Privacy Policy

Last Updated: January 23, 2026

Brimlestone ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website (brimlestone.com), use our services, or interact with us in any way.

We comply with the UK Data Protection Act 2018, the UK GDPR, and other relevant data protection regulations applicable in the United Kingdom.

1. Information We Collect

1.1 Personal Data

We may collect the following personal information:

• Identity Data: Name, title, date of birth (where relevant for age-restricted events)
• Contact Data: Email address, telephone number, postal address
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage Data: Information about how you use our website and services
• Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences

1.2 How We Collect Personal Data

We collect data through:

• Direct interactions: When you fill in forms on our website, correspond with us, sign up for events, or otherwise provide us with your personal information
• Automated technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns
• Third parties: We may receive personal data about you from various third parties such as analytics providers and booking platforms

2. How We Use Your Information

2.1 Purposes for Processing

We use your personal data for the following purposes:

• To process and manage your bookings and visits
• To provide you with information about our services and events
• To manage our relationship with you, including notifying you about changes to our terms or privacy policy
• To administer and protect our business and website
• To deliver relevant website content and measure or understand the effectiveness of the content we serve to you
• To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences

2.2 Lawful Basis for Processing

We process your personal data on the following legal grounds:

• Consent: Where you have given us clear consent to process your personal data for a specific purpose
• Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
• Legitimate Interest: Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
• Legal Obligation: Where processing is necessary for compliance with a legal or regulatory obligation

3. Data Sharing and Transfers

3.1 Third-Party Service Providers

We may share your personal data with the following categories of third parties:

• Service providers who provide IT, system administration, and platform services
• Professional advisers including lawyers, bankers, auditors, and insurers
• Regulators and other authorities who require reporting of processing activities in certain circumstances

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

3.2 International Transfers

We do not transfer your personal data outside the UK unless adequate protection measures are in place, such as:

• Countries that have been deemed to provide an adequate level of protection for personal data by the UK government
• Where we use specific contracts approved for use in the UK which give personal data the same protection it has in the UK

4. Data Security and Retention

4.1 Security Measures

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

4.2 Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:

• The amount, nature, and sensitivity of the personal data
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process your personal data
• Whether we can achieve those purposes through other means
• The applicable legal requirements

In general, we keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers for tax and legal purposes.

5. Your Legal Rights

Under data protection laws, you have rights in relation to your personal data including:

• Right of access: You can request copies of your personal data
• Right to rectification: You can request correction of inaccurate personal data
• Right to erasure: You can request deletion of your personal data in certain circumstances
• Right to restrict processing: You can request restriction of processing in certain circumstances
• Right to data portability: You can request transfer of your personal data
• Right to object: You can object to processing based on legitimate interests or direct marketing
• Rights related to automated decision making: You have rights regarding automated decision making and profiling

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

6. Cookies and Similar Technologies

Our website uses cookies and similar technologies to distinguish you from other users. This helps us provide you with a good experience when browsing and allows us to improve our site. For detailed information on the cookies we use, please see our Cookie Policy.

7. Children's Privacy

Our website and services are not intended for children under 16 years of age, and we do not knowingly collect personal data from children under 16. If you are under 16, please do not provide any personal data to us. If we learn we have collected or received personal data from a child under 16 without verification of parental consent, we will delete that information.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date at the top of this Privacy Policy. We encourage you to review this Privacy Policy frequently to stay informed about how we are protecting your information.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Brimlestone
100 Commercial St
London E1 6LZ
Email: privacy@brimlestone.com
Phone: +442070148707

10. Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.