top of page

Privacy Policy

We are In Good Company a group of companies incorporated in England and Wales that act as Controllers of your data. The companies are: 

In Good Company Brewing Ltd, registered at Companies House under number 11065849. 

Magic Rock Brewing Company Ltd, registered at Companies House under number 07371022. 

Fourpure Ltd, registered at Companies House under number 07777184. 

Our Data Protection Officer can be reached by emailing

All the companies listed above act as joint Controllers of your data, with Fourpure Ltd making a majority of the decision about how your data is processed. 


Being a Controller means that we are trusted to look after and deal with your personal information in accordance with this notice. We jointly determine the ways and means of processing your data and must therefore be accountable for it. 

Fourpure Ltd is registered with the ICO under number ZA319004 

Magic Rock Brewing Company Ltd is registered with the ICO under number ZA490842 

We have an intercompany Joint Controller agreement in place to ensure all entities process your data in line with our shared policies and processes. 

 Your Rights

As a data subject, you have a number of rights over your personal data under the Data Protection Laws. If you wish to exercise any of your rights, please contact us on

Right of access: You can request access to a copy of the personal data which we hold about you as well as details about why and how we use; 

Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete; 

Right to be forgotten/erasure: You have a right, under certain circumstances to ask us to delete any personal data we hold out you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so. 

Right of restriction: You can ask us to restrict (ie: prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data. 

Right to data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another. This would be sent in a structed, commonly used, electronic form; 

Right to object: You can object to us using your personal data for particular purposes; and 

Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain circumstances. 


If you want to exercise any of these rights, please just contact us on


You also have the right to lodge a complaint about our processing with a supervisory authority – in the UK that is the ICO whose details are here 


‍Data Sharing and Transfers 
Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses. When data is transferred to the EEA, it is on the basis of adequacy (that the EEA has equivalent data protection regimes as the UK). 


We do not sell your data to anybody and we do not share it with anyone other than our contracted processors, legal advisors or for reasons where we may be required to by law. 

Automated Decision Process

We do not use your personal data in any automated processes to make decisions about you. 



We may, from time to time, expand or reduce our business and this may involve the sale and/or transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us. 


In the event any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. 



We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date. If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change. 



To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us: 


I am a potential corporate client (1) 
I am a corporate client (2) 
I have bought beer or booked a table with you (3) 
I am a potential employee of Fourpure or Magic Rock (4) 
I am an employee of Fourpure or Magic Rock(5) 
I am just browsing your website(6) 
I am a supplier or third party (7) 
I have signed up to your newsletter (8) 




Data that we hold and how we use it 
‍As a potential client, we hold your name, job title and corporate contact details so we can build a relationship with you. This data will have been sourced directly from you at an event, or from your company website or a similar publicly available source. We only hold your data if we legitimately think you will have an interest in using our product. 

‍Lawful basis for processing 
‍Our lawful basis for processing your data is a Legitimate Interest for marketing purposes. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR). We give you the change to opt-out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt-out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject. 
‍Retention Periods 
‍We hold data on Potential Corporate Clients for as long as we think you are likely to be interested in our goods and services, or until the point at which you opt out of communications. At this point you are added to a suppression list so we do not contact you again. When you become a Corporate Client, then the privacy Notice for Corporate Clients will apply. 





As a corporate client, we hold the contact and payment details required to carry out our contract with you, manage our relationship and keep you up to date with changes and improvements to our services. This data would have been sourced from you directly. 
Lawful basis for processing 
‍Our lawful basis for processing your data is a combination of Contract and Legitimate Interest. We use legitimate interest when we use your data to keep you up to date with changes and improvements to our goods and services. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, is necessary for the purpose of keeping you updated and growing our business, and unlikely to cause you risk or harm. 

Retention Periods 
‍We hold data on Corporate Clients for the length of time that you are a client of ours, then another 7 years in case of any dispute. 






If you have booked a table with us, we will process data to facilitate that booking. That will be your contact details, event details and then an important allergy information that we need to know ahead of time. 

If you have ordered beverages online, then we hold your contact details, billing and shipping address and order details. We pass you directly to our billing partners (Stripe, ApplePay and Paypal) for the financial transactions. 

If you leave feedback for us or contact us on social media then we will have access to your social media handles. 



Our lawful basis for processing your data is a combination of Contract and Legitimate Interest. We use legitimate interest when we you provide data for your booking. If you share allergy information then we are able to process that based on our obligations under health and safety regulations. 

We use contract when we process data to fulfil your online order. 


We do not hold booking data in our system. 

We hold data relating to orders for 7 years. 




Data that we hold and how we use it 

‍As a potential employee we process information to help us understand if you are the right fit for the role you have applied for. This will include information such as: Name, CV/Resume, Industry qualifications/experience, Salary expectations, Contact details, Interview notes, References, Educational background/qualifications & pre-employment check results. 
‍Lawful basis for processing 

‍Our lawful basis for processing your data is a combination of contract, legitimate interest, and legal obligation, depending on the process. On the whole, we are processing the data to create and maintain a relationship with you and test your suitability for the role. As the journey towards onboarding progresses, we are obliged by law to do certain checks, such as your eligibility to work in the UK, or for licensing laws in some roles. 

The data we hold on you would have come directly from you or from an agency, where you have applied for the role. If we did not source the data directly from you then we will contact you within one month to let you know the details of processing. 
We do not carry out automated decision making on your personal data. 
‍Retention Periods 

‍We hold data on potential employees for various periods, depending on the situation. 

If you were not a good fit for the role and not short listed then your data is deleted as soon as it is no longer needed. 
If you were shortlisted, but did not get the role then we keep your data until the successful candidate passes their probation period (6 months). 
If you did get the role you applied for then you become an employee and the employee privacy notice will apply. 





If you are an employee of Fourpure or Magic Rock please refer to the People Privacy Notice that is stored on SharePoint / DPO documents. If you have trouble locating this folder please contact  



The UK Information Commissioner defines cookies as ‘small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.’ Any browser visiting our site will potentially receive cookies from us or cookies from third parties such as our partners or service providers, like our shopping basket provide, Shopify. 

We use two types of cookies: persistent cookies and session cookies. A persistent cookie lasts beyond the current session and is used for many purposes, such as recognizing you as an existing user, so any preferences you have added will be available the next time you visit. Session cookies last only as long as the session. Once you close the page, the cookie is deleted 



The list of cookies being used on our websites can be found here : 


You will see that the cookies are split into the following categories: 



Strictly Necessary, These cookies are necessary for the website or application to function. Without them the site will not work. Or, they provide functionality that the user expects to exist. Or, the cookies enable us to adhere to the GDPR security requirements. 

Performance Cookies, Performance cookies are used so we can collect information about how people use our website – for example, the number of users on a website, how long they stay on the site for, and what parts of the site they visit.  

Functional Cookies, These cookies allow us to provide additional functionality, like the ability to have an online chat function, or to be able to show videos. 

Advertising Cookies, These cookies are used to deliver adverts more relevant to our website visitors and their interests. They are also used to limit the number of times a visitors will see an advertisement as well as help measure the effectiveness of our advertising campaigns. 

Social Media Cookies, Social media cookies allow users to interact more easily with social media, such as Facebook and Instagram. Where we provide social media links or interactions on our website, such as like or share buttons, and you interact with them, the social media organisation may drop cookies and they will be covered by the Privacy Policy of that organisation. We typically do not receive any personal data collected as a result of such interaction, although we may receive aggregated reports 




When we want to use any cookie category other than “Strictly Necessary”, we will ask for your consent. This is done via our cookie banner. You can edit your consent options at any time by refreshing your browser cache and revisiting the website so as to trigger the cookie banner again where you can customise your cookie preferences. If we make any changes to the list of cookies that we use, then we will automatically show you the cookie banner then next time you visit our site, so you have full control over the consent you provide. 

Please note that if you decline cookies using our banner, or set your browser to block cookies, some or all of the website and services may not have full functionality and your user experience may be impacted. The website will work, but only in its simplest form. 





As a supplier, we hold the contact and payment details required to manage our relationship and pay you for the services you provide. This data would have been sourced from you directly. 


Our lawful basis for processing your data is a combination of Contract and Legitimate Interest. We use legitimate interest when we use your date to let you know about other services we might require. Our legitimate interest balancing test indicates that this is a legitimate purpose; we are sure you will want to hear from us when we might require additional services, and it is unlikely to cause you risk or harm. We use contract when we process data to manage our relationship with you (e.g. to pay you). 


We hold data on our Suppliers for the length of time that we are engaged together, then another 7 years in case of any dispute. 




When you signed up for our newsletter you provided your name and email address, along with your consent to be contacted. Our newsletters have pixels in them that let us know if they are opened or not. If you do not open emails from us for 12 months then we will delete you from our database.  

We use consent to send you the newsletter and legitimate interest to process your data for marketing purposes. 

You can unsubscribe from our newsletter at any time by clicking the unsubscribe link in the footer of the email. 

bottom of page