Privacy Policy

This notice tells you what we do with the information you give with us, where and how we collect it, how we keep it secure and your rights in relation to this information.

Data Controller

‘Barlounge’, ‘we’, ‘us’ and ‘our’ are references to Barlounge Limited, who is the data controller in respect of this website and the processing described in this notice. Our ICO registration number is ZA069749.

About Barlounge

As a bar & restaurant in the UK, Barlounge welcomes guests to its bar & restaurant in Chester, UK. Our products and services trade under Barlounge.

Why we process your data

We will process your personal data whenever you interact with us in person, in restaurant or online. This can be when:

  1.  you use our websites
  2. we need to verify your age
  3. we need to verify or record information about your identity
  4. you book a table or event
  5. you make a payment, request a refund or redeem a voucher
  6. you subscribe to newsletters or direct marketing
  7. you use a gift card
  8. you submit queries, compliments or complaints
  9. we record CCTV or emergency phone calls
  10. you call
  11. an accident occurs
  12. we impose a ban on visiting
  13. we ask for other people’s personal data

More information about each of these scenarios follows.

1 – When you use our website

We use information about our website visitors and their visits to learn more about our guests to target our direct marketing and advertising. We retain data for guests who complete the check-in box. GA4 and Clarity retain information about website visitors – these visitors will need consent to Marketing cookies via the Consent Management Platform – Cookiebot. Retention of this information is subject to Google/Microsoft’s own policies. See the cookie policy of the website you are visiting for more details.

2 – When we need to verify your age 

We are required by law to ensure we do not sell alcohol to anyone underage. So, we will carry out age checks when necessary.

Where a guest appears to be under the age of 25 and attempt to purchase alcohol or age restricted products, a guest will be asked for proof of their age.

The only acceptable forms of identification for proof of age are recognisable identification bearing a photograph, date of birth, and either a holographic mark or ultraviolet feature, such as a driving licence, passport, military ID card, national identity card, or a proof of age card with the PASS Hologram. Digital ID’s displayed on mobile devices will NOT be an acceptable form of ID – until such a time that official guidance is issued on acceptable forms and safeguards.

3 – When we need to verify or record information about your identity

Occasionally, a licensing authority may require the licensed premises in their area to verify or record information about their visitors, in particular information about their identity. If we are required to carry out such activities during your visit, further information will be provided at the restaurant. Barlounge does not retain information in this instance, unless it is required for another purpose.

4 – When you book a table or event

We will use the information you provide to make and confirm your booking. If you book online, we will record your IP address for 30 days for the purposes of blocking the website from attacks.

If you tell us about dietary preferences, allergies, food intolerances or special access needs, we will use this information to help us look after you and anyone else in your party during your visit.

If you provide us with information about birthdays, anniversaries or other celebrations that you want to commemorate during your visit, we will use this information to help make your celebration as special as possible.

If you’re making a booking on behalf of a work colleague, we may ask for information about your organisation and the guest, so that we can invoice and bill the correct party.

Booking information that you provide directly to a restaurant is normally held for 1 year from the end date of the booking.

When you make a booking online, we keep booking information for 13 months from the date of your last booking. However, if you opt in to receive direct marketing, this period is extended. 

5 – When you make a payment, request a refund or redeem a voucher

We will use the information you provide to process your payment or refund. When you use a credit or debit card to make a purchase, your payment card is assigned a unique payment card token ID by our payment provider, Worldpay. This allows Barlounge to securely store card tokens, instead of actual customer card details. When you use the same card, Barlounge will receive the same token from our payment provider, but a different token is generated for each different card used.

We retain this data for 6 years from the date of the transaction. Payment card details are not retained unless they are faced to us by your booking agent, in which case they are held until the booking has been completed and paid for.

6 – When you subscribe to newsletters or direct marketing

If you permit us to do so, we will use the information you provide to select and send you messages about Barlounge including promotions, surveys & or any other type of information you have requested. We retain this data via our CRM database for as long as you remain opted-in to marketing, if you request to remove yourself from the database all data will be removed immediately.

Every marketing message we send includes an unsubscribe link or similar opt-out mechanism.

7 – When you use a gift card

When you buy a gift card, we may use the information you provide to personalise, activate and send the gift card to you or the person you bought it for.

When you redeem your gift card we will use information about your visit, purchases and use of our services to update your gift card balance. We will retain this data for 6 years from the date of your last purchase or refund.

8- When you submit queries, compliments or complaints

We will use the information you provide to deal with your enquiry and keep you informed about its progress. If you compliment a person or a team for their service, we will pass your compliment on to them and their manager, so that their achievement can be recognised.

Most complaints can’t be resolved without discussing the matter with other people, so we may need to share information about your complaint with the managers at Barlounge, or the area manager; the management team of a contractor we have engaged; or other types of third party organisation. We will only share information with others when it’s necessary to investigate and resolve your complaint. We will retain any information relating to your contact with us on the matter.

9 – When we record CCTV

We use CCTV in our restaurants to help keep our guests and team safe.  It covers most of the internal and external areas to which the public have access.

Recordings shall be retained for a period of 31 days and shall be made available to police and Local Authority officers upon request for the provision of preventing and detecting crime, anti-social behaviour, breaches of the licence conditions and the four licensing objectives and shall be capable of identification and of evidential quality in any light conditions.   CCTV recordings may also be used for any insurance claim or other type of legal claim or proceeding. If we need to carry out an investigation and believe, CCTV may have caught the incident, then a formal request to the Risk team will be made to request CCTV to be reviewed and if necessary will then be shared with the appropriate people. General Managers have access to CCTV at the restaurant to be able to assist police or licensing officers.

We will provide CCTV as soon as reasonably practicable, but not more than 24 hours after the request. There shall be “CCTV in Operation” signs prominently displayed at the premises.

10 – When you call

We retain call logs (telephone and the time & date called) via our telephone provider for 4 years (after 4 years data is accessible upon request). We may check call logs if we need details to review a query.

11- If an accident occurs

If you are unfortunate enough to be involved in an accident in our bar/restaurant and the accident is covered by CCTV, CCTV will be downloaded and we will use the information along with the accident form. We retain this information for 6 years from the date of the accident, or 3 years from the age at which a child involved in the accident becomes an adult, or 3 years from the date of settlement of a claim, whichever occurs last. We may also use this information to investigate and to make or defend an insurance or other type of legal claim.

12 – If we impose a ban on visiting Barlounge

If you are banned from Barlounge, we may pass on your name, photos and recordings of you and any other personal information that we need to identify you to the police. Please ask the person who informs you of the ban for how long data will be retained.

As a member of Pubwatch, we may share and receive information about you from other members of the Pubwatch and with the licensing police.

General information about Pubwatch can be found on the national Pubwatch website. You can find out more about a particular Pubwatch by asking a member of the team or visiting that Pubwatch’s website. Pubwatch’s are data controllers for the personal information they collect and share.

13 – If we ask for other people’s personal data

Please refer them to this notice and ask for their permission to share their information first.

Lawful bases

The lawful bases we rely on for our processing are:

Purpose

Lawful basis

When you use our websites

 It is in our legitimate interests to provide a fully-functioning, accessible and useful website to our guests.

When we need to verify your age

 We process this data to satisfy our legal obligation to not sell alcohol to anyone under the age of 18.

It is in our legitimate interests to ensure that we do not market alcohol to anyone under the age of 18.

 We need to verify or record information about your identity

 This is sometimes due to a legal obligation imposed under the Licensing Act

When you make a booking, payment, request a refund, use a gift card,

 We process data to set up the contract, provide the services to you and notify you of any important changes to them.

We process booking data to send service messages (such as confirmations, notifications of change and reminders) to you and other people whose contact details you may provide as it is in yours, theirs and our legitimate interest.

 When you subscribe to newsletters or direct marketing

We send marketing information to people who consent to receive it.

We may also send marketing to guests who, when informed that we want to do so, choose not to opt out (soft opt-in).

It’s a legitimate interest to send direct mail marketing to let our guests know about our products, brands, services and any deals we are running.

Guests who no longer want to receive marketing can opt out at any time (please follow the instructions in the marketing messages we send you).

 When you use a gift card

 To provide the benefits you are due under the contract.

 When you submit queries, compliments or complaints

 Sometimes our processing will be necessary for us to meet the terms of the contract we have with you. Otherwise, it we will have a legitimate interest in dealing fully with the matter you have raised.

 We record promotional videos or interviews or take photos

 It is in our legitimate interests to take photos and video and recordings to promote our businesses positively via our marketing and press releases.

 When we record CCTV (including body worn camera footage) or emergency phone calls

 We may be required to do so by a licencing authority (legal obligation) or choose to do so for the purposes stated on the signage (legitimate interest).

 When an accident occurs

 We record accidents primarily for compliance with our legal obligations and to support and defend claims (legitimate interest).

 When we impose a ban

 We may impose a ban on visiting our premises, to protect our guests and team (legitimate interest).

The ICO have published a helpful guide to lawful bases for the general public which you can find here.

Other organisations who help us to provide our products and services

We work with a number of third-party suppliers and service providers. Many of these organisations process personal data to provide products or services to us, or on our behalf.

These organisations are bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.

The categories of recipients include:

  • Website providers
  • Marketing and analysis providers
  • Bookings providers
  • Security service operations
  • Gift card providers

Other situations in which we may share your personal data

We will share your personal data if it is necessary to do so to comply with a legal requirement, such as to comply with a condition attached to a premises license by a licensing authority.

We will share your personal data if it is necessary to protect our business interests, such as to enforce the terms of a contract, pursue an overdue debt or defend other legal rights.

We may need to share your personal data with an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger, acquisition, restructuring or insolvency of any part of our business, provided that we inform any recipient that it must use your personal information only for the purposes disclosed in this privacy notice.

We may share your personal data where there is a legitimate interest to do so, for example, for the detection or prevention of crime, fraud or money laundering; to allow a regulator or ombudsman to investigate a complaint you have submitted to them; or to protect the rights of other people or organisations.  

Safeguarding

We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our guests. Our protective measures include:

  • Not collecting personal data that we don’t really need
  • Securely destroying or anonymising personal data when we don’t need it any more
  • Only allowing our team and our suppliers to process the personal data they need to carry out their duties
  • Encrypting personal data to render it useless to anyone who is not authorised to access it
  • Making sure that team are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities
  • Binding our suppliers and partners to the same standards and duty of care that we hold ourselves to
  • Protecting our websites, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware
  • Making periodic checks that these safeguards are working well and making improvements to them when we think we can do better.

Your rights

Data protection law provides you with certain rights and as a responsible data controller, we are committed to uphold these:

Name of right 

Description 

 Information

 You have the right to be informed what we will use your personal information for, where we obtain it, who we share it with and how long we keep it for. This is the primary reason for publishing this notice.

 Access

 You have the right to access a copy of your personal data and an explanation of what we are using it for. This is also known as a ‘subject access request’, ‘SAR’ or ‘DSAR’.

 Rectification

 You have the right to ask us to correct or stop processing inaccurate personal data.

 Erasure (‘right to be forgotten’)

 You have a right in certain situations to ask us to delete your personal data.

 Restriction of processing

 You have a right in certain situations to ask us not to process your personal data.

 Object to processing

 You have the right in certain situations to object to the fact that we are processing some of your personal data.

 Portability

 You have the right in certain situations to ask us to pass some of your personal data to another data controller on your behalf.

 Complain

 You have a right to submit a complaint to the UK Information Commissioner’s Office (ICO). You can find guidance on making a complaint on the ICO’s website.

 withdraw Consent

 Most of the personal data processing we do is not dependent on your consent but any consent that we are relying on can be withdrawn if you wish to do so.

 

Detailed information about all of these rights can be found on the ICO website.

If you notify us that you want to exercise your rights, we will acknowledge your request promptly. If we don’t already know who you are, we may need to ask you to provide us with additional information to verify your identity and to assist with your request. In most circumstances, you will not be required to pay a charge for exercising your rights.

We will then gather relevant information to respond to your request. We will carry this work out as quickly as possible, but it may take up to one calendar month to respond to you. We may respond to your request in phases as information becomes available.

If we cannot satisfy your request within the time period, we will let you know why and when we expect to be able to provide you with either additional information, or with a full response. If we decide that we cannot satisfy your request, we will provide you with our decision and our reasons for it within one calendar month.

We retain data relating to your request for up to 3 years from the date of our last correspondence to you in relation to your request.

Contact us

If you want to discuss how we use your personal data, or exercise your data protection rights, you may write to:  Barlounge, Lea Hall Farm, Lea Lane, Aldford, Cheshire, United Kingdom, CH3 6JQ; or send an email to: [email protected]

Status

This version of our privacy notice is effective from 1st February 2026.