GDPR Compliance Policy
Effective Date: March 2026
1. Purpose & Scope:
This policy explains how SUBURBAN Green Bar & Restaurant, (“we”, “our”, “us”) collects, uses, stores and protects personal data in line with the UK General Data Protection Regulation (UK GDPR), the EU GDPR and the Data Protection Act 2018.
It applies to all personal data processed by the company in any format, whether digital or physical, and covers our directors, employees, contractors, clients and suppliers.
2. Data We Collect:
We may collect and process the following personal data:
Names, job titles and business contact details
Email addresses and telephone numbers
Postal addresses (business or personal, where applicable)
Payment and invoicing details
Website usage data, such as IP address, browser type and operating system
Photos, videos and other media containing identifiable individuals
Other personal data voluntarily provided during projects or correspondence
3. Data Collected by Third Parties:
We cannot guarantee data collected by third parties. Third parties include, but are not limited to:
Information collected by plugins or platforms that are installed on the website
4. Lawful Basis for Processing:
We process personal data under one or more of the following lawful bases:
Contractual necessity – To fulfil our obligations in providing services or receiving goods.
Consent – Where required, especially for marketing or use of images.
Legitimate interests – For the operation and growth of our business, provided these interests do not override the rights of the individual.
Legal obligation – Where we are required to process data to comply with the law.
5. How We Use Personal Data:
Personal data may be used for:
Providing and managing our services
Communicating with clients and suppliers
Processing payments and invoices
Marketing and promotional purposes (with consent where required)
Managing website analytics and improving user experience
Storing project files, including creative assets containing identifiable individuals
6. Data Storage & Security:
We store personal data securely using:
Encrypted storage systems
Password-protected devices and accounts
Secure payment processing providers
Regular software updates and security checks
Only authorised personnel have access to personal data
7. Data Sharing & Transfers:
We do not sell personal data. We may share data with:
Service providers and subcontractors (e.g., hosting companies, payment processors)
Professional advisors (e.g., accountants, legal counsel)
Regulatory or law enforcement authorities where required by law
If we transfer data outside the UK/EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
8. Data Retention:
We retain personal data only as long as necessary for the purposes collected:
Client project data – typically up to 12 months after project completion
Financial records – 6 years, as required by law
Marketing data – until consent is withdrawn or it is no longer required
9. Data Subject Rights:
Under the GDPR, individuals have the right to:
Access their personal data
Request correction or deletion of their data
Restrict or object to certain processing activities
Data portability (transfer of their data)
Withdraw consent where processing is based on consent
Requests should be sent to our Data Protection Contact (see Section 11)
10. Data Breach Procedures:
If a personal data breach occurs, we will:
Investigate and contain the breach immediately
Assess the risk to individuals’ rights and freedoms
Notify the Information Commissioner’s Office (ICO) within 72 hours, if required
Inform affected individuals without undue delay where the breach is likely to result in high risk
11. Contact Details:
For questions about this policy or to exercise your rights, contact:
Data Protection Officer: Barry Lawlor
Email: barry@suburban-green.co.uk
Postal Address: Suburban Green Bar & Restaurant, 4 Hawthorn Lane, Wilmslow, SK9 1AA