Privacy Policy

How we collect, use, and protect your personal information

Introduction

The Range at Broadlands ("we", "our", or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make reservations, join our membership program, or use our services.

By using our services, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not use our services.

Information We Collect

Personal Information

  • Name and contact details: Full name, email address, phone number, postal address
  • Booking information: Reservation details, party size, special requests, dietary requirements
  • Membership data: Membership number, birthday (optional), postcode, preferences, visit history, loyalty points, discount usage
  • Payment information: Billing address, payment method details (processed securely by third parties)
  • Communication records: Emails, phone calls, feedback, and correspondence

Automatically Collected Information

  • Website usage: Pages visited, time spent, click patterns, referral sources
  • Device information: IP address, browser type, operating system, device identifiers
  • Location data: General geographic location (city/region level)
  • Cookies and tracking: Session cookies, preference cookies, analytics cookies
  • Social media: Information from social media platforms when you interact with our content

Special Category Data

  • Dietary requirements: Allergies, intolerances, religious dietary restrictions
  • Accessibility needs: Mobility requirements, assistance needs
  • Age verification: Date of birth for age-restricted services
  • Health information: Only when relevant to service provision (e.g., severe allergies)

How We Use Your Information

Service Provision

  • • Process reservations and bookings
  • • Provide customer service and support
  • • Manage membership accounts and benefits
  • • Process payments and transactions
  • • Fulfill special requests and dietary requirements
  • • Ensure age verification for alcohol service

Communication

  • • Send booking confirmations and reminders
  • • Provide updates about your reservations
  • • Share information about offers, events, and promotions
  • • Send newsletters and marketing communications (with consent)
  • • Respond to enquiries and feedback
  • • Notify about changes to our services or policies

Business Operations

  • • Analyze website usage and improve user experience
  • • Conduct market research and customer surveys
  • • Develop new products and services
  • • Ensure security and prevent fraud
  • • Comply with legal obligations
  • • Maintain business records and accounts

Legal Basis for Processing (GDPR)

  • Contract Performance: Processing necessary to fulfill our contract with you (reservations, services)
  • Legitimate Interest: Business operations, security, fraud prevention, service improvement
  • Consent: Marketing communications, cookies, special category data
  • Legal Obligation: Age verification, health and safety, tax compliance
  • Vital Interests: Emergency situations, health and safety

Information Sharing and Disclosure

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers

  • Booking systems: ResDiary for reservation management
  • Payment processors: Secure payment processing
  • Email services: Communication and marketing platforms
  • Analytics providers: Google Analytics for website insights
  • IT services: Website hosting, security, and maintenance

Legal Requirements

  • • When required by law or legal process
  • • To protect our rights, property, or safety
  • • To protect the rights, property, or safety of our customers
  • • In connection with a business transfer or merger
  • • With your explicit consent

Data Security

  • • We implement appropriate technical and organizational security measures
  • • All data transmission is encrypted using SSL/TLS technology
  • • Access to personal data is restricted to authorized personnel only
  • • Regular security audits and updates are conducted
  • • Payment information is processed by PCI DSS compliant providers
  • • We maintain incident response procedures for data breaches
  • • Staff receive regular data protection training

Your Rights (GDPR)

Access and Control

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests

Marketing Rights

  • Opt-out: Unsubscribe from marketing emails at any time
  • Consent withdrawal: Withdraw consent for marketing communications
  • Preference management: Update your communication preferences
  • No automated decisions: We do not use automated decision-making for marketing

How to Exercise Your Rights

  • • Contact us at enquiries@therangeatbroadlands.co.uk
  • • Include your full name and contact details
  • • Specify which right you wish to exercise
  • • Provide proof of identity for security purposes
  • • We will respond within 30 days of your request

Cookies and Tracking Technologies

Types of Cookies We Use

  • Essential Cookies: Required for website functionality and security
  • Analytics Cookies: Help us understand website usage and improve performance
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Used for targeted advertising (with consent)

Cookie Management

  • • You can control cookies through your browser settings
  • • Disabling cookies may affect website functionality
  • • Essential cookies cannot be disabled as they are necessary for operation
  • • We use Google Analytics - you can opt-out via Google's tools

Data Retention

  • Booking data: Retained for 3 years for service and legal purposes
  • Membership data: Retained while membership is active, plus 2 years
  • Marketing data: Retained until consent is withdrawn
  • Website analytics: Retained for 26 months (Google Analytics default)
  • Financial records: Retained for 7 years for tax compliance
  • Communication records: Retained for 2 years for service improvement

International Data Transfers

Some of our service providers may be located outside the UK/EEA. When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

  • • Adequacy decisions by the European Commission
  • • Standard Contractual Clauses (SCCs)
  • • Binding Corporate Rules
  • • Certification schemes and codes of conduct

Children's Privacy

  • • We do not knowingly collect personal information from children under 16
  • • Children under 16 must be accompanied by an adult
  • • If we discover we have collected data from a child, we will delete it promptly
  • • Parents can contact us to review, update, or delete their child's information
  • • We implement age verification for age-restricted services

Changes to This Privacy Policy

  • • We may update this Privacy Policy from time to time
  • • Material changes will be communicated via email or website notice
  • • The "Last Updated" date will be revised when changes are made
  • • Continued use of our services constitutes acceptance of changes
  • • You can review the current policy on our website at any time

Contact Information

Data Protection Contact

Email: enquiries@therangeatbroadlands.co.uk

Subject Line: "Data Protection Query"

Response Time: Within 30 days

Supervisory Authority

UK: Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

Last updated: 23 October 2025

This Privacy Policy is effective as of the date above and complies with UK GDPR and Data Protection Act 2018.