PRIVACY POLICY


Last updated: 05 March 2026

This Privacy Policy explains how we collect, use, store and share personal data when you visit our website, contact us, make a booking, buy a gift card, or sign up to our newsletter.

1) Who we are (Data Controller)

This website is operated by Langdon Estates (The Harrow) Ltd, trading as The Harrow at Bishopstone.

  • Trading address: 27 Bishopstone, Aylesbury, Buckinghamshire, HP17 8SF

  • Registered office: Unit 21 Stocklake Park Industrial Estate, Farmbrough Close, Aylesbury,

  • Buckinghamshire, HP20 1DQ

  • Email: info@theharrowbishopstone.co.uk

  • Telephone: 01296 748478

If you have any questions about this policy or your data, please contact us using the details above.

2) The data we collect

We may collect the following categories of personal data:

A. Data you give us directly

  • Contact details (name, email address, phone number).

  • Enquiry details (messages sent via forms, email, phone, or social media).

  • Booking/event information (date/time, party size, special requests).

  • Newsletter sign-up details (typically email address).

  • Dietary requirements/allergy information (only if you choose to provide it).

B. Data collected automatically when you use the website

  • Device and usage data: IP address, approximate location, browser type, device information, pages visited, and how you interact with the site.

  • Cookie and similar technology data (see section 6).

C. Data from third parties

If you book online using our booking provider, or purchase gift cards via a third-party platform, they may share booking/purchase data with us so we can provide the service (see section 5).

3) How we use your data (and our lawful bases)

UK data protection law requires us to have a lawful basis for processing your personal data. We use your data for the following purposes:

A. To respond to enquiries and provide customer service

  • Lawful basis: Legitimate interests (running our business and responding to requests) and/or contract steps (where relevant).

B. To take and manage bookings / event enquiries (including large group bookings and wakes)

  • Lawful basis: Performance of a contract, or steps prior to entering a contract.

C. To send newsletters and marketing communications (where you have opted in)

  • Lawful basis: Consent. You can unsubscribe at any time using the link in our emails or by contacting us.

D. To improve our website and understand how it’s used (analytics and performance)

  • Lawful basis: Legitimate interests and/or consent (depending on the cookies/technology used).

E. To comply with legal obligations

  • Lawful basis: Legal obligation (e.g., accounting/tax records, licensing, responding to lawful requests).

Special category data (e.g., allergies):

If you provide allergy/dietary information, we use it only to support your booking and help keep you safe. We only collect what you choose to share, and we treat it as confidential.

4) How we store and protect your data

We take appropriate technical and organisational measures to protect your personal data, including access controls and secure systems. However, no website or internet transmission is completely secure, and you provide information online at your own risk.

5) Who we share your data with

We only share personal data when necessary, including with:

  • Booking/reservations provider: our “Book a table” link uses SevenRooms for online reservations.

  • Gift card provider/payment platform: online gift cards are processed via Square.

  • Website/IT service providers (hosting, security, email systems) who help us operate the site and business.

  • Professional advisers (e.g., accountants, insurers, solicitors) where necessary.

  • Authorities/regulators where we are legally required to do so.

  • A buyer/third party if we sell or restructure the business (in which case data may be transferred as part of the transaction).

  • Some third-party providers act as separate controllers for the data they process on their platforms. Where you leave our website to use a third-party service, their own privacy policy will apply.

6) Cookies and similar technologies

Cookies are small files placed on your device to help websites function and to collect information about how visitors use a website. We may use:

  • Strictly necessary cookies (required for the site to work).

  • Functional cookies (to remember preferences).

  • Analytics cookies (to measure and improve performance).

  • Marketing cookies (if used, to help deliver relevant advertising).

  • Under UK rules, non-essential cookies (including analytics/marketing) should only be used with your consent, and you should be able to accept or reject them easily.

Managing cookies:

You can control cookies through:

  • Any cookie banner/preferences tool on our site (where available), and/or

  • Your browser settings (you can block or delete cookies).

  • Blocking some cookies may affect how the website works.

7) International transfers

Some of our suppliers may store or process data outside the UK. Where this happens, we will ensure appropriate safeguards are in place (for example, adequacy regulations or approved contractual protections).

8) How long we keep your data (retention)

We keep personal data only for as long as necessary for the purposes described in this policy, including:

  • Enquiries: typically up to 12 months after last contact.

  • Bookings/events: typically up to 24 months after the booking/event (unless a longer period is needed for legal claims).

  • Marketing/newsletter: until you unsubscribe or ask us to stop.

  • Accounting/tax records: typically up to 6 years (where required).

(These periods may vary depending on the circumstances and legal requirements.)

9) Your rights

You have rights under UK data protection law, including the right to:

  • request access to your personal data,

  • request correction of inaccurate data,

  • request deletion of data (in certain circumstances),

  • object to processing (in certain circumstances),

  • withdraw consent (where processing is based on consent),

  • request restriction of processing (in certain circumstances),

  • request data portability (in certain circumstances).

Subject Access Requests (SARs):

In most cases, you cannot be charged a fee for a SAR, and we usually respond within one month. A reasonable fee may be charged only in limited cases (e.g., manifestly unfounded/excessive requests or repeat copies).

If you are unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO).

10) Third-party links

Our website may contain links to third-party websites (for example, social media or review platforms). Those sites have their own privacy policies, and we are not responsible for their content or privacy practices.

11) Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website with the “Last updated” date.