Privacy Policy | The Smoke and Barrel Brothers

Who is this privacy notice for

This Privacy Notice applies to information we may collect about you if you interact with The Smokehouse and Grill Group Limited, whether that be enquiring about, or contracting our services, subscribing to our application, supplying services to us or receiving our marketing emails and newsletter. It explains what personal information may be collected and how we may use it lawfully.

Who we are

The Smokehouse and Grill Group Limited is a UK registered company [company registration 15298548] with a strategic vision to deliver exceptional experiences to our clients and customers. We take the privacy and the protection of personal information seriously. We are committed to protecting your data and complying with data protection law to its fullest extent. This Privacy Notice explains how we use and protect your personal information where we are a data controller, to show that we are adhering to the DPA 2018 and UK GDPR, and the Privacy and E-Communications Regulations in respect of marketing compliance.

How to contact us

If you have any questions about how your personal information is used, please contact us by email on info@thesmokeandbarrelbrothers.co.uk.

We are based in Unit 5 Millen Road Business Park, Sittingbourne, ME10 2WS. Our registered address is 2nd Floor Offices 26-28 West Street, Market Square, Rochford, Essex, England, SS4 1AJ

What Personal Information do we collect about you

The following sections explain the types of data we may collect and the legal basis, under current data protection legislation, on which this data is processed.

Types of Information

The types of information that we may collect or hold about you are where we act as an independent data controller:

Where you have contracted our services, we will hold your contact details including your name, email address, and phone number.
For service enquiries, we may simply hold your name, email address, and phone number
Where you may leave a message on our call management system, we will retain a copy of that recording in our third-party supplier system
We may also hold your bank details for payment processing processes
For marketing purposes we may hold your name, contact details including email, and communication preferences
Your online engagement with us including your IP address, device type, Facebook, Google and Apple IDs, data collected through cookie and tracking technologies – please see our dedicated cookie notice for more details.

How do we obtain your information

Most of the personal information we process is provided to us directly by you for one of the following reasons:

Service enquiries and contracting our services
Subscribing to, and using, our booking application
Receiving relevant and proportionate marketing and promotional content from The Smokehouse and Grill Group Limited
Analytics of web traffic
Data safety and security
Analysis of our marketing effectiveness
Legal compliance and financial audit purposes

What legal basis do we rely on to use your information

Service enquiry - If you enquire about our services, we will collect your name, email address, and telephone number.

This information may be collected either via the website, email or telephone depending on your preferred contact method. As it is necessary for us to collect that data to enable us to respond to your enquiry in the way you would expect we have a legitimate interest in processing that data. You can request for your information to be deleted at any time, however we might not be able to provide you with our services or a reply if your request deletion.

Contracting our services - If you contract one of our services, we will be entering into a contractual relationship with you and this is our legal basis for processing your information.

Marketing and Newsletters - As a consumer, if you sign up to our newsletter and marketing emails, you are giving your consent to receive them. You may unsubscribe at any time.

As a business client we may consider that our services or products may be of interest or relevance to you. In these instances we may add you to our mailing list where it may be in our (or your) legitimate interest to hear from us. You may unsubscribe at any time.

Subscribing to and using our booking app - If you subscribe to our App and accept the Terms and Conditions (Ts and Cs), you are entering into a contractual relationship. This is often referred to as a "click-wrap" agreement, where users must click "I accept" to proceed with the subscription. In the UK, this type of agreement is legally binding as long as the terms are clearly presented, and you have a reasonable opportunity to read them. The Consumer Rights Act 2015 ensures that these terms are fair and transparent.

Website traffic and other analytics - we use Google Analytics to monitor website traffic. In accepting cookies, you are giving your Consent for this activity to happen. For more details of the cookies that we utilise, please see our dedicated section on cookies.

Where we monitor the effectiveness of our marketing and communications, we consider that we have a legitimate interest in doing this.

Transactional financial data - We are legally obligated to retain details of transactional financial data for audit purposes.

Who may we share your information with

Partner	Purpose	Location
STRIPE	Payment Gateway provider	We use STRIPE to process payments if you make a payment for purchasing a data protection compliance module or full programme, or if you book an event through Eventbrite. To enable this to proceed a STRIPE cookie is deployed to ensure transactions are secure. STRIPE are a US based global provider of transactional finance services but which have UK representation. STRIPE are signatories to the EU-US Data Privacy Framework and under the UK Data Protection (Adequacy) (USA) Reg 2003 (known as the UK-US ‘data bridge’) are deemed to meet the required standards to maintain the privacy of citizens when data is transferred to and processed by them on behalf of UK based organisations. STRIPE are certified to the highest level of Payment Card Industry (PCI) standards to keep your information safe and secure. Their privacy notice is here.
Xero	Accounting Software	Xero are our accounting software providers. Xero are based in New Zealand but have dedicated servers and offices in the EU for EU and UK based users. Their privacy notice is here.
Microsoft	O365 / Outlook	Like a lot of businesses, we use Microsoft Office365 to process our day-to-day administrative actions. Microsoft operate globally and default data storage to the closest geographic region to where a business is located. Their privacy notice is here.
Freshworks	CRM Provider	Data is both stored and backed up solely within the EEA by AWS based in Frankfurt. Freshworks Inc have SCCs (including a DPA Addendum) in place for the restricted transfer of data to the EEA. Their Privacy Notice is here.
Emerald Sky Accounts	Accountancy Services	Our accountancy services are provided by Emerald Sky Accounts. We may be required to share limited information about you in order for audit and accounting service provision. Their privacy notice is here.
Probeck IT Ltd	Application data processing	Probeck IT act as a data processor on our behalf. Probeck IT only uses UK based data centres to support its rigorous standards of security. Their privacy notice is here.

Outside of our contracted suppliers we will only share your information where we may be legally required to do so.

How long we keep your data

We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required.

Within our Microsoft environment, records are deleted seven years after an event or contract is concluded.
Financial records default to a seven-year retention period within our accounting period.
Data within our booking app is retained for 7 years.
Where we send you marketing information, we will keep you on our marketing database indefinitely. If you unsubscribe, we will retain your information as a suppressed contact to ensure you receive no further marketing from us.

Security

We ensure that your personal information is kept safe and secure and ensure appropriate technical and organisational security measures are in place to protect the personal data that we do hold. We apply data minimisation to information and have enforced Two Factor Authentication for access to our Microsoft environment.

Rights you have over your data

You have a number of rights under UK data protection law. These are listed below, along with our contact details, should you wish to make a request.

Informed: You have the right to be informed about how we handle your personal data. This privacy statement is one of the ways we do this.
Access: You have the right to ask for a copy of the personal data we hold about you and the purposes for which we are using it. ‘Personal data’ is any information which can directly, or indirectly, identify you.
Rectification: You have the right to ask us to change any details that we hold which are incorrect, inaccurate or need updating.
Erasure (known as the ‘right to be forgotten’): You have the right to ask us to delete your personal details under certain circumstances. We will assess any deletion request on a case-by-case basis. If you subscribe to our email list, we can quickly fulfil your request, but in other circumstances there may be reasons why we need to keep information about you.
Object: You have the absolute right to object to receiving direct marketing from us. You also have the right to raise an objection about how we are handling your personal information.
Restriction: You have the right to ask us to restrict or suppress your personal information. This would mean we’d store it but not use it.
Portability: You have the right to obtain and reuse your personal data for your own purposes across different services. Due to the nature of our organisation, we do not believe this right is likely to apply.

You also have the right to make a complaint if you believe we have not handled your information appropriately. We would prefer that you contact us in the first instance so we can discuss your concerns and put things right, but you also have the right to escalate your concerns at any time to the UK Regulator (The Information Commissioner’s Office) by contacting them here.

If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us by emailing info@thesmokeandbarrelbrothers.co.uk

Marketing

E-mail campaigns and promotions

We do not spam you with marketing although we do send marketing emails from time to time - you are in control of how we communicate with you – you can opt in or out or change your preferences at any time through the 'unsubscribe' link at the bottom of any marketing email received. You may unsubscribe at any time by simply hitting the unsubscribe link in the email.

Cookies

We do use cookies on our website and App. For a full breakdown of the cookies we use, and how you can control what cookies are dropped to your devices, please see our cookie consent and control platform.

We also employ the Facebook tracking pixel and Conversion API (known as the C-API) to monitor the effectiveness of our social media marketing.

Our Promise to you

We will keep your information secure and confidential.
We will not share your data with a third party save for our contracted suppliers.
We know how to manage your information appropriately and in line with legal and regulatory requirements.