Privacy Statement

Who we are

The White Hart of Harwell ("we", "us", "our") is a public house located in Harwell, Oxfordshire, United Kingdom. We are committed to protecting your personal information and being transparent about how we collect and use it.

This policy explains how we handle personal data collected through our website, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Information we collect

We may collect the following types of personal information when you use our website or contact us:

  • Contact details — your name, email address, and phone number if you make an enquiry or reservation

  • Booking information — date, time, party size, and any dietary or accessibility requirements you share with us

  • Communication records — messages you send us via contact forms or email

  • Technical data — your IP address, browser type, and pages visited, collected automatically via cookies

  • Marketing preferences — whether you have opted in to receive news and offers from us

We do not collect sensitive personal data such as financial information or health data, except where you voluntarily share dietary requirements for the purpose of your visit.

How we use your information

We use personal data only for the purposes for which it was collected:

  • To process and manage table reservations and enquiries

  • To respond to your questions and communications

  • To send you information about events, menus, or offers — only where you have opted in

  • To improve our website using aggregated, anonymised analytics

  • To comply with our legal obligations

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

Legal basis for processing

Under UK GDPR, we process your data on the following lawful bases:

  • Contract — to fulfil a reservation or respond to an enquiry you have made

  • Legitimate interests — to maintain and improve our website and communications

  • Consent — to send you marketing emails, where you have explicitly opted in

  • Legal obligation — where we are required to retain or share data by law

Cookies

Our website uses cookies — small text files stored on your device — to help us understand how visitors use the site and to remember your preferences.

The types of cookies we may use include:

  • Essential cookies — necessary for the website to function correctly

  • Analytics cookies — help us understand visitor behaviour in aggregate (e.g. Google Analytics)

  • Preference cookies — remember your settings between visits

You can control or disable cookies through your browser settings at any time. Disabling certain cookies may affect the functionality of our website.

How long we keep your data

We retain personal data only for as long as necessary:

  • Reservation records are kept for up to 12 months after your visit

  • General enquiry correspondence is kept for up to 24 months

  • Marketing opt-in records are kept until you withdraw consent

  • Website analytics data is retained in aggregated, anonymised form indefinitely

After these periods, data is securely deleted or anonymised.

Sharing your information

We may share your data with trusted third parties only where necessary to provide our services, including:

  • Online booking or reservation platforms used to manage table bookings

  • Email service providers used to send communications you have requested

  • Website analytics providers (e.g. Google Analytics), who process data anonymously

All third parties we work with are contractually required to handle your data in accordance with UK GDPR. We do not transfer your data outside the UK without appropriate safeguards in place.

Your rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you

  • Rectification — ask us to correct inaccurate or incomplete data

  • Erasure — request that we delete your data ("right to be forgotten")

  • Restriction — ask us to limit how we use your data

  • Portability — receive your data in a structured, machine-readable format

  • Objection — object to processing based on legitimate interests or for marketing

  • Withdraw consent — unsubscribe from marketing at any time, with no effect on prior lawful processing

To exercise any of these rights, please contact us using the details below. We will respond within 30 days.

Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our website uses HTTPS encryption for data in transit.

While we take security seriously, no online system can be guaranteed completely secure. In the event of a data breach that poses a risk to your rights, we will notify you and the Information Commissioner's Office (ICO) as required by law.

Complaints

If you have concerns about how we handle your personal data, please contact us in the first instance and we will do our best to resolve the matter promptly.

Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated effective date. We encourage you to review this policy periodically.

Policy Dated 07/05/2026