Privacy Policy
Effective Date: 22nd July 2025
At The Cotswold Barn, we are committed to protecting and respecting your privacy and safeguarding any personal data you provide to us. We are transparent about the processing of your data, and this notice outlines how we collect, use, store and protect your personal information.
We are a data controller under the UK GDPR and the Data Protection Act 2018.
If you have any questions or concerns regarding your data, you can contact us at:
Who We Are
The Cotswold Barn
[Insert full registered business name, if different]
[Insert business address – e.g., The Cotswold Barn, [Street Address], [Village/Town], Gloucestershire, [Postcode]]
What Personal Data Do We Collect and Process?
1. Bookings and Accounts
When you book your holiday accommodation with us, we collect the following information:
Full name
Home and billing address
Email address
Mobile number
Date of birth and nationality
Passport number and place of issue (if you are not a British, Irish or Commonwealth citizen), and your next destination address
Travel preferences (e.g., accessibility requirements)
Names of guests travelling with you
Booking details (e.g. reference number, property booked, stay duration)
Any complaints or compensation
Partial payment information (only the last 4 digits are stored)
We may take bookings via our website or over the phone. Calls may be recorded for quality and legal purposes and are retained for 6 years. Payment information is handled securely and not stored by us directly.
2. Customer Service
We retain records of communications with you for 6 years to assist with any queries or disputes.
3. Marketing
You can opt in to receive newsletters and offers by email. If you make an enquiry or booking, we may contact you with similar offers unless you opt out.
4. Surveys and Feedback
We may ask for your feedback through surveys, which are always optional.
5. Competitions
If you enter a competition, we’ll use your details to contact you about the outcome. We won’t use this information for marketing unless you’ve agreed to it.
6. Site Data
We may collect technical data like your IP address, browser type and operating system for site security and administration. We only use cookies with your consent (except essential cookies).
7. Guests Travelling With You
We require details of all guests over 16 as per The Immigration (Hotel Records) Order 1972:
Full name
Nationality
For non-British/Irish/Commonwealth citizens: passport number, issuing authority, and next destination
You are responsible for ensuring other guests are aware of and consent to the sharing of their data.
8. Data from Other Sources
We may receive data from:
Property owners (in the event of a complaint)
Integrated communication tools on our website (e.g. live chat)
Why Do We Collect Your Data?
1. To Fulfil Your Booking
This is necessary to deliver the service you requested, including confirmations, updates, and pre-arrival information.
2. Customer Service
To help resolve issues and provide support, including liaising with third-party contractors if required during your stay.
3. Account Management
An account may be created on our system or website to manage bookings, payments, and preferences.
4. Marketing
We may use your contact details to send you news or promotions. You can opt out at any time.
Our legal basis for marketing is either consent or legitimate interest.
5. Surveys and Feedback
We may invite you to complete post-stay surveys to improve our service.
6. Service Improvement
We use aggregated or pseudonymised data for analysis to improve our offerings and operations.
7. Call Monitoring
Calls may be recorded for training, dispute resolution, and fraud prevention purposes.
8. Legal and Regulatory Requirements
We are legally required to collect and retain some data under UK legislation such as the Immigration (Hotel Records) Order 1972.
9. Goodwill Gestures
Occasionally, we may send a thank-you gift. If so, we will confirm your delivery address before sending anything and always offer the option to decline.
Sharing Your Data
We share your personal data only when necessary:
1. Property Owners
Only essential information (usually the lead guest’s name) is shared unless further details are required to resolve an issue.
2. Service Providers
We may use third parties for:
Payment processing
Customer support
Maintenance and repair services
Marketing (e.g. email newsletters)
Insurance, legal or fraud prevention support
All third parties are required to protect your data under UK GDPR requirements.
3. Authorities
We may disclose personal data to law enforcement or other authorities if required by law or to protect our legal rights.
Data Security and Retention
We implement strong technical and organisational measures to safeguard your data, including:
Secure servers and restricted access
Secure payment providers
Data minimisation principles
Retention periods:
Booking and account data: 6 years
Financial data: 7 years
Marketing data: up to 5 years, or until you unsubscribe
Call recordings: 6 years
Children’s Data
Bookings must be made by individuals 18 or older. We only collect data about children if provided by a parent or guardian as part of a booking.
International Data Transfers
Where your data is processed outside the UK, we ensure it is protected through:
Adequacy decisions
Standard Contractual Clauses
Your Rights
You have the right to:
Access your data
Rectify incorrect data
Erase data (under certain conditions)
Object or restrict processing
Withdraw consent at any time (if processing is based on consent)
Data portability
To exercise these rights, contact us at:
You can also raise concerns with the Information Commissioner’s Office:
🌐 www.ico.org.uk/concerns
Updates to This Policy
We may update this privacy policy periodically. Any significant changes will be posted clearly on our website.