Privacy Policy
Last updated: 20 August 2025
Who we are: Wonderland Wedding Venues Ltd (“we”, “us”, “our”).
Registered address: 3/4 Wellington Lane, Stamford, England, PE9 1QB
Contact: 01780 239163
We respect your privacy and are committed to complying with UK data protection law, including the UK GDPR and DPA 2018. Our approach follows the UK GDPR’s seven key principles (lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability). ICO
1) What this notice covers
This notice explains what personal data we collect on this website, why we collect it, how we use and share it, legal bases for our use, how long we keep it, international transfers, your rights, and how to contact or complain.
2) Personal data we collect
We collect and process:
- Identifiers and contact details (e.g., name, email, phone) when you create an account, contact us, or subscribe to updates.
- Transactional data (e.g., orders, payment references) if you buy our products/services.
- Usage and device data (e.g., pages viewed, links clicked, IP address, user agent) via our site and cookies/SDKs.
- Marketing preferences (e.g., newsletter opt‑ins).
3) Where we get your data
- Directly from you (forms, checkout, support tickets).
- Automatically from your device/browser (see Cookies & similar technologies).
- From third parties (e.g., analytics, ad partners, social sign‑in) where permitted.
4) How we use your data & our legal bases
We only use personal data when we have a lawful basis. The typical purposes and bases are:
| Purpose | Examples | Lawful basis |
| Provide the site & services | Account creation, customer support, service notices | Contract (Art 6(1)(b)) |
| Take payment & prevent fraud | Payment processing, fraud checks | Contract; Legal obligation; Legitimate interests |
| Improve our site & services | Analytics, diagnostics, A/B tests | Legitimate interests; see Cookies (low‑risk analytics) |
| Marketing (non‑electronic) | Postal mailers | Legitimate interests |
| Marketing (email/SMS) | Newsletters, offers | Consent under PECR; soft‑opt‑in where permitted (see §7) |
| Security & compliance | Logs, incident response | Legitimate interests; Legal obligation |
| Recognised legitimate interests | Crime prevention, safeguarding, responding to emergencies, certain public‑interest tasks (where applicable) | Recognised legitimate interests introduced by DUAA (no balancing test for specified purposes) |
Notes on DUAA 2025: It introduced recognised legitimate interests (a limited statutory list, e.g., crime prevention, safeguarding, emergencies), clarified subject access timing (including a “stop‑the‑clock” where you clarify a request), and updated automated decision‑making safeguards while making the framework more permissive when safeguards are in place. GOV.UK
5) Cookies & similar technologies
We use cookies and similar technologies to run our site, understand performance, and (where you agree) for marketing.
- Strictly necessary cookies: required for core functions (login, security).
- Analytics & improvement cookies: used to collect statistical information about how our site is used so we can make improvements. Under the DUAA, the PECR rules now allow certain low‑risk storage/access without consent when used solely for statistics/service improvement and subject to safeguards and transparency. We will rely on this limited exemption where applicable and proportionate; otherwise, we’ll ask for consent. GOV.UKICO
- Advertising & personalisation cookies: used to measure campaigns and show relevant content—we’ll only set these with your consent.
You can manage preferences via our cookie banner or browser settings at any time. See our Cookie Policy for details [link to your Cookie Policy].
6) Direct marketing (PECR)
- We send electronic marketing with your consent (e.g., ticking “subscribe”).
- We may rely on the “soft opt‑in” to send marketing about similar products/services to existing customers; you’ll always be able to opt out at collection and in every message.
7) Automated decision‑making & profiling
If we make a decision solely by automated means that has legal or similarly significant effects on you, we’ll implement safeguards and explain the logic and significance. Under UK law you have the right to obtain human intervention, express your view, and challenge the decision. GOV.UK
8) Sharing your data
We share personal data with:
- Service providers acting on our instructions (e.g., hosting, email, support, analytics, payments).
- Professional advisers (legal, accounting) and authorities where required by law.
- Business transfers: if we restructure, merge, or sell assets, we may transfer data under appropriate safeguards.
We require processors to implement appropriate security and not use your data for their own purposes.
9) International transfers
If we transfer your data outside the UK, we’ll ensure an appropriate transfer mechanism, such as:
- The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses. ICO
- Transfers to certain US recipients certified to the UK Extension to the EU‑US Data Privacy Framework (the “UK‑US Data Bridge”) (from 12 October 2023) without further safeguards—subject to scope limits (e.g., some sectors aren’t eligible and certain data types need extra care). GOV.UK
We will also carry out a transfer risk assessment where required. GOV.UK
10) Data retention
We keep personal data only as long as necessary for the purposes explained above, including to meet legal, accounting, or reporting requirements. We apply documented retention periods and securely delete or anonymise data when it is no longer needed.
11) Security
We implement appropriate technical and organisational measures to protect personal data (e.g., access controls, encryption in transit/at rest where appropriate, vulnerability management, staff training, incident response). ICO
12) Your rights
You have the following rights under UK data protection law:
- Access to your personal data and copies of it.
- Rectification of inaccurate data.
- Erasure (in certain cases).
- Restriction of processing.
- Data portability (to receive data you provided in a structured, commonly used, machine‑readable format and transfer it to another controller).
- Object to processing based on legitimate interests or for direct marketing.
- Withdraw consent at any time (where processing is based on consent).
- Rights in relation to automated decision‑making, including obtaining human review, expressing your view and contesting the decision (see §7). ICOGOV.UK
Timing for responses: We aim to respond within one month. If we reasonably need clarification to process a subject access request, the DUAA allows us to pause (“stop the clock”) until we receive the information needed, after which the clock resumes. GOV.UK
13) Children’s privacy
Our services are not likely to be accessed by children. We follow the ICO’s Children’s Code (Age‑Appropriate Design Code), including data‑protection‑by‑design, high‑privacy defaults, and appropriate transparency. ICO
14) Third‑party links & services
Our site may link to third‑party sites, plug‑ins or apps. Those providers control their own privacy practices; please read their policies.
15) Changes to this notice
We may update this notice from time to time. We’ll post changes here and, if significant, we’ll notify you by banner. Please check back regularly.
16) How to contact us
Company Name: Wonderland Wedding Venues Ltd
Registered address: 3/4 Wellington Lane, Stamford, England, PE9 1QB
Contact: 01780 239163
17) Complaints
If you have concerns about our use of your data, please contact us first so we can try to resolve them. You can also complain to the UK regulator:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113 | ico.org.uk. ICO