About This Policy
This Privacy Policy explains how RedCat Pub Company Limited (Company No. 13119725) and its subsidiaries, of which includes; RedCat Retail Limited (13204046), RedCat Inns Limited (Company No. 13129094), Pastures Leisure Limited (Company No. 03453588), The Coaching Inn Group Limited (Company No. 03202237), and RedCat Taverns Limited (Company No. 13131642) — (together referred to in this policy as “we”, “us”, or “our”) collect, use, share, and protect personal data.
For the purposes of the UK GDPR, all the above companies act as joint data controllers in respect of the personal data covered by this policy. This means that we collectively determine the purposes and means of processing and have agreed to coordinate in meeting our data protection obligations. It applies to:
- Website visitors
- Customers across our venues
- Individuals interacting with our digital or physical services in the United Kingdom
- Joint Controller Arrangement Summary
The companies listed above act as joint data controllers for the personal data covered by this Privacy Policy:
This means we collectively decide how and why your personal data is processed and work together to meet our data protection obligations.
We have a formal agreement in place that sets out our respective roles and responsibilities, including:
1.1. Single contact point: RedCat Pub Company Limited acts as the central point for all data subject rights requests (including subject access requests). You can contact them at dpo@redcatpubs.com
1.2 Privacy notices: RedCat Pub Company Limited maintains and updates this Privacy Policy on behalf of all joint controllers.
1.3 Breach management: If a personal data breach occurs, RedCat Pub Company Limited coordinates the response and communication with the ICO and affected individuals, working with the relevant companies.
1.4 Record keeping: RedCat Pub Company Limited will maintain a central record of processing activities (ROPA) for the in-scope data.
2. We are registered with the UK Information Commissioner’s Office, under registration number
- RedCat Pub Company Ltd – ZB414142
- RedCat Retail Pubs Ltd – ZB172775
- RedCat Inns Ltd – ZB172745
- Coaching Inn Group Ltd – ZA349493
You can complain to the UK Information Commissioner’s Office if you are unhappy with how we have used your data. See: https://ico.org.uk
3 The personal data that we collect
3.1 In this table we have defined and detailed the categories of personal data that we handle, along with information about the sources of that data.
| Category | Details | Sources |
| Contact data | Names, email addresses, telephone numbers, postal addresses, genders and social media account identifiers Contact data is included in several of the categories described below | · You · Lead guests making bookings on your behalf · Online travel agents and other booking intermediaries |
| Communication data | Contact data, along with information contained in or relating to any communication that you send to us or that we send to you | · You · Lead guests making bookings on your behalf · Online travel agents and other booking intermediaries · Our website will generate the metadata associated with communications made using the website contact forms |
| Booking and guest data | Contact data, booking types, periods and other booking details, nationalities, passport numbers or other proof of ID, and guest preferences This category may include special category data relating to guest health or guest religious/philosophical beliefs, although we do not systematically collect such data | · You · Lead guests making bookings on your behalf · Online travel agents and other booking intermediaries |
| Payment data | Credit and debit card details; bank account details; other payment account details | · You · Our payment services providers |
| Loyalty programme member data | Contact data, membership numbers, account access credentials and marketing preferences | · You |
| Wi-Fi access data | Name, email address, Wi-Fi login credentials and usage information, marketing preferences | · You · Cookies set on your device when you create an account or log into our Wi-Fi system (see our Cookies Policy for details). |
| Usage and analytics data | IP addresses, geographical locations, browser types and versions, device operating systems, referral sources, lengths of visits, page views and website/app navigation paths, as well as information about the timing, frequency and pattern of service use | · Our website and app analytics systems (see our Cookies Policy for details) and third party social media platforms |
| Content data | Photographs, text and other content that you send to us or share with us, in circumstances in which you expressly or impliedly agree that we may publish the content | · You · Social media platforms |
| Job applicant data | Contact data, your CV or resume, proof of right to work in the UK, references, and interview and assessment notes and records We may also collect information about your ethnic origin and religion/faith as part of the job application process | · You · Your referees · Recruitment platforms and other recruitment intermediaries · Public sources |
| Call recording data | Recordings of telephone calls | · You · Our call recording systems |
| CCTV data | Video footage and associated audio | · The CCTV systems installed in and around our inns |
3.2 The information that we collected directly from you may be collected in a range of different scenarios, including, but not exclusively, when you visit or book into one of our inns, when you sign up to our mailing list, when you contact us or interact with us, for example on social media or through our website, and when you apply for a job with us.
4.0 Purposes of processing and legal bases
4.1 In this table, we have set out the purposes for which we may process personal data and the legal bases of the processing.
| Purpose and details | Categories | Legal basis |
| Relationships and communications: Managing our relationships and communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, push notifications, post, fax and/or telephone; providing customer assistance and complaint handling | · Contact data · Communication data · Booking and guest data · Job applicant data · Loyalty programme member data · Call recording data | Legitimate interests: Communications with our website visitors, customers, guests, members and job applicants; the maintenance of relationships, and the proper administration of our business |
| Operations: Enabling you to visit and stay in our inns, providing accommodation and/or food and drink, operating our business, processing and management of bookings, providing and other services, supplying goods | · Contact data · Communication data · Booking and guest data · Job applicant data · Loyalty programme member data · Call recording data | Contractual obligations: Fulfilment of our contractual obligations owed to you Insofar as we process this data for these purposes otherwise than to fulfil out contractual obligations, our processing will be on the basis of legitimate interests: The proper administration of our business Insofar as our operations involve the processing of special category data, we will do so only with your explicit consent |
| Guest tracing: Enabling us to comply with UK laws relating to the tracing of hotel guests | · Booking and guest data (insofar as required to be collected by law) | Compliance with legal obligations: The processing is necessary for compliance with a legal obligation to which we are subject |
| Financial transactions Taking payments, handling payment queries and refunds, generating invoices, bills and other payment-related documentation, and credit control | · Booking and guest data · Payment data | Legitimate interests: The proper conduct of our business |
| Direct marketing: Creating, targeting and sending direct marketing communications by email, SMS, push notifications and post and making contact by telephone for marketing-related purposes Important: Our direct marketing campaigns are directed only at over-18s | · Contact data · Communication data · Booking and guest data · Loyalty programme data | Consent: Explicit opt-ins to the marketing communications in question |
| Publications: Publishing content on our website, through our social media channels and elsewhere | · Content data | Legitimate interests: The promotion of our business and communicating with the public regarding our business |
| Job applications: Processing your application when you apply for a job with us, including using ethnic origin information for diversity monitoring | · Contact and communication data · Job applicant data | Legitimate interests: Employing personnel in our business However, when we collect information about your ethnic origin, will process this on the basis of legitimate interests: (our interest in monitoring diversity) and on the basis that the processing is necessary for employment purposes authorised by UK law |
| Research and analysis: Researching and analysing the use of our services, website and app, and other interactions with our business | · Booking and transaction data · Guest data · Loyalty programme member data · Usage and analytics data | Legitimate interests: Monitoring, supporting, improving and securing our website, services and business generally |
4.2 In addition, we may use any of your personal data for the following general purposes, but only to the extent such use is reasonable necessary for the relevant purpose.
| Purpose | Details | Legal basis |
| Record keeping | Creating and maintaining our databases, back-up copies of our databases and our business records generally | Legitimate interests: Ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy |
| Physical and information security | Prevention of fraud and other criminal activity | Legitimate interests: The protection of our website, services and business, and the protection of others |
| Insurance and risk management | Obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice | Legitimate interests: The protection of our business against physical, legal and other risks |
| Business transactions | Evaluating and conducting mergers, divestitures, restructurings, reorganisations, dissolutions, sales and other corporate transactions | Legitimate interests: The management, administration, development and transformation of our business |
| Legal claims | Where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure | Legitimate interests: The protection and assertion of our legal rights, your legal rights and the legal rights of others |
| Legal compliance and vital interests | Compliance with UK laws and protection of individuals | Compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person |
4.3 We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for another purpose, we will, where required by law, notify you.
- Disclosures and international transfers
We may share any of your personal data with other companies in RedCat Pub Company Ltd, for intra-group administration reasons.
We may share guest and booking data with online travel agents and other booking intermediaries; to confirm the booking and the fact you stayed at our inn (for payment purposes). Currently, we make use of the following online booking platforms: Expedia, Booking.com, Agoda, Hotels.com, Ebookers and Trivago; however, this may evolve over time as required by the business. Online travel agents and booking platforms will act as independent controllers of your personal information, and their use of tat information will therefore be governed by their own privacy notices and policies.
We may also disclose or transfer personal data to our suppliers and services providers. In some cases, the use of these suppliers and services providers may lead to the transfer of your personal data outside the UK. In these cases, we will ensure that all such transfers are protected: (a) by an adequacy determination under UK data protection law and, where applicable, under EU data protection law; or (b) by appropriate safeguards, such as the UK’s international data transfer agreement and the EU’s standard contractual clauses. If you would like details of our suppliers and services providers to whom we may disclose or transfer your personal data, please do get in touch
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.
In addition to the specific disclosures of personal data set out above, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
6. Retaining and deleting personal data
In general, personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows for no longer than the maximum retention period set out in the table below, which begins running in each case on the specified reference date.
| Category | Reference date | Maximum retention period |
| Identity, contact and communication data | The date of the most recent contact between you and us | 7 years |
| Booking and guest data | The last date of your last stay with us | 7 years |
| Payment data | The date of the last transaction using those payment details | 7 years |
| Loyalty programme member data | The date of closure of the relevant account | 3 years |
| Usage and analytics data | The date of collection | 24 months |
| Wi-Fi access data | Last date of access to our Wi-Fi service | 3 years |
| Job applicant data | Date of conclusion of the job application process | 6 months, although if you are successful in your application, we will continue to hold your job applicant data in accordance with our employee privacy policy |
| Call recording data | The date of collection | 6 months |
| CCTV data | The date of collection | 30 days If an incident (crime, legal dispute, insurance claim) is captured: the relevant footage should be kept until the matter is resolved, even if it exceeds the standard retention period |
Notwithstanding the foregoing, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7.0 Your rights
Your principal rights under data protection law are as follows.
| Title | Details |
| Right of access | You can ask for copies of your personal data |
| Right to rectification | You can ask us to rectify inaccurate personal data and to complete incomplete personal data |
| Right to erasure | You can ask us to erase your personal data |
| Right to restrict processing | You can ask us to restrict the processing of your personal data |
| Right to object to processing | You can object to the processing of your personal data |
| Right to data portability | You can ask that we transfer your personal data to another organisation or to you |
| Right to complain to a supervisory authority | You can complain about our processing of your personal data |
| Right to withdraw consent | To the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent |
These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out above. If you make a request, we have one month to respond to you.
You are not required to pay any charge for exercising your rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
8.0 How We Collect Your Data
- Directly from you: When making bookings, completing forms, or providing feedback
- Automatically: Via cookies and tracking tools when you interact with our website or emails
- From third-party platforms: Including:
- Airship: CRM and marketing automation
- Wireless Social: Wi-Fi and behavioural analytics
- Access Collins: Reservation & Pre-booking data
- Guestline, Zonal: Venue bookings and point-of-sale data
- Google Analytics & Ads: Website optimisation
- Reputation: Customer feedback
- Meta: Advertisement and journey tracking
Legal Bases for Processing
Under Article 6(1) and, where applicable, Article 9(2) of the UK GDPR, our processing relies on the following legal bases:
Processing bookings and orders – Contract performance (Art. 6(1)(b))
• We process personal data such as your name, contact details, payment information, and booking details because it is necessary to enter into and fulfil a contract with you — for example, to reserve a table, process payment, confirm your booking, or fulfil an order you have placed. Without this data, we cannot provide the service you have requested.
Sending service communications – Legitimate interests (Art. 6(1)(f))
• We may use your contact details to send operational messages directly related to your booking or our services, such as changes to your reservation, venue closures, safety notices, or service updates. We consider this to be in our legitimate interests, as it enables us to provide a smooth and safe service, and it does not unduly infringe your rights or freedoms.
Marketing via email or SMS – Consent (Art. 6(1)(a)); PECR Regulation 22
• We will only send you marketing messages about our offers, events, or promotions by email or SMS if you have actively opted in to receive them, in line with PECR Regulation 22. You may withdraw your consent at any time by using the unsubscribe link in our messages or by contacting us directly.
Analytics and improvement – Legitimate interests; Consent (where cookies apply)
• We analyse data such as website usage, customer feedback, and sales patterns to improve our services, menus, and online experience. Where we use cookies or similar technologies for analytics that are not strictly necessary, we will first obtain your consent in line with PECR. Where analytics can be carried out without intrusive tracking, we rely on our legitimate interest in improving our operations and customer experience.
Special category data (e.g. health) – Legal obligations or explicit consent
• We may process health-related information, such as details of allergies, medical conditions, or visit adjustments, to comply with our obligations under health and safety, or equality law. Where no legal obligation applies, we will only process such data with your explicit consent, ensuring that you are fully informed and able to withdraw that consent at any time.
You have the right to withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal. We have conducted Legitimate Interests Assessments (LIAs) where applicable. To exercise your right to withdraw consent at any time, contact: dpo@redcatpubs.com Or via the unsubscribe links in marketing communications.
Cookies and Similar Technologies
We use cookies and tracking technologies in compliance with PECR and UK GDPR:
• Strictly necessary cookies: Required for website functionality (exempt from consent)
• Analytics cookies: Require prior consent; used to improve website performance
• Marketing cookies: Require prior, informed, opt-in consent
Consent is obtained via GDPR Cookie, which:
• Classifies cookies by purpose
• Delays non-essential cookie deployment until consent is given
• Logs and stores consent decisions for audit purposes
More information on the cookie data we collect can be found: “On Each site within the Cookie Banner”
More information: https://ico.org.uk/your-data-matters/online/cookies
Last Updated 17th September 2025