Sign up to our mailing list today

Sign Up

Privacy Policy

We, at Marston’s PLC, care about and respect your privacy. We’d like to explain what personal information we have about you and how we use it, as well as letting you know about our practices with regard to your privacy so that you know exactly what is happening with your data and what we are doing to keep it safe.

We are Marston’s PLC!  Where we refer to “we” or “us” in this policy, we mean Marston’s PLC or any company or division in our group. 

If you have any questions about this policy or your privacy, you can find us or get in touch at Marston’s PLC, St Johns House, St Johns Square, Wolverhampton, WV2 4BH. Our telephone number is 01902 907250.

We have appointed a Data Protection Officer for Marston’s PLC who can be contacted via DataSecurityInformation@marstons.co.uk.

We are registered in England & Wales with Company No. 31461 and our VAT number is GB100019352.

The Law

Data Protection within the UK is currently governed by the UK General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (“Data Protection Laws”) and we conduct our activities in line with these.

In relation to this website we are the Data Controller and Cogent (www.cogent.co.uk) are the data processor as the host and administrator for this site. We ask you to read our website terms of use in conjunction with this policy.

This privacy policy supplements other notices and privacy policies and is not intended to override them. It should be read in conjunction with other privacy policies that we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

A Glossary is also included at the end of this document to explain some of the terms we use in this privacy policy.

What information do we collect?

+

We collect a wide variety of information and the types we collect from you will vary dependent on whether you’re an individual customer, another business, ordering a product or a service or participating in a promotion or competition (amongst other things). Here are the types of information we may collect from time to time along with sources which tell you where we may receive the data from.

 

Information we may gain directly from you:

 

Your name, age & contact details (including phone numbers, emails and addresses);

Your opinions, feedback, comments or views;

Your banking details;

Your business details (which may include contact details, job titles and other information you would expect to share when engaging in business with us);

Your login details (including username and password);

Your image within photography;

Special Request data which may include special category data such as Disability & accessibility requirements, dietary requirements or other information that may be deemed sensitive; and

Your employment history and application data (including CV’s).

 

Information we may collect about you:

 

Internet protocol address (IP address);

Browser type and version;

Time zone setting;

Browser plug-in types and versions;

Operating system and platform;

The URL Clickstream to, through and from our site (including the date and time);

Products you viewed or searched for;

Page response times;

Download errors;

Length of visits to certain pages;

Page interaction (scrolling, clicks, mouse-overs etc);

Methods used to browse away from the page; and

Information we may receive from other external third parties:

Names, addresses, contact details/business details if necessary, through the course of business;

Financial information, such as the results of a credit check; and

Advertising preferences & analytical information (in particular from social media websites, pixels, clickstream data, cookies and Google Analytics).

 

We strive to collect the minimum amount of data necessary in order to perform the request for a product or service being made and so in some cases, failure to enter the requested information may result in us not being able to provide the product or service.

When do we collect your information?

+

We may collect your information in a number of ways. Here is an overview of the circumstances in which data could be gathered.

 

When you use our websites, or a form is filled out on our websites (including from analytics);

Correspondence via phone, email or otherwise with one of our team members;

When you register to use our site or services;

When you subscribe to our products or services;

When you purchase shares in our company;

When you place an order with us;

If you have an accident at one of our sites;

When you or an analytics provider provide us with your marketing preferences;

When you sign a contract or agreement with us;

To participate in a discussion board or other social media function on our sites;

To enter a competition, promotion or survey that we are running;

When you report a problem with one of our websites;

When you apply for a job with us;

When we require a credit check in conjunction with your application; and

When you visit our offices

Why do we need your personal data?

+

There are a number of reasons we may request or collect your information. A summary of these can be found below:

 

For the administration and support of a contract such as an order of goods, an operations agreement or a service you’ve requested;

For the administration of a job application;

For the administration of your shareholding;

To conduct a credit check in line with your application (if required);

To request ongoing credit reference services to ensure your ongoing suitability for credit terms (if required);

To implement anti-fraud measures whether internally or by use of a third party;

To respond to an enquiry, feedback or complaint you may have sent to us;

To improve the products or services we offer;

To administer our websites including troubleshooting, data analysis, testing, research, statistical and survey purposes. Also, to keep it safe, secure and accessible;

To administer a promotion, offer or competition that you may participate in;

To notify you about any changes to our services; and

For the communication of marketing materials (including e-mail, and in certain circumstances, phone calls);

For absolute clarity we do not intend our marketing materials to be received by anybody under the age of 18 due to the nature of our business. Your personal data may be used to determine whether you meet these criteria.

Marketing

+

We may use your details to make an informed decision on products or services we think you may be interested in. This is marketing and we will always ask for your consent before we do this where we intend to send you materials via e-mail or text. We will also always ask your consent before we pass your details to any external third parties so that they can market to you too.

 

We understand that you may change your mind about receiving these types of emails or texts so you can ask us to stop at any time. Just follow the unsubscribe link on any marketing communication we send to you and we will promptly remove you from our database. Alternatively, you can contact us via to request this change. This will only apply to data you have supplied in accordance with signing up to marketing services. Data provided for other purposes will remain in our systems in line with this policy.

Promotions & Competitions – Publication of winners

+

From time to time we may offer interactive promotions and competitions via social media platforms. When you choose to take part in these activities you should be aware that on some occasions the promoting party may choose to announce the winner of the event by ‘tagging’ them in an announcement on the relevant social media platform. We have certain obligations when running competitions or similar events including publishing details about the winner however this does not extend to identifying a particular individual via this method. If you are uncomfortable with this practice you have some options in order to conserve your right to privacy.

 

1. Use the social media platforms’ settings panel


We have used Facebook as an example here, but all social media platforms should have similar functions.
Log into your account and navigate to the settings menu. Then click Timeline and Tagging in the left-hand options menu.


Use the options to decide who you want to be able to tag you on your timeline and on the news feed, and even activate a review system to approve tags before they are posted publicly.

 

2. Contact us


You have the right to contact us to ask us not to publish your details in this way (or any other way). This is known as the right to object. Whilst we may not publicise your details to the general public, we may still need to inform the Advertising Standards Authority to confirm that our promotion or competition was genuine. Please contact us at ​DataSecurityInformation@Marstons.co.uk for more information or to raise an objection.

On what basis do we process your data?

+

The lawful basis for processing varies depending on the processing activity

 

We rely on one of, or a combination of legitimate interest, consent, legal obligation and contract in order to process your personal data (a definition of each is provided within the glossary), dependent on the type of processing being conducted. Below we have defined the ways in which we may process your personal data and what the legal basis is for doing so, whilst outlining our legitimate interests where necessary. We may process your personal data based on multiple lawful basis where on occasion, circumstances may dictate this is necessary. Please contact us if you require further details on any of the points below where multiple basis have been specified. Generally, we consider:

 

What are we trying to achieve? 

 

What personal Data is involved? 

 

Our lawful basis for processing 

To respond to your feedback, enquiry, comment or complaint 

 

Identity 

Contact 

Necessary for our legitimate interests (to ensure resolution to your reason for contacting us so that business can continue in a manner you’d expect) 

 

To fulfil your order for products or services, including where you sign up for an online account with us 

 

 

Identity 

Contact 

Financial 

Transactional 

Technical 

Performance of Contract 

To administrate the terms of your shareholding including the processing of dividends, associated rights and benefits 

 

 

 

Identity 

Contact 

Transactional 

Financial 

Performance of Contract  

Legal Obligation 

To take steps to or make you a party to a business agreement (such as a Tenant, Retailer, Lessee, Free Trade Customer or other similar arrangement)  

 

Identity 

Contact 

Financial 

Transactional 

Marketing preferences 

 

Performance of Contract 

Necessary for our legitimate interests (to conduct initial or ongoing credit reference checks, to offer you beneficial information (particularly on our current promotions), to recover outstanding monies from you) 

To administrate a competition, survey, or review that you are party to (and to notify you of any such changes that may affect you) 

 

Identity 

Contact 

 

Performance of contract 

Legal Obligation (competitions) 

Necessary for our legitimate interests (to action the responses to surveys or reviews to improve our products and services) 

 

To conduct troubleshooting, data analysis, testing, research, system maintenance, support, reporting and hosting of data 

 

(a) Identity 

(b) Contact 

(c) Technical 

 

Necessary for our legitimate interests (to run our business in the best possible manner, providing administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) 

Legal obligation 

 

To administrate a job application  

 

Identity 

Contact 

Profile 

 

Performance of Contract 

Legal Obligation 

To fulfil marketing communications via email, SMS or in certain circumstances telephone 

 

Identity 

Contact 

Profile 

Marketing and Communications 

 

Consent 

Performance of Contract/Necessary for our legitimate interests (telephone – to provide marketing services to other businesses so that we can communicate our current offers and promotions. To improve our relationship with you and ultimately grow our business)  

To provision internet services to you from our on-site Wi-Fi services

Identity

Contact

Profile

Technical

Performance of Contract/Legal Obligation/Necessary for our legitimate interests (this enables us to understand the efficiency of our communications, and the diversity our customer base more clearly)

To deliver relevant website content and advertisements (including on social media websites) to you and analyse feedback so that we can measure the effectiveness of the materials 

To also suggest products and services we believe you will be interested in 

Identity 

Contact 

Profile 

Usage 

Marketing and Communications 

Technical 

 

Necessary for our legitimate interests (to show how customers interact with our advertisements, use our products/services, so that we can improve the advertisements, our relationship with you, products and services, ultimately to improve and grow our business) 

 

 

We do not intend our general marketing materials to be received by anybody under the age of 18 due to the nature of our business. Your personal data may be used to determine whether you meet these criteria.  

 



Who might receive a copy of your personal data?

+

Throughout the course of activities, it may be necessary for an external third party to receive a copy of your personal data. All of our external third parties are thoroughly vetted and are subject to contractual requirements and assessment of security standards in order to become an approved supplier. They are only permitted to process your personal data for the specified purpose and not for their own benefit.​

 

Your data may be shared with any member of our group or trading divisions but external third parties may include any of those set out in the glossary, as relative to your circumstances, or third parties falling into the categories below.

 

Partners, suppliers and sub-contractors where they are performing a contract we have entered into;

Analytics and search engine providers that assist us in optimising our site;

Website & website services hosts including payment processors;

Credit reference agencies;

Agencies that assist in sending our marketing, informational or news communications; and

Authorities or organisations where there is a legal obligation for us to do so or for the prevention of fraud.

 

Partners – Where your data is collected in relation to a partner site, we may act as a Data Processor on behalf of the Partner or we may both be Data Controllers in our own right.

 

For example:

 

Within the management of CCTV, both parties are Data Controllers in their own right for different purposes.

For the purposes of queries and complaints, both parties may be Data Controllers in their own right and Marston’s may be a Data Processor from time to time.

Within the Order & Pay service, Marston’s is a Data Processor on behalf of the Partner.

 

If you need further information about the relationships we and our Partners hold in relation to a specific process, please contact us.

Where is your data stored?

+

Your data may be transferred to and stored at a destination outside the UK where we use external third parties. It may also be processed by staff operating outside of the UK who work for us or for one of our suppliers. These staff may be engaged in the fulfillment of your order, the processing of your payment details and the provision of support services (amongst other things).

 

We will only transfer personal data to countries where the GDPR applies or that have received an adequacy decision. Alternatively, a transfer may occur where we have adequate contracts approved by the Regulator which protects personal data in the same way that it is protected in the UK or where another appropriate safeguard exists. We make a thorough check and have strict requirements (in line with the law) in order to approve this type of processing in consideration of our suppliers.

 

Any information provided to us is stored in our secure servers and any payment transaction data is encrypted using SSL technology. Where you have a password, which enables access to certain parts of the website you are responsible for keeping the password confidential. Please do not share your password with anyone.

 

Unfortunately, the transfer of information over the internet is not completely secure. We do our best to protect your personal data, but we cannot guarantee the security of your data when it is transmitted to our site. Once we have received your information, we will ensure that we strictly monitor procedures and security measures to keep it safe.

 

Our site may contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies which we do not accept any responsibility or liability for. Please check these policies before you submit any personal data to these websites.

 

If you would like specific information about where your data is stored in relation to a particular process, please contact us.

How long will we keep your data?

+

We will only hold on to your personal data for as long as we need it to fulfill the purposes we collected it for. This includes considering the amount, nature and sensitivity of the data and the risk of any potential harm mishandling of this data may cause. We also consider if and when we can achieve the purposes we collected it for or if we can complete this without the personal data. We consider legal, tax and reporting requirements that impose limitations on how long we hold the data for. It may be kept for a longer period if we reasonably predict there will be an element of legal action within our relationship with you.

 

Please contact us if you would like to find out how long and why we keep your personal data.

What are your rights?

+

Upon occasion, you may be entitled to certain rights under data protection law. These are laid out below but a full breakdown of their meaning is available in the glossary. You can enact any of these rights by contacting us via DataSecurityInformation@marstons.co.uk or on 01902 711811.

 

Right of Access to your personal data

Right to rectification of your personal data

Right to erasure of your personal data

Right to object to processing of your personal data

Right to restrict processing of your personal data

Right to data portability

 

There is no fee applicable to any of the above, however we may charge a fee or refuse your request if it is unfounded, excessive or repetitive.

 

We aim to respond to valid requests within one calendar month, however in certain circumstances it could take us longer. This may be because you have submitted a number of requests, or your request is particularly complex. We will keep you updated with your request along the way if this is the case.

 

We may need to verify your identity and ensure your rights to the personal data we hold on occasion. We will always make sure our request is reasonable and in line with the information or right you are requesting. This ensures we are not sending the data to somebody who is not entitled to see it or acting upon a rights request that has not been legitimately made by the person who is entitled to it.

 

Changes

+

We regularly review our policy so that we can ensure it is accurate and informative. Any changes will be made on this page. Please check back frequently for updates.

 

It is also important that any personal data we hold about you is up to date and accurate. Please update us if any of the details we hold about you change so that we can ensure our records reflect these changes.

Contact

+

Questions, comments and requests regarding this policy are welcomed and should be directed to any of the contact details at the top of this page.

 

We have appointed a Data Protection Officer for Marston’s PLC who can be contacted via DataSecurityInformation@marstons.co.uk.

 

Alternatively, should you feel necessary, you can contact the Information Commissioner’s Office on 0303 123 1113 or online here.

 

Cookies

+

When you visit our websites, we use cookies. Cookies allow us to identify the computer or device you're using to access our websites - but we can't identify you personally.

 

You can set up your web browser to refuse cookies, but this website will then fail to operate correctly.

 

TYPES OF COOKIES WE USE 

 

Here are the types of cookies our websites use and some more details about what they're used for: 

 

Cookie Name 

Purpose 

Expiration Policy 

test_cookie 

Advertisement
The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

15 minutes

_fbp

Advertisement
This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.

3 months

ai_user

Analytics 
A unique user identifier cookie, set by Microsoft Application Insights software, that enables counting of the number of users accessing the application over time.

1 year

_gcl_au

Analytics 
Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.

3 months

ai_session

Analytics 
This is a unique anonymous session identifier cookie set by Microsoft Application Insights software to gather statistical usage and telemetry data for apps built on the Azure cloud platform.

30 minutes

_ga_DHNBJEG4TW

_ga_DY5GDC0VVG

_ga

Analytics 
Cookies installed by Google Analytics. The _ga cookie calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

2 years

__cf_bm

Functional
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

30 minutes

ARRAffinity

Necessary
ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.

Session

ARRAffinitySameSite

Necessary
This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.

Session

current_region

Analytics 
This cookie is set by designmynight.com. The cookie is used to remember which region the user was viewing on the website, it is a non-tracking cookie and doesn't store information about the browser or how the user arrived on the site.

1 month

fr

Advertisement
Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.

3 months

__RequestVerificationToken

 

Necessary
This
cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks.

Session

cookieconsent

Functional
Functional cookie triggered by the closing of the cookie notice at the top of the page.

1 year

warningread

Functional
Functional cookie triggered by the closing of the
warning notice at the top of the page

1 year

 

 

Glossary

+

Some terms we use in this policy may be difficult to understand so we’ve provided a breakdown below to help you clarify what we mean.

 

LAWFUL BASIS  

 

Legitimate Interest means the interest of our business in managing and carrying out our business functions so that we can give you the highest quality services/products and the best and most secure experience. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We will not use your personal data where our interests are overridden by your fundamental rights (unless we have your consent or are required or permitted to by law). If you need further detail on how we assess our legitimate interests against any potential impact on you in relation to certain circumstances, please contact us.

 

Performance of Contract means processing your data where you are a party to a contract and we need your personal data in order to carry out that contract or to take steps at your request if you are thinking of entering into a contract with us.

 

Legal obligation means processing your personal data where we have to comply with a law that applies to us.

 

Consent means you have specifically let us know that we can process your data for the purpose already given to you.

 

EXTERNAL THIRD PARTIES 

 

•  Website Hosts – In this instance Cogent (www.cogent.co.uk) are the host of this website;

Merchant Services providers;

Providers of accident management systems, insurance managers and claims handlers;

Agencies providing distribution services for marketing materials and or service information, whether electronic or in hard cop

Credit reference agencies;

HMRC, regulators or other authorities as necessary;

Providers of prizes or incentives in relation to competitions, promotions or surveys;

Share registration and management service providers;

IT Systems and administration services providers;

Advisors or agencies acting on our behalf such as solicitors, auditors, insurers, registrars and collections agencies;

 

YOUR LEGAL RIGHTS  

 

This is a breakdown of what each of your rights mean and the results you can expect when you enact them.

 

Right of Access to your personal data – This is usually called a ‘Subject Access Request’. You can request a copy of personal data to see what we hold about you and to check why & how we are processing it and that we are processing it lawfully. We may be required to suitably redact (obscure) elements of the requested detail to protect the rights and personal data of other individuals.

 

Right to rectification of your personal data – If you recognise any of the personal data we hold on you to be incorrect or incomplete you can request it to be corrected. In certain circumstances, we may require proof of accuracy of any new data being submitted.

 

Right to erasure of your personal data – If you believe there is no fair reason for us to hold an element of your personal data, you can ask us to remove or delete this from our records, On occasion you may want to exercise this right on a successful objection to processing (see definition below). If for any reason, for example, to comply with a legal obligation, we cannot delete your personal data we will action your request as far as possible and provide to you a reason as to why we cannot fully comply with your request.

 

Right to object to processing of your personal data – If we rely on legitimate interest as our legal basis for processing or the legitimate interest of another third party, you can object to our processing if you feel it impacts your fundamental rights and freedoms. We will reassess the legitimate grounds we have for processing your data and on occasion we may demonstrate that they are sufficient in overriding your rights and freedoms. Specifically in relation to direct marketing, please see the section above entitled ‘Marketing’.

 

Right to restrict processing of your personal data – You can ask us to temporarily pause the processing of your personal data in certain circumstances. For example:

 

If you have objected to our processing of your personal data, but we are assessing whether our legitimate grounds override your rights and freedoms.

If you want to ensure that it is correct or complete before we continue to use it.

If we are processing the data unlawfully but you do not want us to delete it.

If you ask us to keep the data where we no longer need it, as you require it to establish, exercise or defend legal claims.

 

​Right to data portability – This applies to automated information originally received on the lawful basis of consent or performance of contract. You can ask for a copy of the related data and for it to be transferred to a third party of your choosing in a commonly used, machine readable format.