Privacy Policy and Cookies Policy

Privacy and Cookie Policy

Last updated: 22 April 2026

This Privacy and Cookie Policy explains how Hidden Hill (“we”, “us” or “our”) collects, uses, stores and protects personal data when you visit our website, contact us, make a booking, stay with us, or otherwise interact with us.

We are committed to handling personal data lawfully, fairly and transparently in accordance with UK data protection law.

1. Who We Are

We are a holiday accommodation business based in Dorset, United Kingdom, providing short-term holiday-let accommodation.

For the purposes of UK data protection law, we are the data controller of the personal data described in this policy.

If you have any questions about this policy or about how we use your personal data, please contact us:

Email: [insert email address]
Post: [insert postal address]

You also have the right to make a complaint to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection matters. We would, however, appreciate the chance to address your concerns first.

2. What Personal Data We Collect

We may collect and use the following personal data:

Information you provide directly

• your name;

• your email address;

• your telephone number;

• your postal address;

• booking details, including dates of stay, number of guests, and any special requests;

• correspondence with us by email, contact form, phone or otherwise;

• feedback, reviews or survey responses;

• your marketing preferences.

Information collected automatically

When you use our website, we may automatically collect certain technical and usage information, including:

• your IP address;

• browser type and version;

• device type and operating system;

• the pages you visit and how long you spend on them;

• the website or source that referred you to us;

• cookie and similar technology data.

Information from third-party providers

Where bookings or payments are handled through third-party providers, we may receive information such as:

• your booking reference;

• your contact details;

• your stay details;

• payment status;

• limited fraud-prevention or verification information where relevant.

We do not store your full payment card details.

3. How We Collect Personal Data

We collect personal data:

• when you contact us directly;

• when you complete a form on our website;

• when you make or manage a booking;

• when you sign up to receive marketing communications;

• when you browse our website;

• from third-party providers who help us operate our website, bookings and payment systems.

4. How We Use Your Personal Data

We use personal data for the following purposes:

• to respond to enquiries and provide information about our accommodation;

• to take and manage bookings;

• to communicate with you about your booking or stay;

• to process payments, refunds and deposits where applicable;

• to maintain accounting, tax and legal records;

• to improve our website, services and guest experience;

• to keep our website and systems secure;

• to send marketing communications where you have agreed to receive them or where otherwise permitted by law;

• to comply with legal and regulatory obligations.

5. Our Lawful Bases for Processing

Under UK GDPR, we must have a lawful basis for using your personal data. Depending on the circumstances, we rely on one or more of the following:

Contract
Where we need to use your personal data to enter into or perform a contract with you, for example to take a booking, confirm your stay, process payment, or provide guest support.

Legal obligation
Where we need to use your personal data to comply with legal or regulatory requirements, such as tax, accounting, fraud-prevention or law-enforcement obligations.

Legitimate interests
Where it is necessary for our legitimate interests in running, improving and protecting our business, provided those interests are not overridden by your rights and interests. This may include responding to enquiries, administering bookings, improving our services, keeping records, and securing our website and systems.

Consent
Where we rely on your consent, for example for certain marketing communications or non-essential cookies. You can withdraw your consent at any time. ICO guidance says consent for cookies and many marketing messages must be a real choice and given by a clear positive action.

6. If You Do Not Provide Personal Data

Where we need your personal data in order to take a booking, provide accommodation, process a payment, or comply with legal requirements, and you do not provide that information, we may be unable to enter into or perform our agreement with you. ICO guidance says privacy notices should explain this where relevant.

7. Booking and Payment Providers

Inn Style

We use Inn Style to manage bookings. When you make a booking through our website or booking system, your personal data may be processed through Inn Style in order to administer your reservation and manage your stay.

We only access the information reasonably necessary to manage your booking and guest relationship.

Stripe

We use Stripe to process card payments securely. Stripe processes payment information in accordance with its own privacy notice. We do not see or store your full payment card details.

Stripe may also use personal data for fraud prevention, identity checks and compliance purposes.

Wix

Our website is hosted on the Wix platform. Wix may process technical, hosting and form-submission data in order to provide website functionality, hosting, security and support services.

8. Deposits and Refunds

If a deposit or refund is handled by bank transfer, we may need limited bank details in order to return funds to you.

If we receive those details directly, we will use them only for the relevant transaction and keep them only for as long as reasonably necessary for that purpose and any related record-keeping.

9. How Long We Keep Your Personal Data

We keep personal data only for as long as reasonably necessary for the purposes set out in this policy, including to satisfy legal, accounting, tax, insurance and record-keeping requirements.

As a general guide, we retain:

• enquiry and contact form data for up to 12 months after the last meaningful contact;

• booking, invoicing and accounting records for up to 7 years where required for legal, tax or accounting purposes;

• marketing subscription records until you unsubscribe or after a reasonable period of inactivity;

• analytics and cookie-related data in accordance with the settings of the relevant cookie, analytics or consent tool.

We may retain information for longer where necessary to establish, exercise or defend legal claims. ICO guidance says privacy information should include retention periods or the criteria used to decide them.

10. How We Share Your Personal Data

We may share your personal data where reasonably necessary with:

• booking platform providers, including Inn Style;

• payment processors, including Stripe;

• website hosting and support providers, including Wix;

• professional advisers such as accountants, insurers, legal advisers or IT support providers;

• regulators, public authorities, courts, law enforcement agencies or other third parties where required by law or where necessary to protect our legal rights.

We do not sell your personal data. ICO guidance says people should be told who receives their data or the categories of recipients.

11. International Transfers

Some of our third-party service providers may process or store personal data outside the United Kingdom.

Where this happens, we take steps intended to ensure your personal data remains protected in accordance with UK data protection law, including the use of recognised safeguards where required.

ICO guidance updated in January 2026 explains that the transfer rules apply where personal information is sent or made accessible outside the UK, including where overseas access is given to service providers.

12. How We Protect Your Personal Data

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, destruction, misuse, alteration, unauthorised disclosure or access.

These measures may include:

• encrypted website connections;

• secure hosting infrastructure;

• restricted access to systems and accounts;

• password protection and authentication controls;

• security monitoring by us and our service providers.

No system can ever be completely secure, but we take data protection and information security seriously.

13. Your Rights

Subject to certain legal conditions and exemptions, you may have the right to:

• request access to the personal data we hold about you;

• request correction of inaccurate or incomplete data;

• request erasure of your personal data;

• request restriction of processing;

• object to certain processing, including direct marketing;

• withdraw consent where we rely on consent;

• request transfer of certain personal data to you or another provider.

To exercise any of these rights, please contact us using the details set out above.

You also have the right to complain to the ICO. ICO guidance identifies this as part of the information people should be given.

14. Marketing Communications

We may send you marketing emails or similar communications about offers, updates or news only where you have chosen to receive them or where otherwise permitted by law.

You can unsubscribe at any time by:

• clicking the unsubscribe link in any marketing email; or

• contacting us directly.

Service messages relating to an enquiry, booking or stay are not marketing and may still be sent where necessary. The ICO says unsolicited marketing emails to individuals usually require specific consent, subject to a limited “soft opt-in” exception for existing customers.

15. Cookies and Similar Technologies

Our website uses cookies and similar technologies to:

• operate and secure the website;

• remember your preferences;

• understand how visitors use the website;

• improve site performance and user experience;

• support analytics and, where used, marketing.

Cookies are small text files stored on your device. Some cookies are strictly necessary for the website to function properly. Others, such as analytics or marketing cookies, are non-essential and will only be used where you have given consent.

Your cookie choices

When you first visit our website, you will be asked to choose your cookie preferences. You can:

• accept all cookies;

• reject non-essential cookies; or

• manage your cookie settings.

You can change your preferences at any time using the Cookie Settings link on our website.

Types of cookies we may use

We may use the following categories of cookies:

• Strictly necessary cookies, which are required for the website to work and for core security and accessibility functions;

• Preference cookies, which remember your settings and choices;

• Analytics cookies, which help us understand how visitors use our website;

• Marketing cookies, which may be used to measure campaigns or personalise advertising where enabled.

ICO guidance says non-essential cookies must not be set before consent, and users should have an easy way to accept, refuse, and later change their preferences. The ICO has also updated broader guidance on storage and access technologies following changes introduced by the Data (Use and Access) Act 2025.

16. Third-Party Websites

Our website may contain links to third-party websites, platforms or services. We are not responsible for the privacy practices of those third parties. You should read their own privacy and cookie policies before submitting personal data to them.

17. Changes to This Policy

We may update this Privacy and Cookie Policy from time to time to reflect changes in our business, services, legal requirements or website technologies. Any updates will be posted on this page and will take effect from the date of publication shown at the top of the policy.

18. Contact Us

If you would like to access, correct, update or delete personal information we hold about you, or if you have any questions about this policy or our data practices, please contact us at:

Post: Hidden Hill, The Paddock, Tincleton, Dorset, DT2 8QP