This privacy policy is between website users (you) and Lorraine Barratt (the website owner). It has been updated to comply with the EU General Data Protection Regulation (GDPR), ensuring that all individuals whose personal information I process have been informed of why I need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information. By using this website you agree that you are legally entitled to do so and agree to this privacy policy.

This privacy policy is subject to change without notice.

My Commitment

I am committed to ensuring the security and protection of the personal information that I process, and to provide a compliant and consistent approach to data protection in line with UK and EU law.

Personal Data

In general your personal data will be used to provide the information, goods and services offered through my website to you, for billing and order fulfilment.

I do not store information collected about your visit to this website for use other than to analyse content performance through the use of cookies, which you can turn off at anytime by modifying your Internet browser’s settings.

Obtaining Consent:

I ensure that individuals understand what they are providing, why and how I use it and give clear, defined ways to consent to me processing their information. I have developed stringent processes for recording consent, making sure that I can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.

Information Collected:

The pieces of information that I collect, from your voluntary submission through either the contact from or the booking form, are the following: name, address, email, phone number and your booking details (dates, prices, extras).

Credit card details are processed through the third party Stripe.

Direct Marketing:

I have clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and provide unsubscribe features on all subsequent marketing materials.

 Information Disclosure:

I may disclose your personal data; if I sell my business, to agents and service providers and in cases where I am required by law to pass on information or if I believe action is necessary for fraud, cyber crime or to protect the website, rights, personal safety of person/s.

I may also disclose aggregate statistics about visitors to my website (customers and sales) in order to describe my services to prospective partners (advertisers, sponsors) and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.

I am not responsible for the republishing of the content found on this website on other websites or media without my permission.

International Data Transfers & Third-Party Disclosures and Processor Agreements:

Where I use any third-party to process personal information on my behalf (i.e. payment processing, hosting etc), I ensure that they meet and understand their GDPR obligations. These measures include initial and on going reviews of the service provided, that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.

Where I store or transfer personal information outside the EU, I have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data.

Data Subject Rights

You have the right to access any personal information that I process about you and to request information via a Subject Access Request (SAR) about:

  • What personal data I hold about you
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long I intend to store your personal data for
  • If we did not collect the data directly from you, information about the source
  • The right to have incomplete or inaccurate data about you corrected or completed and the process for requesting this
  • The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from me and to be informed about any automated decision-making that I use
  • The right to lodge a complaint or seek judicial remedy and who to contact in such instances

Data Retention & Erasure 

I do not retain personal data for any longer than necessary and have dedicated erasure procedures in place should you wish to exercise the ‘Right to Erasure’

Subject Access Request (SAR)

If you are concerned about your data, you have the right to request access to personal data which I hold or process about you. All the requested information which is not exempt from the right of subject access will be delivered to you within 30-days and is free of charge.

Data Protection and Information Security Measures

I only store the minimum amount of personal information about you to ensure that I can effectively provide you the information you need about my goods and services and the information I need for billing and order fulfilment. All information I collect is stored, archived and destroyed compliantly and ethically by either myself or GDPR-compliant third parties.

I take the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that I process.

I have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:

  • SSL (Secure Sockets Layer) Encryption and Certificate

SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data collected about you is passed between the web server and browsers and remains private and integral.

  • Secure Payment Processing

I do not store any credit/debit card details as they are processed and held by the reputable third party payment provider Stripe.

  • Secure Passwords

All your personal information is password protected.

  • Access Controls

I employ access levels on my website, email and booking software to ensure that your personal information is only accessed by the minimum number of pre-approved individuals necessary to ensure quality service.

  • Data Breach Procedures

 My breach procedures ensure that I have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.

GDPR Roles and Employees

I, Lorraine Barratt am the Data Protection Officer (DPO) and am responsible for complying with data protection regulation. If you have any questions regarding your personal data or this Privacy Policy contact me via the contact form on this website.

Cookie Policy 

This website uses cookies – small text files that are placed on your machine to help the website provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, notify website errors and provide anonymous tracking data to third party applications like Google Analytics and Hotjar.

As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this website and on others. The most effective way to do this is to disable cookies in your browser. For more information I suggest consulting the Help section of your browser or taking a look at the About Cookies website.