Privacy Policy

We respect the privacy of its visitors and users, and is fully committed to protect their personal information and use it properly in compliance with data privacy laws. This policy describes how we may collect and use personal information, and the rights and choices available to our visitors and users regarding such information.

Who we are

Our website address is:
The company is Trelowen Mor Ltd.  – Co. No.:08672260. Vat Reg. 203 5129 52

What personal data we collect and why we collect it

The Castle Tap primarily collects data that you provide us voluntarily


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

To learn more about how Google processes your data, please visit To opt out, please visit


While you visit the shop, the automated Woocommerce system will track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of basket contents while you’re browsing our site.

When shopping, Mailchimp for Woocommerce keeps a record of your email and the cart contents for up to 30 days on our server. This record is kept to repopulate the contents of your cart if you switch devices or needed to come back another day. Read that privacy policy here.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for XXX years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.


Payments are processed by Square.
Square collect Customers’ Data when they transact through use of Square’s products and Services, for instance when they make a payment at our establishment, or schedule an appointment, or receive an invoice. The particular Customer Data they collect will vary depending on how and which products and Services are used.
Square Customers’ Data may include:

  • Device Information. Information about the pub’s device, including hardware model, operating system and version, device name, country and language settings, unique device identifier, mobile network information, and information about the device’s interaction with our Services.
  • Financial Information. Bank account and payment card numbers.
  • Identification Information. Name; email address; mailing address; phone number; government-issued identification; or other historical, contact, and demographic information, and signature.
  • Location Information. The location of a Customer’s (your) device if they pay with Apple or Android Pay.
  • Transaction Information. When you use Square Services to make or record payments to the Castle Tap, Square collect information about when and where the transactions occur, the names of the transacting parties, a description of the transactions which may include item- level data, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions.
  • Use Information. Information about how You transact with the Castle Tap using Square Services, including access time, “log-in” and “log-out” information, browser type and language, country and language setting on your device, IP address, the domain name and location of Your Internet service provider, other attributes about Your browser, mobile device and operating system, features You use, and the date and time of use of the Services.
  • Other Information We or You May Provide. Information that You voluntarily provide us, or that we input into Square’s systems or Services about you (with your permission). For example, survey responses; participation in contests, promotions, or other prospective seller marketing forms or devices; suggestions for improvements.
  • Identification Information. You may also choose to provide identification information to Square such as name, email address, or telephone number, which they link to a tokenized version of their payment card number.

Square also use standard contractual clauses when they transfer our personal data to third parties outside the EEA or we adopt other means to ensure that adequate safeguards are applied to your personal data, such as a relevant third party’s Privacy Shield certification or binding corporate rules (approved by EU data protection authorities and put in place to protect your personal data) First Data and Master Card have implemented binding corporate rules.

For more information about our security practices, please visit

To protect Square account holders and their customers, all information entered by our customers has been encrypted and submitted to our servers securely. Square meets Level 1 PCI Data Security Standards. As per our TermsSecurity Policy and Privacy Policy, we will never sell information to third-party vendors.

Physical and Network Security

  • Fully encrypted: Square performs data encryption within the card reader at the moment the card comes in contact with the reader.
  • Sensitive data is encrypted using industry-standard methods when stored on disk or transmitted over public networks.
  • Only standard, well-reviewed cryptographic protocols and message formats (such as SSL and PGP) are used when transferring data.
  • Symmetric cryptographic keys are required to be at least 128 bits long. Asymmetric keys must be at least 2048 bits long.
  • Security updates and patches are installed on servers and equipment in a timely fashion.
  • Security settings of applications and devices are tuned to ensure appropriate levels of protection.
  • Networks are strictly segregated according to security level. Modern, restrictive firewalls protect all connections between networks.
  • Card-processing systems adhere to PCI Data Security Standard (PCI-DSS), Level 1.

Web and Client Application Security

  • Card numbers, chip and magnetic stripe data and security codes are not stored on Square client devices.
  • Applications developed in-house are subject to strict quality testing and security review. Web development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
  • Card-processing applications adhere to the PCI Data Security Standard (PCI-DSS), Level 1.

Organisational Security

  • Access to sensitive data, including application data and cryptographic keys, is strictly controlled on a need-to-know basis.
  • Two-factor authentication and strong password controls are required for administrative access to systems.
  • Security systems and processes are tested on a regular basis by qualified internal and external teams.
  • All access to secure services and data is strictly logged, and audit logs are reviewed on a regular basis.
  • Security policies and procedures are carefully documented, and are reviewed on a regular basis.
  • Detailed incident response plans have been prepared to ensure proper protection of data in an emergency.

Payment Card Industry Data Security Standard

Square complies with the Payment Card Industry Data Security Standard (PCI DSS) on your behalf so you do not need to individually validate your state of compliance. The following are items that Square has addressed on your behalf:

  • The Square app does not retain payment card data on the mobile device or within the application.
  • The Square app uses the Square Reader to encrypt all card-present transactions at the point of swipe, so information remains encrypted throughout transmission from the reader, to the application, to Square’s data centres. All communications are secure whether connected to the Internet via wireless or cellular data network (EDGE, 3G or 4G.)
  • The Square app enables you to enter payment card data. In addition, you can review transactions via the online dashboard or within the application itself. Square does not surface or display the full credit card number to the seller so there is no way to inadvertently display this data to any Square account holder.
  • The Square app provides an application that is secure by default allowing customers to focus on their business. There are no configurable security controls within the application.
  • The Square app does not require or permit remote connectivity to the application.
  • The Square app updates are available through the Apple iTunes and Google Play stores.


Who we share your data with

If you request a password reset, your IP address will be included in the reset email.
The Castle Tap does not directly share your information with any agencies or companies except through its use of Siteground as hosting platform (as outlined above) or, as permitted by local data protection laws, to relevant authorities for legal or safeguarding purposes. We may disclose or otherwise allow others access to your Personal Information pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if we have good faith belief that the law requires us to do so, with or without notice to you.

Personal Information of Visitors is not downloaded, printed or stored by employees.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

If you reside in Europe, you have the right under certain circumstances:

  • to be provided with access to your personal data held by us;
  • to request the rectification or erasure of your personal data held by us;
  • to request that we cease processing your data;
  • to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
  • to object to profiling activities based on our own legitimate interests;
  • to object to solely automated processing producing legal or similar effects;
  • to request that your data be transferred to a third party (data portability);
  • to withdraw your consent to our processing of your data (where such processing is based on consent); and
  • to lodge a complaint with the data protection authority in your jurisdiction.

If you have contacted us and provided contact information (e.g. email or phone details) we may assume your consent to use these to contact you further regarding our services and products or to follow up on your communication; if you do not wish to be contacted please notify us.
If at any point you wish to find out about or amend any information we hold about you or if you don’t want us to process your data anymore please contact us directly at or write to us at 120 Castle Steet, Reading UK.

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements

We collect information about you during the checkout process on our store.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

What we share with others

We share information with third parties who help us provide our orders and store services to you; for example —