LEGAL
Privacy Policy
Last updated 02 June 2025
01 / WHO WE ARE
Longbow Management Services UK Limited, with company number 14174775, and having its registered office at 4-7 Great Pulteney Street, London, United Kingdom, W1F 9NA ("us" and "we"), is based in the UK and is the controller responsible for your personal data. We are responsible for your personal information and remain committed to protecting your privacy. Pursuant to the Data Protection Act 2018 ("DPA"), we have a legal duty to respect and protect any personal information we collect from you, and we will abide by such duty. This privacy policy sets out how we collect and process your personal data when you use this website, make any purchases, register for any events, promotions or newsletters or otherwise correspond with us.
If you have any questions about this privacy policy or our privacy practices, please contact info@greyheath.com. Should you have any concerns with the way we have dealt with your personal data, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
02 / THE DATA WE COLLECT ABOUT YOU
Personal data means any information about an individual from which that person can be identified. We may collect, use and store different kinds of personal data about you including:
— Identity and Contact Data such as your full name, gender, date of birth, country of residence, residence status, physical address, contact information (e.g., email address and phone number), passport and visa information, service preferences and any other personal data, including special category data (such as allergies and medical assistance), which you may provide us when you make a reservation, apply to any of our job vacancies or contact us.
— Marketing and Communications Data such as your preferences in receiving marketing from us and your communication preferences.
— Technical and Usage Data such as system log information about your use of the website, including the type of browser you use, browser plug-ins, access times, pages viewed, IP address, time zone setting and the page you visited before navigating to our website.
— Device Information including the hardware model, operating system and version, unique device identifiers (such as IP address, IMEI number, the address of the device's wireless network interface, or mobile phone number used by the device) and mobile network information.
— Cookies Data — you can find more information on this under the section entitled 'Cookies'.
— Financial Data such as your credit card, mobile payment and other payment details when you make a reservation or purchase goods and services from us.
— Information collected from the use of closed-circuit television ("CCTV") systems and other security systems.
We may also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' usage data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website.
03 / HOW YOUR DATA IS COLLECTED
We use different methods to collect data from and about you, including through your direct interactions with us — when you fill in online forms, correspond with us by post, phone or email, purchase products or services, create an account, subscribe to publications, request marketing, enter a competition or survey, or give us feedback.
As you interact with our website, we will automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
Third party tools embedded in our website will only collect your data with your express consent, which can be provided by clicking the opt-in button before you submit your information. Technical Data is also collected from analytics providers such as Google Analytics and reCAPTCHA, based outside the UK.
04 / HOW WE USE YOUR PERSONAL DATA
We only use your personal data when the law allows us to. We rely on one or more of the following legal bases for collecting and using your personal data: performance of a contract with you, legitimate interests, legal obligation, and consent.
We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose — for example, to facilitate direct marketing, promotional and customer management purposes; to protect our website from spam software and misuse; and for any other purposes for which we have obtained your consent in accordance with applicable law. You have the right to withdraw consent at any time by contacting us at info@greyheath.com.
05 / THIRD PARTY MARKETING & OPTING OUT
We will always get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us to stop sending you marketing communications at any time by following the opt-out links on any marketing message sent to you, or by contacting us at info@greyheath.com.
06 / LINKS TO THIRD PARTY WEBSITES
Our website may provide links to third party websites, including social networking websites. If you click on a third party link, you will be directed to that third party's website. We strongly advise you to review the privacy policy of every website you visit. We have no control over and assume no responsibility for the content or privacy policy of any third party websites or services.
Our website may contain third party tools such as Google reCAPTCHA in order to protect our website from spam software and misuse by non-human visitors. reCAPTCHA is engaged when you submit your information on any forms on the website.
07 / CHILDREN AND MINORS
Except where required by local laws, we do not knowingly collect personal data relating to minors, unless such personal data was submitted by the minors' parent or guardian. If you are a minor, you may only use our website and services with the permission of your parent or guardian.
08 / COOKIES
By continuing to use the website, you are agreeing to our use of cookies in the manner set forth in this policy. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Our use of cookies aims to provide you with an optimum user experience when you browse our website, allows us to monitor the performance of the website on an ongoing basis, and protects our website from spam or misuse.
This website uses third party cookies via Google Analytics, which helps us understand how visitors use the website, and Google reCAPTCHA, which protects our website from spam software and misuse by non-human visitors.
The data collected may include your browser type, language, operating system, device ID, geolocation data, the state or country from which you accessed the website's services, the webpages you visited, and the date and time of a visit. This information is aggregated and anonymous and will not be traced back to you.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. You can opt-out of having your activity made available to Google Analytics by installing the Google Analytics opt-out browser add-on. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
09 / DISCLOSURES OF YOUR PERSONAL DATA
As an essential part of being able to provide our services to you, we share your data with the following categories of third parties:
— Group companies which are members of the Longbow Management Services UK Limited group, based in the UK and EU.
— Agencies that assist us with marketing management and newsletter distribution such as Klaviyo, provided we have received your express opt-in consent.
— Service providers that help us run our business, such as property management software providers, SEO agencies, website hosting providers and developers, providers of Wi-Fi access at our venues, and companies that provide us with legal, administrative, financial and other professional services.
— Professional advisers including lawyers, bankers, auditors and insurers who provide advice when we require it.
— Law enforcement agencies in connection with any investigation to help prevent unlawful activity.
— Third parties to whom we may sell, transfer or merge parts of our business or our assets. If a change happens to our business, the new owners may use your personal data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process it for specified purposes and in accordance with our instructions.
10 / INTERNATIONAL TRANSFERS
We do not disclose your personal data outside of the UK, EEA and Switzerland, unless we have your express consent to do so. We use third-party providers such as Klaviyo which may store your personal data in servers located in the U.S. Such transfers of data occur only with your express consent which you provide via an opt-in button.
11 / DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Please be aware that where information is transmitted via the internet, such transmission is not completely secure. Although we take appropriate and proportionate steps to manage the risk posed, we cannot guarantee the security of your information transmitted to our online services.
12 / DATA RETENTION
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. In any event, we do not retain your personal data for longer than six (6) years, subject to local laws and regulations.
By law we have to keep basic information about our customers (including Contact, Identity and Financial Data) for five years after they cease being customers for tax purposes. If you would like to know more about the retention periods, please contact info@greyheath.com.
13 / YOUR LEGAL RIGHTS
You have rights in relation to your personal data including a right to access your personal data, have your data corrected, request erasure of your personal data in certain circumstances, object to or restrict our processing activities of your personal data, request the transfer of your personal data to a third party, and withdraw your consent to our processing of your personal data.
If you wish to exercise any of the rights above, please email info@greyheath.com.
14 / UPDATES TO THIS POLICY
We reserve the right to update and change this privacy policy from time to time in order to reflect regulatory changes or changes to the way we process your personal data. In case we make such changes, we will post the amended privacy policy on our website. The changes will come into effect upon publication.
15 / CONTACT US
If you have any questions about this privacy policy, our privacy practices, or wish to exercise your rights, please contact us at info@greyheath.com.
Last updated 02 June 2025
