Noir & Velvet
Legal

Privacy Policy

Last updated: 21 May 2026

1. Who we are

Noir & Velvet ("we", "us", "our", "the Agency") is the data controller for personal data collected through this website and through our booking process. We are a private adult entertainment agency based in Bournemouth, Dorset, United Kingdom, operating across London, the South and South West of England. For any privacy matter, including to exercise your rights under UK GDPR, please contact our data protection lead at bookings@noirvelvet.co.

This policy explains, in plain English, what personal information we collect, why we collect it, how we use and protect it, how long we keep it, who we share it with, and what rights you have. It applies to clients, prospective clients, guests at our events, performers, and visitors to our website.

2. What we collect

We collect only the information we need to respond to your enquiry, deliver your booking safely, and meet our legal obligations. Depending on how you interact with us, that includes:

  • Enquiry & booking data: your name, email address, telephone number, event type, event date and time, event location (including venue type — private home, hotel suite, members' club, marquee, etc.), guest numbers, the line-up requested, and any preferences, themes, dress codes or accessibility requirements you choose to share.
  • Identity & age verification data: where appropriate, the presentation (not the storage) of government-issued photo ID at the venue to confirm the Booker and guests are 18+. We do not retain copies of ID documents.
  • Financial data: billing name and address, payment reference and the last four digits / card scheme of the payment method. Full card numbers are processed directly by our payment provider and are never stored on our systems.
  • Correspondence: emails, messages and call notes exchanged in connection with your enquiry or booking.
  • Safeguarding data: any incident notes, welfare concerns or refusals to perform, kept for the protection of our team and to defend against unfounded claims.
  • Technical data: IP address, approximate location derived from IP, device and browser type, referring URL, pages visited, and timestamps, collected automatically via standard server logs and any cookies set in accordance with our Cookie Policy.

We do not knowingly collect data from anyone under the age of 18. We do not collect special category data (such as health, sexual orientation or religious beliefs) unless you volunteer it for a specific operational reason (for example, an allergy disclosed for a hotel suite booking), in which case we rely on your explicit consent.

3. How we use your data

  • To respond to your enquiry, quote for your event and arrange your booking.
  • To brief and dispatch the specific performers and producers assigned to your event.
  • To process payments, take deposits, issue invoices and maintain accounting records.
  • To communicate with you before, during and after your event — including last-minute logistics and follow-up.
  • To verify that all attendees are 18 or over and that the venue is safe and lawful for adult performance.
  • To protect the safety, dignity and welfare of our performers and team, including the keeping of incident and safeguarding notes.
  • To prevent and detect fraud, abuse of our service, and breach of our Terms & Conditions.
  • To comply with our legal, tax, regulatory and accounting obligations.
  • To establish, exercise or defend legal claims.
  • Where you have opted in, to send you occasional updates about our service. You can unsubscribe at any time.

4. Legal basis

Under UK GDPR, we rely on the following lawful bases:

  • Steps prior to entering a contract — to respond to your enquiry and prepare a quote.
  • Performance of a contract — to deliver the booking you have confirmed with us.
  • Legitimate interests — to run our business safely and sustainably, protect our performers, prevent fraud and abuse, keep records of incidents, and maintain the security of our systems. We have balanced these interests against your rights and consider them proportionate.
  • Legal obligation — to meet our duties under UK tax, accounting, safeguarding and law enforcement legislation.
  • Consent — for any optional marketing communications, non-essential cookies, and any special category data you volunteer. You may withdraw consent at any time.

5. Discretion & sharing

Discretion is fundamental to our service. We treat every enquiry as strictly confidential and we do not sell, rent, trade or otherwise disclose personal data for marketing purposes. We share the minimum information necessary with the following limited categories of recipients:

  • The specific performers, producers and, where relevant, security personnel assigned to your booking — typically limited to first name of the Booker, contact number, venue address, time, dress code and any operational notes.
  • Our payment provider, accountant and bookkeeper, for the purposes of processing payments and meeting our accounting obligations.
  • Our website, email and database providers, who host our infrastructure under written processing agreements and on instructions from us.
  • Professional advisers (legal, insurance) where strictly necessary.
  • Law enforcement, regulators or other authorities where we are required to do so by law, or where disclosure is necessary to protect the vital interests of any person.

Where any of our processors are located outside the UK, we ensure that appropriate safeguards (such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses) are in place to protect your data.

6. Retention

We keep personal data only for as long as we need it:

  • Confirmed bookings & financial records: up to 6 years after the end of the relevant tax year, to meet HMRC and accounting requirements.
  • Enquiries that do not proceed to a booking: deleted within 12 months.
  • Safeguarding & incident notes: up to 6 years from the date of the incident, to defend potential claims and protect our team.
  • Marketing list: until you unsubscribe, then suppressed (not deleted) so we do not contact you again.
  • Website analytics & server logs: typically up to 26 months.

7. Your rights

Under UK GDPR you have the right to:

  • Be informed about how we use your data (this policy).
  • Access a copy of the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased, where there is no overriding lawful reason for us to keep it.
  • Restrict or object to certain processing, including direct marketing.
  • Receive your data in a portable format, where technically feasible.
  • Withdraw consent at any time, where we relied on consent.
  • Not be subject to fully automated decision-making. We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, please email bookings@noirvelvet.co. We will respond within one calendar month. We may ask you to verify your identity before disclosing personal data. If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Security

We use appropriate technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include encrypted storage of booking records, encryption of data in transit (TLS), row-level access controls on our database, role-based access for staff, multi-factor authentication on administrative accounts, and regular review of who has access to what. Payment card data is handled by a PCI-DSS compliant payment provider and is not stored on our systems.

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it, and notify you directly where the risk is high.

9. Cookies & tracking

Our website uses a minimal set of cookies, described in detail in our Cookie Policy. Strictly necessary cookies are always on; analytics and any non-essential cookies are only set with your consent.

10. International transfers

Our primary infrastructure is located within the UK and the European Economic Area. Where any processor we use is located outside these jurisdictions, we ensure your data is protected by appropriate safeguards as required by UK GDPR (such as adequacy decisions or the UK International Data Transfer Agreement).

11. Changes to this policy

We may update this policy from time to time to reflect changes in law, our services or our internal practices. The latest version will always be available on this page, with the "last updated" date refreshed. Where the change is material, we will take reasonable steps to bring it to your attention.