Privacy Policy

1. Who we are

OnlyMayfair is an independent editorial publication covering Mayfair, London W1, operated by Bloodstone Ltd (“OnlyMayfair”, “we”, “us”, “our”). Bloodstone Ltd is the data controller for personal data processed via onlymayfair.com.

Contact: info@onlymayfair.com.

2. What we collect, and why

Newsletter subscribers

When you subscribe to The Mayfair Edit we collect your email address. Lawful basis: consent (UK GDPR Art. 6(1)(a)). We use it only to send the newsletter and operational messages about your subscription. You may unsubscribe at any time using the link in any newsletter or by emailing us.

Contact and claim form submissions

When you contact us or submit a venue claim, we collect your name, email, optional phone and role, the venue details you provide, and your message. Lawful basis: legitimate interests (UK GDPR Art. 6(1)(f)) - responding to your enquiry. Records are retained for up to 24 months and then deleted, unless they form part of an ongoing business relationship.

Paid listings and subscriptions

If you subscribe to a paid listing tier (Bronze, Silver, Gold, or Platinum), our payment processor Stripe Payments UK Limitedcollects your billing details directly. We receive a customer ID, the email used at checkout, the subscription status, and the tier - never your full card details. Lawful basis: contract (UK GDPR Art. 6(1)(b)).

Analytics

When you accept analytics in our cookie banner, we set Google Analytics 4 cookies and process pseudonymous information about your visit (page views, time on page, referrer, approximate location at city level, device category). Lawful basis: consent. Until you accept, no analytics cookies are set and no analytics events fire.

Server logs

Like every website, our hosting provider (Vercel) keeps short-term logs of HTTP requests, including IP addresses and user agents, for security and operational purposes. Lawful basis: legitimate interests. These logs are deleted on Vercel’s standard retention schedule.

3. Who we share data with

We use the following processors. They process data on our instructions and have appropriate safeguards in place.

• Supabase (EU region) - database storage of articles, venues, subscribers, claims, and account records.
• Vercel - website hosting and serverless functions.
• Stripe Payments UK Limited - payment processing for paid listings.
• Resend (Resend, Inc.) - transactional and newsletter email delivery from @onlymayfair.com.
• Google LLC (Google Analytics 4) - website analytics, only with your consent.
• Anthropic PBC - the AI service we use to draft editorial copy. We do not send your personal data to Anthropic; only publicly available news content is processed.

Some of these processors are located outside the United Kingdom. Where this is the case, transfers are protected by the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an applicable adequacy decision.

We do not sell your personal data. We do not share it for marketing purposes with any third party.

4. Cookies

We use the strictly necessary cookies required to operate the site (for example a session cookie and your cookie preference itself). With your consent we also set Google Analytics cookies (typically _ga and _ga_*) for up to 13 months. You can change your choice at any time by clearing your browser data or clicking the cookie link in our footer (where available).

5. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Request deletion of your data (the right to be forgotten).
• Restrict or object to our processing of your data.
• Receive your data in a portable format.
• Withdraw consent at any time, for processing based on consent.
• Lodge a complaint with the Information Commissioner’s Office (ico.org.uk).

To exercise any of these rights, email info@onlymayfair.com. We aim to respond within one month.

6. Retention

We keep personal data only as long as we need it for the purpose it was collected, plus a short reasonable period for legal and audit purposes:

• Newsletter subscribers - until you unsubscribe.
• Contact / claim form records - up to 24 months from last activity.
• Subscription billing records - 7 years (UK tax law).
• Analytics data - 14 months by default (GA4 setting).

7. Security

Data is stored on encrypted infrastructure with our processors. Access to operational systems is restricted to authorised members of Bloodstone Ltd via individual accounts with two-factor authentication where supported. We will notify you and the ICO of any qualifying data breach within 72 hours of becoming aware of it.

8. Children

OnlyMayfair is intended for adult readers. We do not knowingly collect personal data from anyone under 16. If you believe we have, email us and we will delete it.

9. Changes to this notice

We may update this notice from time to time. The “Last updated” date at the top will change. Material changes will be highlighted on the homepage or by email to subscribers.

10. Contact

Questions about this notice or your data: info@onlymayfair.com.