Privacy Policy
Privacy Commitment: Hungry Horse is committed to protecting your privacy and handling your personal data transparently and securely.
This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Privacy Policy Contents
- 1. Who We Are
- 2. Information We Collect
- 3. How We Collect Information
- 4. How We Use Your Information
- 5. Legal Basis for Processing
- 6. Sharing Your Information
- 7. Data Retention
- 8. Your Rights
- 9. Cookies & Tracking
- 10. Data Security
- 11. International Transfers
- 12. Children’s Privacy
- 13. Changes to This Policy
- 14. Contact Us
1. Who We Are
Hungry Horse Ltd (“we”, “us”, “our”) operates family pub restaurants across the United Kingdom. We are a data controller registered with the Information Commissioner’s Office (ICO) in accordance with UK data protection laws.
Our Details
Data Controller: Hungry Horse Ltd
Registered Address: [Your Registered Address]
ICO Registration Number: [Your ICO Number]
Contact Email: info@bulleyes.blog
This privacy policy applies to all Hungry Horse venues, our website (www.hungryhorse.co.uk), mobile applications, booking systems, and any other services we provide.
2. Information We Collect
We collect different types of personal information depending on how you interact with us:
Personal Identification Information
- Name, title, and contact details (email, phone number, address)
- Date of birth (for age verification and promotions)
- Proof of identity (when required for specific promotions)
Transactional Information
- Booking details and preferences
- Order history and purchase information
- Payment details (processed securely by payment providers)
- Loyalty program participation
Technical and Usage Information
- IP address, browser type, and device information
- Website usage data and analytics
- CCTV footage in our venues (for security purposes)
- Communication preferences and marketing consent
Special Category Data
- Dietary requirements and allergen information (only when voluntarily provided by you)
- Accessibility requirements to accommodate your visit
We only process special category data with your explicit consent or when required by law.
3. How We Collect Information
We collect personal information through various methods:
Direct Interactions
- When you make a booking at one of our venues
- When you place an order for food or drinks
- When you sign up for our loyalty program or newsletter
- When you enter a competition or promotion
- When you provide feedback or make a complaint
- When you apply for a job with us
Automated Technologies
- Through cookies and similar tracking technologies on our website
- Via CCTV systems in our venues (signposted accordingly)
- Through analytics tools that track website usage
Third Parties
- Booking platforms and reservation systems
- Social media platforms (when you interact with our content)
- Marketing and research partners (with appropriate safeguards)
- Publicly available sources (company websites, LinkedIn, etc.)
4. How We Use Your Information
We use your personal information for the following purposes:
Service Provision
- To process and manage your bookings
- To prepare and serve your food and drink orders
- To process payments and maintain transaction records
- To manage our loyalty program
Customer Service
- To respond to your inquiries and complaints
- To provide allergen information and dietary accommodations
- To send booking confirmations and reminders
- To gather feedback to improve our services
Marketing & Communications
- To send promotional offers and updates (with your consent)
- To inform you about new menu items and events
- To conduct market research and analysis
- To personalize your experience with us
Legal & Compliance
- To comply with legal obligations (e.g., health and safety, tax)
- To prevent fraud and ensure venue security
- To protect our rights and the rights of others
- To maintain business records as required by law
5. Legal Basis for Processing
Under UK GDPR, we process your personal data based on one or more of the following legal grounds:
Contract
Processing necessary to fulfill our contract with you (e.g., taking and fulfilling your booking or order).
Consent
Where you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications).
Legal Obligation
Processing necessary to comply with the law (e.g., health and safety regulations, tax requirements).
Legitimate Interests
Processing necessary for our legitimate interests (e.g., business analytics, fraud prevention, improving services).
Withdrawing Consent: Where we rely on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing before your withdrawal.
6. Sharing Your Information
We only share your personal information with third parties when necessary and with appropriate safeguards:
Service Providers
- Payment processors to handle transactions securely
- Booking and reservation system providers
- Marketing and email service providers
- IT and cloud service providers
- Customer feedback platforms
Legal & Regulatory
- Government authorities when required by law
- Law enforcement agencies for crime prevention
- Regulatory bodies for compliance purposes
Business Transfers
- In connection with any merger, sale of company assets, or acquisition
- As part of due diligence processes
Third-Party Agreements
All third parties with whom we share personal data are contractually required to protect your information and only process it for the purposes we specify. We do not sell your personal data to third parties.
7. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for legal, accounting, or reporting requirements.
| Type of Data | Retention Period | Reason for Retention |
|---|---|---|
| Booking information | 3 years from last visit | Customer service and business analysis |
| Transaction records | 7 years | Legal and tax compliance |
| Marketing preferences | Until consent withdrawn | To respect communication preferences |
| CCTV footage | 30 days (unless required for investigation) | Security and crime prevention |
| Job application data | 6 months after decision | Recruitment process management |
| Customer complaints | 6 years | Legal protection and service improvement |
After the retention period ends, we securely delete or anonymize your personal data so it can no longer be associated with you.
8. Your Rights
Under data protection law, you have rights regarding your personal information:
Right to Access
You can request a copy of the personal data we hold about you (a “subject access request”).
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data in certain circumstances (“right to be forgotten”).
Right to Restrict Processing
You can request restriction of processing in certain circumstances.
Right to Data Portability
You can request transfer of your data to another organization in a structured format.
Right to Object
You can object to processing based on legitimate interests or for direct marketing.
Rights on Automated Decisions
You have rights regarding automated decision making and profiling.
Right to Withdraw Consent
Where we rely on consent, you can withdraw it at any time without affecting prior processing.
Exercising Your Rights: To exercise any of these rights, please contact us using the details in Section 14. We may need to verify your identity before processing your request. We will respond within one month of receiving your request.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK data protection authority, if you believe we have not complied with data protection laws.
9. Cookies & Tracking
Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website traffic.
Types of Cookies We Use
Essential Cookies
Required for the website to function properly (e.g., remembering items in your basket, secure login). These cannot be disabled.
Analytical Cookies
Help us understand how visitors interact with our website by collecting anonymous information about page visits, popular content, etc.
Functional Cookies
Remember your preferences (e.g., language, location) to personalize your experience.
Marketing Cookies
Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.
Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when websites try to place cookies on your device. However, disabling certain cookies may affect website functionality.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
Our Security Measures Include:
- Encryption of sensitive data in transit and at rest
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Secure development practices for our systems
- Employee training on data protection and security
- Incident response and breach notification procedures
Your Role in Security
While we take measures to protect your information, you also play a role in keeping your data secure. Please use strong, unique passwords for any accounts you create with us and avoid sharing login credentials.
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.
11. International Transfers
We primarily store and process your personal data within the United Kingdom. However, some of our service providers may be located outside the UK.
International Data Transfers: When we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK authorities, or transfers to countries with adequate data protection laws.
You can contact us for more information about the specific safeguards we use for international data transfers.
12. Children’s Privacy
Our services are family-friendly, but we are particularly careful with children’s personal data:
- We do not knowingly collect personal data from children under 13 without parental consent
- When children visit our venues with their families, we may collect limited information (e.g., for kids’ meal orders) with parental supervision
- Our marketing communications are not directed at children
- Parents or guardians can contact us to review, update, or delete any personal data we may have about their child
If you believe we have collected personal data from a child without appropriate consent, please contact us immediately so we can take appropriate action.
13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements.
Policy Updates
We will post any changes on this page and update the “Last Updated” date below. For significant changes, we may also notify you by email or through a notice on our website.
Last Updated: 1st November 2023
We encourage you to review this policy periodically to stay informed about how we protect your information.
14. Contact Us
If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:
Contact Information
Data Protection Officer:
Hungry Horse Ltd
Email: info@bulleyes.blog
Postal: [Your Registered Address]
For venue-specific inquiries, please contact the relevant Hungry Horse location directly.
Supervisory Authority: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
Thank you for trusting Hungry Horse with your personal information. We are committed to protecting your privacy and being transparent about our data practices.
© 2023 Hungry Horse Ltd. All rights reserved.