Privacy Notice

Our commitment to your privacy

Your privacy is of the highest importance to us. Wiston House is committed to meeting its Data Protection obligations and ensuring the protection and security of all personal information. We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect your personal information, through our interactions with you and your events, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

When we ask you for information, we will keep to the law, including the Data Protection Act 2018.

Who we are

We are Wilton Park Executive Agency, trading as “Wiston House”. We are an executive agency of the UK Foreign and Commonwealth Office and for more information about us, see the “About Us” page on our website.

We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the Data Protection Act 2018 and the General Data Protection Regulation (“GDPR”), which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Should we ask you to provide any information by which you can be identified when attending an event, making an email enquiry or visiting our website, you can be assured that it will only be used in accordance with this privacy notice.

In regard to our website, events, “eMarketing” and other associated marketing activities, Wiston House manages client data and is compliant with all applicable data protection legislation (including the Privacy and Electronic Regulations 2003) and will treat all personal information as confidential.

EU Exit

Although the UK has now left the EU, the GDPR still applies during the transition period which ends on 31 December 2020. As the GDPR is an EU regulation, it will no longer apply after the transition period has ended. After the transition period, the UK Government intends to incorporate the GDPR into UK data protection law.

Personal data we collect

Wiston House collects data to keep in touch with you, operate efficiently and provide you with the best experience when contracting for a Wiston House event. You provide some of this data directly, such as through our booking form, meeting with us to discuss your events and through your interaction with our website (see “Cookies” below) and use of our online booking service.

The personal information we collect about you depends on how, and the purposes for which,  you interact with us. Such information may include:

  • your name, address and contact details;
  • date of birth;
  • bank account and payment details;
  • details of any feedback you give us by phone, email, post or via social media; and
  • information about the services we provide to you.

We use this personal information to:

  • create and manage your event at Wiston House;
  • verify your identity;
  • provide goods and services to you;
  • customise our website and its content to your particular preferences;
  • notify you of any changes to our website or to our services that may affect you; and
  • improve our services.

In addition to the above, our venue, Wiston House, has CCTV externally around the site and you may be recorded when you visit. CCTV is there to help provide security and to protect both you and Wiston House. Access to CCTV is limited to authorised staff and viewed as part of our security (e.g. to detect or prevent crime) and footage is only stored temporarily. Unless it is flagged for review, CCTV will be recorded over. Wiston House complies with the Information Commissioner’s Office CCTV Code of Practice, and notices are in place to advise CCTV is in use.

We do not knowingly collect or use personal information relating to children.

Our legal basis for processing your personal information

When we use your personal information, we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what personal information we process and why. The legal bases we may rely on include:

  • consent: where you have given us clear consent for us to process your personal information for a specific purpose.
  • contract: where our use of your personal information is necessary for a contract, we have with you, or because you have asked us to take specific steps before entering into a contract.
  • legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations).
  • legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information, which overrides our legitimate interests).

Further information—the personal information we collect, when and how we use it

For further details on when we collect personal information, what we collect as well as how we use it, please read the following sections:

When information is collected What information we ask for How and why we use your information
When you register your details with us Contact details: your name, address, email address and/or phone number We ask for this:

  • to enable us to give you a quote for your event at Wiston House
  • to communicate with you about your potential, or booked event at Wiston House


We rely on consent as the lawful basis for collecting and using your personal information.


We will keep this information for six (6) months.

Information about the services we shall/propose to provide to you Preferences such as dietary requirements, medical conditions, access requirements for guests with disabilities, etc. We ask for this to enable us to provide the services and goods for your event (or potential event) at Wiston House


We rely on consent as the lawful basis for collecting and using your personal information.
We will keep this information for three (3) months after the relevant event.

When you give us feedback Your feedback, name and contact details (including email, phone number and/or address) We ask for this to enable us to provide a quality service at Wiston House and understand if there were any issues with the services and/or goods provided by us for your event at Wiston House.


We rely on consent as the lawful basis for collecting and using your personal information.


We will keep this information  for three (3) months

Information relating to your appearance is collected through our use of CCTV cameras. We don’t ask for this information but notify you it is being collected. We rely on legitimate interest as the lawful basis to collect personal information through our use of CCTV footage. Our legitimate interest is the prevention and detection of crime.





































We will only use and store information for as long as it is required for the purposes it was collected for. We continually review what information we hold and delete what is no longer required.
Who we share your personal information with
We may routinely store some of your data on our email campaign tool, Mailchimp. This is a cloud application with servers based outside of the EU. We will not store data on the Mailchimp tool without your prior consent. This data processing by Mailchimp enables us to undertake more effective marketing and email campaigns. For further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’ below.

We may share your personal information with those providing services at your event. For example, we will need to advise caterers as to special dietary requirements.

We will share personal information with law enforcement or other authorities if required by applicable law. We will not share your personal information with any other third party.

Whether information has to be provided by you, and if so why

We require you to provide the personal data set out above under “Personal Data We Collect” to enable us to provide you with goods and services for your event (or potential event) at Wiston House. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.

Transfer of your information out of the EEA

We may transfer your personal information to Mailchimp, which is located outside the European Economic Area (EEA) as per the details set out above under “Who we share your personal information with”.

Such countries do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision that the USA provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to the EU/US Privacy Shield (as permitted under the GDPR), which is designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. To obtain information about the EU/US Privacy Shield, please visit

If you would like further information, please contact our Data Protection Officer (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Cookies and similar technologies

When interacting with us through our website we may use cookies.  A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or another electronic device) when you use our website. We use cookies on our website. These help us recognise you and your device and store some information about your preferences or past actions.

For further information on our use of cookies, please see our Cookie Policy or for further information on cookies generally visit or


We would like to send you information about events, services, competitions and special offers at Wiston House, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, or telephone.

We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when you complete our online enquiry  form for the first time.

If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:

  • contacting us as per the details listed below under “How to Contact Us”
  • using the ‘unsubscribe’ link in emails

It may take up to five (5) working days days for this to take place. For more information on your rights in relation to marketing, see ‘Your rights’ below.

Your rights

Under the GDPR you have a number of important rights free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your use personal information
  • access to your personal information and to certain other supplementary information that this privacy notice is already designed to address
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal information concerning you in certain situations
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal information concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the GDPR. If you would like to exercise any of those rights, please:

  • email, call or write to our Data Protection Officer;
  • let us have enough information to identify you;
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know the information to which your request relates , including any account or reference numbers, if you have them.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have the following procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

  • All electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means).
  • Our staff receive data protection training and we have a set of detailed data protection procedures which staff are required to follow when handling personal data.

How to complain
We hope that we can resolve any query or concern you raise about our use of your information. The data protection legislation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at:

Phone: +44 (0) 8456 30 60 60 or +44 (0) 1625 54 57 45

Fax: +44 (0) 1625 524510


Changes to this privacy notice

This privacy notice  was published on May 2018 and last updated in March 2019.

We may change this privacy notice from time to time, when we do we will inform you by email.

How to contact us

Please contact our Data Protection Officer, if you have any questions about this privacy notice or the information that we hold about you at:

Data Protection Officer, Wilton Park, Wiston House, Steyning, West Sussex BN44 3DZ

Tel: +44 (0) 1903 815020 | Email: