Privacy Notice – Missenden Abbey Conference Centre

 Missenden Abbey Ltd is a subsidiary of Buckinghamshire New University (BNU) and operates as a conference, wedding and events venue. This Privacy Notice provides essential information about how your personal data is handled and the rights you have in relation to how your data is used.

BNU is a registered data controller and is responsible for looking after the personal data that you provide to us. We are committed to complying with the data protection principles set out in the Data Protection Act 2018 in a clear and transparent way.

If you have any concerns with regards to the way your personal data is being processed or have a query with regard to this Notice, please contact the Data Protection Officer at .

Purpose of this notice

This privacy notice explains when and why we collect personal information about you when you make an enquiry, booking or attend an event at Missenden Abbey and how we will use this information including the ways we might share this with others.  It also explains how we keep your information secure and the rights you have in relation to the information we hold about you.

Why do we collect and process your personal data?

We collect and use your information for the following purposes.

Purpose 1:  Managing an enquiry.

We collect and use your information to

  • process and respond to your enquiry whether it be though an online booking form, by email or in person
  • manage your attendance at one of our events.

Purpose 2: Managing a Booking.

We collect and use your information to

  • book the accommodation, activities or facilities that you have requested
  • enter into communication with you in order to perform the contract that we entered in with you.

Purpose 3: Attending an event

We collect and use your information to:

  • record your attendance at event organised by ourselves or a third party.

Purpose 4: Providing you with marketing information

We collect and use your information to:

  • process your entry for competitions you enter either online or in person
  • subscribing to our mailing list
  • providing feedback to help with business development.


What is the legal basis for processing your data?

To process your personal data, the University must have a basis in data protection law. We will broadly rely on:

Consent Article 6 (1)(a) The Purpose is necessary for us to respond to an enquiry that you have made to Missenden Abbey Ltd and to provide you with information about events or opportunities that we believe you may be interested in.

  • Purpose 1: Managing an Enquiry
  • Purpose 4: Providing you with marketing information

Contract Article 6 (1)(b).  The purpose is necessary for the performance of a contract with you or to take steps, at your request, before entering into such a contract. This is the contract between Missenden Abbey Ltd and an individual who has made a booking either to hold or to attend an event.

This legal basis will be used to achieve the following purposes:

  • Purpose 2: Managing a booking.
  • Purpose 3: Attending an event.


What categories of personal data do we collect and process?

The personal information we collect and hold as part of enquiry, booking or attendance includes:

  • Title
  • First Name
  • Last Name
  • Address
  • City
  • Post Code
  • Mobile Number
  • Email address
  • Details of your enquiry.
  • Date of booking or attendance
  • Time of booking
  • Comments made

Where do we get your personal data from?

Most of the information above will have been provided by you and will have been collected through your original enquiry or booking through the online system or by your attendance at an event that has been organised by ourselves or a third party.

Who might we share your data with?

Missenden Abbey will never share your information with third parties unless you have provided consent to do so. The only instances where this may occur is if you attend an exhibition at our venue whereby suppliers would like access to your information. In this case, you would be required to either provide or reject consent when signing in at the event.

We will not share your data with any third party however Missenden Abbey may receive your personal information in the form of an enquiry from the following (but not limited to) platforms that you may have submitted your information with:


This information can include but is not limited to your name, email address, telephone number, address, event budget and company details.


How we use you information for promotional and marketing activities

We would like to send you information about upcoming events, company news, special offers and fundraising activities. We will only send you marketing communications if you have expressed legitimate interest into a particular product or service or if you have consented and subscribed to our full mailing list.

You can opt-out of our mailing list at any time by opening one of our promotional emails and clicking “unsubscribe”.

Unsubscribing from our mailing list does not automatically delete your information from our collection.


Details of data transfer to any third countries or international organisation

We may transfer your personal data outside the UK in the following circumstances:

Where we use a cloud-based IT system to hold your data, and the data in the cloud is stored on servers located outside the UK in a country which is not subject to an adequacy decision.  In these circumstances we safeguard your data through undertaking appropriate checks on the levels of security offered by the cloud provider and entering into a contract with them which applies protections of the same type and level required by data protection laws within the UK.


How do we look after your data and who has access to it?

We are committed to the protection and security of your personal data. Access to personal data is carefully controlled and will be seen only by authorised members of staff. We will ensure that appropriate measures are taken against its unlawful or unauthorised processing, and against its accidental loss or damage.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


How long do we keep your personal data for?

We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use. All information is stored on an encrypted server and cannot be accessed by anyone outside of the organisation. Missenden Abbey is now operating as a paperless company and therefore no paper records containing your information is stored.

Missenden Abbey will store your information for various retention periods depending on the type of information it is and what the law states. The table below outlines how long we will keep your information based on where it was collected from.

Information Collected from Retention Period
Enquiry 1 year (from date of enquiry)
Booking 3 years (from the date of the event)
Payment Transaction 6 years (from the end of the financial year)
Mailing List Subscription Until opt-out


What are your rights as a data subject?

The following rights apply to the personal data collected in this notice. Please contact  if you wish to exercise your rights:

  • Right of access to confirmation of processing and copies of your personal data
  • Right to rectification if personal data we hold about you is incorrect
  • Right to restrict processing of your personal data
  • Right to complain to the Information Commissioner’s Office about how we handle your data.


In some circumstances you also have the following rights:

  • Right to object to our processing of your personal data
  • Right to request erasure of your personal data (deletion)
  • Right to data portability


What should you do if you have concerns about the way we process your personal data?

If you have any concerns with regards to the way your personal data is being processed or have a query about this Notice, you can contact the Data Protection Officer directly by e-mail or by post.

Data Protection Officer

Buckinghamshire New University

Queen Alexandra Road

High Wycombe

Buckinghamshire HP11 2JZ

If you remain unhappy with any aspect of the way your personal data is being processed then we ask that you discuss this with us first, however if you remain dissatisfied then you have the right to complain to the Information Commissioners Office:

Information Commissioner’s Office

Wycliffe House

Water Lane


Cheshire  SK9 5AF

BNU is registered as a controller with the Information Commissioner’s Office. Our registration number is: Z772474X


Changes to our privacy notices

This privacy notice will be reviewed on an annual basis or revised more frequently if necessary.

This notice was last reviewed on 22 August 2023.