1. Who We Are

VenueBook Ltd (“VenueBook”, “we”, “us”, or “our”) is a company registered in England and Wales. We operate the VenueBook platform, which provides venue management and booking software to hospitality and events businesses across the United Kingdom.

For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, VenueBook Ltd is the data controller of your personal data.

2. Contact Details

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact our Privacy Team:

Email: privacy@venuebookapp.co.uk
Post: VenueBook Ltd, Data Protection Officer, United Kingdom

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

Identity Data: first name, last name, username or similar identifier, job title.
Contact Data: billing address, email address, telephone numbers.
Financial Data: payment card details (processed securely via our payment provider; we do not store full card numbers).
Transaction Data: details about bookings, payments, and services you have purchased.
Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system, and other technology on the devices you use to access our platform.
Usage Data: information about how you use our website and platform.
Marketing and Communications Data: your preferences in receiving marketing from us and your communication preferences.

4. How We Collect Your Personal Data

We collect data through:

Direct interactions: when you register for an account, subscribe to a plan, make a booking, or contact us.
Automated technologies: as you interact with our platform, we may automatically collect Technical Data using cookies, server logs, and similar technologies.
Third parties: analytics providers, payment processors, and advertising networks.

5. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use it where:

We need to perform the contract we are about to enter into or have entered into with you (e.g., processing your subscription or booking).
It is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We need to comply with a legal obligation under UK law.
You have given us consent (e.g., for marketing emails — you may withdraw consent at any time).

6. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. In general, we retain account data for up to 6 years after the end of your contract with us, in line with UK tax and commercial law requirements.

7. Sharing Your Personal Data

We may share your personal data with:

Service providers acting as processors who provide IT and system administration services, payment processing, and analytics.
Professional advisers including lawyers, bankers, auditors, and insurers.
HM Revenue & Customs, regulators, and other authorities who require reporting of processing activities in certain circumstances.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or assets.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

8. International Transfers

Some of our external third parties are based outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: adequacy regulations, standard contractual clauses approved by the UK Information Commissioner's Office (“ICO”), or another lawful transfer mechanism.

9. Your Legal Rights Under UK GDPR

Under UK data protection law, you have rights including:

Right of access — to request a copy of the personal data we hold about you (Data Subject Access Request).
Right to rectification — to request correction of inaccurate or incomplete data.
Right to erasure — to request deletion of your personal data in certain circumstances.
Right to restrict processing — to request that we suspend processing of your data in certain scenarios.
Right to data portability — to receive your data in a structured, machine-readable format.
Right to object — to object to processing based on legitimate interests or for direct marketing.
Rights related to automated decision-making — not to be subject to solely automated decisions that produce legal or similarly significant effects.

To exercise any of these rights, please email privacy@venuebookapp.co.uk. We will respond within one calendar month as required by UK GDPR. You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO).

10. Cookies

We use cookies and similar tracking technologies to track activity on our platform and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. For more information, please see our Cookie Policy or contact us at privacy@venuebookapp.co.uk.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page with an updated “Last updated” date. We encourage you to review this page periodically.