Loading...
How we collect, use, and protect your information
Effective: 25 March 2026Wedzway Ltd ("Wedzway", "we", "our") is committed to protecting your privacy. This policy explains how we handle personal data for users of wedzway.com, including couples, venues, wedding planners, and photographers.
Your data is encrypted and protected using industry-standard security measures. We are compliant with UK GDPR and EU GDPR regulations, ensuring your personal information is handled with the utmost care and transparency. We clearly explain what we collect, why we collect it, and how we use it throughout this policy.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (known as "anonymous data").
We may collect, use, store and transfer the following data about you:
For individuals planning weddings or attending as guests, we collect: full name and email address, wedding date, destination, and budget information, account login credentials (encrypted passwords), booking enquiry and message history with venues and service providers, communication preferences for marketing and transactional emails, and technical device and browser information to optimize your experience on our platform.
For wedding venues, planners, photographers, and other service providers, we collect: business name, address, and contact details, business registration numbers and VAT information where applicable, pricing structures, availability calendars, and portfolio content including images and descriptions, banking and payment information processed securely through Stripe (we do not store full payment card details), profile images and media uploads for your business listing, and correspondence and onboarding records to maintain service quality.
We use different methods to collect data from and about you including through:
This is information about you that you give us by filling in forms on our website or by corresponding with us by phone, email or otherwise. It includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site. The information you give us may include your name, address, email address and phone number, financial and credit card information, personal description and photograph.
With regard to each of your visits to our site we may automatically collect technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may also collect information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Contract performance: We process your personal data for account creation and management, as well as booking enquiries and communication with service providers. This processing is necessary to perform the contract we are about to enter into or have entered into with you.
Consent: We process your personal data for marketing emails only where you have opted-in and given us explicit consent. You may withdraw this consent at any time.
Legitimate interests: We process your personal data for platform improvement and analytics purposes. This is necessary for our legitimate interests in understanding how our platform is used and improving our services, provided your interests and fundamental rights do not override those interests.
Legal obligation: We process your personal data for fraud prevention, and maintaining financial and tax records. This processing is necessary to comply with legal and regulatory obligations to which we are subject.
Where we need to perform the contract we are about to enter into or have entered into with you. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Where we need to comply with a legal or regulatory obligation.
We use information held about you in the following ways:
To provide and manage our services: We carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us. This includes creating and maintaining your account, processing your searches and enquiries, and facilitating communications between couples and service providers.
To match couples with relevant venues and partners: We analyze your preferences, wedding date, destination, budget, and other requirements to recommend suitable wedding venues, planners, photographers, and other service providers that meet your specific needs. Our matching algorithm uses your profile information to ensure you receive personalized and relevant recommendations.
To process bookings and communicate confirmations: We use your information to facilitate booking requests, send confirmation emails, coordinate between couples and venues, and provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
To send service updates and transactional emails: We notify you about changes to our service, updates to your bookings or enquiries, responses from venues and service providers, and send you important account-related communications that are necessary for the operation of the service.
To personalise your experience: We ensure that content from our site is presented in the most effective manner for you and for your computer. This includes remembering your preferences, displaying venues in your preferred destinations, and customizing search results based on your wedding requirements.
To improve and develop the Wedzway platform: We administer our site and conduct internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. This helps us understand how users interact with our platform, identify areas for improvement, and develop new features that better serve our community.
To comply with legal obligations: We keep our site safe and secure, prevent fraud and unauthorized access, and comply with our legal and regulatory obligations including tax reporting, financial record-keeping, and responding to lawful requests from authorities.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You will receive marketing communications from us if you have requested information from us or purchased services from us and, in each case, you have not opted out of receiving that marketing.
We only send marketing emails if you have given us explicit consent. You may withdraw consent at any time by clicking 'Unsubscribe' in any marketing email or by contacting us at privacy@wedzway.com. Once you unsubscribe, we will remove you from our marketing lists within 48 hours, though you will continue to receive essential transactional emails related to your bookings and account.
We do not sell your data to third parties for their marketing purposes. Where we permit third parties to collect personal data, those third parties are required to use the personal data only for the purposes for which they collected it, and to handle the personal data in accordance with applicable data protection laws. Any third-party marketing communications you receive are from partners you have explicitly consented to hear from.
We may share your personal information with third parties in the following circumstances:
We work with carefully selected service providers who perform services on our behalf. These include Stripe for secure payment processing, Google Cloud Platform (GCP) for hosting and infrastructure management with database servers located in Italy and processing servers distributed globally, Mailchimp for email communications and newsletter delivery, and Google Analytics for website analytics and performance monitoring. These providers only have access to the personal information needed to perform their specific functions and are contractually obligated to maintain the confidentiality and security of that information. They cannot use your data for any other purpose.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, court order, or regulatory requirement, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Wedzway, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If Wedzway or substantially all of its assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets. In such cases, we will ensure that the acquiring party commits to protecting your personal data in accordance with this privacy policy.
Wedzway operates globally and connects couples with venues and service providers in 59 countries. As a result, we may transfer your personal data outside the United Kingdom and the European Economic Area (EEA). Our company headquarters are located in the United Kingdom, our hosting infrastructure is managed through Google Cloud infrastructure worldwide, while data is stored in servers in Italy and we work with various service providers throughout the European Union.
Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or UK Government. This includes countries that have adequacy decisions in place, recognizing their data protection laws as essentially equivalent to EU or UK standards.
Where we use certain service providers, we may use specific contracts approved by the European Commission or UK Government which give personal data the same protection it has in Europe. These Standard Contractual Clauses (SCCs) are legal contracts between us and our service providers that require them to protect your personal data in accordance with EU and UK data protection law, regardless of where they are located.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Account data is retained for the duration of your account plus 2 years after account closure. This allows us to reactivate your account if you decide to return and helps us resolve any disputes that may arise after account closure.
Booking and enquiry records are retained for 7 years to comply with legal and tax requirements. This includes all correspondence between couples and venues, booking confirmations, payment records, and contract details.
Marketing preferences are retained until consent is withdrawn. Once you unsubscribe from marketing communications, we will remove your data from marketing lists while retaining a record that you opted out to ensure we don't contact you again.
Analytics data is retained for 26 months and is anonymised thereafter. This aggregated data helps us understand platform usage trends without identifying individual users.
Payment records are retained for 7 years in accordance with financial regulations. This includes transaction histories, invoices, and payment confirmations necessary for tax reporting and financial audits.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
We manage cookie consent through CookieHub, which allows you to control which cookies you accept. You can update your preferences at any time through the cookie settings in your browser or via our cookie consent banner.
We use the following categories of cookies:
These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services. These cookies are always active and cannot be disabled as they are essential for the website to function properly.
We use various analytics tools to understand how visitors interact with our website and to improve our services:
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). These cookies help provide a more tailored experience on subsequent visits.
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. These cookies are only active with your explicit consent.
In addition to cookies, we use the following third-party services to provide and improve our platform:
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Except for essential cookies, all other cookies will only be placed with your consent through our cookie consent banner powered by CookieHub.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You can request a Subject Access Request (SAR) by contacting us, and we will provide you with a comprehensive report of all personal data we hold about you within 30 days.
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. You can update most of your personal information directly through your account settings, or contact us for assistance.
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
This enables you to ask us to suspend the processing of your personal data in the following scenarios: if you want us to establish the data's accuracy; where our use of the data is unlawful but you do not want us to erase it; where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. This is commonly known as data portability.
Where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at privacy@wedzway.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
All data transmitted between your browser and our servers is encrypted using TLS/SSL protocols (Transport Layer Security / Secure Sockets Layer). This means that all information you submit through our website, including login credentials, personal details, and payment information, is encrypted before transmission and cannot be intercepted by unauthorized parties.
Our platform is hosted on Google Cloud Platform (GCP) with enterprise-grade security and infrastructure management. Our database servers are located in Italy, with additional processing servers distributed across multiple regions worldwide to ensure optimal performance and data redundancy. GCP data centers maintain physical security measures including 24/7 monitoring, biometric access controls, and redundant systems to ensure data availability and protection against physical threats.
We implement role-based access controls to ensure that only authorized Wedzway staff can access sensitive data. Access is granted on a need-to-know basis and is regularly reviewed. All staff members with access to personal data undergo security training and are bound by confidentiality agreements.
We conduct periodic security reviews and penetration testing to identify and address vulnerabilities in our systems. Our security practices are continuously updated to address emerging threats and incorporate industry best practices.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach.
Despite our security measures, no internet transmission is 100% secure. We cannot guarantee the security of data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. Please use strong, unique passwords for your account and keep your account credentials safe. Never share your password with anyone, and contact us immediately at security@wedzway.com if you suspect any unauthorized access to your account.
Our website may include links to third-party websites, plug-ins and applications. These may include links to venue websites, photographer portfolios, hotel booking platforms, tourism board websites, social media pages, and other wedding service providers. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible for their privacy statements or practices. When you leave our website, we encourage you to read the privacy notice of every website you visit. Third-party websites may have different privacy policies and terms of use that govern how they collect, use, and protect your personal information.
While we carefully select partners and strive to work only with reputable organizations, we cannot be held responsible for the privacy practices of external websites. Any information you provide to third-party websites is governed by their respective privacy policies, not this one.
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy. The date at the top of this privacy policy indicates when it was last updated.
This privacy policy was first published in March 2026 (Version 1.0). We will notify all registered users of material changes to this policy via email at least 14 days before they take effect. Your continued use of our services after such notification will constitute your acceptance of the updated policy.
For significant changes that affect how we process your personal data, we may require you to provide renewed consent. We will clearly explain what has changed and give you the opportunity to review the updated policy before continuing to use our services.
If you are unhappy with how we have handled your personal data or believe that your data protection rights have been infringed, you have the right to lodge a complaint with the supervisory authority.
In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO). You can contact them through their website at www.ico.org.uk, by telephone at 0303 123 1113, or by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance at privacy@wedzway.com. We take all complaints seriously and will investigate any concerns you raise about our handling of your personal data. We aim to respond to all complaints within 30 days and will work with you to resolve any issues.
If you have any questions about this privacy policy or our privacy practices, please contact our Privacy & Data Team:
Wedzway Ltd
Privacy & Data Protection Team
Email: privacy@wedzway.com
Website: www.wedzway.com/privacy
Registered Office: United Kingdom
We aim to respond to all privacy enquiries within 30 days of receipt. For urgent security concerns, please contact security@wedzway.com and we will prioritize your request.