Privacy Policy — The Old Hall Ely

Last updated: April 2026

The Old Hall Ely (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you visit theoldhallely.co.uk, contact us, make an enquiry, attend an event, or use any of our services.

We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

1. Who We Are

The Old Hall Ely Stuntney, Ely, Cambridgeshire, CB7 5TR Email: marketing@theoldhallely.co.uk Data Protection Contact: Marketing Team

 

2. The Data We Collect

We collect and process the following categories of personal data:

Information you provide directly

  • Name

  • Email address

  • Phone number

  • Postal address

  • Event details (guest numbers, dates, preferences, notes)

  • Payment information (processed securely via Stripe)

  • Any information submitted through our website forms (wedding, corporate, party, stay, general contact)

  • Newsletter sign‑up details

  • Information provided during phone or in‑person enquiries

Information collected automatically

  • IP address

  • Device information

  • Cookies and tracking data

  • Website usage analytics

Information collected on-site

  • CCTV footage (for safety, security, and crime prevention)

 

3. How We Collect Your Data

We collect data through:

  • Website enquiry forms

  • Newsletter sign‑ups

  • Cookies and analytics tools

  • Third‑party integrations (Google Ads, Google Analytics, Meta, Klaviyo)

  • Phone calls and email correspondence

  • In‑person meetings and venue tours

  • CCTV cameras on the premises

  • Ticket purchases via hi.events

  • Ecommerce purchases processed via Stripe

 

4. How We Use Your Data

We use your personal data for the following purposes:

  • Responding to enquiries and providing information

  • Managing bookings, events, and venue operations

  • Sending marketing emails (with your consent)

  • Processing payments

  • Running ticketed events

  • Improving our website and services

  • Analytics, performance tracking, and advertising

  • Legal compliance (e.g., financial records, Challenge 25)

  • Ensuring the safety and security of our premises (CCTV)

 

5. Our Legal Bases for Processing

We rely on the following lawful bases under UK GDPR:

  • Contract — to process enquiries, bookings, payments, and event details

  • Legitimate Interest — to operate and improve our business, respond to enquiries, and ensure venue security

  • Consent — for marketing communications

  • Legal Obligation — for financial, tax, and safety requirements

 

6. Sharing Your Data

We only share your data with trusted third parties when necessary to operate our business:

  • Klaviyo — email marketing and automation

  • Google Ads & Google Analytics — advertising and website analytics

  • Meta (Facebook/Instagram) — advertising

  • Stripe — secure payment processing

  • hi.events — ticketing for applicable events

  • Website hosting provider — (please confirm your host; I can insert the name)

  • IT support providers — for secure system maintenance

All third parties are required to keep your data secure and use it only for the purposes we specify.

 

7. International Data Transfers

Some of our partners process data outside the UK:

  • Klaviyo stores data in the United States

  • Google Analytics processes data globally

Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

 

8. Cookies

We use cookies to:

  • Improve website performance

  • Analyse visitor behaviour

  • Support essential website functions

You will see a cookie banner when you visit our site, allowing you to accept or manage your preferences.

We do not use Google remarketing cookies.

 

9. How Long We Keep Your Data

We retain personal data only for as long as necessary:

  • Enquiry data: typically 2 years

  • Booking and event records: up to 7 years (legal requirement)

  • Marketing data: until you unsubscribe

  • CCTV footage: typically 30–90 days (unless required for investigation)

  • Payment records: 7 years (legal requirement)

If you want custom retention periods, I can adjust these.

 

10. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request deletion of your data

  • Restrict or object to processing

  • Withdraw consent for marketing

  • Request data portability

To exercise your rights, contact: marketing@theoldhallely.co.uk

 

11. How We Protect Your Data

We use technical and organisational measures to keep your data secure, including:

  • Encrypted payment processing via Stripe

  • Secure hosting and firewalls

  • Access controls for staff

  • Regular security reviews

  • Encrypted data transfers where applicable

 

12. Marketing Communications

We send marketing emails only when:

  • You have opted in, or

  • You have an existing relationship with us and legitimate interest applies

You can unsubscribe at any time using the link in our emails or by contacting us.

 

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

 

14. Contact Us

For any questions about this policy or your data:

Marketing Team Email: marketing@theoldhallely.co.uk

Menu
Menu