top of page

Privacy Policy

1. Introduction

The Old Stone Barn (“we”, “us”, “our”) respects your privacy and complies with UK GDPR. This policy explains how we collect, use, retain, and share your personal data when you visit our website, enquire about bookings, or use our services.

2. Data Controller & Contact

The Old Stone Barn

Home Farm

Warrington

Olney

MK46 4HN

info@oldstonebarn.co.uk

01234 711655​

3. Personal Data We Collect

  • Enquiries & booking forms: name, email, telephone, event date, guest numbers, message.

  • Communications: any data you provide during emails, phone calls, or in-person meetings.

  • Website analytics: anonymised IP address, device/browser info, pages visited, session duration via essential and performance cookies only — no advertising or profiling cookies.

4. How We Use Your Data

  • To provide quotes, respond to enquiries, and manage event bookings.

  • To send confirmations, invoices, reminders, and follow-up messages.

  • To improve our website via anonymised analytics.

  • To maintain legal, financial, insurance, and compliance records.

5. Legal Basis for Processing

  • Contractual necessity: to deliver services and bookings.

  • Legitimate interests: to operate and improve our venue and website.

  • Consent: where opted in for marketing or follow-ups.

  • Legal obligation: to keep records for VAT, insurance, or audit purposes.

6. Data Sharing

We do not sell or rent personal data. We may share your information with:

  • Service providers (e.g. website host, email provider, analytics) — under GDPR-compliant agreements.

  • Regulatory authorities, insurers, or suppliers when required by law or to deliver services.

7. Cookies & Tracking

  • Essential cookies: necessary for forms and navigation.

  • Performance cookies: anonymised analytics only (e.g. Google Analytics).
    No advertising, profiling or third-party tracking cookies are used.

8. Data Retention

  • Enquiry and booking records: retained up to 7 years for legal, financial, and compliance reasons.

  • Analytics session data: deleted after 24 months; aggregated metrics retained as needed.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access, correct, erase, restrict, or port your data.

  • Withdraw consent or object to processing.
    You can exercise your rights by contacting us using the details above. You also have the right to complain to the ICO.

10. Security

We use SSL encryption, secure hosting, access controls, firewalls, and staff training to safeguard your data. While no system is entirely foolproof, we follow industry best practices.

11. International Transfers

All data is processed and stored within the UK—no overseas transfers.

12. Policy Updates

This policy may be updated occasionally; continued use of our website denotes acceptance of changes.

bottom of page