Privacy Policy | The Windmill Inn Somerset

1. Introduction

The Windmill Inn ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you interact with our website, sign up for our mailing list, or participate in our monthly prize draw.

                Your Rights: Under UK GDPR, you have rights over your personal data including the right to access, correct, delete, or object to processing. See Section 9 for details.
            

Data Controller:

The Windmill Inn
West Quantoxhead
Somerset, TA4 4DS
United Kingdom
Email: Contact@The-Windmill.co.uk
Phone: 01984 633004

2. What Information We Collect

2.1 Information You Provide

When you sign up for our mailing list or prize draw, we collect:

Name: Your first name and last name (optional: surname)
Email Address: Required for communication and prize notifications
Postcode: To verify UK residency and for local targeting
Interests: Your preferences for content (Dining, Golf, Events, etc.) - optional
Referral Information: If you were referred by another subscriber, we store this relationship

2.2 Information Automatically Collected

When you interact with our website or emails, we automatically collect:

Signup Metadata: Date/time of signup, IP address, signup source (web/QR/tablet/staff)
Email Engagement: Whether you opened an email, which links you clicked, timestamps of interactions
Website Analytics: Pages visited, time on site, browser type, device type (via cookies)
Confirmation Status: Whether you confirmed your email via double opt-in

2.3 Prize Draw Information

If you win a prize, we additionally collect:

Winner Code: Unique code for prize redemption
Booking Details: Date of your carvery booking
Redemption Information: When you used your prize, which staff member processed it
Photo (Optional): Only if you consent to publicity

2.4 Information We Do NOT Collect

We do not collect:

Payment card details (we are not an e-commerce site)
Sensitive personal data (race, religion, health, political opinions, etc.)
Data from children under 18

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data based on:

Purpose	Legal Basis
Sending marketing emails	Consent - You opted in via signup form
Prize draw administration	Contract - Fulfilling prize draw terms
Fraud prevention	Legitimate Interest - Protecting our business
Analytics and improvement	Legitimate Interest - Improving our services

3.2 Specific Uses

We use your information to:

Send Marketing Emails: News, offers, events, and local content (up to 20 emails per month maximum)
Administer Prize Draw: Select winners, send notifications, verify claims, track redemptions
Personalize Content: Match blog posts and offers to your stated interests
Manage Tier System: Track your engagement and upgrade your discount tier (10%/15%/20%)
Track Referrals: Reward you when friends join via your referral link
Improve Our Service: Analyze email performance, website usage, and subscriber preferences
Prevent Fraud: Detect duplicate entries, verify winner eligibility, prevent abuse
Legal Compliance: Maintain audit logs for regulatory purposes

3.3 Frequency Limits

                Email Frequency Promise: We will send a maximum of 20 marketing emails per month. This includes newsletters, offers, prize draw announcements, and review requests. You can unsubscribe at any time.
            

4. How We Store and Protect Your Information

4.1 Data Storage

Location: All data is stored on secure servers in the United Kingdom
Database: MySQL database with encrypted connections
Backups: Regular automated backups stored securely
Access Controls: Only authorized staff can access personal data

4.2 Security Measures

We protect your data using:

Encryption: SSL/TLS encryption for all website traffic (HTTPS)
Password Protection: Admin accounts use strong, hashed passwords
CSRF Protection: Security tokens prevent unauthorized actions
Rate Limiting: Prevents brute-force attacks and abuse
Audit Logging: All data access and changes are logged with timestamps
Regular Updates: Software and security patches applied promptly

4.3 Data Retention

How long we keep your data:

Active Subscribers: As long as you remain subscribed
After Unsubscribe: 30 days (soft delete), then permanently removed
Prize Winners: 7 years (for tax and legal compliance)
Audit Logs: 12 months for security and compliance purposes
Email Engagement Data: As long as you remain subscribed, then deleted with your account

                Soft Delete: When you unsubscribe, we keep your data for 30 days in case you change your mind. After 30 days, it's permanently deleted unless you're a prize winner (see above).
            

5. Who We Share Your Information With

5.1 Third-Party Services

We may share your data with these trusted third parties:

Service Provider	Purpose	Data Shared
Email Provider (IONOS)	Send emails on our behalf	Name, email address, email content
Web Hosting (IONOS)	Host our website and database	All subscriber data (stored on their servers)
Analytics (if enabled)	Understand website usage	Anonymized usage data, no personal identifiers

5.2 What We DON'T Do

❌ We DO NOT sell your data to third parties
❌ We DO NOT rent or lease your email list
❌ We DO NOT share your data for others' marketing purposes
❌ We DO NOT transfer data outside the UK/EU without safeguards

5.3 Legal Disclosure

We may disclose your information if required by law or to:

Comply with legal obligations or court orders
Protect our rights, property, or safety
Prevent fraud or illegal activity
Respond to government requests

6. Cookies and Tracking Technologies

6.1 What Cookies We Use

Our website uses the following types of cookies:

Essential Cookies: Required for the website to function (login sessions, CSRF tokens)
Analytics Cookies: Help us understand how visitors use our site (anonymous data)
Preference Cookies: Remember your settings and preferences

6.2 Email Tracking

Our marketing emails contain:

Open Tracking Pixel: A tiny invisible image that tells us when you open an email
Click Tracking Links: Modified URLs that record when you click a link

This helps us understand which content is most interesting to you and improve our emails.

6.3 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect website functionality.

7. Your Marketing Preferences

7.1 Consent and Opt-In

When you sign up for our mailing list:

✅ You explicitly consent to receive marketing emails
✅ You confirm your email via double opt-in (best practice)
✅ You can update your preferences at any time

7.2 Interest Preferences

You can choose which types of content interest you:

Dining & Carvery
Golf
Events & Entertainment
Local Guides
Accommodation
Weddings & Functions
Seasonal Offers

Update your preferences: Click Here

7.3 Unsubscribing

You can unsubscribe at any time by:

Clicking the "Unsubscribe" link at the bottom of any email
Visiting: www.the-windmill.co.uk/unsubscribe
Emailing us: Contact@The-Windmill.co.uk
Calling us: 01984 633004

                Important: Unsubscribing removes you from marketing emails but also removes you from the monthly prize draw (since entry is automatic for subscribers).
            

8. Prize Draw Specific Privacy Information

8.1 Winner Data

If you win the monthly prize draw:

We store your winner code, claim status, and redemption details
We may announce your first name and last initial in our newsletter (with permission)
We retain winner records for 7 years for audit and tax purposes

8.2 Publicity

You will be asked separately if you consent to:

Name announcement in newsletter
Photo with meal on social media
Testimonial/review publication

Declining publicity does not affect your prize. You can still claim and use your prize even if you prefer to remain anonymous.

8.3 Fraud Prevention

To prevent fraud in the prize draw, we:

Check for duplicate email addresses
Log IP addresses during signup
Verify winner identity before prize redemption
Exclude staff and immediate family members
Maintain audit logs of all draw executions

9. Your Rights Under UK GDPR

You have the following rights over your personal data:

9.1 Right to Access

What it means: You can request a copy of all personal data we hold about you.

How to exercise: Email info@the-windmill.co.uk with "Subject Access Request" in the subject line. We will respond within 30 days.

9.2 Right to Rectification

What it means: You can ask us to correct inaccurate or incomplete data.

How to exercise: Update your details via Subscriber Preferences or email us.

9.3 Right to Erasure ("Right to be Forgotten")

What it means: You can ask us to delete your personal data.

How to exercise: Click "Unsubscribe" in any email, or email us with "Delete My Data" in the subject.

Exception: We may retain winner data for 7 years if legally required.

9.4 Right to Restrict Processing

What it means: You can ask us to pause processing your data while you challenge its accuracy or legality.

How to exercise: Email info@the-windmill.co.uk with your request.

9.5 Right to Data Portability

What it means: You can request your data in a machine-readable format (CSV, JSON).

How to exercise: Email us requesting "Data Export."

9.6 Right to Object

What it means: You can object to processing based on legitimate interests (e.g., analytics).

How to exercise: Email us with your objection. We will stop unless we have compelling legitimate grounds.

9.7 Right to Withdraw Consent

What it means: You can withdraw consent for marketing emails at any time.

How to exercise: Click "Unsubscribe" in any email.

9.8 Right to Complain

If you believe we have mishandled your data, you can complain to:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10. Children's Privacy

Our services are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are under 18, please do not sign up for our mailing list or prize draw.

If we discover we have inadvertently collected data from a child, we will delete it immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

We will update the "Last Updated" date at the top of this page
For significant changes, we will notify you by email
Continued use of our services after changes constitutes acceptance

We recommend reviewing this policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

The Windmill Inn - Data Protection
Email: Contact@The-Windmill.co.uk
Phone: 01984 633004
Address: West Quantoxhead, Somerset, TA4 4DS, United Kingdom

Response Time: We aim to respond to all data protection requests within 30 days.

13. Summary of Key Points

                ✅ We only collect data you provide or that's necessary for the prize draw
✅ We NEVER sell your data to third parties
✅ You can unsubscribe anytime with one click
✅ We use UK servers and comply with UK GDPR
✅ You have full rights to access, correct, or delete your data
✅ We use industry-standard security measures
✅ Email frequency is limited to 20 per month maximum
✅ Unsubscribed data is deleted after 30 days (except winners - 7 years)

            