PRIVACY POLICY
This policy describes how Gobble Up Catering Limited (“Gobble Up”) handles your personal information when you use our website (https://thecockhorse.co.uk or https://thecockhorse.com), when we provide services to you and during your relationship with us.
Gobble Up Catering Limited has its registered address at Bridge House, 25 Fiddlebridge Lane, Hatfield, Hertfordshire, United Kingdom, AL10 0SP.
The Cock Horse Inn, Church Street, Lavenham, CO10 9SA is part of Gobble Up (“we”, “us”).
We are committed to ensuring all personal data is processed in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018.
We are the data controller and are responsible for ensuring we preserve and protect your privacy under data protection rules and regulations.
1.Who We Are and Contact Information
1.1. We are responsible for ensuring we preserve and protect your privacy and this policy outlines how we collect and process your personal data.
1.2. We have appointed a Data Protection Officer (DPO) who oversees our handling of personal data.
If you have any questions about this privacy policy including any requests to exercise your rights, you may contact the DPO as follows:
Post: Data Protection Officer, Gobble Up Catering Limited, 37 Church Street, Lavenham, Sudbury, Suffolk, CO10 9SA.
Email: info@thecockhorseinn.co.uk
Phone: 01787 827330
​
2.Information We Collect
2.1. Personal data, or personal information, means any information about an individual from which that person can be identified.
2.2. We may collect, use, store and transfer the following personal information from you because of the following activities:
2.2.1. when you make a booking and use any of our services, we need to obtain information in order to identify you, contact you and process your purchase and request.
2.2.2. when you contact us by phone, email, and social media sites (including but not limited to, Facebook, Twitter, Instagram), the information you give us may include your name, email address, postcode, postal address, telephone number, date of birth, credit card information. We may keep a record of that information.
2.2.3. when you submit information in a comment card or feedback form, which may include your name, email address, telephone number and details of your experience.
2.2.4. if you register for our loyalty scheme (if provided), which may include your name, email address, postcode, postal address, telephone number and date of birth.
2.2.5. if you participate in a competition or other marketing initiatives, which may include your name, email address, postcode and telephone number.
2.2.6. if you choose to complete a survey the information collected will be relevant to the research being conducted. This may include information such as your name, email address, date of birth, gender, interests, postcode.
2.2.7 if you visit our website, information collected may include the Internet protocol (IP) address used to connect your computer to the internet, login data, browser plug-in type and version, operating system and platform, time zone setting and location and other technology on the devices you use to access our websites; and website performance, using Google Analytics, provided by Google Inc. Google uses cookies to collect information on your visit to our website and how you use it including the full Uniform Resource Locators (URL), length of visits to certain pages, page interaction, date, time as well as page response times, mobile compatibility.
2.3. We do not collect any Special Categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor do we collect any information about criminal convictions and offences.
2.4. You are not under any legal obligation to provide us with any of your personal information. If you elect not to provide us with your personal information, in some circumstances we may be unable to advance or adequately administer our relationship with you or provide services to you.
2.5. Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2.6. Our website is not intended to be used by minors nor do we knowingly collect information relating to children.
3. Cookies
3.1. A cookie is a small file which asks your permission to be stored on your computer’s browser or hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a website. Cookies allow web applications to respond to you as an individual.
3.2. Our website uses traffic log cookies to identify which pages of our website are being used. This helps us to provide you with a good experience when you browse our website and allows us to improve our website.
3.3. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
3.4. For further information on Cookies please visit www.aboutcookies.org
4. How We Use Your Personal Information
4.1. We will only use your personal data when we have a lawful basis and the law allows us to do so.
4.2 We may use the information we collect and hold about you in the following ways:
4.2.1 to facilitate an enquiry to provide you with information you request from us prior to a prospective or actual purchase or other form of contract;
4.2.2. to answer enquiries, provide requested information, make a booking or reservation and fulfil any contractual obligations between you and us;
4.2.3. information provided to us in comment cards and/or guest feedback forms will be used to follow up with you and to improve our services and products and to recognise individual employees good work;
4.2.4 to notify you about changes to our services or inform you of circumstances that may impact on our ability to deliver those services or your experience;
4.2.5. to manage and administer our business, including for the purposes of reviewing and improving our products and services;
4.2.6. to administer our websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
4.2.7. to ensure that content on our websites are effective for both you and your chosen device;
4.2.8. to provide you with marketing information in accordance with your marketing preferences (if any) as set out in paragraph 4.3
4.3 We will add your identification and contact data marketing database if you:
4.3.1. make an enquiry about our products or services;
4.3.2. buy our products or services;
4.3.3. visit our website;
4.3.4. have told a third party that you would like them to pass us your contact details so that we can send you updates about our products and services
4.4. We may send you marketing communications by email, telephone, text message or post. You can ask us to only send you marketing communications by specific methods (for example, you may be happy to receive emails from us but not telephone calls) or you may ask us not to send you any marketing communications at all.
4.5. We never share your personal data with third parties for marketing purposes.
4.6. The lawful bases we will rely on to process your personal data are:
4.6.1. Legitimate Interest – which means conducting and managing our business in our interests, or the interests of a third party. Our interests could include, for example, our internal administrative purposes, ensuring network and information security or for promoting our business including direct marketing. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests or the interests of a third party. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
4.6.2. Performance of Contract – which means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering such a contract.
4.6.3. Comply with a legal or regulatory obligation – which means processing your personal data where it is necessary for compliance with law or regulation to which we are subject.
4.7. Generally, we do not rely on consent as a legal basis for processing your personal data. If we do ask for your consent, you have the right to withdraw consent at any time.
5. Disclosure of Your Personal Data to Others
5.1. We only share your personal data in the day to day running of our business with people who have a need to know such information to perform their responsibilities.
5.2. We may also share your personal information with selected third parties who are:
5.2.1. service providers acting as processors based in the UK who provide IT and system administration services, website development services, website maintenance services, analytics and search engine providers that assist us in the improvement and optimisation of our site, server and hosting services fraud prevention and credit risk reduction services;
5.2.2 professional advisors acting as processors or joint controllers including lawyers, bankers, auditors/accountants and insurers based in the UK who provide consultancy, banking, legal insurance and accounting services;
5.2.3. HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the UK;
5.2.4 any other third parties as required by law or for the purposes of crime (including fraud), to prevent or investigate breaches of, or to enforce, our terms, to respond to or investigate security vulnerabilities, or to respond to emergencies, and to protect the rights of third parties.
5.2.5 any of our group companies which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, for internal reasons, primarily for business and operational purposes (and, where you have consented to us doing so, for direct marketing purposes)
5.3. We may also share your personal data with third parties where, for example, we:
5.3.1. sell or buy (or merge with) any business or assets (including our own) or enter a joint venture, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
5.3.2. are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply our website terms of use and other agreements; or to protect the rights, property, or safety of our customers, ourselves or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
6. Data Security
6.1. All the information you provide to us will be stored securely and we use strict procedures and security features to try to prevent unauthorised use, disclosure or accidental loss. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
6.2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. International Transfers
7.1. Your personal information may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) by us or by our sub-contractors. Where we, or our sub-contractors, use IT systems or software that is provided by non-UK companies, your personal data may be stored on the servers of these non-UK companies outside the EEA. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy which may include confirming that any US-based companies are registered under the US Privacy Shield or entering into specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
8. How Long Will We Keep Your Personal Data
8.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
8.2. In practice this means that we will keep:
8.2.1. customer details e.g. your name and contact details for up to 6 years.
8.2.2. account information, invoices and payment records for 7 years.
8.2.3. complaint records for 3 years.
9. Your Rights and Your Personal Data
9.1. You have the following rights regarding your information: Rights What Does This Mean?The right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy. The right of access You have the right to obtain access to your information (if we’re processing it), and other certain other
information (similar to that provided in this policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
The right to rectification You’re entitled to have your information corrected if it’s inaccurate or incomplete. The right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. The right to restrict processing You have rights to ‘block’ or suppress further use of your
information. When processing is restricted, we can still store your information, but may not use it further. We keep a record of people who ask for further use of their information to be ‘blocked’ to make sure the restriction is respected in future. The right to data portability You have rights to obtain and reuse your personal
data for your own purposes across different services. E.g., if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability. The right to object You have the right to object to certain types of
processing, including processing for direct marketing (which we do only with your consent). Rights in relation to automated decision making and profiling We may use technology to build profiles about you, and for you this means we may make certain assumptions about products you may be interested in and use this to send you more tailored marketing communications.
9.2. You can exercise your right of access by sending us a written request at any time. Please mark your request “Subject Access Request” and send it:
9.2.1. by email to info@thecockhorseinn.co.uk; or
9.2.2. to The Data Protection Officer, Gobble Up Catering Limited, 37 Church Street, Lavenham, Sudbury, Suffolk, CO10 9SA.
9.3. You can find full details of your personal data rights on the Information Commissioner’s Office website at www.ico.org.uk.
9.4. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
9.5. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
9.6. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
10. Complaints
10.1. If at any time, for any reason, you are unhappy with how we hold or process your personal information, please raise your concerns with us immediately.
10.2. You are also entitled to make a complaint to the Information Commissioner’s office at www.ico.org.uk. Whilst you are not required to do so, we encourage you to contact us directly to discuss any concerns that you may have and to allow us an opportunity to address these before you contact the Information Commissioner’s Office.
11. Changes to Our Privacy Policy
11.1. We will review and update this policy from time to time. This may be to reflect a change in the services we offer or a change to our internal procedures or it may be to reflect a change in the law.
11.2. If we change our policy, a copy will be available on our website. Please check back frequently to see any updates or changes to our privacy policy. Where appropriate we may also contact you by email with regards to any changes to this policy.
11.3. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.