Privacy Policy
Effective Date: July 15, 2026
This Privacy Policy outlines how The Venue Worksop ("we", "our", or "us") collects, processes, stores, and protects personal data obtained from visitors, members, and customers using our website and facility.
We are committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our website, submitting booking requests, or registering a member account, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
We collect personal information necessary to offer services, process bookings, maintain security, and verify identities. This includes:
- Account Registration Information: Full name, email address, username, password hashes, and date of account creation.
- Table Booking Data: Customer name, email address, optional phone number, desired date, table number, and start/end times.
- Inquiries and Forms: Name, email address, phone number, and content of messages submitted via our contact, membership, or product inquiry forms.
- Security & Audit Logs: IP addresses (captured from Cloudflare connecting headers or standard headers), timestamps, page access details, login attempts, and record changes.
2. How We Use Your Data
We process your personal data for the following lawful reasons:
- Contractual Obligation: To manage table bookings, notify you regarding reservation confirmations/denials, and facilitate custom merchandise inquiries.
- Legitimate Interests: To run an immutable security audit log tracking authorized and unauthorized access to member databases, preventing session hijacking, and securing our systems.
- Consent: To respond to message inquiries or membership applications submitted voluntarily.
3. Session and Cookie Security
We use temporary, secure PHP session cookies to maintain your login state. These cookies do not store personal details and are configured with security flags (`HttpOnly` and `Secure` where appropriate) to block cross-site scripting (XSS) access. Sessions are bound to your connecting IP address; changes in IP address will trigger automatic session destruction to protect your account from hijacking.
4. Data Retention
- Audit Logs: To verify compliance and security, audit log rows containing login metadata and record changes are kept for security evaluation.
- Booking Information: Booking transaction logs are held for business accounting and statistics. Cancelled or denied bookings are cleared regularly.
- Membership Accounts: Retained for the active duration of your membership and deactivated upon cancellation or non-payment.
5. Data Sharing and Transfer
We do **not** sell, trade, rent, or distribute personal data to third parties. All database records are stored locally and securely on our servers in the UK. Notification emails are sent using our configurable SMTP mail servers over SSL/TLS.
6. Security Measures
We implement a range of strict safety measures to keep your data secure:
- Passwords are hashed using industry-standard BCRYPT salt algorithms.
- We incorporate Cloudflare Turnstile captchas on forms to shield endpoints against brute force attacks and malicious bot submissions.
- Access to confidential database records is strictly restricted to authenticated administrators, with every access recorded in an immutable audit ledger.
7. Your Legal Rights
Under UK GDPR, you hold specific data rights, including:
- The right to request access to and copies of the personal data we hold about you.
- The right to request rectification of inaccurate details.
- The right to request erasure ("right to be forgotten") of your booking or account data, subject to legal record-keeping requirements.
- The right to withdraw consent for general inquiries at any time.
To exercise any of these rights, please contact our data team at [email protected].
8. Policy Revisions
We may update this policy occasionally. Any updates will be published directly on this page with the modified effective date. We encourage visitors to review this document regularly.