Legal

Privacy Policy

Last Updated: 21 April 2026

1. Who We Are (Data Controller)

This privacy policy applies to barthirtyfive.com and is issued by Bar Thirty Five, trading from 35 Belle Vue, Bude, Cornwall, EX23 8LF. We are the data controller in respect of personal data you submit via this website.

You can contact us about this policy by:

• Email: barthirtyfive@hotmail.com
• Phone: 01288 353535
• Post: 35 Belle Vue, Bude, Cornwall, EX23 8LF

2. The Data We Collect

We only process personal data that you voluntarily provide via our contact form:

• Identity Data: your name.
• Contact Data: your email address and, optionally, your telephone number.
• Enquiry Data: any information contained in the message you send us.
• Technical Data: limited diagnostic information (such as IP address and approximate region) collected by our hosting provider to protect the form from spam and abuse.

We do not collect payment information, sensitive category data, or location data via this website. We do not place marketing or advertising cookies.

3. How We Use Your Data & Legal Bases

Under the UK GDPR (Article 6) we rely on the following lawful bases:

• Consent (Art. 6(1)(a)): when you tick the GDPR consent box on our contact form. You can withdraw consent at any time by emailing us.
• Legitimate interests (Art. 6(1)(f)): to protect the form against spam and abuse, to respond to your enquiry, and to keep secure records of communications. Our legitimate interest is running a small hospitality business and keeping it safe.
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, licensing or other statutory record-keeping requirements.

4. Cookies & Similar Technologies

We use a deliberately small set of cookies and similar technologies. Under the Privacy and Electronic Communications Regulations (PECR) you have a choice about non-essential cookies.

• Essential (always on): a local-storage flag (bar35_cookie_consent) recording your banner choice so it doesn't re-appear.
• No third-party tracking cookies. Fonts are self-hosted. The map on our contact page is an embed from OpenStreetMap (no cookies, no tracking). We do not use Google Analytics, Google Fonts, Facebook Pixel, or any other advertising tag.

You can change your choice at any time by clearing your browser storage for this site, or by emailing us and we will assist.

5. Third-Party Data Processors

The following service providers process limited data on our behalf. Where data is transferred outside the UK we rely on UK International Data Transfer Agreements (IDTAs) / Standard Contractual Clauses (SCCs):

• Netlify, Inc. (USA) — hosts the website and processes contact-form submissions. Transfers covered by IDTA/SCCs.
• OpenStreetMap Foundation (UK) — provides the location map embedded on our contact page. OpenStreetMap does not set tracking cookies.
• unpkg / Cloudflare — delivers the Lucide icon library via CDN. No personal data is submitted to this service; it may see your IP address as part of normal HTTP requests.

6. Data Retention

We keep contact-form enquiries for up to 24 months from the date of receipt, so we can follow up on your enquiry and address any complaint. We may retain records longer where required by law (for example tax records for 6 years under HMRC rules).

7. Data Security

We use appropriate technical and organisational measures to protect your data, including HTTPS on all pages, a Content Security Policy, access controls on our form inbox, and limited staff access on a need-to-know basis. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but we will notify you and the Information Commissioner's Office where required if a personal-data breach is likely to result in a risk to your rights.

8. International Transfers

Some of our processors (Netlify, Google) are based outside the United Kingdom. Where this is the case we rely on UK GDPR approved transfer mechanisms (the UK IDTA, the UK Addendum to the EU SCCs, or equivalent safeguards) to protect your data.

9. Your Rights

Under the UK GDPR and the Data Protection Act 2018 you have the right to:

• Be informed about how we use your data (this policy).
• Request access to your personal data.
• Request correction of inaccurate data.
• Request erasure ("right to be forgotten").
• Restrict or object to processing.
• Data portability.
• Withdraw consent at any time (where we rely on consent).
• Lodge a complaint with the Information Commissioner's Office.

To exercise any right, please contact us using the details in section 1. We respond within one calendar month.

10. Complaints to the ICO

If you believe we have not handled your personal data correctly, you can complain to the UK Information Commissioner's Office:

• Website: ico.org.uk/make-a-complaint/
• Helpline: 0303 123 1113

We would appreciate the chance to resolve your concern first, so please contact us before escalating where possible.

11. Changes to This Policy

We may update this policy from time to time. The "Last Updated" date above reflects the latest revision. Material changes will be highlighted on this page.