top of page

Privacy Policy

​

This Privacy Policy explains how On the Rec Limited, trading as “Bertie’s” ("we", "us", "our") collects, uses and protects your personal data when you visit www.bertiesontherec.com (the “Site”) or interact with us in‑store or online. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

1. Who We Are (Data Controller)

On the Rec Limited (Company Number 16368660) is the data controller responsible for your personal data. Our registered office is Station House, Station Approach, East Horsley, KT24 6QX and our trading address is Bertie’s, Claygate Pavilion, Dalmore Avenue, Claygate, Surrey, KT10 0HQ.

​

2. Personal Data We Collect

We collect and process the following categories of personal data:

Category - Examples - Source

Identity Data: name, title, date of birth, proof of age you provide

Contact Data: postal address, email, telephone you provide

Transaction Data: details of purchases, payments, order history generated during transactions

Technical Data: IP address, browser type, operating system, referring URLs collected automatically via cookies & similar technologies

Usage Data: pages viewed, links clicked, time on site collected automatically

Marketing & Communications Data: marketing preferences, survey responses, feedback you provide

We do not intentionally collect special category data (e.g. health data) unless you voluntarily provide it (for example, allergen information).
 

3. How We Obtain Personal Data

  • Direct interactions: placing an order, subscribing to newsletters, submitting a contact form, making a reservation or visiting our café.

  • Automated technologies: we use cookies, server logs and similar technologies to collect Technical and Usage Data.

  • Third parties: payment processors, delivery partners and social media platforms may provide limited data when permitted by law.

​​

4. Legal Bases for Processing

We rely on the following lawful bases under Article 6 UK GDPR:

  • Contract – to fulfil orders, reservations and gift‑voucher purchases.

  • Legitimate interests – to run and improve our business, prevent fraud and ensure network security (our interests are balanced against your rights).

  • Consent – for email marketing where required, and for optional cookies.

  • Legal obligation – to keep sales records, comply with licensing laws and respond to regulatory requests.

Where we process special category data (e.g. allergy information) we rely on your explicit consent or that the processing is necessary for reasons of substantial public interest (e.g. ensuring health & safety).

​

5. How We Use Your Personal Data

We use your data to:

  1. Process and deliver orders (food, drink, vouchers, merchandise) and manage payments.

  2. Manage reservations and events, including confirmations and reminders.

  3. Respond to enquiries submitted via the Site, email or social media.

  4. Send marketing communications if you have opted‑in or where we have a legitimate interest.

  5. Operate the Site, troubleshoot, analyse performance and improve user experience.

  6. Prevent fraud and ensure security of our systems and premises.

  7. Comply with legal obligations, including licensing, accounting and reporting.

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another compatible reason.

​

6. Cookies & Similar Technologies

We use necessary, analytical and advertising cookies. For full details please see our separate Cookie Policy, which sets out the types, purposes and expiry periods of each cookie and explains how you can manage your preferences.

​

7. Marketing Communications

We will send you marketing emails or SMS only with your consent or where permitted by law. You can withdraw consent or opt out at any time by:

  • Clicking the unsubscribe link in any marketing email; or

  • Contacting us using the details in section 13.

  • ​

8. Sharing Your Personal Data

We share your data only when necessary and in accordance with this Policy:

  • Service providers – IT hosting, payment processors, booking platforms, email service providers and delivery couriers.

  • Professional advisers – lawyers, bankers, auditors, insurers for legitimate business purposes.

  • Regulators and authorities – HMRC, local licensing authority or law enforcement where required.

  • Business transfers – in the event of a sale, merger or acquisition, your data may be transferred to new owners under the same protections.

We require all third parties to safeguard your data and to use it only for specified purposes.

​

9. International Transfers

Your personal data is generally stored on servers located in the UK or EEA. Where we use service providers outside the UK/EEA, we ensure appropriate safeguards are in place, such as:

  • An adequacy decision by the UK Government; or

  • Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO).

​​

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting or reporting requirements.

  • Orders & transaction records: 6 years after the end of the financial year.

  • Marketing data: until you withdraw consent or opt out, then we retain minimal suppression data.

  • CCTV footage (on‑site): typically 30 days, unless needed for investigation.

​

11. Data Security

We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to your data is limited to employees, agents and contractors who have a business need to know.

​

12. Your Rights

Under the UK GDPR you have the right to:

  1. Access – obtain a copy of the personal data we hold about you.

  2. Rectification – correct inaccurate or incomplete data.

  3. Erasure – request deletion where there is no lawful reason for us to continue processing.

  4. Restriction – suspend processing of your data in certain circumstances.

  5. Data portability – receive your data in a structured, commonly used format.

  6. Object – object to processing based on legitimate interests or direct marketing.

  7. Withdraw consent – at any time where we rely on consent.

  8. Not be subject to automated decision‑making producing legal or similar significant effects (we do not engage in such profiling).

To exercise any of these rights, please contact us (see section 13). We may need proof of identity and may charge a reasonable fee if your request is unfounded or excessive.

​

13. Contact, Questions & Complaints

If you have questions about this Policy or wish to exercise your data rights, please contact our Data Protection Lead:

Email: berties@on-the-rec.com
Post: Bertie’s, Claygate Pavilion, Dalmore Avenue, Claygate, Surrey, KT10 0TE
Telephone: +44 (0) 782 783 8282

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the chance to deal with your concerns first.

​

14. Children

Our Site is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.

​

15. Links to Third‑Party Sites

The Site may include links to third‑party websites. We do not control those websites and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit.

​

16. Changes to This Policy

We may update this Policy from time to time. Any changes will be posted on this page and, where appropriate, notified to you by email. The “Last updated” date at the top indicates when the Policy was last revised.

​

© 2025 On the Rec Limited. All rights reserved.

Location & Hours
bottom of page