Skip to main content

Privacy Notice

Last updated: 16 February 2026

Longdown Village Hall Trust (“we”, “us”, “our”) operates the website longdownvillage.com. This privacy notice explains how we collect, use, and protect your personal information.

Summary

We only collect and process personal data that is necessary to:

  • Manage your account (if you create one)
  • Process hall bookings and payments
  • Respond to your enquiries
  • Improve our website

We do not sell your data or use it for marketing without your explicit consent.

1. Who We Are

Organisation: Longdown Village Hall Trust Location: Longdown, Devon, UK Contact: hall@longdownvillage.com

We are the data controller for personal data processed through this website.

2. What Data We Collect

2.1 Account Registration (Optional)

If you create an account, we collect:

  • Email address (required)
  • Name (required)
  • Password (encrypted)
  • Phone number (optional)

Purpose: To provide access to booking features and manage your reservations.

Legal basis: Legitimate interest / Contract performance

2.2 Booking Information (Future Feature)

When you make a booking, we collect:

  • Contact details (name, email, phone)
  • Event details (date, time, space required)
  • Payment information (processed securely by Stripe)

Purpose: To process your booking and provide our services.

Legal basis: Contract performance

2.3 Payment Information

We do not store payment card details. All payment processing is handled securely by Stripe, who are PCI DSS compliant.

Stripe may set cookies for fraud prevention purposes. These are strictly necessary for secure payment processing.

2.4 Website Analytics

We use Cloudflare Web Analytics with Real User Measurements (RUM) to understand how visitors use our website and monitor performance. This service is:

  • ✅ Completely cookieless (no cookies stored on your device)
  • ✅ Privacy-friendly (no personal data collected)
  • ✅ GDPR compliant (anonymous, aggregated data only)
  • ✅ No consent required
  • ✅ Automatic (injected by Cloudflare proxy)

Data collected (anonymous only):

  • Page views and visit counts
  • Page load times and performance metrics
  • Referrers (where visitors came from)
  • Browser type and device category
  • Country/region (not individual location)

What we don’t collect:

  • ❌ Personal identifiers
  • ❌ IP addresses (not logged)
  • ❌ Individual user tracking
  • ❌ Cross-site tracking

2.5 Automatic Information

When you visit our website, we automatically collect:

  • IP address (for security and system administration)
  • Browser type and version
  • Device type
  • Pages visited and time spent

Purpose: Website security, performance monitoring, and user experience improvement.

Legal basis: Legitimate interest

3. Cookies We Use

3.1 Strictly Necessary Cookies

These cookies are essential for the website to function and do not require your consent:

CookiePurposeDuration
better_auth_sessionAuthentication (keeps you logged in)30 days
__stripe_midFraud prevention (Stripe payments)1 year
__stripe_sidPayment processing (Stripe)30 minutes

3.2 Analytics (Cookieless)

Cloudflare Web Analytics with Real User Measurements (RUM) does not use cookies or store personal data. All analytics are collected anonymously through Cloudflare’s infrastructure without requiring any cookies on your device.

3.3 No Marketing Cookies

We do not use marketing, advertising, or tracking cookies.

4. How We Use Your Data

We process your personal data only for:

  1. Account Management: Providing access to booking features
  2. Booking Processing: Managing your hall reservations
  3. Payment Processing: Handling payments securely via Stripe
  4. Communication: Responding to enquiries and sending booking confirmations
  5. Legal Compliance: Meeting legal and regulatory requirements
  6. Website Improvement: Understanding usage patterns (anonymously)

We will never:

  • Sell your data to third parties
  • Use your data for marketing without explicit consent
  • Share your data except as described in this notice

5. Third-Party Services

We use the following trusted services to operate our website:

5.1 Railway + Cloudflare (Hosting & Analytics)

  • Purpose: Website hosting, content delivery, and web analytics
  • Data processed:
    • Hosting: IP addresses, page requests
    • Analytics: Anonymous page views, performance metrics (no personal data)
  • Location: EU/UK data centers
  • Privacy policy: Railway | Cloudflare
  • Analytics details: Cloudflare Web Analytics is cookieless and GDPR compliant by design

5.2 Resend (Email Delivery)

  • Purpose: Sending account verification and booking confirmation emails
  • Data processed: Email addresses, message content
  • Location: US (GDPR-compliant)
  • Privacy policy: Resend Privacy Policy

5.3 Stripe (Payment Processing)

  • Purpose: Secure payment processing for hall bookings
  • Data processed: Payment card details (not stored by us)
  • Location: EU/UK
  • Privacy policy: Stripe Privacy Policy

5.4 Google Calendar API (Availability Display)

  • Purpose: Displaying hall availability on our booking calendar
  • Data processed: Calendar event times (no personal details exposed)
  • Data flow: One-way (read-only)
  • Privacy policy: Google Privacy Policy

6. Data Retention

We retain your data only as long as necessary:

  • Active accounts: Until you request deletion
  • Closed accounts: 6 months (for financial records)
  • Booking records: 7 years (UK tax law requirement)
  • Email correspondence: 2 years
  • Website logs: 90 days

7. Your Rights (UK GDPR)

You have the right to:

  • Access your personal data (free of charge)
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Data portability (receive your data in a common format)
  • Object to processing
  • Withdraw consent at any time

To exercise any of these rights, contact us at hall@longdownvillage.com.

8. Data Security

We protect your data with:

  • ✅ Encrypted connections (HTTPS/TLS)
  • ✅ Secure password hashing (bcrypt)
  • ✅ Regular security updates
  • ✅ Access controls and authentication
  • ✅ Secure hosting infrastructure

9. Children’s Privacy

Our website is not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Notice

We may update this privacy notice from time to time. The “Last updated” date at the top shows when it was last revised. Significant changes will be highlighted on our website.

11. Contact & Complaints

Questions or Concerns

Contact us at:

Complaints

If you’re unhappy with how we handle your data, you can complain to:

Information Commissioner’s Office (ICO) Website: https://ico.org.uk/make-a-complaint/ Phone: 0303 123 1113

Questions?

If you have any questions about this privacy notice or how we handle your data, please don’t hesitate to contact us at hall@longdownvillage.com.