BUBBA OASIS PRIVACY POLICY

Last updated: [Insert Date]

This Privacy Policy describes how Bubba Oasis (“Bubba Oasis”, “we”, “us”, “our”) collects, uses and protects your personal data when you interact with us, including when you:

• Visit our website

• Complete a booking or enquiry form

• Interact with our LinkedIn or social media adverts

• Make a reservation or hire our venue

• Attend an event at Bubba Oasis

• Join our mailing list or marketing database

• Communicate with us by email, phone or in person

We are committed to protecting your privacy and handling your data in a transparent, fair and lawful way in line with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and other applicable UK data protection laws.

1. Who We Are

Data Controller:
Bubba Hospitality Ltd
Email: info@bubbaoasis.com

For the purpose of UK data protection laws, Bubba Oasis Ltd is the data controller of the personal data described in this policy.

2. How We Collect Your Personal Data

We may collect personal data about you in the following ways:

• Directly from you

  • When you submit an enquiry or booking form (website, LinkedIn, email)

  • When you contact us by phone, email, social media or in person

  • When you sign up to our mailing list or marketing updates

  • When you attend an event and share details (guest list, RSVPs, etc.)

• Through our website and digital platforms

  • When you browse our website

  • Through cookies and similar technologies

  • Through LinkedIn Lead Gen forms or other online adverts

• From third parties

  • Booking or ticketing partners e.g. DesignMyNight

  • Payment processors (e.g. Stripe)

  • Marketing and CRM tools (e.g. Mailchimp)

  • Social media platforms (e.g. LinkedIn, Meta, TikTok, Instagram)

3. Types of Personal Data We Collect

The personal data we process may include:

3.1 Identity & Contact Information

• Name

• Job title

• Company name

• Email address

• Phone number

• Postal address (where relevant)

3.2 Booking & Event Information

• Date and time of your booking or event

• Number of guests / party size

• Event type (e.g. offsite, private hire, celebration)

• Dietary requirements or preferences (may reveal health/religious information)

• Specific requests or notes relating to your booking

3.3 Payment & Transaction Data

• Payment amount, date and method

• Partial card details (as permitted and processed via secure payment providers)

• Billing address

We do not store full card details; these are handled by our third-party payment processors.

3.4 Marketing & Communication Data

• Your marketing preferences

• Responses to campaigns or promotions

• Email engagement data (opens, clicks, unsubscribes)

3.5 Technical & Usage Data

• IP address

• Device type, operating system, browser type

• Referring website or source (e.g. LinkedIn ad)

• Pages visited, time spent, links clicked

• Cookie identifiers and similar tracking technologies

3.6 Venue & Operational Data

• CCTV footage within and around our venue (for safety and security)

• WiFi usage logs (limited data, where applicable and subject to separate terms)

• Incident reports (e.g. accidents, security issues)

3.7 Recruitment Data (if you apply to work with us)

• CV, cover letter and application details

• Employment history, qualifications

• Interview notes and references

We generally do not collect special category data (e.g. health, religion). Where we do (for example, dietary needs that may indicate religion or health), we will treat it with additional care and only use it where necessary to provide our services (e.g. catering safely).

4. How We Use Your Personal Data (Purposes + Legal Bases)

We process your personal data for the purposes and under the legal bases set out below:

4.1 Managing Enquiries & Bookings

Purpose:

• To respond to your enquiries

• To provide quotes and availability

• To manage reservations, private hires and events

Legal basis:

• Performance of a contract or steps taken at your request prior to entering into a contract (Article 6(1)(b))

• Legitimate interests in running and growing our business (Article 6(1)(f))

4.2 Providing Our Services & Running Events

Purpose:

• To plan and deliver your event or booking

• To manage guest lists and access to the venue

• To handle dietary requirements and special requests

Legal basis:

• Performance of a contract (Article 6(1)(b))

• Legitimate interests (Article 6(1)(f))

• For any special category data (e.g. health-related dietary needs), explicit consent (Article 9(2)(a))

4.3 Marketing & Communications

Purpose:

• To send you updates about Bubba Oasis, events, offers and news

• To follow up on enquiries and send relevant information

• To create lookalike and custom audiences on digital platforms (where permitted)

Legal basis:

• Consent where required (Article 6(1)(a))

• Legitimate interests (Article 6(1)(f)) for marketing to existing customers in line with PECR

You can opt out of marketing communications at any time (see Section 11).

4.4 Digital Advertising & Analytics

Purpose:

• To measure and improve the performance of our website and campaigns

• To understand which adverts or content are most effective

• To retarget or show relevant ads via platforms such as LinkedIn, Meta, Google

Legal basis:

• Consent for non-essential cookies and similar technologies (Article 6(1)(a))

• Legitimate interests in promoting our services and improving user experience (Article 6(1)(f))

4.5 Security, Health & Safety

Purpose:

• To ensure the safety and security of our guests, staff and premises

• To monitor and investigate incidents via CCTV

• To comply with health & safety obligations

Legal basis:

• Legitimate interests in protecting our venue and people (Article 6(1)(f))

• Legal obligations (Article 6(1)(c))

4.6 Legal, Regulatory & Business Purposes

Purpose:

• To comply with legal and tax obligations

• To maintain business and financial records

• To manage disputes, complaints or legal claims

• To enforce our terms and protect our legal rights

Legal basis:

• Legal obligations (Article 6(1)(c))

• Legitimate interests in protecting our business (Article 6(1)(f))

4.7 Recruitment

Purpose:

• To process job applications

• To assess suitability for roles

• To obtain references

Legal basis:

• Steps taken prior to entering into an employment contract (Article 6(1)(b))

• Legitimate interests in recruiting team members (Article 6(1)(f))

5. Automated Decision-Making & Profiling

We do not make decisions that produce legal or similarly significant effects on you solely by automated means.

We may use profiling in a limited manner for marketing (e.g. segmenting our mailing list by engagement or event type) to send more relevant communications. You can object to this at any time (see Section 11).

6. Sharing Your Personal Data

We do not sell your personal data.

We may share your data with trusted third parties who assist us in delivering our services, including:

• Booking & ticketing platforms: [e.g. SevenRooms, Eventbrite, DesignMyNight]

• Payment processors: [e.g. Stripe, SumUp]

• Email & CRM platforms: [e.g. Mailchimp, HubSpot]

• Website hosting & analytics providers: [e.g. hosting company, Google Analytics]

• Advertising platforms: LinkedIn, Meta (Facebook/Instagram), Google, TikTok

• Professional advisors: lawyers, accountants, auditors, insurers

• IT & support providers: for website, email and system maintenance

Where we share data with third parties, we:

• Only share what is necessary

• Ensure appropriate contracts and data protection terms are in place

• Require them to keep your data secure and use it only as instructed by us

We may also disclose your information where required by law, regulation, court order or competent authority.

7. International Data Transfers

Some of our service providers may process data outside the UK (for example, in the EU or the United States).

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

• UK adequacy regulations; or

• UK-approved Standard Contractual Clauses (SCCs); or

• Other lawful transfer mechanisms under UK GDPR.

You can contact us for further details of these safeguards.

8. Data Retention – How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes it was collected, or as required by law. Typical retention periods are:

• Enquiries without booking: up to 18 months

• Booking and transaction records: up to 7 years (for tax and accounting)

• Marketing data (mailing list): until you unsubscribe or we identify inactivity (e.g. 3 years of no engagement)

• CCTV footage: typically 30–90 days, unless required for an investigation

• Incident reports or legal claims: retained as long as reasonably necessary for that purpose

• Recruitment data: up to 6 months for unsuccessful candidates, unless you consent to a longer period

After these periods, data will be securely deleted, anonymised or archived in line with our data retention policy.

9. Cookies & Similar Technologies

Our website and online platforms may use cookies and similar technologies (e.g. pixels, tags) to:

• Enable core site functionality

• Remember your preferences

• Analyse site usage and performance

• Deliver and measure the effectiveness of advertising

9.1 Types of Cookies We Use

• Strictly necessary cookies: required for the website to function.

• Performance/analytics cookies: help us understand how visitors use our site.

• Functionality cookies: remember preferences (e.g. language, region).

• Targeting/advertising cookies: used to deliver relevant ads and track ad performance.

Where required by law, we will ask for your consent before placing non-essential cookies. You can change your cookie settings at any time through your browser or our cookie banner (if implemented).

A more detailed Cookie Policy can be added separately if you’d like.

10. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

• SSL encryption on our website

• Secure servers and password-protected systems

• Restricted access to personal data on a need-to-know basis

• Employee training on data protection and privacy

• Use of reputable third-party providers with strong security standards

While we strive to protect your data, no transmission over the internet is completely secure. You share data at your own risk, but we will always act promptly to investigate and mitigate any suspected breaches.

11. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

1. Right of access – to request a copy of the personal data we hold about you.

2. Right to rectification – to correct inaccurate or incomplete data.

3. Right to erasure – to request deletion of your data where there is no compelling reason for us to continue processing it.

4. Right to restrict processing – to ask us to limit how we use your data in certain circumstances.

5. Right to data portability – to request your data in a structured, commonly used, machine-readable format and/or have it transmitted to another controller where technically feasible.

6. Right to object – to object to processing based on legitimate interests or for direct marketing.

7. Rights in relation to automated decision-making and profiling – to not be subject to a decision based solely on automated processing that has legal or similarly significant effects.

You also have the right to withdraw consent at any time where processing is based on consent. Withdrawal will not affect the lawfulness of processing before consent was withdrawn.

To exercise any of these rights, please contact us at: info@bubbaoasis.com

We may need to verify your identity before responding to your request. We aim to respond within one month, or inform you if more time is needed due to complexity.

12. Marketing Communications

You are in control of how we use your data for marketing.

You can:

• Click “unsubscribe” in any marketing email

• Reply to an email asking to be removed

• Email us directly at info@bubbaoasis.com with your request

Even if you opt out of marketing, we may still send you non-marketing messages where necessary (e.g. booking confirmations, operational updates).

13. Photography, Social Media & Events

From time to time, we may capture photos or videos at events hosted at Bubba Oasis for marketing and promotional purposes (website, social media, brochures etc.).

Where individuals are clearly identifiable, we aim to:

• Notify guests where photography/filming is taking place

• Seek consent for close-up or featured shots where practicable

• Respect any requests not to be photographed

If you appear in an image or video and would like it removed from our online channels, please contact us at info@bubbaoasis.com and we will do our best to accommodate your request.

14. Children

Our services are primarily aimed at adults and corporate clients. We do not knowingly collect personal data from children under 16 without parental/guardian consent.

If you believe that a child has provided us with personal data without appropriate consent, please contact us and we will delete such data where required.

15. Third-Party Websites & Links

Our website, emails or social media may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties.

We encourage you to review the privacy policies of any third-party sites you visit.

16. Complaints

If you have concerns about how we handle your personal data, we would appreciate the chance to address your concerns first. Please contact us at:

Email: info@bubbaoasis.com

You also have the right to lodge a complaint with the UK supervisory authority:

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or services.

Any updates will be posted on our website with a revised “Last updated” date. We encourage you to review this policy periodically.

18. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact:

Email: info@bubbaoasis.com