About this policy

This privacy policy explains how Visit East Anglia Limited uses your personal data when you visit our websites or interact with our services.

It applies to:

It tells you what personal data we collect, why we collect it, how we keep it safe and the rights you have under UK data protection law.

You can read, print or save this policy. Use the headings below to jump to a section:

Who we are and how to contact us
The personal data we collect
How we use your personal data
Cookies and similar technologies
Our legal bases for processing
When you must provide personal data
Your data protection rights
Automated decision making and profiling
Who we share your personal data with
How we keep your personal data safe
Marketing preferences
International transfers
How long we keep your personal data
Complaints
Updates to this policy

Who we are and how to contact us

These websites are operated by Visit East Anglia Limited (we, us, our). We operate under the brand names Visit East of England, Visit Norfolk and Visit Suffolk.

Contact details

Email: info@visiteastofengland.com
Post: Visit East Anglia Limited, Bankside 300, Peachman Way, Broadland Business Park, Norwich NR7 0LB
Please mark any request about your personal data: “Data subject request”

Our website platform provider
Our websites and content management system are provided by DestinationCore (the “DestinationCore platform”). DestinationCore acts as a supplier that supports us in operating and hosting the sites and related functionality.

The personal data we collect

Personal data you provide to us

You may provide personal data when you:

Contact us via a form, email or phone
Subscribe to newsletters or updates
Enter a competition, survey or promotion
Register for an event or request business support
Submit content (for example, listing updates, event submissions, images or other materials)
Create or manage an account (where available)

This may include:

Name, email address, phone number and postal address
Organisation name, job title and business contact details (if relevant)
Message content and correspondence with us
Preferences such as marketing choices or interests
Any information you include in submissions or uploads

Personal data we collect automatically

When you use our websites, we may collect technical and usage data such as:

IP address
Browser type and version, device type, operating system
Approximate location (derived from IP address)
Pages viewed, links clicked, time spent on pages and referring pages
Errors, performance and diagnostic data

This information is collected using cookies and similar technologies. See Cookies and similar technologies.

Personal data from third parties

We may receive personal data from third parties where you choose to use their services in connection with us, for example:

Event registration and ticketing providers
Payment providers (if you purchase from us)
Social media platforms (if you contact us through them)
Partners we work with on campaigns, promotions or research (where lawful and appropriate)

How we use your personal data

We use personal data to:

Provide and administer our websites and services
Respond to enquiries, requests and feedback
Manage event registrations, bookings, competitions, surveys and related communications
Support tourism businesses engaging with us and maintain accurate business information (where relevant)
Improve our websites, content and user experience through analytics and testing
Maintain security, prevent fraud and protect our systems
Comply with legal obligations and respond to lawful requests
Send marketing communications where permitted and in line with your preferences

Public information on listings and submissions
If you submit information for publication (for example, a business listing, an event or related content), the details you provide may be displayed publicly on the relevant website. This can include business contact details where you choose to provide them for public display. Please only submit content you have the right to share.

Cookies and similar technologies

We use cookies and similar technologies to:

Make the sites work properly
Remember preferences and settings
Understand how visitors use the sites and improve performance
Help measure the effectiveness of campaigns

Some cookies are set by third parties whose tools or content appear on our sites (for example, embedded maps, videos or social media content).

For full details, including how to manage your choices, please see our Cookie policy.

Our legal bases for processing

We process your personal data under UK GDPR using one or more of these legal bases:

Contract: where you ask us to provide a service or you enter into a contract with us
Legitimate interests: where it is necessary for running and improving our organisation, provided your rights do not override those interests
Consent: for certain activities such as email marketing (and for non-essential cookies, as applicable)
Legal obligation: where we must process personal data to comply with the law

Summary of common processing activities

Personal data

What we use it for

Legal basis

Name and contact details

Responding to enquiries and providing requested information

Legitimate interests and or contract

Account and listing details (where applicable)

Administering accounts, maintaining listings, handling submissions

Contract and or legitimate interests

Marketing preferences and contact details

Sending email updates where you have opted in, managing unsubscribe requests

Consent (and legitimate interests in limited business contexts where permitted)

Technical and usage data

Operating, maintaining, securing and improving our sites

Legitimate interests

Event registration information

Managing registrations, attendance and event communications

Contract and or legitimate interests

When you must provide personal data

You are not legally required to provide personal data to us. However, if you choose not to provide certain information, we may be unable to respond to your enquiry, process a booking, provide an account or complete a service you have requested.

Your data protection rights

You have rights under UK data protection law, including the right to:

Access your personal data
Correct inaccurate data
Request deletion of your data (in certain circumstances)
Restrict processing (in certain circumstances)
Object to processing based on legitimate interests (in certain circumstances)
Data portability (in certain circumstances)
Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us using the details above and mark your request “Data subject request”.

Automated decision making and profiling

We do not carry out automated decision making or profiling that produces legal effects or similarly significant effects for individuals.

Who we share your personal data with

We may share personal data with:

DestinationCore, as our website and platform provider
IT and hosting suppliers that help operate and secure our systems
Email marketing providers (if you subscribe to newsletters)
Event registration and ticketing providers (where you register for an event)
Analytics providers that help us understand website performance
Professional advisers (for example, legal, audit or insurance) where necessary
Law enforcement, regulators and other authorities where required by law

We only share personal data where necessary and we require suppliers to protect it appropriately.

How we keep your personal data safe

We use organisational and technical measures designed to protect personal data, including:

Access controls so only authorised people can access data
Secure systems and supplier due diligence
Staff awareness and data protection training
Procedures to identify, manage and report data security incidents

No method of transmission over the internet is completely secure. Where you submit information online, you do so at your own risk, but we take appropriate steps to protect it once received.

Marketing preferences

We send direct marketing by email where we have permission to do so. You can unsubscribe at any time using the link in any marketing email, or by contacting us.

We do not sell your personal data to third parties for their own marketing.

International transfers

Some of our suppliers may process personal data outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses with the UK Addendum, the UK International Data Transfer Agreement, or other lawful mechanisms.

How long we keep your personal data

We keep personal data only for as long as necessary for the purpose it was collected, including for legal, accounting or reporting requirements. Typical retention periods include:

Enquiries: kept while we deal with the enquiry and then typically deleted within 3 months after the last contact
Email marketing: kept until you unsubscribe or we remove inactive addresses where delivery repeatedly fails
Business accounts, listings and submissions (where applicable): kept while active and for a reasonable period afterwards to manage queries, audits and reporting
Event registrations: kept for planning and delivery, then retained for a reasonable period to manage follow-up and any related queries
Financial records: retained for the period required by law (typically up to 7 years)

We may anonymise data and keep anonymised statistics for longer, as they no longer identify individuals.

Complaints

If you have concerns about how we use your personal data, please contact us first so we can try to resolve the issue.

You can also complain to the UK supervisory authority, the Information Commissioner’s Office (ICO).

Updates to this policy

We may update this policy from time to time. The latest version will always be available on our websites.

Policy version: 2
Last updated: 27 February 2026

_Our Privacy Policy