Get in touch

Privacy Policy

Privacy and data protection

Any information you give to us while using our website will be held securely and in accordance with the data protection principles. We will treat personal details as private and confidential and safeguard them. We will not disclose them to anyone unconnected with the Convention Centre unless you have consented to their release, or in certain circumstances where:

We may use the information you have provided for the prevention and detection of fraud.

You have the right to request a copy of all the personal information that we hold about you, and to have inaccuracies corrected.


Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience.

Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive. We use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Content Management System (CMS)

Our website is built in a CMS, cookies are essential to determine whether a user is a guest, or, an admin. Cookies set by our CMS: CRAFT_CSRF_TOKEN, HCCSESH.

Google Analytics

We use Google Analytics to analyse the use of this website. It helps us see how many people are using our site, and helps us improve the site by analysing the way people navigate through it.

Google will store this information, Google's privacy policy.

We want to provide online services that are easy to use, useful and reliable. This can involve placing cookies on your computer or other device. Google Cookies cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

Privacy Notice (GDPR)

This privacy notice lets you know how we promise to look after your personal information, explains how we do this and tells you about your privacy rights and how the law protects you.

Who are we
Harrogate Convention Centre is owned by Harrogate Borough Council and complies with Data Protection Legislation and is a registered ‘Data Controller’ with the Information Commissioner’s Office (ICO) – reference Z6341522.

Our Privacy Promise
We promise

How we collect your personal data 

We collect information about you in order to provide services, comply with regulations, and to build stronger relationships.  We may collect information on paper or online forms, by telephone, email or a member of our team may collect information from you in person.

Information about you may be collected on our behalf by one of our partners.

We need to collect and use information about you to:

We may need to pass your information to other people and organisations that provide a service on our behalf. These providers are obliged to keep your details securely, and use them only to provide the service to you in accordance with our instructions.

Personal Information you give to us:

You give us your personal information

How we share your information

We may be required or permitted, under the Data Protection legislation, to disclose your personal information without your explicit consent, e.g. if we have a legal obligation and/or basis to do so, namely:


Emails that we send to you or you send to us, may be retained as a record of contact and your email address stored for future use in accordance with our record retention schedules. If we need to email sensitive or confidential information to you, we may perform checks to verify the correct email address and may take additional security measures.

 Using our website

The website is solely owned by Harrogate Convention Centre and does not store or capture personal information about you when you use our website unless you decide to provide it to:

 You can read more on how we use cookies in the section above

 Sending data outside of the EEA

We will only send your data outside of the European Economic Area (‘EEA’) :

If we do transfer information to our suppliers, agents, partners  or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:

If you choose not to give personal information

If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts or the services provided to you.

We may need to collect personal information by law, or under the terms of a contract we have with you.

Any information collected which is optional will be made clear at the point of collection.

Consent and how we record consent

Why is Consent important?

Consent is one lawful basis for processing, and explicit consent can also legitimise use of special category data. Consent may also be relevant where the individual has exercised their right to restriction, and explicit consent can legitimise automated decision-making and overseas transfers of data.

Genuine consent should put individuals in control, build trust and engagement, and enhance your reputation.

Relying on inappropriate or invalid consent could destroy trust and harm your reputation – and may leave you open to large fines.

Recording Consent

Managing the Consent you give to us

we make it easy for you to withdraw your consent at any time, and publicise on our website how to do so.

Legitimate Interest

If you are a business to business user of venues and venue event services we have a legitimate interest in communicating our products services to you from time to time by phone and email. You can request a copy of our Legitimate Interest policy by calling 01423 537434 or emailing

Under these circumstances we will only contact you via a business telephone number or business email address and never by a personal number or personal email address, unless you have asked us to do so.

We will also make it easy for you to opt out of our communications at any time should you wish to do so.


We may use your personal information to tell you about relevant products, news, consultation, market research, events updates and offers. This is what we mean when we talk about ‘marketing’.

The personal information we have for you is made up of what you tell us, and data we collect when you use our services, or from third parties we work with.

We can only use your personal information to send you marketing messages if we have either your consent or there is a ‘legitimate interest' to do so. At times, we may have a business or commercial reason to use your personal information. If we process your personal information on this basis, we will ensure that it does not unfairly go against what is right and best for you.

You can ask us to stop sending you marketing messages by contacting us at any time.

How long we keep your personal information

Personal information will not be kept longer than is necessary for its purpose. This means that data will be destroyed or erased from our systems when it is no longer required. Please contact the Council’s Data Protection Officer at the address below for further information on data retention periods.  You also have the right to request that your personal information is erased in certain circumstances.

How to get a copy of your personal information

A request for information that we hold about you should be made in writing but requests made verbally depending on the circumstances are also accepted (as long as you can prove your identity). 

Under the Right of Access we as a Council will provide a copy of your information free of charge. However, we can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that we can charge for all subsequent access requests.

We will provide you with your personal information within 30 days.  We may need to extend this period by a further two months where necessary taking in to account the complexity and number of requests. If we have to extend the period, we will notify you within 30 days of receipt of the request.

You can use the Subject access request form or use the contact details below:

Subject Access Request
Data Protection Officer
Harrogate Borough Council
PO BOX 787
Civic Centre
St. Luke’s Avenue
Harrogate,  HG1 2AE

Letting us know if your personal information is incorrect

(Right of Rectification) You have the right to question any information we have about you that you think is wrong or incomplete. Please contact us if you want to do this.

If you do, we will take steps to check its accuracy and correct it.

(Right to Restricted Processing) You can ask us to stop processing your personal information if it is likely to cause unwarranted substantial damage or distress to you or anyone else.

What if you want us to stop using your personal information?

(Right to Object) You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘Right to Object’ and ‘Right to Erasure’, or the ‘right to be forgotten’.

There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.

We may sometimes be able to restrict the use of your information. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.

You can ask us to restrict the use of your personal information if:

If you want to object to how we use your data, or ask us to delete it or restrict how we use it or, please contact us.

How to request your personal information

To obtain and reuse your personal information for your own purposes. (Right to Data Portability)

How to withdraw your consent

You can withdraw your consent at any time. Please contact us if you want to do so.

If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you.

How to complain

Please let us know if you are unhappy with how we have used your personal information. You can contact us using our secure online contact form.

You also have the right to complain to the Information Commissioner’s Office. Find out on their website how to report a concern.

If you have any queries regarding this privacy notice you can contact our Data Protection Officer on Tel: 01423 558606