Privacy Policy


Last Updated:  October 2021

This notice describes how Young & Co.’s Brewery, P.L.C., and its group of companies, (we, us or our) use cookies and collect (and then process) personal data obtained from you when you visit our websites or use our mobile application, On Tap (together our Digital Applications).

You acknowledge and agree that your personal data may be processed in accordance with this policy. Without this, we will be unable to provide you with certain marketing communications.




We are the data controller in respect of any personal data we collect about you.

We have appointed a data protection officer who is responsible for monitoring our data protection compliance.




We collect and process the following information about you; this is for the purposes explained in section 3.

  • Information you give us
    Name, email address (personal and/or work), postal address, encrypted password(s), telephone number(s), date of birth, gender, interests, preferences, and competition entry details and answers
  • Information automatically collected from you
    When you visit or use any of our Digital Applications, we automatically collect certain information from you (the majority of which is from a server log), including:

    • geo-location data
    • operating system and browser type
    • domain name requested
    • server log details
    • browser language
    • access times
    • application version, platform and settings
    • URL of the website you visited before browsing to our websites
    • time you spent on each page visited
    • URLs of the pages you visited on our websites
    • IP address used to connect your computer or mobile device to the internet
    • other information about your use of and actions on our websites

We may record or monitor calls, emails, text messages and other correspondence for training purposes to improve the quality of our offering and to prevent and detect fraud.

  • Information collected from third parties
    Google analytics – collects information about how visitors use our Digital Applications.Doubleclick (Data collection for Google Adwords) – collects information about how visitors use our Digital Applications.Authentication information – see section 10




We may use your personal data for any or all of the following purposes:

  • to provide a high level of customer service (including assisting with any of your enquiries and bookings) and to notify you of any security and data breach alerts, and technical notices (including services messages and updates to our Digital Applications and terms);
  • to help operate, maintain and improve our offering and our Digital Applications;
  • to communicate with you about our offers, promotions, upcoming events, reviews and other news or those of our selected partners – this may be via email, telephone, text message and/or push notification – you can change your marketing preferences (including the way in which we contact you) by visiting our preference centre – see section 12*;
  • to facilitate profiling, segmentation and personalisation – these may be based on location, preferences, interests and past actions (including in-pub purchases, hotel stays and restaurant bookings);
  • to meet our legal obligations and for establishing, exercising or defending our legal rights;
  • to compile reports and to help us understand and improve our Digital Applications; and
  • to enable us to carry out targeted online advertising more likely to be relevant to you.

For more information about our use of cookies and other similar technologies, see section 11.




We sometimes need to share the personal information we process with other organisations and, where necessary or required, we may share your personal data with the following categories of third parties:

  • service providers and suppliers assisting with our business activities, business associates, customers, payment services providers, hosting providers, providers of IT support, advertising platforms, providers of booking systems, providers of cloud-based software or services used by us, accounting firms and law firms;
  • ombudsman, regulators, public authorities and security organisations, such as the police, HM Revenue & Customs and the Information Commissioner’s Office, to the extent required by law, regulation, court order or if necessary to establish, exercise or defend our legal rights, including if we suspect fraud or attempted fraud;
  • companies in the same group as us;
  • current, past and prospective employers, recruitment and employment agencies, trade and employer associations and professional bodies and educators and examining bodies;
  • financial organisations and advisors, credit reference agencies, debt collection and tracing agencies, and tenants;
  • staff including volunteers, agents and temporary and casual workers;
  • family, associates and representatives of the person whose personal data we are processing;

Furthermore, if this data is collected as part of an application process via

we may also share this data with the following:

  • current, past and prospective employers, recruitment and employment agencies, trade and employer associations and professional bodies and educators and examining bodies;




Some third parties to whom we may transfer your personal data may be located outside of the UK or the EEA. In the event of a transfer, we will seek to ensure that appropriate safeguards to protect your data are in place which could include entering into a data transfer agreement with such third parties to ensure adequate protection for your information. Examples of the types of contractual clauses we may use can be found at the following link:




We will process your personal data where it is necessary:

  • for the performance or entering into of a contract with you, including in order to provide our offering, process your payment and to respond to enquiries and bookings made by you;
  • for compliance with our legal obligations;
  • for the purpose of furthering our legitimate interests including to:
    • improve our offering and Digital Applications;
    • operate our Digital Applications efficiently and effectively;
    • carry out behavioural advertising; and
    • prevent, detect and investigate fraud or illegal activity.

We may also process your personal data on the basis of any consent given by you. This consent may be updated by visiting our preference centre – see section 12*.




We are committed to protecting your personal data and to keeping it safe and confidential. We will therefore ensure that appropriate technical and organisational physical, electronic and procedural safeguards are implemented to protect it. Access to your personal data will also be limited to our employees and certain third parties who process it on our behalf.




Your personal data will generally be stored for up to 5 years.

We may, however, keep your personal data for longer than 5 years if we need it to fulfil our contractual obligations to you, the law requires us to maintain it for a longer period or you have not withdrawn your consent.




You have the following rights, albeit some of them only apply under certain circumstances:

  • to have a copy of the personal data we have collected about you and to send a copy of it to another data controller;
  • to update or amend the personal data we have collected about you if it is inaccurate or incomplete;
  • to erase, or restrict the processing of, the personal data we have collected about you;
  • to object to the processing of the personal data we have collected about you, including in respect of any data processed for direct marketing purposes;
  • to withdraw any consents you have provided in respect of our processing of your personal data; and
  • to lodge a complaint with the Information Commissioner’s Office (

To exercise any of these rights, please contact us – see section 12.

If you want to amend your personal data or preferences, please visit our preference centre – see section 12*.




Our offering may contain links to third-party apps, services, tools and websites that are not affiliated with, controlled or managed by us (including Facebook, Instagram, LinkedIn and Twitter®) and these services and links may also include social networking features (such as the Facebook® “Like” button and widgets, “Share” buttons, and other interactive mini-programs). Additionally, you may choose to use your own social networking logins from, for example, Facebook or LinkedIn® to log into some of our services. If you choose to connect using a social networking or similar service, we may receive and store authentication information from that service to enable you to log in and other information that you may choose to share when you connect with these services. These services may collect information, such as the web pages you visited and IP addresses, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use or access as the privacy practices of these third parties will be governed by their own privacy statements. If you do not want your personal information shared with your social media account provider or other users of the social media service, please do not connect your social media account with your account for the services we provide and do not participate in social sharing.




We collect data about how you interact with our Digital Applications through the use of cookies and other similar technology.

What is a cookie?

Cookies are small text files containing small amounts of information which are downloaded to your computer or mobile device when you access our Digital Applications. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie.

Why do we use cookies?

Cookies are useful because they allow our Digital Applications to recognise your device. We use them to make our Digital Applications work, or work more efficiently, as well as to store information about your preferences or past actions. You can find out more information about cookies at

We also use cookies to enhance and improve your online experience (for example, by remembering your language and/or preferences) and to understand better how our Digital Applications are used. Cookies may tell us, for example, whether you have visited our Digital Applications before or whether you are a new visitor. They can also help to ensure that adverts seen online are more relevant to you and your interests. They cannot be used to identify you personally.

What types of cookies do we use and how?

We use the following types of cookies:

  • ‘session cookies’: these are allocated to your device only for the duration of your visit to our Digital Applications – they are deleted automatically once you close your browser; and
  • ‘permanent cookies’: these survive after your browser is closed and can remain on your device for a period of time – they can be used by our Digital Applications to recognise your computer or mobile device when you open your browser and browse the internet again.

These cookies may be served directly by us to your computer or mobile device (so-called ‘first-party cookies’) or by one of our service providers (so-called ‘third-party cookies’). A first-party cookie is only used by us to recognise your computer or mobile device when you revisit, or access content via, our Digital Applications. Third-party cookies can be used to recognise your computer or mobile device across different websites (and are most often used for analytical and advertising purposes).

What purposes do we use cookies for?

We use cookies for the purposes stated below:

  • essential cookies: these are essential to provide you with services available through our Digital Applications and to use some of their features, such as access to secure areas – without these, providing core functionality, such as transactional pages and secure login accounts, would not be possible;
  • analytics cookies: these are used to collect information about how you and others use our Digital Applications – the information gathered does not identify you and is aggregated – this includes the number of visitors to our Digital Applications, the websites or other applications that referred them to our Digital Applications and the pages that they visited on our Digital Applications – we use this information to help operate our Digital Applications more efficiently, to gather broad demographic information and to monitor the level of activity on our Digital Applications;
  • functionality cookies: these allow our Digital Applications to remember choices you make (such as your user name or the region you are in) and provide enhanced, more personal features – they can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize – they may also be used to provide services you have asked for, such as watching a video or commenting on a blog – the information these cookies collect may be anonymised and they cannot track your browsing activity on other websites;
  • performance cookies: these collect information about how you and others use our Digital Applications, for example, which pages are most visited, if error messages come up and how effective our online promotions are – they are only used to help us improve how our Digital Applications work and to ensure ease and speed of use;
  • marketing cookies: these facilitate online advertising – our Digital Applications, for instance, use remarketing with Google – third-party vendors, including Google, use these cookies to tailor adverts based on someone’s past visits to our Digital Applications and serve these across the web – you can set preferences for how Google advertises to you using the Google Ads Settings; and
  • social media cookies: these are used when you share information using a social media sharing button or “like” button on our Digital Applications or you link your account or engage with our content on or through a social networking site such as Facebook, Instagram, Twitter or Google+ – the social network will then record that you have done this and the information may be linked to advertising activities such as targeted banners.


What particular cookies do we use?

The following are our own cookies; they are controlled by us and used to provide information about usage of our Digital Applications. These are all session cookies and automatically expire when you close down your browser:

  • ci_session / ASPSESSIONIDQABRARAD / fueldid / PHPSESSID: these are unique identifiers for your session;
  • TextSize: this sets the text size;
  • TextType: this sets the graphic version;
  • js-cookie-notice: this remembers the status of your cookie banner; and
  • landing_auth: this remembers the status of your popups.

We use a number of suppliers who may also set cookies on their websites on their behalf. We do not control the use of these cookies, so you should check the third party websites for more information about them.

Relating to the user

Cookie name Description
  • Set when a user first lands on a page.
  • Persists the Hotjar User ID which is unique to that site.
  • Ensures data from subsequent visits to the same site are attributed to the same user ID.
  • 365 days duration.
  • JSON data type.
  • Set when a user first lands on a page.
  • Persists the Hotjar User ID which is unique to that site.
  • Ensures data from subsequent visits to the same site are attributed to the same user ID.
  • 365 days duration.
  • UUID data type.
  • Identifies a new user’s first session.
  • Used by Recording filters to identify new user sessions.
  • Session duration.
  • Boolean true/false data type.
  • User Attributes sent through the Hotjar Identify API are cached for the duration of the session.
  • Enables us to know when an attribute has changed and needs to be updated.
  • Session duration.
  • Hash data type.
  • Stores User Attributes sent through the Hotjar Identify API, whenever the user is not in the sample.
  • Collected attributes will only be saved to Hotjar servers if the user interacts with a Hotjar Feedback tool.
  • Cookie used regardless of whether a Feedback tool is present.
  • Session duration.
  • JSON data type.
  • Stores user viewport details such as size and dimensions.
  • Session duration.
  • UUID data type.


Relating to the session

Cookie name Description
  • Holds current session data.
  • Ensures subsequent requests in the session window are attributed to the same session.
  • 30 minutes duration.
  • JSON data type.
  • Causes Hotjar to stop collecting data if a session becomes too large.
  • Determined automatically by a signal from the WebSocket server if the session size exceeds the limit.
  • Session duration.
  • Boolean true/false data type.
  • If present, set to ‘1’ for the duration of a user’s session, when Hotjar has rejected the session from connecting to our WebSocket due to server overload.
  • Applied in extremely rare situations to prevent severe performance issues.
  • Session duration.
  • Boolean true/false data type.
  • Set when a session/recording is reconnected to Hotjar servers after a break in connection.
  • Session duration.
  • Boolean true/false data type.
  • Checks if the Hotjar Tracking Code can use local storage.
    If it can, a value of 1 is set.
  • Data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created.
  • Under 100ms duration.
  • Boolean true/false data type.
  • Set to determine if a user is included in the data sampling defined by your site’s pageview limit.
  • 30 minutes duration.
  • Boolean true/false data type.
  • Set to determine if a user is included in the data sampling defined by your site’s daily session limit.
  • 30 minutes duration.
  • Boolean true/false data type.
  • Used to detect the first pageview session of a user.
  • 30 minutes duration.
  • Boolean true/false data type.
  • We try to store the _hjTLDTest cookie for different URL substring alternatives until it fails.
  • Enables us to try to determine the most generic cookie path to use, instead of page hostname.
  • It means that cookies can be shared across subdomains (where applicable).
  • After this check, the cookie is removed.
  • Session duration.
  • Boolean true/false data type.


Relating to Recordings

Cookie name Description
  • Set when a Recording starts.
  • Read when the Recording module is initialized to see if the user is already in a recording in a particular session.
  • Session duration.
  • Boolean true/false data type.
  • Set in Session storage as opposed to cookies.
  • Updated when a user recording starts and when data is sent through the WebSocket (the user performs an action that Hotjar records).
  • Session duration.
  • Numerical Value (Timestamp) data type.

How to manage cookies?

You have the right to choose whether or not to accept cookies. However, if you do not accept our cookies, you may not be able to use the full functionality of our Digital Applications.

You can find more information about how to manage and remove cookies at or by visiting the websites relevant to the browser you are using. Below we have provided links to some of the most popular browser websites:




If you have any comments or questions, please contact us at Copper House, 5 Garratt Lane, Wandsworth, London, SW18 4AQ (marked for the attention of our Data Protection Officer), via phone (020 8875 7000) or via email (

If at any time you wish to change how we communicate with you (including the pubs or hotels you’d like to hear from) or what we communicate with you about, please visit our preference centre which is accessible from any of the emails that we send you. 

To unsubscribe from any of our marketing-related activities, please follow the link at the bottom of any of our e-communications. Alternatively, please contact us at and we will process your request. 

If you wish to make changes personal data collected within the On Tap App, or to delete your account, please email

From time to time we may tailor email marketing activities based on any preferences you have informed us of, for example specific Young’s pubs or hotels or personal interests. These can be updated via the preference centre, which is accessible from any of the emails that we send you.




Any changes we make to our privacy notice in the future will result in publication of an updated notice on this page and, where appropriate, notified to subscribers via email. 



Your enquiry has been successfully sent and our team will be back in touch with you soon to confirm your booking.

If you need to speak to speak to us sooner, give us a call on and a member of the team will be happy to help.