Winners of Finchingfield

Privacy Policy

Last updated: 5 May 2026

This policy explains how Winners of Finchingfield ("we", "us") collects and uses your personal data when you visit our website, make a booking, contact us, or subscribe to our newsletter. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are (Data Controller)

Winners of Finchingfield, The Green, Finchingfield, Essex CM7 4JX. Email: info@winnersfinchingfield.com. Phone: 01376 437734.

2. What data we collect & why

Bookings

  • Data: name, email, phone, party size, date/time, special requests.
  • Purpose: to manage your reservation.
  • Lawful basis: performance of a contract (Article 6(1)(b)).
  • Retention: 12 months after the booking date, then deleted.

Contact form

  • Data: name, email, optional phone, message.
  • Purpose: to respond to your enquiry.
  • Lawful basis: legitimate interests (Article 6(1)(f)) — replying to people who contact us.
  • Retention: 24 months from last contact.

Newsletter

  • Data: email address, consent timestamp and source.
  • Purpose: to send you news, seasonal menus and event updates.
  • Lawful basis: consent (Article 6(1)(a)) — you tick the consent box at signup. You can withdraw consent at any time using the unsubscribe link in every email or by emailing us.
  • Retention: until you unsubscribe.

Cookies

Our website uses only strictly necessary cookies needed to make the site work. We do not use analytics, advertising or tracking cookies, so no cookie consent banner is required under PECR.

3. Who we share data with (Processors)

We use the following trusted service providers, who process data on our behalf under written agreements:

  • Lovable Cloud (Supabase) — hosting our website and database (EU region).
  • Email delivery provider — used to send transactional and newsletter emails.

We do not sell your data and we do not share it for marketing purposes with any third party.

4. International transfers

Where any processor transfers data outside the UK, we rely on UK adequacy regulations or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses to ensure your data remains protected.

5. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected (rectification)
  • Have your data deleted (erasure / "right to be forgotten")
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent at any time (for newsletter)

To exercise any of these rights, use our Data Request form or email info@winnersfinchingfield.com. We respond within one month.

6. Security

Your data is stored in an encrypted database with strict row-level access controls. Only authorised staff can access booking and contact data, and only for the purposes set out above.

7. Complaints

If you're unhappy with how we've handled your data, please contact us first so we can put it right. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113.

8. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page indicates when it was last revised.