Privacy Policy

1. Introduction

Welcome to Lydbrook Memorial Hall's Privacy Policy. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

By using our website and services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.

2.1 Personal Information You Provide

We may collect the following personal information when you interact with our services:

• Contact Information: Name, email address, postal address, telephone number
• Booking Information: Event details, date and time preferences, special requirements
• Payment Information: Billing address, payment card details (processed securely through third-party payment processors)
• Communication Data: Your messages, feedback, and correspondence with us
• Account Information: Username, password, and preferences if you create an account

2.2 Information Collected Automatically

When you access our website, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, links clicked, referring website
• Location Data: General geographic location based on IP address
• Cookies and Similar Technologies: See Section 9 for more details

2.3 Information from Third Parties

We may receive information about you from third parties such as social media platforms, analytics providers, and payment processors when you interact with our services through these platforms.

3. How We Use Your Information

We use the information we collect for various purposes, including:

• Service Delivery: To process bookings, manage events, and provide our services
• Communication: To respond to inquiries, send confirmations, and provide customer support
• Payment Processing: To process transactions and send receipts
• Improvement: To analyse usage patterns and improve our website and services
• Marketing: To send newsletters, promotional materials, and event updates (with your consent)
• Legal Compliance: To comply with legal obligations, to protect yours and our rights
• Security: To detect, prevent, and address technical issues and fraudulent activity
• Personalization: To customise your experience and provide relevant content

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for the performance of a contract with you
• Legal Obligation: Processing is necessary to comply with legal requirements
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests

5. Sharing Your Information

We may share your information in the following circumstances:

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as payment processing, email delivery, hosting services, and analytics. These providers are contractually obligated to protect your information.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using SSL/TLS protocols
• Secure storage of data with access controls
• Regular security assessments and updates
• Employee training on data protection and security
• Secure payment processing through PCI-DSS compliant providers
• Regular backups and disaster recovery procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

The criteria we use to determine retention periods include:

• The duration of our relationship with you
• Legal and regulatory requirements
• The nature and sensitivity of the information
• Potential legal claims or disputes
• Our legitimate business interests

When we no longer need your personal information, we will securely delete or anonymise it.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request copies of your personal data that we hold.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances.

8.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances.

8.5 Right to Data Portability

You have the right to request transfer of your personal data to another organisation or directly to you.

8.6 Right to Object

You have the right to object to processing of your personal data in certain circumstances, including for direct marketing purposes.

8.7 Right to Withdraw Consent

Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website.

9.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognise you and remember your preferences.

9.2 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly
• Performance Cookies: Help us understand how visitors use our website
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Track your browsing habits to deliver relevant advertising (with your consent)

9.3 Managing Cookies

You can control and manage cookies through your browser settings. However, disabling cookies may affect the functionality of our website. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block cookies from specific websites
• Block all cookies
• Delete all cookies when you close your browser

10. Third-Party Links

Our website may contain links to third-party websites, applications, or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We strongly advise you to review the privacy policy of every site you visit. This Privacy Policy applies only to information collected through our website and services.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our server.

12. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country, where data protection laws may differ from those in your jurisdiction.

When we transfer your personal data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office
• Adequacy decisions recognising equivalent data protection standards
• Other legally approved transfer mechanisms

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes indicates your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Complaints

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):