Effective Date: March 2026
Last Updated: March 2026
This Privacy Policy explains how EPK GROUP LTD (“we”, “us”, “our”) collects, uses, and protects your personal data.
This Policy applies to:
Our corporate website: www.epkgroup.co.uk
All pub and venue websites owned and operated by us (each a “Venue Website”), including but not limited to:
www.thegrangemoreton.co.uk
www.redlionparkgate.co.uk
www.futuristliverpool.co.uk
www.cottageloaf.co.uk
www.musichalltap.co.uk
www.ginandmilk.co.uk
www.wellingtonprescot.co.uk
All Venue Websites are operated under common ownership and centralised data management.
EPK GROUP LTD
Registered in England & Wales
Company Number: 17062716
Registered Office: The Cross, Bromborough, Wirral, CH62 7HQ
Email: hr@epkgroup.co.uk
Telephone: 0151 458 8076
For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, we are the Data Controller.
The UK supervisory authority is the Information Commissioner’s Office (ICO).
3.1 Information You Provide Directly
We may collect:
Full name
Email address
Telephone number
Billing and payment information
Booking and reservation details
Event enquiries
Dietary requirements or accessibility needs
Employment application information
Gift voucher purchase details
Newsletter subscriptions
Competition entries
3.2 Information Collected Automatically
When you use our Websites, we may collect:
IP address
Device type
Browser type
Pages visited
Time spent on pages
Referral source
Cookie identifiers
Approximate geographic location
3.3 CCTV Data (In-Premises)
Our pub premises operate CCTV systems for:
Crime prevention
Public safety
Protection of staff and customers
Licensing compliance
CCTV footage:
May record images and sound of customers and staff
Is stored securely
Is retained for a limited period (typically 14–31 days unless required for investigation)
May be shared with law enforcement where legally required
Signage is displayed on-site informing customers of CCTV operation.
Occasionally, we may process limited health-related data (e.g., allergy information for bookings). This is processed only:
With your explicit consent
For your safety
For compliance with food safety obligations
We use personal data to:
Manage table reservations
Process online bookings
Facilitate event hire
Process gift voucher purchases
Administer loyalty schemes
Respond to enquiries
Send marketing communications (where consented)
Improve our Websites and services
Prevent fraud and misuse
Maintain licensing compliance
Comply with legal obligations
Under UK GDPR, we rely on:
Consent – email marketing, allergy data
Contractual necessity – bookings, voucher purchases
Legal obligation – licensing, tax compliance
Legitimate interests – business administration, website analytics, security
We may use third-party booking providers (e.g. ResDiary, OpenTable, DesignMyNight or similar platforms). Where you book through these systems:
They may act as independent Data Controllers
Their privacy policies will apply in addition to ours
We receive booking information necessary to manage your reservation
We do not store full card details.
Payments are processed securely via third-party PCI-compliant payment providers (e.g. Stripe, Square, PayPal or similar providers).
Gift vouchers may be processed via a specialist voucher platform provider.
Data collected may include:
Purchaser details
Recipient details
Email delivery information
Transaction history
Voucher providers may act as independent or joint data controllers depending on their terms.
We may send marketing emails regarding:
Events
Seasonal menus
Promotions
New venue openings
We use email marketing platforms such as:
Mailchimp
Klaviyo
(Where applicable.)
You may unsubscribe at any time via the unsubscribe link in emails or by contacting us directly.
Our Websites use cookies and tracking technologies including:
Essential cookies (site functionality)
Performance cookies
Analytics cookies
Marketing cookies
11.1 Google Analytics
We use
Google Analytics
to understand website usage and improve performance.
Google Analytics may collect:
IP address (anonymised where possible)
User behaviour data
Device information
Google may process this data outside the UK under appropriate safeguards.
11.2 Meta Pixel (Facebook Pixel)
We use
Meta Pixel
to measure advertising performance and deliver targeted ads via
Meta Platforms.
This allows us to:
Track ad conversions
Deliver relevant advertising
Build audience profiles
You can manage ad preferences via your Facebook account settings.
We may share personal data with:
Website hosting providers
Booking system providers
Payment processors
Marketing platforms
IT support services
Accountants and legal advisors
Law enforcement (where required)
We do not sell personal data.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:
UK International Data Transfer Agreement (IDTA)
Adequacy regulations
Standard Contractual Clauses
We retain personal data:
Booking data: up to 3 years
Financial records: 6 years (for HMRC compliance)
Marketing data: until consent withdrawn
CCTV: typically 14–31 days
Employment applications: up to 12 months
Data is securely deleted once no longer required.
We implement:
SSL encryption
Access control restrictions
Secure hosting environments
Regular security monitoring
Staff confidentiality obligations
Under UK GDPR, you have the right to:
Access your data
Rectify inaccurate data
Erasure (“right to be forgotten”)
Restrict processing
Object to processing
Data portability
Withdraw consent
Requests should be made to: [privacy@company.co.uk]
You may lodge a complaint with the
Information Commissioner’s Office.
Our Websites are not intended for children under 13. We do not knowingly collect data from minors without parental consent.
Our Websites may contain links to:
Social media platforms
External booking services
Event ticketing platforms
We are not responsible for the privacy practices of those sites.
We may update this Privacy Policy periodically. Updates will be posted on this page with the revised “Last Updated” date.
