Last updated: 12/05/2026

This Cookie Policy explains how Club Lotus Ltd (“Club Lotus”, “we”, “us”, “our”) uses cookies and similar technologies on www.clublotus.co.uk and any associated sub-domains, member areas, forums, archives and online services (the “Website”).

It should be read together with our Privacy Policy, Terms & Conditions, Disclaimer and Acceptable Use Policy.

1. What are cookies?

A cookie is a small text file that a website places on your device — computer, tablet or phone — when you visit. Cookies allow a site to recognise your device on later visits, to remember your preferences, to keep you logged in, to measure how the site is used, and (with your permission) to support analytics and marketing.

In this policy, “cookies” also refers to closely related technologies such as local storage, session storage, tracking pixels, web beacons and device fingerprinting signals, all of which can perform similar functions.

Cookies set by the Website itself are called first-party cookies. Cookies set by other organisations whose content or services appear on our pages — for example, our payment provider or our video host — are called third-party cookies.

2. Why we use cookies

We use cookies to:

• keep you signed in to your member account, the forums and the Heritage Digital Archive;
• remember choices you have made — for example, your communications preferences and your cookie preferences themselves;
• secure web forms against automated abuse and to protect against fraud;
• operate the Club Shop checkout, including your basket and payment flow;
• understand how the Website is used so that we can improve it; and
• where you have agreed, support limited marketing measurement and the embedded third-party content (such as videos) that we use for events and archive reveals.

We do not use cookies to build a detailed profile of you, to sell your personal information, or to permit advertising networks to track you across unrelated websites.

3. The legal position

The use of cookies in the UK is governed by Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (as amended), together with the UK GDPR where cookies process personal data. The position, in short, is:

• Strictly necessary cookies — those without which the Website cannot function for you — may be set without your consent.
• All other cookies — including analytics, preference and marketing cookies — require your prior, informed, freely given and specific consent before they are set.

When you first visit the Website, we present a cookie banner that allows you to accept, reject or configure non-essential cookies. You can change your choice at any time via the Cookie preferences link in the site footer.

4. The categories of cookies we use

For clarity, the cookies on the Website fall into four categories. A full, live list of individual cookies — including names, providers, purposes and expiries — is set out in section 8 below.

4.1 Strictly necessary

These cookies are essential to the operation of the Website. They allow you to log in, navigate member areas, complete a purchase and use security features such as form validation. The Website cannot function properly without them, and they are set without consent under PECR Regulation 6(4).

Examples include WordPress login session cookies, WooCommerce cart and checkout cookies, MemberPress access cookies, the Complianz consent record itself, and security tokens used by our forms.

4.2 Preferences (functional)

These cookies remember choices you have made — such as your interface preferences, accessibility settings and last-viewed content — so that the Website behaves consistently between visits. They are set only with your consent.

4.3 Statistics (analytics)

These cookies help us understand which pages members visit, how long they spend on the site, where they enter and leave, and which content is most useful. We use this in aggregate form to improve the Website. They are set only with your consent.

Where reasonably possible, we configure analytics to anonymise IP addresses, to disable cross-site tracking and to keep data within the UK or EEA. Where this is not possible — for example, where the analytics provider is based outside the UK — the international transfer safeguards described in section 9 of our Privacy Policy apply.

4.4 Marketing and embedded media

These cookies support limited marketing measurement and the embedded third-party content that appears on some pages — for example, Vimeo videos used for hybrid events, archive reveals and the Heritage Digital Archive, and our payment provider’s fraud-prevention scripts.

Where we embed third-party content, that content may set its own cookies once you choose to play or interact with it. We use privacy-respecting embed modes where the provider offers them (for example, Vimeo’s “do not track” mode), and we ask for your consent before embedded marketing or social content is loaded.

We do not use third-party advertising networks, retargeting pixels (such as the Meta or LinkedIn pixel) or behavioural advertising cookies on the Website.

5. Cookies set by third parties

The following third-party services may set cookies on the Website when you use the relevant feature. The links go to each provider’s own cookie or privacy information, which we encourage you to read.

This list reflects the integrations in place at the date of this policy. The live, machine-generated inventory in section 8 will always reflect the current position.

6. Cookies and our analytics approach

Where we operate analytics, we aim to follow a proportionate, member-respecting model. In practice this means:

• preferring on-server, privacy-friendly analytics over third-party advertising-funded analytics where possible;
• aggregating data rather than tracking individuals;
• not using analytics data to make decisions that significantly affect an individual member;
• keeping retention periods short (typically not more than 26 months); and
• treating opt-out as the default for all analytics cookies until you have given consent.

If we change analytics provider in a way that materially affects this position, we will update this policy and re-prompt for consent through the cookie banner.

7. Managing your cookie preferences

You can manage cookies in three places:

7.1 Our cookie banner and preference centre

When you first visit the Website you see a cookie banner. You may:

• Accept all — all categories of cookies are allowed.
• Reject all (non-essential) — only strictly necessary cookies are set.
• Manage preferences — you choose which categories of non-essential cookies you allow.

You can change your decision at any time by clicking the Cookie preferences link in the site footer. The banner is provided by Complianz, which records your choice so we can demonstrate consent in line with PECR and UK GDPR.

7.2 In your browser

All modern browsers allow you to view, block and delete cookies. Information for the most common browsers:

• Google Chrome
• Mozilla Firefox
• Apple Safari
• Microsoft Edge
• Opera

Blocking strictly necessary cookies in your browser is likely to break parts of the Website — most obviously login, the checkout and the member areas.

7.3 On your device

On a mobile device, you can also adjust tracking settings (for example, Apple’s Limit Ad Tracking and Google’s Reset advertising ID) in your device’s privacy settings.

8. The live cookie inventory

The detailed, up-to-date list of every cookie used on the Website — including its name, the party that sets it, its purpose, its category and its expiry — is set out below. This list is generated by our consent management platform and is updated automatically as the Website changes.

If you have a question about a specific cookie that is not answered by the live inventory, please contact our DPO at dpo@clublotus.co.uk.

9. Do Not Track and Global Privacy Control

Some browsers and add-ons send a “Do Not Track” (DNT) or “Global Privacy Control” (GPC) signal when you visit a website. The legal status of these signals in the UK is still developing.

Our current position is:

• GPC signals — where detected, we treat the GPC signal as a request to withhold consent for non-essential cookies, in line with emerging ICO and EDPB guidance.
• DNT signals — we acknowledge the signal but our cookie banner is the primary mechanism for capturing your choice.

If you have set GPC in your browser and you also use our cookie banner, the banner choice will be the one we record, as it is the more specific expression of preference.

10. Children

The Website is not directed at children. We do not knowingly set non-essential cookies on devices that we believe to be used by a child under 16. Where a parent or guardian has set up a junior or family membership, the parent or guardian is responsible for managing the cookie choices on the device.

11. Changes to this policy

We may update this Cookie Policy from time to time to reflect changes in technology, law, our service providers or our internal practices. The “Last updated” date at the top of the page shows the date of the most recent revision. Where changes materially affect what cookies are set or the basis on which they are set, we will re-prompt you for consent through the cookie banner.

12. Contact

For any question about cookies, tracking technologies or the Complianz banner:

Data Protection Officer Club Lotus Ltd, Signpost House, Ambassador Way, Greens Road, Dereham, Norfolk NR20 3TL Email: dpo@clublotus.co.uk — Telephone: +44 (0)1362 694459

You may also complain to the Information Commissioner’s Office (ico.org.uk) if you are not satisfied with our response.