Consumer Privacy Policy
1. Introduction
Fuller, Smith & Turner P.L.C. is committed to protecting the privacy of all customers. This Privacy Policy explains what personal data we collect about you and how we use it.
Personal data is any information relating to an individual that can be used to identify them. By providing your personal data to us you acknowledge that it will be processed in accordance with this Privacy Policy.
Personal data that is captured for our employees is covered separately in our Employee Privacy Policy.
2. Who is responsible for your data
“Fuller’s” which is also referred to in this Privacy Policy as “we”, “us” or “our” is a trading name of:
Fuller, Smith & Turner P.L.C
Pier House
86-93 Strand on the Green
London
W4 3NN
Company Number: 00241882
ICO Registration Number: Z6912169
Fuller’s is the parent company of B & D Country Inns I Limited and B & D Country Inns II Limited (company number 07292333 and 08029280 trading as Bel & The Dragon), and Cotswold Inns and Hotels Limited (company number 03309179 – trading as Cotswold Inns & Hotels). Therefore, Fuller’s is the Data Controller for personal data that is processed at these companies.
We have appointed a Data Protection Officer, who can be contacted in the following ways should you have any questions, feedback or complaints about your privacy:
Mail: Data Protection Officer
Fuller, Smith & Turner P.L.C
Pier House
86-93 Strand on the Green
London
W4 3NN
Email: [email protected]
3. How we collect your personal data
Your personal data is collected in the following ways:
- When you sign up to use our complimentary Wi-Fi at our venues;
- When you sign up to receive our marketing communications;
- Through the use of cookies when you visit our website (you should refer to our Cookie Policy for further details);
- When you contact us by digital forms, telephone or email to make an enquiry, booking or purchase;
- When you visit one of our venues and come into view of our CCTV cameras;
- When you enter a competition we are running;
- When you provide us with your feedback or complete satisfaction surveys;
- When completing forms for transactions, employment or other purposes;
- When you attend events or functions organised by us, or carried out by our venues;
- When you provide your details through our Order and Pay system; and
- When you interact with us through social media.
For a general overview of how personal data is managed and transferred at Fuller’s, please see Appendix 1.
4. Personal data we collect about you
We collect personal data for a variety of purposes as outlined in this section 4. You will provide much of this data to us directly by completing online forms or through engagement with one of our team members (through phone, email or otherwise) but we also gather some data via the digital interactions that you have with us.
Name and contact details (e.g. email address, telephone number and postal address) |
When you book a table/function/hotel room/ticket.
When you opt-in to receive marketing communications.
When you provide us with feedback or submit an enquiry
When you sign up to use our Wi-Fi.
If you have an accident while visiting us at our venues.
When you pay for a hotel room either in person or online.
When you purchase a gift voucher.
When you enter a Fuller’s competition or promotion.
When you liaise with us through social media.
To collect and recover money that is owed to us. |
Nationality / Passport Number |
When you book a hotel room.
Passport number is only collected where you are an overseas visitor and book a hotel room. |
Date of birth |
To confirm that you are over the age of18 so you can receive licensed goods and services.
When you sign up to use our Wi-Fi, to confirm that you are over the age of 18.
When you book a table through our booking system (if supplied).
When you sign-up to enter one of our competitions or promotions.
When you choose to provide it for marketing personalisation. |
Personal Interests |
When you choose to provide it for marketing personalisation. |
Dietary and special needs requirements |
When you choose to provide it when booking a table / function / hotel room. |
Information about other guests on your booking including details of any children. |
When you provide information on behalf of others as part of making a table / function / hotel booking. |
The correspondence that you have with us (e.g., emails, letters, calls, online chat service) |
When you contact us or we contact you. This may include telephone call recording. |
Car registration number |
When your vehicle is captured on one of our CCTV cameras.
When parking at our venues with parking restrictions.
When you stay at our hotels and provide your registration number. |
Your location / visit information |
When you use our Wi-Fi.
Where you have been involved in an accident at one of our venues.
When you or your vehicle is captured on one of our CCTV cameras.
When you make a booking.
When you make a complaint. |
CCTV Recording |
When you visit our venues. |
Information about how you use our websites (e.g., IP address, Google Analytics, a list of URLs starting with your referring site, activity on our website, and the website you exit to). |
When you browse our websites. |
Device information and vicinity information (if consented to). |
When you use our Wi-Fi or leave us feedback. |
*Your transaction details and payment. |
When you place an order and pay for food or drink in a pub / hotel via our website.
When you pay for a hotel room either in person or online.
When you purchase tickets for a Fuller’s managed event or function.
To collect and recover money that is owed to us.
When you purchase a gift voucher. |
* Fuller’s rely on third-party payment providers to assist with completing transactions. Transaction details such as your credit/debit card details will not be stored by Fuller’s but will instead link to the relevant payment provider.
Special Category Personal Data
The UK General Data Protection Regulation (UK GDPR) is the privacy law implemented across the United Kingdom which includes increased protection relating to Special Category Personal Data such as health and religious beliefs. As a result of you telling us that you have an allergy or a specific dietary requirement you may reveal medical conditions or religious beliefs. Special Category Personal Data will only be processed to deliver the products / services that you purchase from us.
5. How and why we use your personal data
We can only process your personal data if we have a lawful basis to do so. These lawful purposes are summarised below
To ensure the performance of a contract for a service we have with you:
When we have a legal obligation to process your data:
When you give us consent:
Processing your data to further our legitimate interests:
One of the lawful basis we rely on to process personal data is called ‘legitimate interests’ whereby we can use your personal data if we have a genuine and legitimate reason, and we are not harming any of your rights and interests.
We use legitimate interests in the following circumstances:
When we process personal data relating to your health or religious beliefs, our lawful basis is legitimate interests. It is in our legitimate interests to ensure that we are aware of your dietary requirements when you dine with us. Our additional special category condition for processing your health and religious information is Explicit Consent Article 9 (2)(a) of the UK General Data Protection Regulation (UK GDPR).
Where you choose to supply your personal data for the purposes of providing us information to record accidents and injuries, we will rely on Explicit Consent Article 9 (2)(a) of the UK GDPR.
When we process your personal data for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
6. Who can access your personal data
We share your personal data internally across the group where required for our legitimate interests or with your consent.
We are reliant on a number of third-party providers in order to provide our products and services. Where this is the case, we will remain in control of the data and we will ensure that the third parties comply with high security standards for the protection of your personal data. The third parties will not have any rights to use your data for their own purposes.
Our third-party providers include:
We also use third-party booking websites (e.g. Booking.com / Expedia) to take hotel bookings and sites such as OpenTable and Design My Night to take table bookings. Customers that choose to use these sites will be doing so under the relevant Terms and Conditions and privacy policies of these sites. In order to deliver the booking, the third-party will share your data with us and once they have done so we will use the data in accordance with this Privacy Policy.
Where relevant we will share your booking data with catering contractors who operate a small number of our restaurants.
Where required, your personal data will be shared with legal authorities. For example, this will include where the police request access to CCTV.
We will also share personal data with our legal advisors in order for us to take advice, respond to and defend legal claims.
7. Third-Party links
Our website includes links to third-party websites and plug-ins. Clicking on these links or enabling these connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.
8. Transfer of Data outside the EEA
All our operations covered by this Privacy Policy are based in the European Economic Area (EEA). However, the technical infrastructure of some of our providers is located in data centres outside the EEA.
Limited personal data that we collect from you may be transferred to and processed in a destination outside of the EEA. In these circumstances, your personal data will only be transferred if at least one of the following safeguards is implemented:
The personal data that will be transferred outside the EEA is as follows:
Purpose for Processing |
Personal Data Affected |
3rd Party |
Country |
Safeguard |
Email Marketing |
Identity, Contact |
Campaign Monitor |
United States |
Standard Contractual Clauses |
Online Hotel Bookings |
Identity, Contact, Booking |
SiteMinder |
United States |
Standard Contractual Clauses |
9. Retention and Security of your Data
We will only retain your personal data for as long as required in order to fulfil the purpose(s) for which it was collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
After such time, we will securely delete or destroy your personal data. In most instances the personal data processed by us will be securely destroyed within 6 years from when we collected your data. For the majority of our venues, we only hold CCTV data for a period of approximately 30 days.
For customers that have not interacted digitally with us in 6 years, we will send an email communication to receive confirmation of whether you still wish to be opted in to receive marketing communications. If no response is received or you do not re-confirm your consent, we will securely delete your personal data after 30 days.
For customers who opt out of marketing communications and whose personal data is held on an opt-out list, your personal data will be retained for a period of 6 years from the last digital interaction. After which, your personal data will be securely deleted.
We ensure that we use appropriate technical and organisational security measures in order to ensure that your data remains secure. These measures include internal policies, procedures and employee training, as well as ensuring we have appropriate contracts with third-party suppliers, and only allowing access to data on a need-to-know basis.
10. Your Rights
Right to be Informed
We will always be transparent in the way we use your personal data. You will be fully informed about our processing activities through relevant privacy policies, such as this one.
Right to Access
You have a right to request access to the personal data that we hold about you and this should be provided to you. If you would like to request a copy of your personal data, please contact the Data Protection Officer as detailed in section 2 of this Privacy Policy.
Right to Rectification
We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.
Right to Erasure
You have the right to have your data ‘erased’ in the following situations:
If you would like to request erasure of your personal data, please contact the Data Protection Officer as detailed in section 2 of this Privacy Policy. Please note that each request will be reviewed on a case-by-case basis and where we have a lawful reason to retain the data, it may not be erased and you will be notified accordingly.
Right to Restrict Processing
You have the right to restrict processing in certain situations such as:
Right to Data Portability
You have the right to data portability in certain situations. You have the right to obtain and reuse your personal data for your own purposes in a machine-readable format. If you would like to request portability of your personal data, please contact us. This only applies:
Right to Object
You have the right to object to us processing your data in these circumstances:
Proof of identity may be required before we can action some requests. If you choose to exercise any of your rights as set out above, we will contact you to verify your identity.
11. Cookies
Like many other businesses, we use cookies on our website. Cookies are small pieces of information that are stored on your computer or mobile device that record how you use the site. For more detailed information on how we use cookies, please review our Cookie Policy which you can read here.
12. Updates to our Privacy Policy
We may update this Privacy Policy from time to time. If we make changes to this Privacy Policy, the updated version will appear on this page.
13. Contact information
If you have any questions about this Privacy Policy or how your data is processed, please contact us at Fuller, Smith & Turner P.L.C., Pier House, 86-93 Strand on the Green, London, W4 3NN, via phone on 020 8996 2000 or via email to [email protected].
You can unsubscribe from our marketing communication at any time by clicking the unsubscribe link at the bottom of any of our marketing communications. Alternatively, you can email [email protected] with your request.
Should you have any concerns about this Privacy Policy or the way that we are processing data, you have the right to lodge a complaint with the Information Commissioner’s Office. Please look at https://www.ico.org.uk for more detail.
Appendix 1
How personal data is managed and transferred at Fuller’s:
GDPR Version 1.5. This policy was last updated on 5 May 2023.