GDPR Privacy Statement 2026
Who We Are
Pembroke Lodge and The Hearsum Family Limited (“we”, “us”, “our”) are committed to protecting the privacy and security of personal information.
For any questions regarding this Privacy Notice or your personal data, please contact:
Information We Collect
We may collect and process the following categories of personal information:
- Name, address, email address and telephone number.
- Company and invoicing details.
- Booking and event information.
- Correspondence relating to enquiries, bookings and events.
- Information relating to event guests to manage dietary and allergen requirements
- Financial transaction records and payment history.
- CCTV images recorded on our premises.
- Website usage information, including IP addresses and analytics data.
Payment card details are not retained following payment processing. Customer-not-present card details are handled securely and destroyed in accordance with applicable security requirements.
How We Collect Information
Information is collected directly from customers, suppliers and other business contacts through:
-
Telephone, email and written correspondence.
- Booking forms and event documentation.
- Website contact forms.
- CCTV systems operating on our premises.
- Website analytics and server logs.
Website, Cookies and Analytics
Our website, pembroke-lodge.co.uk uses cookies and Google Analytics to help us understand how visitors use the site and to improve website performance.
Google Analytics may collect information including:
- IP address (which may be anonymised where applicable).
- Device and browser information.
- Website usage and navigation data.
Visitors may manage cookie preferences through their browser settings.
Website Hosting
Our website is hosted by gloversure
As part of normal website operation, server logs may record technical information such as IP addresses, browser information and access times for security, diagnostic and operational purposes.
Booking and Event Information
Booking information is collected and maintained through our in-house booking system.
Records are stored on company-owned server infrastructure managed by our IT provider and access is restricted to authorised staff who require access for operational purposes.
CCTV
CCTV operates at our premises for the purposes of:
-
Crime prevention and detection.
-
Protection of staff, visitors and property.
-
Health and safety.
-
Investigation of incidents.
CCTV footage is retained only for as long as reasonably necessary unless required for investigation, insurance or legal proceedings.
Lawful Basis for Processing
We process personal data under one or more of the following lawful bases:
-
Performance of a contract.
-
Compliance with legal obligations.
-
Legitimate interests in operating and securing our business.
-
Consent, where required by law.
Sharing Information
We do not sell personal information.
Personal information may be shared where necessary with:
- Payment processors, including Paymentsense.
- Accounting providers, including Sage.
- Professional advisers, insurers and auditors.
- Regulatory authorities and law enforcement agencies where required by law.
Any third parties receiving personal information are required to process it securely and only for legitimate business purposes.
International Transfers
We do not intentionally transfer personal data outside the United Kingdom unless appropriate safeguards are in place in accordance with applicable data protection legislation.
Retention of Information
Personal information is retained only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations.
Customer, booking and accounting records are generally retained for up to seven years to comply with tax, accounting and legal requirements.
CCTV recordings are retained only for the period necessary for security and operational purposes unless required for investigation or legal proceedings.
Security
We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, disclosure, alteration or destruction.
Access to personal information is limited to authorised personnel who require access to perform their duties.
Your Rights
Subject to applicable law, individuals have rights including:
- Right of access.
- Right to rectification.
- Right to erasure.
- Right to restrict processing.
- Right to object to processing.
- Right to data portability where applicable.
- Right to withdraw consent where consent is relied upon.
Complaints
If you have concerns regarding the way we handle your personal information, please contact us at info@pl.org.uk
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Changes to this Privacy Notice
We may update this Privacy Notice from time to time. Any changes will be published on our website.





