Privacy notice
What we hold on you, and how to make us stop.
Last updated 17 July 2026
Who we are
aethervallis is an independent editorial publication compiled by Iris Fenwick in Bristol, United Kingdom. It is not a registered company and has no company number, so we are not going to invent one for this page. For data protection purposes the controller is the publication's editor, reachable at [email protected]. This notice is written under the UK GDPR and the Data Protection Act 2018.
What we collect
- The subscription form: your name and your email address. That is all the form asks for. There is no phone field, and we do not want your number.
- If you email us: your address and whatever you put in the message.
- Server logs: our host records IP address, user agent, requested page and timestamp, as web servers do, for security and to keep the site running.
- Push subscription data: if you allow browser notifications, our push provider generates a subscription identifier tied to your browser, along with device and browser type. This is described below and on the cookies and push page.
Why, and on what lawful basis
- Sending you updates and notifications about changes to the entry rules and prices in this dossier: your consent, UK GDPR Article 6(1)(a). You gave it with the tick box; you can take it back at any time and it costs you nothing to do so.
- Replying to your email: our legitimate interests, Article 6(1)(f), in answering someone who wrote to us.
- Server logs and site security: legitimate interests, Article 6(1)(f), in operating the site and defending it from abuse.
We do not use your data to profile you, we do not make automated decisions about you, and we do not run advertising or analytics trackers on this site.
Who else processes it
Two processors, under Article 28 contracts:
- Our hosting provider, which stores the site and generates the server logs.
- OneSignal, Inc., a company in the United States, which operates the email and web push subscription service behind the form on this site. Your name, your email address and your push subscription identifier are processed by OneSignal on our instructions. Its privacy policy is at onesignal.com/privacy_policy.
We do not sell your data. We do not share it with the hotels or casinos in this dossier, or with anyone else, unless we are legally required to.
Data going outside the UK
Yes, some does, and we would rather say so plainly than bury it. OneSignal, Inc. is based in the United States, so your name, email and push identifier are transferred there. That transfer is covered by the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (the UK IDTA/Addendum mechanism under Article 44 and following), together with the supplementary measures set out in OneSignal's data processing terms. If you would rather no data left the UK, do not use the form: nothing else on the site asks anything of you.
What the push service does on your device
If you allow notifications, the OneSignal SDK loads from OneSignal's CDN, registers a service worker file on this domain, and stores identifiers in your browser's localStorage and IndexedDB. This is how a push subscription works technically; it is not analytics and we cannot read your browsing with it. The permission prompt itself comes from your browser, not from us, and refusing it breaks nothing on this site.
How long we keep it
- Subscription data (name, email, push identifier): until you withdraw consent or unsubscribe, and then it is deleted. If you have not opened anything from us for three years we will delete you anyway rather than sit on a dead address.
- Emails you send us: up to two years, so we can pick up a correction thread later, then deleted.
- Server logs: a short rolling window, typically no more than 30 days, per our host's standard configuration.
Your rights
Under the UK GDPR you have the right to be told what we hold on you and get a copy of it (access), to have it corrected (rectification), to have it deleted (erasure), to restrict how we use it, to object to our processing on legitimate interests grounds, and to receive your data in a portable form. Where we rely on consent, you can withdraw it at any time; withdrawing does not undo anything lawful we did before you withdrew.
To exercise any of it, write to [email protected]. We will reply within one month and we will not make you explain yourself. There is no charge.
Complaining
If you think we have handled your data badly, tell us first and we will try to sort it out. You also have the right to complain to the UK's supervisory authority at any point:
Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Helpline 0303 123 1113. ico.org.uk
Children
This dossier is written for adults and covers venues with an age limit of 18 or over. We do not knowingly collect data from children. If a child has subscribed, write to us and we will remove the record.
Changes
If this notice changes materially we will date the change at the top of the page and, where the change affects what we do with your data on the basis of consent, ask you again rather than assume.