Privacy Policy

last updated: 12th September 2023

Lagafater takes your privacy very seriously and we make sure never to share your data with third parties without your explicit informed consent. This document represents a contract between Lagafater Enterprises LLP and you, the visitor.

Who We Are

In this document, the terms ‘us’, ‘we’, ‘our’ refers to Lagafater Enterprises LLP. The terms ‘you’ and ‘your’ refers to any user of this website or to any person staying at or visiting Lagafater property.

Lagafater Enterprises LLP (herein ‘Lagafater’) is a registered limited liability partnership registered in the United Kingdom under registration number OC439351 with its registered address at Tower House, Burley, Craven Arms, Shropshire, SY7 9LN. We do not have a dedicated data protection officer.

Interpretation

  • Personal Data: means any information relating to an identified or identifiable person to which this notice relates.

  • Controller: means a person or organisation which determines the purposes and means of the processing of Personal Data

  • Processor: means a person or organisation which processes Personal Data on behalf of a Controller

  • Data Subject: the person to whom Personal Data relate

Scope of this Document

This privacy notice takes effect from July 2023. It applies to Personal Data collected by whatever means including without limit through our websites. It sets out information about how we collect Personal Data, the categories of Personal Data we collect, the purpose for which we process Personal Data, the legal basis for this processing, our legitimate interests in processing, how we share Personal Data and the rights of Data Subjects whose Personal Data we process.

This document may be updated from time to time, so please check this page for the latest version each time you provide Personal Data to us.

How we collect Personal Data

We may collect personal data in the following ways:

  • Through the active and passive use of this website (Lagafater.co.uk) we may collect information about your browsing behaviour and information such as, but not limited to, IP address, location, keyword information, specific device details and any other information your device provides. This information is collected on our behalf by Squarespace and Google Analytics in order to provide us with demographic information. Please see their privacy policies for more information.

  • Information your provide to us during booking such as names, email addresses, phone numbers, physical addresses and anything else that is present on the booking form.

  • Data that may be provided to us from our booking partners (airbnb, booking.com, Tripadvisor and VRBO and any others) in accordance with their own privacy policies.

  • Any information collected via direct communication either over the phone or via email.

  • We may choose to photograph the visitors’ book in order to share previous guests’ experiences. In such instances all personally identifiable information (as determined by the landlord) will be removed or anonymised.

Categories of Data Subject

  • Visitors to the Lagafater website.

  • Guests booking directly through our website.

  • Guests booking indirectly through online travel agency websites such as Airbnb, VRBO, Booking.com and others.

  • Any person that contacts us directly using the contact details provided.

  • Any guest that stays in Lagafater accommodation.

Data We Collect

  • ‘Identity Data’ - such as name, title, date of birth, gender, vehicle registration.

  • ‘Contact Data’ - such as email address, phone number and physical address.

  • Marketing preferences.

  • ‘Payment Data’ - such as card and bank account information

  • ‘Online Data’ - such as internet protocol addresses and associated online data collected through our use of Squarespace and Google Analytics.

  • We may occasionally collect data in the event of injury on Lagafater property.

  • Any information, personal or otherwise, you share with us as part of an entry in the visitors’ book. This includes your thoughts and writing about the lodge. This data will never be used for any purpose other than historical and general interest, however, given the public nature of a visitors’ book, it is likely that other guests will see such information. Guests are encouraged not to share personal information in this way.

When the provision of Personal Data is a statutory requirement or a requirement necessary to enter into a contract.

If you are aged over 16 years and are a guest in our accommodation, you are required by law to provide us with your full name and nationality upon arrival.

If you are not a Commonwealth citizen, British protected person nor a citizen of the Republic of Ireland you are additionally required by law, on arrival, to provide us with the number and place of issue of your passport (or other document establishing your identity and nationality) and before you leave, your next destination and if known, your full address there.

Purposes of Processing

We collect Personal Data for the following purposes:

  • To provide our services as a holiday accommodation.

  • To process payments and transactions.

  • To maintain our accounting and tax records and other administrative reasons.

  • To comply with Reporting of Injury, Disease and Dangerous Occurrences Regulations 2013.

  • To comply with the The Immigration (Hotel Records) Order 1972.

  • To comply with legal obligations generally, including under companies, taxation and data protection laws and where we are required to disclose data by a law enforcement agency.

  • To defend against legal claims (including prospective legal claims).

  • To understand more about our customers and measure the effectiveness of our websites and connect with social media services.

We will only use your Personal Data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the contact information at the end of this document.

Lawful basis for processing

We only process Personal Data where we have a lawful basis for doing so.

In some cases we will be required to process your Personal Data in order to comply with a legal obligation (for example under companies legislation, taxation legislation, data protection laws and under The Immigration (Hotel Records) Order 1972). Where this applies, we rely upon compliance with a legal obligation as one of the legal bases for processing your Personal Data. If it is necessary for us to process your Personal Data in order to comply with a contract between us, performance of the contract will be one of the legal bases for processing your Personal Data.

We process email addresses for the purposes of sending electronic marketing communications on the basis of consent where consent has been requested and obtained.

By using our website you consent to the setting of the cookies referred to later in this Privacy Notice. We may request your consent to other forms of processing, such as the inclusion of Photographic Data on our website or in our marketing collateral, and where we do, consent is the legal basis for the processing covered by the consent. Where we are processing your Personal Data on the basis of consent, you can withdraw your consent at any time and if you do so we will cease processing your Personal Data unless there is another lawful basis for us to do so.

Where we are not relying upon consent, we process your Personal Data on the basis of our legitimate interest (in addition to any other legal bases which are available to us). Our legitimate interests in each case will depend upon the purpose of the processing, and may be any of those listed in the Purposes of Processing section of this document.

Retention periods

We will never delete Personal Data where we have a legal obligation to retain it. Subject to this, we will store Personal Data for the periods set out below:

  • Contact Data: Five years after last use.

  • Marketing preferences: Indefinitely, provided consent has been explicitly given. We will not use any information for marketing purposes to Data Subjects that have opted-out.

  • Payment Data: Lagafater never handles or stores personal payment information. Such data is handled and processed by our payment provider Stripe in accordance with their privacy policy. Any personal information already given to Lagafater will be destroyed.

  • Online Data. Google Analytics data will be retained for 26 months.

  • Injury Data: we will store this data for as long as it is necessary in the event. After this point, it will be destroyed.

  • Visitors’ Book Data: we will store this indefinitely for historical and general interest purposes.

Transfers outside of the European Economic Area (EEA)

Transfers of Personal Data to countries outside of the EEA are made on the following bases:

  • Where the European Commission has made a finding of adequacy in relation to the laws of the country to which the Personal Data is to be transferred.

  • Under standard contractual clauses which have been approved by the European Commission which give Personal Data the same protection it has in EEA.

  • To organisations in the United States of America which are part of the Privacy Shield Framework, which requires them to provide similar protection to Personal Data shared between the EEA and the US as it has in the EEA.

  • Where this is necessary to the performance of a contract between us and you or between us and a third party which is in your interests.

  • Where this is necessary to protect your vital interests On the basis of your explicit consent where no other lawful basis for the transfer is available.

Who we share Personal Data with:

Contact Data, Marketing Preference Data, Payment Data and Online Data may be shared with:

  • IT service providers (acting as Processors). This includes providers that are chosen by Lagafater to facilitate transactions such as bookings, contact and other purposes relating to a guest holiday.

  • Auditors and professional advisers, including lawyers, bankers and insurance companies who provide auditing or consultancy, banking, legal, insurance and accounting services (acting as Controllers).

All Data collected for any reason may be shared with:

  • Insurers where there is a business need for them to receive the Personal Data (acting as processors or controllers).

  • Successors in title to any assets or undertakings with which the Personal Data is associated (acting as Controllers).

  • Public bodies, taxation authorities, courts, regulators or law enforcement agencies where this is required by law or in connection with the establishment, exercise or defence of legal claims (acting as Controllers).

Your Legal Rights

You have the right to:

  • Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

  • Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

  • Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Complain to the supervisory authority in connection with our processing of your personal data. You can exercise this right by contacting the Office of the Information Commissioner at HTTPS://ICO.ORG.UK/.

Cookies

Like many websites, our website uses cookies, small text files that are placed on your computer to gather information about you and how you use our website.

Some cookies on this site are strictly necessary, and the site won’t work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you’re not happy with this, you can change the cookie settings within your browser, we won’t set these cookies but some nice features of the site may be unavailable.

Security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know.

Our websites may contain links to other websites of interest. However, once you have used one of these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy notice applicable to the website in question.

Contact us

If you have any questions about our processing of Personal Data or would like to exercise one of your legal rights, please contact Lagafater using andrew@lagafater.co.uk or by using the details that can be found in the contact page of this website.