top of page

Privacy Policy

Last Updated: 2nd March 2026

​

Curds Hall Barn (“we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​​

This policy applies to all visitors, clients, suppliers, and other individuals who interact with our business.

(Additional information for employees is provided in our Employee Privacy Notice.)

​

1. Data Controller

Curds Hall Barn Ltd is the data controller responsible for determining how and why personal data is processed.

We are responsible for ensuring that personal data is processed in accordance with UK GDPR and the Data Protection Act 2018.

​​

Data protection compliance is overseen by the business owner, Mr Paul Haddow, who is responsible for implementing appropriate technical and organisational data protection measures within the business.

​​

Contact details:
Mr Paul Haddow
Corbetts Lodge Farm
Necton
Swaffham
Norfolk
PE37 8DL
info@curdshallbarn.co.uk

​

2. Data We Collect or Obtain

We collect personal data that you voluntarily provide to us and data collected automatically when you use our website.

​​

We do not intentionally collect special category personal data (such as racial or ethnic origin, political opinions, or health data), except where such data arises incidentally or is required by law (for example, through CCTV footage or incident reporting).

​​

Our website is not intended for use by children under the age of 13, and we do not knowingly collect personal data relating to children.

​​

Types of personal data we may collect include:​

  • Name

  • Postal address

  • Email address and telephone number

  • Booking and enquiry details

  • Payment-related information (processed via secure third-party providers - we do not collect or store any credit or debit card details)

  • IP address

  • Device and browser information

  • Website usage data

  • Mobile device information (e.g. general location)

  • Photos / video recordings (with consent)

  • CCTV footage

  • Bank details for deposit refunds (with consent)

 

3. How We Collect Your Personal Data

​A. Information You Provide Directly​

We collect personal data when you:​

  • Contact us by email, telephone, contact form, or social media

  • Make a booking or enquiry

  • RSVP, register for or sign into an event

  • Request of agree to communications or marketing

  • Make a purchase, transaction or booking

​

This may include your name, contact details, event information, and any other information you choose to provide.

 

B. Information Collected Automatically​

When you use our website, we may collect technical data through cookies and similar technologies, including:

  • IP address

  • Browser type and version

  • Pages visited and interactions

  • Time spent on the website

  • Information about your mobile device

​

This data is collected only after consent where required (via a Cookie consent banner) and is used to improve website functionality and performance.

​

C. Information From Third Parties​

We may receive personal data from:

  • Social media platforms

  • Analytics providers (e.g. Google Analytics)

  • Wedding and booking platforms (e.g. Hitched, Bridebook)

  • Credit or fraud-prevention agencies

​

Where we obtain personal data from a third party and are required by law, we will provide you with the information in this Privacy Policy within one month of receipt or at first contact.

​

4. Legal Basis for Processing​

We process personal data only where we have a lawful basis under UK GDPR, including:​

  • Contract: processing bookings, agreements, and services

  • Consent: marketing communications, cookies, analytics, photos/videos

  • Legitimate interests: responding to enquiries, business administration, security, fraud prevention

  • Legal obligation: accounting, tax, regulatory compliance

​

We do not use personal data for unrelated purposes without further notice or consent. 

For example we process personal data under the following legal bases:

​

Bookings and contracts: Contract

Payments and accounting: Legal obligation

Enquiries: Legitimate interests 

Marketing communications: Consent

Website analytics: Consent

CCTV: Legitimate interests of crime prevention and safety

Photo/video marketing: Consent

​​

5. How We Use Your Personal Data​

We may use your personal data for:​

  • Managing enquiries, bookings, and contracts

  • Communicating with you about services or changes

  • Providing customer support

  • Website analytics and performance improvement (with consent)

  • Marketing communications (with consent or where permitted by law)

  • Security, fraud prevention, and legal compliance

  • Advertising or Marketing (photographs/film used with consent)

​

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

 

6. Sharing Your Personal Data​

We may share personal data with:​

  • Suppliers and contractors providing booked services

  • Professional advisors (legal, accounting, insurance)

  • IT, hosting, and website providers (including Wix.com Ltd, Israel; Google Analytics; Google Adwords; Meta and Insites)

  • Legal or regulatory authorities where required by law

​

Where personal data is transferred outside the UK or EEA, this may include transfers to the United States or Israel. Such transfers are protected by adequacy regulations or appropriate safeguards, such as Standard Contractual Clauses.

​

You may request further information about these safeguards by contacting us.

We do not sell or trade personal data.

​

Data Processor Compliance

​

Where we engage third-party service providers to process personal data on our behalf, we ensure that appropriate data processing agreements are in place.
 

7. Data Retention​

We retain personal data only for as long as necessary:​

  • Enquiries: up to 3 years if no booking is made

  • Contracts and invoices: up to 7 years

  • Photos and videos: retained while consent remains valid

  • CCTV footage: typically retained for up to 75 days unless required for investigation

  • Bank details: only requested at the time they are needed and deleted once deposit refunds are complete

  • Incident/accident record details: 3 years from the date of incident

 

8. Your Rights Under UK GDPR​

You have the right to:​

  • Access your personal data

  • Correct inaccurate data

  • Request deletion

  • Restrict processing

  • Object to processing based on legitimate interests

  • Withdraw consent at any time. This will not affect the lawfulness of our use and processing of your personal data on the basis of your consent before the point in time when you withdraw your consent. 

  • Request data portability

​

To exercise your rights, contact: info@curdshallbarn.co.uk
We will respond within one month.

​

You can stop receiving marketing messages from us at any time by:

​

  • clicking the unsubscribe link in any marketing email we send you;

  • replying “OPT OUT” to any marketing text message; or

  • emailing info@curdshallbarn.co.uk and asking us to stop sending you marketing messages.

​

If you contact us using a different method from the one we used to send the message (for example, emailing us after receiving a text), please include your name and the contact details we used so we can find your record.

​

Once you opt out, we will stop sending you marketing messages. We may still use your data for other non-marketing purposes and may keep limited details to make sure we don’t contact you again for marketing.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/global/contact-us/

 

9. Cookies and Tracking​

We use cookies and similar technologies. Non-essential cookies (including analytics and advertising cookies) are used only with your consent.

​For details, see our Cookie Policy:
https://www.curdshallbarn.co.uk/cookie-policy/

 

10. US Privacy Rights â€‹

California Do Not Track Disclosure - At present, we do not respond to “Do Not Track” browser signals. Third-party tools may still collect usage data even when DNT is enabled.

 

11. Children’s Privacy (COPPA)​

We do not knowingly collect personal data from children under 13.
If we become aware that such data has been collected inadvertently, or by fraud or deception, it will be deleted promptly unless lawful parental consent is obtained.

 

12. Data Security​

We use appropriate technical and organisational measures to protect personal data, including:

  • Secure storage

  • Encrypted and password protected systems, payments and data transfers

  • Restricted access

  • Secure CCTV storage

​

While we take appropriate measures to protect personal data, transmission of data over the internet is not completely secure. We cannot be held responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit data to us by such means.

 

13. Data Breaches​

In the event of a personal data breach, we will:​

  • Contain and assess the breach

  • Notify the ICO within 72 hours where required

  • Inform affected individuals if there is a high risk to their rights

 

14. Consequences of Not Providing Data​

It is important that the personal data that we hold about you is accurate and current. 

Please keep us informed if your personal data changes during the course of your relationship with us. 

​

Where we collect personal data to enter into a contract or comply with legal obligations, provision of that data is mandatory. 

​

If you do not provide required personal data, we may be unable to:

​

  • Enter into contracts

  • Provide booked services

  • Comply with legal obligations

​

Where personal data is collected based on consent (such as marketing or photos/videos), providing that data is optional.

 

15. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

 

16. Changes to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be available on our website.

If we intend to use your personal data for a purpose other than the one for which it was originally collected, we will inform you of that new purpose and provide any relevant information before doing so. Where required by law, we will obtain your consent before using your personal data for the new purpose.

 

17. Contact Us​

If you have questions, concerns, or would like to exercise your rights, you can contact us at:

​

Curds Hall Barn
Corbetts Lodge Farm
Necton
Swaffham
Norfolk
PE37 8DL
info@curdshallbarn.co.uk

 

​​

bottom of page