Privacy Policy | The Dairy Cottage

Introduction

The Dairy Cottage ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use and safeguard your personal information when you use our website at thedairycottage.co.uk or make a booking with us.

We are based in Hassocks, East Sussex, UK, and we process your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What We Collect

We collect personal information in a few specific ways, and only what is genuinely needed to provide our services:

When you make a booking

Your full name
Email address
Phone number
Payment card details (processed securely by Stripe; see below)
Your chosen dates, number of guests and any special requests

When you sign up for our newsletter or discount offer

Your name
Email address

When you browse our website

Anonymous usage data collected via cookies (see the Cookies section below)

Legal basis for processing: We process booking data on the basis of contractual necessity (we need it to fulfil your reservation). Newsletter sign-ups are processed on the basis of your consent. Analytics data is processed on the basis of our legitimate interest in understanding how visitors use our site.

How We Use Your Information

We use the information we collect for the following purposes:

To process and manage your booking -- confirming your reservation, taking payment, and communicating with you before, during and after your stay.
To send your discount code -- if you sign up via our pop-up offer, we will email you a one-time discount code.
To send occasional updates -- if you have opted in, we may send you news about the cottage, seasonal availability or special offers. You can unsubscribe at any time.
To improve our website -- anonymous analytics data helps us understand which pages are most visited and how we can make the site more useful.

We will never sell, rent or share your personal information with third parties for their marketing purposes.

Payment Processing

All payments are processed securely by Stripe, a PCI DSS Level 1 certified payment processor. When you enter your card details on our booking form, that information is sent directly to Stripe's servers using their secure, encrypted connection.

We do not see, handle or store your full card details at any point. Stripe may retain certain payment data in accordance with their own privacy policy and legal obligations.

Cookies

Our website uses a small number of cookies to function properly and to help us understand how visitors use the site:

Essential cookies

Stripe -- Stripe sets cookies that are necessary for secure payment processing and fraud prevention. These cannot be disabled if you wish to make a booking.

Analytics cookies

Google Analytics -- We use Google Analytics to collect anonymous, aggregated data about page views, time on site and traffic sources. This data does not identify you personally. Google Analytics sets cookies such as _ga and _gid to distinguish unique visitors.

You can control or delete cookies through your browser settings. Disabling analytics cookies will not affect your ability to browse the site. For more information, visit aboutcookies.org.

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access -- You can request a copy of the personal data we hold about you.
Right to rectification -- You can ask us to correct any inaccurate or incomplete information.
Right to erasure -- You can ask us to delete your personal data, subject to any legal obligations we may have to retain it.
Right to restrict processing -- You can ask us to limit how we use your data in certain circumstances.
Right to data portability -- You can request your data in a structured, machine-readable format.
Right to object -- You can object to our processing of your data where we rely on legitimate interest as our legal basis.
Right to withdraw consent -- Where we process data based on your consent (such as marketing emails), you can withdraw that consent at any time.

To exercise any of these rights, please contact us at hello@thedairycottage.co.uk. We will respond within one month.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Data Retention

We retain your personal data only for as long as is necessary for the purpose it was collected:

Booking data -- Retained for up to 6 years after your stay to comply with UK tax and accounting obligations.
Newsletter subscribers -- Retained until you unsubscribe, at which point your details are deleted promptly.
Analytics data -- Google Analytics data is retained for 14 months before being automatically deleted.

Third-Party Services

We use a limited number of trusted third-party services to run our website and process bookings:

Stripe -- Payment processing. Stripe Privacy Policy
Google Analytics -- Website analytics. Google Privacy Policy

Each of these providers processes data in accordance with their own privacy policies and applicable data protection laws.

Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. Our website uses HTTPS encryption throughout, and payment data is handled entirely by Stripe's PCI-compliant infrastructure.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

Contact

If you have any questions about this privacy policy or how we handle your data, please get in touch:

Email: hello@thedairycottage.co.uk
Business: The Dairy Cottage, Hassocks, East Sussex, UK
Website: thedairycottage.co.uk