Privacy Policy

1. Who we are and how to contact us

This Privacy Policy explains how TheBlondieBar collects, uses, shares and protects your personal data when you use our website at https://www.theblondiebar.uk. We act as the “data controller” for the personal data we process about you.

Data controller: TheBlondieBar, United Kingdom

General privacy contact: privacy@theblondiebar.uk

Data Protection Officer (DPO): dpo@theblondiebar.uk

This policy applies to visitors and customers in the United Kingdom and, where relevant, the European Economic Area (EEA). We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

2. Personal data we collect

We only collect personal data that is necessary for the purposes described below. Depending on how you interact with us, we collect:

  • Identity and contact data: name, email address, phone number, postal address.
  • Account and profile data: username, password, preferences, saved favourites or settings.
  • Booking and order data: reservation details, dates and times, party size, special requests or dietary requirements you choose to share, purchase history, delivery details.
  • Payment and transaction data: payment method, billing details, amounts and timestamps. We do not collect or store full card numbers; such data is processed securely by our payment service providers.
  • Communications: emails, messages sent via forms, feedback, reviews, and customer service interactions (including date, time and content).
  • Marketing preferences: your subscriptions, opt-ins and opt-outs.
  • Technical and usage data: IP address, device identifiers, browser type and version, operating system, time zone, pages viewed, clicks, referring/exit pages, and similar diagnostic data collected through server logs, cookies and similar technologies.
  • Cookie data: identifiers stored on your device for essential site functionality, analytics and, if you consent, advertising or social media features. See Section 4.
  • Social media data: if you interact with our social profiles or use social sign-in, we may receive basic profile or interaction data from those platforms, subject to your settings.
  • Job application data (if you apply for roles): CV/resume, cover letter, work history, references, and related information you provide.
  • Sensitive data: in limited cases, you may choose to share special category data (e.g., allergy or accessibility information for a booking). We only use this with your explicit consent and to fulfil your request.

3. Purposes and legal bases for processing

We process your personal data for the following purposes and legal bases under the UK GDPR:

  • Provide our services: to operate our website, take and manage bookings or orders, provide customer support, and deliver requested products or services.

    Legal basis: performance of a contract or steps taken at your request before entering into a contract; legitimate interests in running our services.
  • Communicate with you: to respond to enquiries, send service messages (e.g., booking confirmations, operational notices), and manage your account.

    Legal basis: performance of a contract; legitimate interests in effective customer service.
  • Marketing: to send newsletters, offers or updates by email/SMS where you have opted in or where permitted by law (including “soft opt-in” for existing customers for similar products/services). You can opt out at any time.

    Legal basis: consent; legitimate interests where permitted by PECR.
  • Personalisation and analytics: to understand website usage, improve content and user experience, and develop our services.

    Legal basis: consent for non-essential cookies/analytics; legitimate interests for aggregated, low-privacy-impact analytics where permitted.
  • Security and fraud prevention: to protect our site, users and business, including monitoring, detecting and preventing fraudulent or malicious activity.

    Legal basis: legitimate interests; legal obligation where applicable.
  • Legal and regulatory compliance: to comply with accounting, tax and other legal obligations, and to establish, exercise or defend legal claims.

    Legal basis: legal obligation; legitimate interests.
  • Job applications: to assess your suitability, manage recruitment and keep records.

    Legal basis: consent; legitimate interests in hiring processes; legal obligation where applicable.
  • Special category data (e.g., allergies): to accommodate your booking or request.

    Legal basis: your explicit consent; you may withdraw consent at any time (see Section 8).

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

4. Cookies and similar technologies

We use cookies and similar technologies to make our website work, to measure performance, and—if you consent—to personalise content or marketing. Under PECR, we may store or access cookies on your device where they are strictly necessary; for all other cookies, we request your consent.

Categories we use:

  • Strictly necessary cookies: required for core functions such as page navigation, security and form submissions. These cannot be switched off in our systems.
  • Analytics and performance cookies: help us understand how visitors use our site (e.g., pages visited, errors) so we can improve performance.
  • Functional cookies: remember choices (e.g., language or region) to enhance your experience.
  • Advertising and social media cookies: may be set by us or our partners to build a profile of your interests, show relevant ads, or enable social features. These operate only with your consent.

Your choices:

  • Consent management: when presented, you can accept or reject non-essential cookies. You can change your preferences at any time using your browser settings.
  • Browser controls: you can block or delete cookies through your browser. Blocking some cookies may impact site functionality.
  • Do Not Track: our site does not currently respond to DNT signals due to a lack of industry standards.

5. Sharing your personal data

We share personal data only as necessary for the purposes described above:

  • Service providers (processors): hosting and cloud infrastructure, website analytics, customer support tools, email and SMS delivery, payment processing, reservations/booking platforms, and IT/security providers. These providers are bound by contract to protect your data and act only on our instructions.
  • Payment processors: process your transactions securely. We receive confirmation of payment status but not your full card details.
  • Professional advisers: accountants, auditors, legal counsel and insurers where necessary for our legitimate interests and compliance.
  • Legal and regulatory: authorities, courts or law enforcement where required by law or to protect rights, privacy, safety or property.
  • Business transfers: in connection with a merger, acquisition, restructuring or asset sale. We will continue to protect your data and notify you of any material changes.

We do not sell your personal data.

6. International data transfers

Your personal data may be transferred to and processed in countries outside the UK and EEA where our service providers operate. Where such transfers occur, we ensure appropriate safeguards are in place, such as:

  • Adequacy regulations issued by the UK government (or adequacy decisions by the European Commission, where relevant).
  • Standard contractual clauses approved by the European Commission together with the UK Addendum, or the UK International Data Transfer Agreement (IDTA).
  • For transfers to the United States, participation by the recipient in the UK Extension to the EU–US Data Privacy Framework, where applicable.

You can contact us to obtain more information about our transfer safeguards.

7. Data retention

We keep personal data only for as long as needed for the purposes set out in this policy, and to comply with legal, accounting and reporting obligations. Typical retention periods are:

  • Accounts and profile data: for the life of your account and up to 24 months after closure.
  • Bookings, orders and transaction records: 7 years from the end of the financial year in which the transaction occurred (for tax and accounting obligations).
  • Customer service communications and enquiries: up to 24 months after resolution.
  • Marketing data (subscriptions, consents, preferences): until you opt out or withdraw consent, and in any case reviewed after 24 months of inactivity.
  • Technical logs and security data: typically 12 months, or longer if required for security, legal or investigative purposes.
  • Job applications: generally 6 months after the recruitment process ends unless you consent to a longer period.
  • Cookies: session cookies expire when you close your browser; persistent cookies generally last between 6 and 26 months unless you delete them earlier.

Where possible, we anonymise or aggregate data so it can no longer identify you.

8. Your rights

Under the UK GDPR, you have the following rights (subject to conditions and exceptions):

  • Access: receive a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data in certain circumstances.
  • Restriction: limit how we use your data in certain cases.
  • Portability: receive data you provided in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
  • Objection: object to processing based on our legitimate interests or for direct marketing.
  • Withdraw consent: where we rely on consent, you can withdraw it at any time.

To exercise your rights, contact privacy@theblondiebar.uk. We may need to verify your identity before responding. We aim to respond within one month, or notify you if more time is required. You will not be charged a fee unless your request is manifestly unfounded or excessive.

9. Data security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Use of TLS/HTTPS to encrypt data in transit.
  • Access controls, authentication and least-privilege permissions.
  • Regular software updates, vulnerability management and backups.
  • Contractual safeguards and due diligence for our service providers.
  • Staff awareness and confidentiality obligations.

No method of transmission or storage is completely secure; we continually review and improve our security controls.

10. Children’s privacy

Our website is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to us, please contact privacy@theblondiebar.uk and we will take appropriate steps to delete it.

11. Complaints

If you have concerns about how we handle your personal data, please contact us first at privacy@theblondiebar.uk so we can try to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

12. Third-party sites and services

Our website may contain links to third-party websites, plugins or services. These have their own privacy policies, and we are not responsible for their practices. We encourage you to read their policies before providing personal data.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. Changes are effective when posted on this page. If we make material changes, we will take reasonable steps to notify you.

Last updated: 14 December 2025

14. Contact and DPO details

If you have questions about this policy or our privacy practices, or wish to exercise your rights, please contact:

TheBlondieBar, United Kingdom
Email: privacy@theblondiebar.uk

Data Protection Officer (DPO):
Email: dpo@theblondiebar.uk

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2026 TheBlondieBar