Privacy Policy

1. Who we are and how to contact us

This Privacy Policy explains how TheBluePeter, operating the website https://www.thebluepeterplymouth.co.uk (the “Website”), collects, uses and protects your personal data. We are established in the United Kingdom and act as the “controller” of your personal data for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have questions about this policy or how we handle your personal data, you can contact us by using the contact details published on our Website or by writing to: Privacy Team, TheBluePeter, Plymouth, United Kingdom.

We are not required to appoint a Data Protection Officer. All privacy enquiries should be directed to our Privacy Team using the contact details above.

2. Scope of this policy

This policy applies to personal data we collect when you visit and use the Website, contact us (for example via forms or email), make or manage a booking or enquiry online, sign up for marketing, or otherwise interact with us digitally. It does not cover personal data processed by third-party websites, platforms or services that you access via links or integrations from our Website; those are governed by their own privacy notices.

3. The personal data we collect

3.1 Data you provide to us

  • Identification and contact details such as name, email address, telephone number.
  • Booking and enquiry information such as requested date/time, party size, special requests or dietary preferences you choose to share.
  • Marketing preferences and communication choices (for example, whether you wish to receive news or offers).
  • Content you submit, such as feedback or messages.
  • Job or supplier enquiries sent via our Website or email (for example, CVs or company details) where applicable.

3.2 Data collected automatically

  • Technical and usage data including IP address, device and browser type, operating system, pages viewed, referring/exit pages, and timestamps.
  • Cookie and similar technology data (see Section 5) that may include unique identifiers and interaction information.
  • Server logs used for operation, security and diagnostics.

3.3 Data from third parties

  • Information from service providers that help us run the Website (e.g., hosting, analytics, cookie consent tools) and from booking or reservation platforms if you choose to use them.
  • Publicly available information (e.g., social media handles) when you interact with us through social channels.

4. Purposes and legal bases for processing

We process your personal data only when we have a valid legal basis under UK GDPR. Depending on the context, we use your data for the following purposes and bases:

  • Providing and operating the Website, enabling you to browse pages, load content and maintain security and performance.

    Legal basis: our legitimate interests in running an effective and secure Website.
  • Responding to your enquiries and requests (including table/venue booking enquiries), providing customer service, and communicating with you about your interactions with us.

    Legal basis: performance of a contract or taking steps at your request before entering a contract; and/or our legitimate interests in responding to user requests.
  • Managing bookings or reservations and related administration (confirmation, changes, cancellations).

    Legal basis: performance of a contract; legal obligations for record-keeping.
  • Sending you marketing communications (such as news, events or offers) if you consent, or, where permitted, to existing customers using the UK Privacy and Electronic Communications Regulations (PECR) “soft opt‑in” for similar products or services. You can opt out at any time.

    Legal basis: consent; and/or our legitimate interests in promoting our services in compliance with PECR.
  • Analytics and improvements (for example, understanding how the Website is used to improve content, layout and user experience) using non-essential cookies or similar technologies.

    Legal basis: your consent (see Section 5).
  • Security, fraud prevention and diagnostics (for example, protecting our Website, users and systems, and detecting misuse).

    Legal basis: our legitimate interests in ensuring security and preventing fraud; and compliance with legal obligations.
  • Compliance with law, enforcement requests, and the establishment, exercise or defence of legal claims.

    Legal basis: compliance with legal obligations; our legitimate interests in establishing or defending legal claims.

5. Cookies and similar technologies

5.1 What cookies are

Cookies are small text files placed on your device when you visit a website. They can be “session” cookies (deleted when you close your browser) or “persistent” cookies (stored until they expire or you delete them). We may also use similar technologies such as local storage or pixels.

5.2 How we use cookies

  • Strictly necessary cookies: essential for the Website to function (for example, page navigation, load balancing, security). These do not require consent.
  • Functional cookies: remember choices (such as preferences) to enhance your experience. Where these are not strictly necessary, we use them only with your consent.
  • Analytics cookies: help us understand how visitors use the Website so we can improve it. These are used only with your consent.
  • Advertising or social media cookies: if present, these track activity across sites to deliver relevant advertising or enable social features. These are used only with your consent.

5.3 Managing your cookie choices

  • On your first visit, you may be presented with a cookie banner allowing you to accept or reject non-essential cookies. You can withdraw or change your consent at any time by adjusting your browser settings to delete or block cookies and by clearing cookies to re-display the consent banner.
  • You can also control cookies through your browser or device settings by blocking, deleting or restricting cookies. If you block strictly necessary cookies, parts of the Website may not function properly.

Cookie lifespans vary: strictly necessary cookies typically last only for the session or a short period; analytics or preference cookies may last from a few minutes to up to two years, depending on the provider and purpose.

6. Sharing your personal data

We do not sell your personal data. We may share it with:

  • Service providers acting as processors who provide hosting, maintenance, security, analytics, email communications, cookie consent tools, IT support, and similar services.
  • Booking or reservation partners, payment and transactional service providers if you choose to use those services in connection with our Website.
  • Professional advisers (such as lawyers or accountants), insurers, and auditors, where necessary.
  • Public authorities or law enforcement where required by law or to protect rights, safety or property.
  • Successors in the event of a reorganisation, merger or transfer of our operations, in which case personal data may be transferred as part of the transaction.

7. International data transfers

Some of our service providers may be located outside the UK or the European Economic Area (EEA). Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as:

  • An adequacy decision for the destination country; or
  • Approved transfer mechanisms such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with additional safeguards where appropriate.

You can contact us to obtain further information about the safeguards for specific transfers.

8. Data security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS), access controls, least‑privilege permissions, system monitoring, backups, and staff awareness measures. While we work to protect your data, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

9. Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy and to meet legal, tax, accounting or reporting requirements. Typical retention periods are:

  • Enquiries and correspondence: up to 24 months from our last interaction.
  • Booking and transaction-related records: up to 7 years after the end of the relevant financial year to comply with legal and tax obligations.
  • Marketing preferences and communications: until you unsubscribe or object, or after 24 months of inactivity.
  • Technical logs and security records: up to 12 months, unless needed longer for investigation or legal reasons.
  • Job or supplier enquiries: up to 12 months unless retained longer due to a continuing relationship.
  • Cookie consent records: up to 6 years to demonstrate compliance.

We may retain data longer where required for the establishment, exercise or defence of legal claims.

10. Your rights

Under UK data protection law, you have the following rights (subject to limitations and exemptions):

  • Access: request a copy of your personal data we hold.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: request deletion of your data where there is no good reason for us to continue processing it.
  • Restriction: ask us to suspend processing in certain circumstances.
  • Portability: receive your data in a structured, commonly used and machine‑readable format and transmit it to another controller where processing is based on consent or contract and carried out by automated means.
  • Objection: object to processing based on our legitimate interests and to direct marketing.
  • Withdraw consent: where we rely on consent (for example, for non‑essential cookies or marketing), you can withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

To exercise your rights, contact us using the details in Section 1. We may need to verify your identity and ask for information to help us respond. We aim to respond within one month. You will not usually have to pay a fee, but we may charge a reasonable fee or refuse a request if it is manifestly unfounded or excessive.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113.

11. Children’s privacy

Our Website is not directed at children under 13. If you are under 13, please do not provide personal data through the Website. If we learn that we have collected personal data from a child under 13 without appropriate consent, we will delete it.

12. Third‑party websites and services

The Website may include links to or integrations with third‑party sites, services or platforms (for example, booking providers or social media). We are not responsible for how those third parties collect or use your data. Please review their privacy notices.

13. Automated decision‑making

We do not carry out automated decision‑making or profiling that produces legal or similarly significant effects concerning you.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or for other operational reasons. We will post the updated version on the Website and indicate the effective date below. Your continued use of the Website after any updates constitutes your acceptance of the revised policy.

Effective date: 14 December 2025.

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 TheBluePeter