Provenance Inns and Hotels or the Provenance Group is made up of different legal entities, Provenance Inns Ltd, Provenance Hotels Ltd and Provenance Hospitality Holdings Ltd (together “the Provenance Group”). This privacy notice is issued by Provenance Hospitality Holdings Ltd (Company number 09011526) on behalf of the Provenance Group so when we say “we”, “us” or “our” in this policy we are referring to the relevant company within the group that is responsible for collecting and processing any information that you share with us.

This policy applies to you if you use our websites, contact us in writing, by telephone or email, provide information to us in our outlets or by way of social media. Please take the time to read and understand this policy.

What sort of personal data do we collect

We may collect, store and use the following data about you:

  • Information that you provide to us such as your title, name, date of birth, gender, your postal address, email address, telephone numbers, payment card details, your preferences, your feedback and your survey responses.
  • Information about the services and products that you have purchased, the date and location of purchase and the way you use our services including the purchase of vouchers.
  • Your communication preferences, information about what you view, click on and access through our marketing emails and how you use our websites.
  • Technical information including data we collect through the use of our websites, where you came to our website from, where you went when you left it, how often you visit and the technical information about the devices you use to access our websites (including IP address, MAC address, browser type and version).
  • We may collect the following Sensitive data, including your race or ethnic origin, religious beliefs and information about your physical health. We only collect and process sensitive data where you provide such information to us in the following situations:
  • As part of any feedback and or complaints you raise with us. When you provide details of what happened this may include you giving us sensitive data. We will process this sensitive data to investigate, address and resolve your issue and to administer any possible legal claims.

Where you are applying for a job with us for carrying out our obligations and rights related to employment law.

How do we process your data?

We will only process your personal data when allowed to do so by law. We will use your personal data in the following circumstances:

  • Consent: When you consent to us doing so and are happy for us to process your personal information for a specific purpose. You have the right to withdraw your consent at any time by contacting us.
  • Contract: Where we need to perform a contract we are about to enter into, or have entered into with you to provide you with one of our products or services.
  • Legitimate interest: Where it is necessary for us to conduct our business and your interest and fundamental rights do not override those interests.
  • Legal claims: Where processing of your personal data is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
  • Legal obligation: Where we need to comply with a legal or regulatory obligation.

Some of the above grounds may overlap and there may be several grounds which cover the processing of your personal data. Please contact us if you would like any further information about the specific basis for processing your personal data.

We may use your data in the following ways:

  • To process and deliver a product or service to you including booking a table, joining an event, organising a private function, purchasing vouchers and managing the payment for these products and services. We will process your data on the basis of your consent, our legitimate interest in delivering those products and services to you or in performance of a contact with you.
  • We want to understand our customers and tailor our direct marketing to you. The ways you interact with us such as subscribing to news, offers and promotions, booking tables, completing surveys, entering competitions, browsing website pages and interacting on social media helps us to do this. Being able to develop our business, products and services, tracking how our customers use our services, making our advertising campaigns relevant to you and tracking the effectiveness of our advertising campaigns is necessary for our legitimate interests. We will send you direct marketing when you have given your consent through our website or by other means and for our legitimate interest to offer you relevant products and services related to what we have previously provided to you in order to grow our business.
  • To contact you to respond to and deal with any questions, suggestions, issues or complaint you have raised, social media posts or reviews and reporting and analysis in respect of these. We may also notify you about changes to our privacy policy. We will process your data on the basis of your consent, our legitimate interests in keeping our records up to date, in performance of a contract with you or to comply with a legal obligation.
  • To help provide safe and secure environments for our staff to work in, our customers to purchase our products and services and for our business to be administered and run. To enable this we will use CCTV, provide safe access to our websites and Wi-Fi, monitor online behaviour, carry out checks to protect you and our business against potential criminal behaviour, such as fraud. We will process your data in performance of a contract with you or for our legitimate interests in being able to run our business, ensure network security and prevent criminal behaviour.

Sharing your data

We may share your data with:

  • All of the companies within the Provenance Group.
  • Service providers who help us provide our websites, Wi-Fi network and other services to you for example information technology companies who host our websites and payment services companies who enable you to use credit or debit cards with us.
  • Third parties that provide services to us such as marketing and table booking. The privacy policy for our electronic marketing partner, Fishbowl, can be found at . Our third party booking partner, OpenTable share your information with us and they operate under their own privacy policy. This can be found at .
  • Our professional advisors for example our lawyers and insurers when they need it to provide advice to us or process an insurance claim.
  • The Police, HM Revenue and Customs, the courts and any other government authority where we are required to do so to comply with our legal obligations.
  • Any social media posts or comments you send to us (on Facebook for example) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they are written and could be made public. We are not responsible for this kind of sharing. Users are advised to use social media platforms wisely and communicate or engage upon them with due care and caution in regard to their own privacy and personal details.

Data Security

The Provenance Group knows how important it is to protect and manage your personal data. We use physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data.

A lot of the information we receive reaches us electronically, originating from your device and then transmitted by your relevant telecoms provider and we are unable to guarantee the security of this transmission.

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

International Transfers

We may transfer your personal data to, and store it at, destinations outside the European Economic Area (“EEA”). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. We will put in place appropriate protection to ensure that your personal data remains adequately protected and is treated in line with this policy.

How long do we keep your data for?

We can only keep your personal data for the purposes set out in this privacy policy and for the purposes of satisfying any legal, accounting or reporting requirements. We will not retain your personal data for longer than is necessary.

Your rights

It is important that the personal data we hold about you is accurate and current. Please contact us to notify us of any changes to your data

You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal data we process about you. These include:

  • Request access to your personal data which is commonly known as a “data subject access request”. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data we hold about you. This enable you to have any incomplete or inaccurate data we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are replying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

 Where we have relied on your consent to process your personal data you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out prior to your withdrawing your consent.

If you are seeking to exercise any of these rights please contact us using the details in the “Contact us” section below. Please note that we will have to verify your identity before we can fulfil your rights under data protection law.


How we use cookies

“Cookies” are tiny, harmless text files sent to your computer or mobile when you visit a website.

Most websites use cookies, and in our case we use them to understand where visitors are coming from and how they use our website in order for us to constantly improve the website experience.

We don’t use cookies to track individuals or store sensitive information such as your name, address or credit card details.

Third parties (such as online reservations systems, Google and social media websites) that feature on this website may also use cookies to ensure their features and processes work properly. Please note we are not responsible for cookie usage on these websites and features.

What to do if you do not consent to us using cookies

If you do not consent to us using cookies you can restrict or delete them from your browser.

Please note if cookies are disabled the online browsing experience “may” be limited.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Changes to our privacy policy

Any changes we make to our Privacy Policy in the future will be posted on this page and we will take appropriate steps to bring these changes to your attention.

Contact us

If you require any further information, have any questions or have a request to exercise your legal rights then please email us at , or write to us at Provenance Hospitality Holdings Ltd, The Barn, The Punch Bowl Inn, Marton Cum Grafton, York, YO51 9QY.

General Data Protection Regulation (GDPR)

GDPR Prinicipals

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

  • a) processing is fair, lawful and transparent
  • b) data is collected for specific and legitimate purposes
  • c) data collected is adequate, relevant and limited to what is necessary for the purposes of processing
  • d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  • e) data is not kept for longer than is necessary for its given purpose
  • f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures.

Our lawful basis for processing your general personal data

Consent of the Data Subject

We need your consent to make you aware of special offers by either post, email or by telephone. Consent is requested when you contact us via the contact form in our contact page.

Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract

When we take your order by telephone, fax or email and ask you for all the personal data required, this is so we can enter into a contract with you the customer, this contract being the exchange of goods and services in the return for payment. We need all the personal data explained with this privacy notice for the exchange of goods and services.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).


The Provenance Collection mobile application (“the App”) is owned and operated by Provenance Collection. This policy, together with our Mobile Terms and Conditions, explain how we may use information we collect about you, as well as your rights over any personal information we hold about you. Please read this policy and our Mobile Terms and Conditions carefully; by using the App you confirm to have understood and agreed to them.

 Information we collect about you through the App

We collect information about you when you:

  • Register to use the App;
  • Attempt to “check in” to one of our venues;
  • Upload a profile photo

Using your information

Collecting personal information in the App (name, email address, date of birth) helps us to better understand what you need from us. We use your information to:

  • Improve the functionality and performance of the App;
  • Personalise our services to you;
  • Tell you about important changes to the App and related services, and
  • Manage promotions, competitions, customer surveys and questionnaires.

Your personal information is safe with us and will never be released to third party companies for their marketing purposes.

The App captures your geographic location when you attempt to “check in” to one of our venues. We do this to identify which venue you are in or near to to provide an enhanced visit experience (for example, through digital loyalty cards or customised content). We will only capture this information with your consent.

The App also captures basic usage metrics to help us identify any problems and to make improvements in the future. These metrics also help us understand how people use the App and how many people use the different functions within the App.

Information We Capture

The list below summarises what information the App captures, what we do with it and your choices:

Geographic location

  • We provide enhanced shop visit experiences when you choose to “check in” to one of our venues, and allow you to pay using the App
  • Your geographic location is not associated with any personally identifiable information
  • You may prevent the App from accessing your device’s location services, or turn off the location services of your Mobile Device. Doing so will impact the App and prevent you from enjoying an enhanced venue experience

Data you share with us

(Including information you give us when signing up, and information which is shared automatically such as Device ID, and IP address)

  • We use this data to log you in to the App and it helps us understand our customers better and potentially present you with offers and promotions
  • Your data is stored in an encrypted database and transferred over a secure network connection
  • You decide which data you do and do not share with us. If you ask us to, we will update, correct or delete any data which you give to us.

Your profile photo

  • Your profile photo is used in store to verify your identity
  • Your profile photo is just stored on the App and is not shared.
  • If you ask us to, we will update, correct or delete your profile photo. However, you must have a profile photo if you wish to use the App to pay for your purchases.

Your purchase history

  • We use your purchase history to send you personalised offers, and analyse which products are most likely to interest you
  • Your data is stored in an encrypted database and transferred over a secure network connection
  • We need to collect your purchase history in order to give you the benefit of personalised offers through the app. We will delete our records of your individual purchase history if you ask us to.

Storing your Information

We will only store your information for as long as we need it to deliver the services available through the App. If you ask us to, or if you delete your account, we will delete the information linked to your account which can identify you personally, including your profile photo and personal details.

Marketing and research

If you agree, we may contact you:

  • With offers and information about Provenance Collection products or services.
  • For customer research, e.g. to help improve our service.

Of course, the choice is entirely yours, but if you say you do not want to receive marketing information from us this will prevent you from receiving great offers or promotions that may be of interest to you. You can ask us to stop contacting you for marketing and/or research purposes by following the instructions in any such communication or by emailing us here.

Disclosing your information

We will never disclose your information to anyone outside of Provenance Collection except where we have your consent; where we are required or permitted to do so by law; to other companies who provide a service to us for which we need to disclose some of your information; or any successors in title to our business.

If we ever transfer your personal information to countries outside the European Economic Area we will ensure that appropriate security measures are taken. Accessing your information

To obtain a copy of the information we hold about you, email us here. Please confirm any details to help us identify and locate your information. If any of the details are incorrect, let us know and we will amend them.

Changes to our policy

This policy replaces all previous versions and is correct as of August 2023. We reserve the right to change the policy at any time.

Contacting us

If you have any queries, please contact us here

How to request information or to make a complaint

Should you wish to request which information we hold on your company, to amend any data that we hold on your company or to make a complaint, please contact us and we will act upon you request immediately.