Privacy Policy

Last updated: April 2026.

‍

This Privacy Policy explains how and why personal data is collected, used, stored, and protected in connection with the use of the website www.blackbrookbarns.co.uk (“Website”), and sets out the rights of data subjects (“User”, “You”)

Personal data of Users is processed in accordance with applicable law - the UK GDPR, the Data Protection Act 2018 and Privacy and Electronic Communications Regulations.

‍

1. Contact information of the Data Controller

‍

The controller of personal data is BLACKBROOK BARNS LIMITED (reg. No. 15159962), Blackbrook Hall, London Road, Lichfield, England, WS14 0PS (“Controller”, “Us”, “We”).

The contact information of the Controller is: hello@blackbrookbarns.co.uk

‍

2. Data collected

‍

The Controller collects personal data directly from Users as well as through the use of the Website. Personal data is collected when Users:

Visit the Website.
Contact the Controller via the contact form available on the Website.
Contact the Controller via other means available on the Website, such as telephone, email, or social media.
Request access to or download the informational brochure.

The Controller processes the following categories of personal data:

Information provided by the User (including name and surname, contact details (email address and telephone number), prospective wedding date, any other information voluntarily provided by the User.)
Technical data collected automatically (including IP address, browser type and version, device type and operating system, information about the User’s interaction with the Website (e.g. pages visited, time spent on the Website), data collected via cookies and similar technologies, including through services such as Google Analytics - unless such processing is rejected by the User).

The Controller does not intentionally collect special categories of personal data. Users are requested not to provide such data when using the Website.

‍

3. Purpose and legal basis of processing of personal data

‍

Personal data is processed in accordance with applicable data protection laws, including UK GDPR. Depending on the context, personal data is processed:

In order to take steps at the request of the User prior to entering into a contract;
On the basis of the Controller’s legitimate interests.
On the basis of User’s freely given, specific, informed, and unambiguous consent.

The specific purposes and legal bases of processing are set out in the table below.

Type of personal data processed	Purpose of processing	Legal basis of processing
Contact/inquiry data (name, contact details, wedding date, message).	To manage the business relationship with the User, in particular: To respond to User inquiries. To provide information about services. To take steps prior to entering into a contract.	In order to take steps at the request of the User prior to entering into a contract, and, where applicable, on the basis of the Controller’s legitimate interest in responding to general inquiries (Articles 6(1)(b) & (f) UK GDPR).
Brochure request data (name, contact details, wedding date).	To provide access to the informational brochure requested by the User. To follow up with the User in response to their brochure request and expressed interest in the Controller’s services.	Legitimate interests of the Controller (Article 6(1)(f) UK GDPR).
Essential technical data (IP address, cookies, usage data, device info).	To ensure proper functioning of the Website. To maintain security.	Legitimate interests of the Controller (Article 6(1)(f) UK GDPR).
Technical data (cookies, usage data, analytics identifiers).	To analyze Website traffic and user behavior. To improve Website performance and usability.	Consent (Article 6(1)(a) UK GDPR; in conjunction with PECR).

‍

4. Recipients of personal data

‍

The Controller may share Users’ personal data with third parties where necessary to achieve the purposes described in this Privacy Policy.

In particular, personal data may be disclosed to the following categories of recipients:

‍

IT and hosting service providers, including Webflow, which provides website hosting, infrastructure, and contact form handling services. Personal data submitted via contact forms on the Website is processed and stored within Webflow’s systems.
Automation and integration service providers, including Make, which is used to transfer data submitted through the Website to other systems used by the Controller. This service may temporarily process personal data as part of automated workflows.
Customer relationship management (CRM) providers, including Agile Hospitality, which is used to store and manage User inquiries and facilitate communication with Users.
Analytics service providers, including Google Analytics, which process certain technical data (such as IP address, device information, and user interactions) in order to analyze Website usage and improve services.

Personal data is only shared with the above recipients to the extent necessary for the relevant processing purposes and on the basis of appropriate data processing agreements, where required.

The Website may contain links to third-party websites (e.g. Instagram, Facebook, etc.). Such websites operate independently and have their own privacy policies. Users are encouraged to review those policies before providing any personal data.

The Controller does not control and is not responsible for:

the content of third-party websites,
their privacy practices, or
the availability and reliability of their services.

‍

5. Transfer of personal data

‍

The Controller processes Users’ personal data to the extent necessary to provide the services offered via the Website and to respond to User inquiries.

In connection with the use of external service providers, Users’ personal data may be transferred to, and processed in, countries outside the United Kingdom.

In particular:

Service providers such as Webflow, Make, and Google Analytics may process data on servers located outside the UK, including in the United States.
The CRM provider Agile Hospitality is based in the United Kingdom; however, its infrastructure or subprocessors may involve additional jurisdictions.

Where personal data is transferred outside the United Kingdom, the Controller ensures that such transfers are carried out in compliance with applicable data protection laws, including UK GDPR.

Appropriate safeguards are implemented where required, including:

participation in recognized international transfer mechanisms, including, where applicable, the UK Extension to the EU-U.S. Data Privacy Framework;
the use of Standard Contractual Clauses (SCCs) approved by the European Commission;
the use of the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the SCCs; and
the implementation of supplementary technical and organizational measures designed to ensure an adequate level of protection of personal data.

The Controller takes reasonable steps to ensure that all third-party service providers process personal data in accordance with applicable data protection laws and maintain appropriate safeguards for international data transfers.

Personal data will only be shared with third parties for the purposes described in this Privacy Policy and will not be disclosed for unrelated purposes.

‍

6. Storage of personal data

‍

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy. The retention period depends on the nature of the data and the purpose of processing.

In particular:

Contact and inquiry data (such as name, contact details, prospective wedding date, and message content) is retained for the period necessary to respond to the User’s inquiry and to manage any subsequent communications, including potential contractual relationships. Such data may be retained for a reasonable period thereafter for record-keeping purposes, which will generally not exceed 2 years, unless a longer retention period is required or permitted by law.
Data related to brochure requests is retained for the period necessary to provide access to the requested materials and to follow up with the User regarding their interest in the Controller’s services, and for a reasonable period thereafter, which will generally not exceed 2 years, unless a longer retention period is required or permitted by law.
Technical data necessary for the functioning and security of the Website (such as IP address and essential cookies) is retained only for as long as necessary to ensure the proper operation and security of the Website.
Analytics data (including data collected via cookies and analytics tools such as Google Analytics) is retained for a limited period, which will generally not exceed 2 years, depending on the configuration of the relevant service providers and the User’s consent preferences.

Personal data may be retained for longer where required to comply with legal or regulatory obligations to which the Controller is subject, or where necessary to establish, exercise, or defend legal claims.

The Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

‍

7. Cookies

‍

The Website uses cookies. Cookie is a small text file that is sent to User’s computer or mobile device when User visits the Website and saved by the Website on the hard drive afterwards. Cookie acts as a memory for the Website, allowing it to remember User’s computer or mobile device the next time User visits. Cookies are used to increase the functionality of the Website and to make it easier to use.

The Website uses the following categories of cookies:

‍

1. Strictly necessary cookies

‍

These cookies are essential for the operation of the Website and enable core functionalities such as security, network management, and accessibility. These cookies do not require User consent.

Strictly necessary cookies are processed on the basis of the Controller’s legitimate interest in ensuring the proper functioning and security of the Website.

‍

2. Analytics cookies

‍

These cookies allow the Controller to analyze how Users interact with the Website, including which pages are visited and how Users navigate the Website. The Website uses analytics services provided by Google Analytics. These cookies may collect information such as IP address, browser type and version, device type, pages visited and time spent on the Website. This information is used to improve the performance and usability of the Website.

Analytics cookies are used only with the User’s consent, in accordance with applicable laws, including the Privacy and Electronic Communications Regulations. The User has a right to reject the use of analytics cookies via the cookie banner, or in its browser’s settings.

‍

The duration of cookies depends on their purpose and configuration. The detailed information about specific cookies, including their names, purposes, and duration, is provided in a dedicated cookie table below.

Cookie Name	Provider	Purpose	Duration
_ga	Google Analytics	Distinguishes users for analytics purposes	up to 2 years
_ga_*	Google Analytics	Stores and counts page views and session data	up to 2 years
_gid	Google Analytics	Distinguishes users	24 hours
_gat (or _gat_gtag_*)	Google Analytics	Throttles request rate	1 minute
wf_session (or similar)	Webflow	Maintains session state and security	session
wf-csrf (or similar)	Webflow	Security (CSRF protection)	session
_cfuvid	Cloudflare	Distinguishes users for security and bot protection purposes	session

Please note that disabling certain cookies may affect the functionality of the Website.

‍

8. Rights of data subjects

‍

Under UK GDPR, Users have the following rights in relation to their personal data:

Right of access: to request confirmation as to whether personal data concerning them is being processed and, if so, to obtain access to that data.
Right to rectification: to request correction of inaccurate or incomplete personal data.
Right to erasure: to request deletion of personal data where it is no longer necessary for the purposes for which it was collected or where processing is otherwise unlawful.
Right to restriction of processing: to request that the processing of personal data be limited in certain circumstances.
Right to data portability: to receive personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where applicable.
Right to object: to object to the processing of personal data based on the Controller’s legitimate interests, including for direct marketing purposes.
Right to withdraw consent: where processing is based on consent, to withdraw such consent at any time without affecting the lawfulness of processing carried out before withdrawal.

The Controller may request additional information to verify the identity of the User before responding to a request.

Users also have the right to lodge a complaint with the supervisory authority, the Information Commissioner's Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, 0303 123 1113, icocasework@ico.org.uk, https://ico.org.uk/, if the User considers that their rights were violated by the Controller. Users are encouraged to contact the Controller first so that any concerns may be addressed directly.

To exercise any of the above rights, Users may contact the Controller using the contact details provided in this Privacy Policy.

‍

9. Changes to this Privacy Policy

‍

The Controller reserves the right to amend this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or Website functionality. Any updated version will be published on the Website with a revised “Last updated” date.

‍