Privacy Notice

Work Rest or Play Limited – Privacy Notice
Effective date: 1 September 2025 | Last reviewed: 29 August 2025

  1. Who we are
    Work Rest or Play Ltd (company number 16022932), registered office 16a Chapel Hill, Clayton West, Huddersfield, England, HD8 9NH (“Work Rest or Play”, “we”, “us”, “our”) operates the website workrestorplay.co.uk and provides community-directory, events, and advertising services for organisations and individuals across the UK.
    For the purposes of the UK GDPR including the Data Protection Act 2018, Privacy and Electronic Communications Regulation (PECR) and Data Use and Access Act 2025, Work Rest or Play is the data controller for the processing activities described in this Notice. Where we act on behalf of a client as a processor, we will process personal data strictly in accordance with that client’s written instructions and applicable law.
    Contact for privacy matters:
    Email: contact@workrestorplay.co.uk
    Postal: Data Protection, Work Rest or Play Ltd, 16a Chapel Hill, Clayton West, Huddersfield, HD8 9NH
    Telephone: 01484 244 442
  2. Scope and legal framework
    This Notice explains how we collect, use, disclose and safeguard Personal Data in connection with:
    • Visitors to our website and social media channels.
    • Subscribers to our mailing lists.
    • Individuals and organisations creating directory listings, advertising with us, or submitting events. and
    • Individuals who contact us via live chat, support portal or bookings.
    We comply with the UK General Data Protection Regulation (UK GDPR) incorporating the Data Protection Act 2018, the Privacy and Electronic Communications Regulation (PECR) and the Data Use and Access Act 2025 (“DUAA 2025”), including changes it makes to the UK GDPR; and the EU General Data Protection Regulation (EU GDPR) where it applies extraterritorially to our processing of data subjects in the EEA.
  3. What data we collect
    We apply the principle of data minimisation. The categories of personal data we collect may include:
    Identity & contact data: name, organisation, role, email address, telephone number, postal address.
    Account & content data: information you provide for a directory listing (e.g., description, images, categories, social links), comments you post, and preferences.
    Event data: details you submit via our “Add your event form” (e.g., organiser name, contact email/phone, event details, date/time, venue and postcode), including any images you upload.
    Marketing preferences: your newsletter sign-up status, topic preferences and communication choices.
    Payment data: billing contact details and payment status. Card details are processed directly by our payment provider (Stripe) and are not stored on our servers.
    Technical data: IP address, device identifiers, browser type, operating system, pages viewed, cookies and similar technologies, error logs.
    Support & bookings data: details submitted via our support centre/knowledge base and demo/meeting booking forms, including metadata generated by those systems.
    We do not intentionally collect special category data (e.g., health, beliefs) or children’s data. Please do not include such data in forms you submit to us. If it becomes necessary to process special category data (for example, to address safeguarding concerns), we will do so only where a lawful basis and appropriate safeguards apply.
  4. How we collect data
    • Directly from you – when you complete website forms (e.g., Sign-up, Add your event, Subscribe, Update preferences), contact us by email/phone, participate in surveys, or use our live chat.
    • Automatically – via cookies, pixels and similar technologies on our website. For details, see our Cookie Policy.
    • From our service providers – e.g., payment confirmations from Stripe; analytics from Google; service metadata from our CRM, chat and support platforms.
  5. Purposes and lawful bases
    We process personal data only where a lawful basis applies. The table below summarises our purposes and applicable bases under Article 6 UK/EU GDPR (as amended by DUAA 2025). Where we rely on legitimate interests, we have carried out balancing tests.
    Purpose Examples Lawful basis
    Provide our services Create and manage directory listings and advertising packages; publish event listings; respond to enquiries; provide live chat and support. Contract (performance or to take steps at your request); Legitimate interests (to operate an online local hub and support users).
    Payments & billing Take and reconcile payments; manage renewals and invoices. Contract (to process transactions); Legal obligation (tax/accounting).
    Marketing & communications Send newsletters, service updates and opportunities; manage preferences and unsubscribes. Consent (electronic marketing where required by PECR); Legitimate interests (service communications and similar products/services to existing users, subject to opt‑out).
    Platform administration & security Debugging, fraud prevention, access controls, incident response, service analytics. Legitimate interests (secure and reliable operation); Legal obligation (security and record-keeping).
    Legal & regulatory Handling data subject requests; managing claims and disputes. Legal obligation; Legitimate interests (establish, exercise or defend legal claims).
    We will obtain consent where required by law (e.g., non‑essential cookies; certain electronic marketing). You can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  6. Cookies and similar technologies
    Our website uses cookies, pixels and similar technologies for essential functionality, analytics, performance and (where enabled) advertising. For details of the specific cookies in use and how to manage your preferences, please see our Cookie Policy. You can change your choices at any time via the cookie banner or your browser settings.
  7. Who we share data with (categories of recipients)
    We share personal data only with: Service providers (processors) who support our operations under written contracts, including:
    • Customer relationship management (CRM) & support desk Zoho One (e.g., EU-hosted CRM/support and live‑chat tools)
    • Email & marketing tools Intuit Mailchimp (e.g., newsletter and preference‑centre services)
    • Payments Stripe Payments Europe Ltd and/or Stripe group companies)
    • Analytics and content platforms (e.g., Google services, embedded video providers such as Yahoo)
    • Other users of the platform: where you choose to publish information publicly (e.g., directory listing content, event details). Please do not include personal information in fields that will be displayed publicly unless you intend it to be public.
    We do not sell your personal data.
  8. International transfers
    Some recipients are located outside the UK/EEA:
    • Although Stripe payment processing is contracted with Stripe Payments Europe Limited (Ireland) Group support/processing may involve Stripe, Inc. (United States) and other Stripe Affiliates. Transfers to the US rely on: the UK Extension to the EU-US Data Privacy Framework for UK GDPR governed transfers to certified Stripe entities; and, where required, the Standard Contractual Clauses with the UK Addendum or International Data Transfer Agreement (IDTA) with Stripe.
    • Zoho (support centre, chat, bookings). Primary hosting is in the EU. Limited remote access by Zoho support/engineering personnel outside the UK/EEA (including India and, where applicable, the United States) can occur for troubleshooting and service improvement. Such access is governed by Standard Contractual Clauses (with the UK Addendum where applicable) and vendor contractual controls.
  9. Retention
    We keep personal data only for as long as necessary for the purposes set out above:
    • Directory/advertiser accounts: for the life of the contract and up to 2 years from last meaningful contact, unless you request earlier deletion or a longer statutory period applies.
    • Events submissions: 2 years from submission, to support repeat listings and resolve queries.
    • Marketing lists: until you unsubscribe or your address becomes inactive, plus a short suppression period to ensure your opt‑out is respected.
    • Payments & invoices: 7 years from the end of the relevant financial year (for tax and accounting regulations and law).
    • Technical logs & security records: up to 12 months, unless a longer period is required for security or legal purposes.
    We may retain minimal records to demonstrate compliance (e.g. consent and deletion logs) for up to 5 years after the underlying data is erased.
  10. Security
    We implement appropriate technical and organisational measures to protect personal data, including:
    • Access controls.
    • Data encryption in transit and at rest where appropriate.
    • Multi‑factor authentication.
    No online service can be 100% secure. If we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO and affected individuals as required by law.
  11. Your rights
    Subject to applicable law and certain exemptions, you have the right to:
    • Access your personal data and receive a copy.
    • Rectify inaccurate or incomplete data.
    • Erase data in certain circumstances.
    • Restrict processing in certain circumstances.
    • Object to processing based on our legitimate interests, including to direct marketing.
    • Data portability for information you have provided to us where processing is based on consent or contract and carried out by automated means;
    • Withdraw consent at any time, where we rely on consent.
    Where the EU GDPR applies, you may also exercise these rights with the competent supervisory authority in your Member State of residence or work.
  12. Exercising your rights
    To exercise your rights, or for any privacy-related queries or complaints, please contact contact@workrestorplay.co.uk or write to the postal address in section 1. We will respond within one month of receipt (extendable by up to two further months in complex cases). You may also complain to the Information Commissioner’s Office (ICO) at any time (www.ico.org.uk).
  13. Changes to this Notice
    We may update this Notice from time to time (for example, to reflect legal or operational changes). Material changes will be highlighted on our website and will take effect upon posting, unless otherwise stated.

Document control
Owner: Work Rest or Play Ltd
Version: 1.0 (post‑rebrand)
Approved by: M Sayers
Next review: 1 September 2026

© 2025 Work Rest or Play Ltd. All rights reserved.