Welcome to our Privacy Policy. We are committed to protecting and respecting your privacy
This Privacy Policy provides information on how we collect and processes your personal data when you visit our venues, use our websites (including any data which you may provide through those websites when you contact us or provide feedback), make a booking, visit or interact with us via our WiFi facilities or social media pages, or when you use our mobile apps, or otherwise engage with us, including when you participate in our loyalty programme or other promotions (together, "Digital Services").
This Privacy Policy explains:
Please read the following carefully.
Except as mentioned below, Stonegate Pub Company Limited is the controller of your personal information. This means that Stonegate Limited decides why and how your personal information is processed. Please see the section at the end of this Privacy Policy and our Terms of Use for our contact and legal information respectively.
We sometimes work with other organisations in connection with some of the processing activities described in this notice, such as social media platforms. Where that information is collected and sent to other organisations for processing that is for a common purpose or purposes, we will be making decisions together in relation to that particular processing and will be 'joint controllers' with the organisations involved. As joint controllers, we and the other organisations involved in making these decisions will be jointly responsible to you under data protection laws for this processing.
In other circumstances, the organisation receiving your information will be separately responsible to you and use your personal information in the ways described in its privacy policy (and not ours). For example:
If you link your payment card to your loyalty programme account through a third party banking app, the relevant bank that issues that payment card and card scheme (American Express, Mastercard or Visa) will be processing your personal information in accordance with its privacy policies as separate controllers. Please see the relevant website of the bank or scheme for the relevant privacy policy.
We may make WiFi services available in our venues and where we do, these are provided by our third party service provider, Purple WiFi. Purple WiFi is a separate controller of the personal information it collects during the course of its provision of those services. Please its privacy policy at https://purple.ai/privacy-policy/ for further information.
If you apply for a job through our websites, our separate Recruitment Privacy Policy will apply.
This Privacy Policy may change from time to time so please check this Privacy Policy occasionally to ensure that you are happy with any changes. For more information on changes to our Privacy Policy, please see section 14 (Changes to this Privacy Policy).
This Privacy Policy was last updated on the date set out at the end of this Privacy Policy.
Personal information you provide to us
When you interact with us online or offline we collect and use information about you in the course of providing you our services and with consumer support. We may collect some or all of the information listed below to help us with this:
Where we need to collect personal data where legally required to do so, or perform a contract we have with you (or take pre-contract steps you have requested), and you do not provide us with your personal information, we may be unable to provide products or services to you. This may also lead to us having to cancel your booking.
You are under no statutory or contractual obligation to provide us with your personal information; however, we require at least the information above in order for us to deal with you as a prospective customer or customer in an efficient and effective manner. Where the law allows, we may combine information we receive from other sources with information you give to us and information we collect about you
Information we collect about you including using automated methods
We collect CCTV footage and date and time information when you pass an area in which we or a company on our behalf operates CCTV surveillance or makes CCTV recordings (including from body-worn cameras). Such footage may include criminal offence or health data.
We also collect data on the use and consumption of gifts and promotions, as well as your booking history. We also collected information about your most visited venue amongst the venues that we operate.
We may automatically collect information about your use of the Digital Services, such as the number and duration of visits to the Digital Services and details of which particular pages or parts have been visited. We may also anonymise any personal information we receive about you by amending it, combining it with other data or by using other anonymisation techniques such as 'hashing' ("Anonymised Information""). After we anonymise your information, it will not be attributable to you.
We also automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform as well as mobile identifiers cookie, tracking pixel and beacon identification information. Please see our Cookie Policy for further information ("Technical Information").
We use any collected Technical Information and Anonymised Information to analyse how the Digital Services are functioning and how it is used by users, for insight purposes and to help us maintain and improve the Digital Services on an ongoing basis. We also use this information to provide our services, including through our mobile applications and when you pay at our venues. We may share Anonymised Information with third parties that we work with, including our commercial partners.
We may record calls you make to our customer services team for quality and training purposes, and for the purposes of handling complaints and legal claims.We collect information about your behaviour at our venues and, if you have been banned, details of the reasons and period for which you have been banned.
Information we collect about you in connection with our loyalty programme
If you participate in our loyalty programme, we collect details relating to your participation including the period of your participation, the number of points and other benefits you have earned and details of when you have earned them, the points and other rewards you have redeemed and when you have redeemed them, your refer-a-friend activities and your favourite venues.
In certain circumstances, we provide you the option to link your bank account and/or card payment method to our loyalty programme. This is facilitated via our third-party providers, such as Bink, and utilises open banking APIs. Where your banking provider supports this facility, and you choose to link your account and/or card payment method to our loyalty programme Stonegate and your banking provider will receive data about the transactions you make across our venues as well as where you redeem your loyalty rewards.
We use this information to reward you with loyalty points or other loyalty benefits for qualifying purchases, provide you with redeemable rewards and to analyse your spending habits across Stonegate venues in order to better suggest offers we think will be of interest to you.
Your banking provider may also use this information as a controller and in accordance with its own privacy policy which we recommend that you read prior to linking your account/card payment method to our loyalty programme.
Information we collect about you from other sources
We may also obtain the following Personal Information about you from the following sources:
Source Categories of Personal Information Collected
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and complies with data protection laws.
Data protection law requires us to have a valid reason to process your personal information for each of the different purposes for which we use that information. The law refers to each reason as a 'lawful basis'. The purposes for which we use your personal information and the lawful basis on which we rely to process it for each purpose is as follows:
Where you have provided CONSENT
We may use and process your personal information where you have consented for us to do so for the following purposes:
We may also rely on consent to use your name and image for publicity purposes. If you do not agree, the photographs will be deleted or the image will be modified so you will be unidentifiable.
You may withdraw your consent for us to use your information in any of these ways at any time. Please see section 13 (Your Rights) for further details.
Where necessary to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligations:
to check and verify your age and your identification information using an ID scan machine for the prevention and detection of crime and disorder to the extent required by law;
Where it is in your VITAL INTERESTS
We will use your personal information where it is in your vital interests to do so, for example, in relation to any emergency medical treatment you require whilst visiting our venues.
Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:
Processing necessary for us to promote our business and measure the reach and effectiveness of our campaigns
Processing necessary for us to respond to changing market conditions and the needs of our users
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
Where necessary for us to carry out PRE-CONTRACT STEPS you have requested or for the performance of our CONTRACT
We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you've asked us to so that you can enter into that contract, for the following purposes:
We may collect your preferences to receive marketing information directly from us by phone, email, or SMS in the following ways:
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above at any time. Please see Your rights below for further details on how you can do this.
Please allow up to 10 working days for your email preferences to take effect.
We may disclose your information to our third party service providers, agents and subcontractors ("Suppliers") for the purposes set out above. Our Suppliers can be categorised as follows:
Recipient / relationship to us
Industry sector (& sub-sector)
Advertising, PR, digital and creative agencies
Media (Advertising & PR)
Card-linked loyalty and other service providers that support our loyalty programmes
IT (Banking & Loyalty)
CCTV service providers
IT (Security)
Cloud software system providers, including database, email, ordering, booking, age/identity verification software (e.g. GB Group plc), customer relationship and document management providers
IT (Cloud Services)
Facilities and technology service providers including scanning and data destruction providers
IT (Data Management)
Legal, security and other professional advisers and consultants
Professional Services (Legal & Accounting)
Market and customer research providers
Media (Market Research)
Operators of bars, pubs and other hospitality venues, including members of National Pubwatch and local 'pubwatch' schemes
Hospitality (Bars & Pubs)
Payment card schemes
Financial Services (Payments)
Social media platforms
Media (Social Media)
Website and data analytics platform providers
IT (Data Analytics)
Website and app developers
IT (Software Development)
Website hosting services providers
IT (Hosting)
Wifi service providers
IT (Networking)
Payment (including gift card) processors e.g. PayPal, Google Pay and Apple Pay.
PayPal. Google Pay and Apple Pay operate secure servers to process your payment details. They encrypt your credit or debit card information and authorise payment directly. We only keep the last four digits of your credit or debit card in order for you to recognise and choose your payment method without having to type in payment details each time. To understand how our payment processors use your information, we recommend that you read their privacy policies at https://www.paypal.com/uk/legalhub/privacy-full, https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en and https://www.apple.com/uk/legal/privacy/data/en/apple-pay/
Financial Services (Payments)
When sending your information to third parties, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
When we share your personal information with any third parties that are controllers of that information, they may disclose or transfer it to other organisations in accordance with their data protection policies. This does not affect any of your data subject rights as detailed below. In particular, where you ask us to rectify, erase or restrict the processing of your information, we take reasonable steps to pass this request on to any such third parties with whom we have shared your personal information.
We may disclose your personal information to other third parties as follows:
Your personal information may be transferred to countries outside the UK. Those countries may not have similar data protection laws to the UK and so may not protect the use of your personal information to the same standard.
Where we transfer your information outside of the UK, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Policy. These steps include:
Please contact us using the details at the end of this Privacy Policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
If you use our services whilst you are outside the UK, your information may be transferred outside the UK in order to receive those services.
If we collect your personal information, the length of time for which we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.
We will always retain your personal information for the period that you have an active account with a Website or App. If you do not hold an account, we retain your personal information for 2 years from the date we collect it or, where applicable, the date you are unsubscribed from our marketing lists, if later.
Your account will become ‘inactive’ if you do not engage with us for more than 2 years, for example, if you do not log into your account, make a purchase with us, engage with our direct marketing campaigns, earn loyalty points or redeem any vouchers. After that 2 year period ends (or at any point you choose to delete your account with the relevant Website or App using the relevant settings), we will anonymise the records we hold about you so that we no longer hold your personal information (to find out more about the personal information we anonymise, please see ‘Personal information we collected about you’ above)3 years after the date we or you close your account with the relevant Website or App. The only exceptions to these periodis and our retention of your personal information are where:
We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. When we have provided (or you have chosen) a password allowing you access to certain parts of our Digital Services, you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties.
If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session for your security. In addition, we recommend that you take the following security measures to enhance your online safety: When creating a password, we recommend you use at least 8 characters with a combination of letters and numbers and at least one special character. We recommend you frequently change your password. Keep your passwords private. Remember, anyone you knows your password may access your account. Avoid using the same password for multiple online accounts. We will never ask you to confirm any account or credit card details via email. If you receive an email claiming to be from us or stonegategroup.co.uk asking you to do so, please ignore it and do not respond.
Our Digital Services may contain links to websites run by other organisations which we do not control. This Privacy Policy does not apply to those other websites‚ so we encourage you to read their privacy policies. We are not responsible for the privacy policies and practices of other websites (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.
In addition, if you linked to our Digital Services from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
'Cookies' are small pieces of information sent to your computer or device and stored on its hard drive to allow the website and applications to recognise you when you visit it.
If you are using our websites, it is possible to switch off cookies by setting your browser preferences.
We also use other similar technologies across our websites, applications and emails to recognise you. These include web beacons, tracking pixels, pixel tags and software development kits (SDKs). These technologies are used for a variety of purposes such as facilitating payment, enhancing app navigation, analysing and optimising usage and associated with our marketing and advertising efforts, including targeting advertising through our third parties and partners.
For more information on how we use cookies and how to switch them off on your device, please visit our Cookie Policy.
We do not envisage that any decisions that have a legal or significant effect on you will be taken about you using purely automated means, however we will update this Privacy Policy and inform you if this position changes.
We use a number of different social media platforms to communicate with you and to promote products and services. We process your personal information using these platforms in a variety of ways, as follows:
Pages. We use your personal information when you post content or otherwise interact with us on our official pages on Facebook, Instagram, TikTok and other social media platforms. We also use the Page Insights service for Facebook and Instagram to view statistical information and reports regarding your interactions with the pages we administer on those platforms and their content. Where those interactions are recorded and form part of the information we access through these Page Insights services, we and the relevant platform are joint controllers of the processing necessary to provide that service to us.
Single sign-on. Some of our mobile apps use a feature provided by social media and other digital service providers that allow you to register and login to our account with the app using the same login details you have already set up with those providers. This feature is known as a 'single sign-on service'. We are responsible for any use we make of the personal information we receive from the platform using this feature.
Data from your profile. When you use single sign-on services, you may be prompted to confirm that you are happy to share with us your name, email address and certain other personal information you hold with those providers. You may be asked if you would like to share information with us that goes beyond what is needed to log you into your account. For example, you may be asked if you would like us to use your contact details or date of birth for direct marketing purposes. We will only use your personal information in this way if you agree.
Cookies. We use cookies and similar technologies in our Digital Services to collect and send information to Facebook about actions you take on our website and applications. In particular, Meta (who operates the Facebook and Instagram platforms) uses this information to provide services to us and also for further processing for its own business purposes. We and Meta are joint controllers of the processing involved in collecting and sending your personal information to Meta using cookies and similar technologies as each of us has a business interest in Meta receiving this information. You can find out more about these technologies by visiting our Cookie Policy. The services we receive from Meta that use this information are delivered to us through Meta Business Tools, which include Meta Pixel, Facebook Login, Facebook SDK, Social Plugins and Website Custom Audiences. These tools allow us to target advertising to you within Meta's social media platforms by creating audiences based on your actions on our Digital Services and applications and allow Meta to improve and optimise the targeting and delivery of our advertising campaigns for us.
Our relationship with Meta. As we are joint controllers with these platforms for certain processing, we and each platform have:
Meta also processes, as our processor, contact information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing Meta carries out when it display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to a platform operated by Meta.
These advertisements may include forms through which we collect contact information you give to us.
Further information. The Meta company that is a joint controller of your personal information is Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. For further information regarding Meta and its use of your personal information, please see:
Our relationship with Tiktok. To find out more about our relationship with TikTok, please see the terms of the data sharing arrangement we have with TikTok and the TikTok Privacy Policy.
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 1 calendar month from either:
You have the following rights, some of which may only apply in certain circumstances:
To have your information corrected if it is inaccurate and to have incomplete personal information completed.
If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us using any of the details described at the end of this Privacy Policy.
To object to processing of your personal information
Where we rely on our legitimate interests as the lawful basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this Privacy Policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
To withdraw your consent to processing your personal information
Where we rely on your consent as the lawful basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
To restrict processing of your personal information You may ask us to restrict the processing of your personal information in the following situations:
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
To have your personal information erased
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this Privacy Policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request
To request access to your personal information and how we process it
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this Privacy Policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
To electronically move, copy or destroy your personal information in a standard, machine-readable form
Where we rely on your consent as the lawful basis for processing your personal information or need to process it in connection with a contract in place directly with you, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
Rights relating to automated decision making, including profiling
You may also contest a decision made about you based purely on automated processing by contacting us using the information at the bottom of this Privacy Policy. We do not currently process your personal information to make such decisions about you and will update this policy/notify you if that changes.
To complain to a data protection regulator
You have the right to complain to the UK data protection regulation, the Information Commissioner's Office (ICO), if you are concerned about the way we have processed your personal information. Please visit the ICO's website for further details.
We may review this Privacy Policy from time to time and any changes will be notified to you by posting an updated version on our websites and/or by contacting you by email, as appropriate. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on our website at www.stonegategroup.co.uk, whichever is the earlier. We recommend you regularly check for changes and review this Privacy Policy whenever you visit or use any of our Digital Services. If you do not agree with any aspect of the updated Privacy Policy you must immediately notify us and cease using our services.
Please direct any queries about this Privacy Policy or about the way we process your personal information to our Privacy Manager using our contact details below.
Our email address for data protection queries is c.datarequest@stonegatepubs.com or alternatively you can contact us using the web form on our websites.
We are Stonegate Pub Company Limited.
We are a limited company incorporated in the Cayman Islands with UK company registration number FC029833 (and UK establishment number BR014816) and our registered office address is Conyers Trust Company (Cayman) Limited, Cricket Square, PO BOX 2681, Grand Cayman, Ky1-1111, Cayman Islands.
Our main trading address is 3 Monkspath Hall Road, Solihull, West Midlands B90 4SJ.
Our website uses cookies to improve your experience. By using the website you agree to our use of cookies. Learn More