to this Privacy Policy.
Financial data: We do not collect or process any banking or debit/credit card data ourselves. Any such data is collected and processed by our third party payments provider, which acts as an independent data controller. We work with payments providers who comply with the applicable industry codes and laws regarding security and retention of financial data, for example the Payment Card Industry Data Security Standard.
How We Use Personal Data
Under GDPR, we can only use personal data if we have a legal basis for doing so. These are mandated by the legislation and include:
To perform a contract with you or to take steps before entering a contract (‘Contract’)
To comply with our legal and regulatory obligations (‘Legal Obligation’)
For our legitimate interests or those of a third party (‘Legitimate Interests’)
Your consent (‘Consent’).
A ‘legitimate interest’ is when we have a business or commercial reason to use personal data, including to secure, manage and improve our Services, so long as this is not overridden by the data subject’s own rights and freedoms. Where processing is based on your consent, we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent when we ask for your consent.
We may use your personal data for the following purposes:
To answer enquiries and provide requested information (lawful basis: legitimate interests)
To enable us to fulfil any contractual obligations (lawful basis: contract)
To provide and manage your account (lawful basis: contract and legitimate interests)
Internal record keeping (lawful basis: legal obligation)
To notify you about changes to our Services or inform you of circumstances that may impact our ability to deliver those services or your experience (lawful basis: legitimate interests)
To send marketing emails that you have opted into with the email address provided. See below: ‘Marketing Our Services’ for further information (lawful basis: consent)
Via our hosting provider, Squarespace, in a de-personalized form to provide you access to this Website, and to protect and improve its platform and services (lawful basis: legitimate interests)
To personalise and improve our Website and your user experience (lawful basis: legitimate interests)
To review and improve our Services (lawful basis: legitimate interests)
To improve our digital marketing either for social media, advertising, or to include on our Website and print marketing material to provide better services and enhance our customer base. We will never include your personal data without gaining your consent to do so (lawful basis: legitimate interests and consent)
Marketing Our Services
We would like to send you promotional emails about our Services and other information we think you might find interesting. If you have agreed to receive marketing emails, you can unsubscribe from these at any time by clicking the link at the bottom of the email. We share your contact information with Squarespace, our email marketing provider, so they can send these emails on our behalf.
Sharing Personal Data
We will not share, sell or rent your personal data to third parties so they can market their services to you. In the following limited circumstances, we may share personal data with third parties who will act as separate or joint controllers:
STRIPE, our payments provider, when you make online payments (lawful basis: legitimate interests or contract)
Squarespace, our hosting and email marketing services provider, when you interact with our Website and communicate and transact with us via our Website (lawful basis: legitimate interests or contract)
Lucid Systems, our IT systems provider, with whom we may share minimal personal data required to help us operate, secure and analyse our business (lawful basis: legitimate interests)
Professional advisors acting as processors or joint controllers including auditors/accountants based in the UK (lawful basis: legitimate interests or legal obligation)
HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the UK (lawful basis: legal obligation)
We may be obliged to disclose your personal data to comply with a law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline (lawful basis: legal obligation)
While our starting position is always to keep personal data within the UK or European Economic Area (‘EEA’), we use third parties whereby some or all of your personal data may be stored outside of the European Economic Area (‘EEA’). You are deemed to accept and agree to this by using our Website and providing information to us. Where we do store data outside the UK or EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be under GDPR. We only work with companies who are committed to data security and have satisfactorily documented data security policies and processes.
Social media: If you are using Otley Hall social media, please remember that those social media engines have their own functionality, terms and privacy policies. Please ensure you have read these carefully and have checked your personal settings to ensure you are happy with how your information will be used by these social media engines. Otley Hall may make use of these functions but Otley Hall does not control them and is not responsible for them.
Security
Data security is very important to us. We take appropriate technical and operational measures to protect your personal data from access by unauthorised person and against unlawful processing, disclosure, accidental loss, destruction and damage.
Data Retention
We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
Links to Other Websites
Our Website may contain links to other websites operated and controlled by third parties. If you access another provider through our Website, your use of those services is entirely at your risk and governed by the terms and privacy policy of that third party provider. We are not responsible for their information collection practices or for the content of their sites.
Your Data Protection Rights and Preferences
Under data protection law you have the following rights:
The right to access – you have the right to be provided with a copy of your personal data
The right to rectification – You have the right to ask us to rectify or remove any information you believe is inaccurate. You also have the right to ask us to complete any information you believe is incomplete
The right to erasure – You have the right to ask us to erase your personal data, under certain conditions
The right to restrict processing – You have the right to ask us to restrict the processing of your personal data in certain conditions
The right to object to processing – You have the right to object to the processing of your data in certain conditions. You have the right, at any time, to object to the processing of your personal data for direct marketing
The right to data portability – You have the right to ask that we transfer the personal data that we have collected to another organisation, or directly to you, under certain conditions
The right to withdraw consent – You have the right to withdraw consent as a legal basis for processing, at any time
To exercise any of these rights, please contact us as set out below.
Our Use of Cookies
This Website uses cookies and similar technologies. Cookies are small text files that are placed on your computer by websites you visit. They are widely used in order to make websites work, or make a user’s experience more efficient, as well as to provide information to the owners of the site. By using our Website, you agree that we can place these types of cookies on your device.
For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.
These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this Website to you
These analytics and performance cookies are used on this site, as described below, only when you acknowledge Our cookie banner. We use analytics cookies to view site traffic, activity, and other data
Most browsers accept cookies automatically. If you wish to disable cookies, refer to your browser help menu to learn how to do so. Please note that if you manage your browser and third-party settings to block cookies, some or all of the Website and Services may not have full functionality and your user experience may be impacted. You can find out all about cookies, how to manage them and delete them, and how to manage your browser settings, at the UK ICO and www.aboutcookies.org.
How to Complain
If you have any concerns or queries about our use of your personal data, you can make a complaint to us directly by contacting us as set out below.
GDPR also gives the right to lodge a complaint with the Information Commissioner (ICO), the supervisory authority in the UK, who may be contacted at https://ico.org.uk/make-a-complaint or helpline: 0303 123 1113.
How to Contact Us
If you have a question about our Privacy Policy, the data we hold about you, or if you would like to exercise any one of your data protection rights, please do not hesitate to contact us:
Email us at events@otleyhall.co.uk
Call us on 01473 890 264
Or write to us at Otley Hall, Hall Lane, Otley, Suffolk, IP6 9PA
Changes to Our Privacy Policy
As data protection law and practice are constantly developing, we may need to update this policy from time to time, which we will do by posting a new policy on the Website that takes effect from the date stated. It is your responsibility to return to the Website from time to time and check for changes. This policy is effective from 25 January 2021.