Privacy Policy

Last updated: 29/10/25

This Privacy Policy explains how Candover Op Co (trading as The Candover Public House with Rooms) (“The Candover”, “we”, “us”, “our”) collects, uses, shares and protects your personal data when you visit our website, book a table or room, purchase a voucher, subscribe to updates, dine or stay with us, or otherwise interact with us.

1) Who we are & how to contact us

  • Data controller: Candover Op Co, trading as The Candover Public House with Rooms.

  • We have appointed a Data Controller to oversee our data protection practices and compliance.

  • Contact: Info@thecandover.com

  • Address: THE CANDOVER , Alresford Road, Preston Candover, Hampshire RG25 2EJ

2) What this policy covers

This policy applies to:

  • Our website and online booking journeys (rooms, tables, vouchers).

  • In-venue interactions (dining, bar tabs, events, Wi‑Fi, CCTV where in use).

  • Marketing (email/SMS/newsletters) where you opt in.

  • Customer care and post-stay/post-visit surveys and reviews.

It does not cover third-party sites you may visit via our links.

3) Personal data we collect

  • Identity & contact: name, email, phone, postal address.

  • Booking details: dates, party size, room type, rate plan, preferences (e.g., dietary, accessibility), special requests.

  • Transaction data: payment method, amounts, deposits/guarantees (full card data handled by our payment provider).

  • Communications: enquiries, feedback, complaints.

  • Technical data: IP address, device/browser info, cookie IDs and analytics events (see Cookies).

  • In-venue data: bar/restaurant spend linked to your booking; incident logs; CCTV (sign‑posted; retained for security).

  • Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

  • We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Please avoid providing medical or other special category data unless necessary; where provided (e.g., accessibility or allergy information) we use it only to support your visit.

  • 3a.) If you fail to provide personal data to us

  • Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with a gift card you have requested to purchase). In this case, we may have to cancel your purchase with us or decline to enter into a contract with you but we will notify you if this is the case at the time.

4) How we collect data

  • Directly from you (website forms, bookings, emails, calls, in‑venue).

  • Automatically via cookies/analytics when you use our site (see Cookies).

  • From partners that help us operate (e.g., booking engine/PMS, payment processor, voucher platform, table‑booking system, email/SMS services, analytics/cookie providers, Wi‑Fi vendor, review platforms).

5) Why we use your data (legal bases)

  • Contract: to take and manage room/table reservations, deposits/guarantees/stays, dining, vouchers, and service emails (confirmations, pre‑arrival, post‑stay).

  • Legitimate interests: to run and improve our pub‑hotel, manage service and security (including CCTV), prevent fraud, respond to enquiries, understand demand, and personalise guest experience.

  • Consent: optional marketing (email/SMS) and non‑essential cookies/analytics; you can withdraw consent at any time.

  • Legal obligation: accounting, tax, and regulatory compliance; responding to lawful requests.

6) Marketing & your choices

We will only send you marketing (e.g., newsletters, offers) where you’ve opted in or where permitted by law; you can unsubscribe at any time in the message or by contacting us.

We do not sell your personal data. We also don’t share it with organisations outside our group for their own marketing without your explicit consent.

7) Sharing your data (service providers & partners)

We share data with trusted providers that act on our instructions to deliver services, for example:

  • Booking engine/PMS and table‑booking systems;

  • Payment processor (PCI‑compliant) and fraud‑prevention tools;

  • Voucher/gift card platform;

  • Email/SMS and IT/hosting providers;

  • Analytics & cookie tools (see Cookies);

  • Wi‑Fi vendor (venue network);

  • Review platforms (e.g., when you submit a review).

Where required by law, we may disclose data to authorities. We require processors to protect your data and use it only as instructed.

8) International transfers

If personal data is transferred outside the UK/EEA by our providers, we ensure appropriate safeguards (e.g., UK International Data Transfer Addendum, Standard Contractual Clauses).

9) Retention

We keep data only as long as needed, then delete or anonymise it. Typical periods:

  • Booking & invoice records: up to 6 years (legal/tax).

  • Enquiries/complaints: up to 12–24 months after resolution.

  • Marketing data: until you opt out or after a period of inactivity.

  • CCTV: typically, 30 days unless needed for an investigation (venue‑specific).

Exact periods may vary by system and legal requirements.

10) Cookies & similar technologies

We use cookies to run the site, remember preferences and improve performance. Necessary cookies run by default; optional analytics/marketing cookies run only with your consent.

You can adjust settings in our cookie banner or your browser at any time.

11) Security

We apply appropriate technical and organisational measures (encryption in transit, access controls, audits, staff training). No system is 100% secure; if you suspect misuse or a breach, please contact us immediately.

12) Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, object, and data portability. Where processing is based on consent, you can withdraw it at any time. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk, However, we would encourage you to contact us in the first instance so we may resolve any issues you have.

13) Children

Bookings must be made by individuals 18+. If we learn we hold a child’s data without proper basis, we will delete it.

14) Changes to this policy

We may update this policy periodically. We’ll post the latest version here with a new effective date and, where appropriate, highlight material changes.

15) Contact

For privacy queries or to exercise your rights, please contact our Data Controller:

  • Contact: Info@thecandover.com

  • Address: THE CANDOVER , Alresford Road, Preston Candover, Hampshire RG25 2EJ