Last Updated: July 4, 2025

1. Introduction

Welcome to the Privacy Policy for Corner Beech House (https://cornerbeech.co.uk/). This policy explains how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and other applicable UK data protection laws.

We are committed to protecting your privacy and handling your personal data responsibly and transparently.

2. Who We Are (Data Controller)

The data controller responsible for your personal data collected via this website is The owners at Corner Beech House.

Contact Details for Privacy Queries: Email: info@cornerbeech.co.uk

3. What Personal Data We Collect and Why

We collect different types of personal data for specific purposes:

• Data collected via the Freetobook Online Booking System:

  • Types of Data: Full name, email address, postal address, phone number, and details related to your booking (e.g., arrival/departure dates, number of guests, special requests). Payment information is processed directly by Freetobook and their payment gateway, and we do not directly store your full payment card details on our systems.

  • Purpose: To process and manage your accommodation bookings, confirm reservations, provide you with the services you have booked, manage payments, and communicate with you regarding your stay.

  • Legal Basis: Performance of a contract (to fulfil your booking).

• Data collected via Contact Forms:

  • Types of Data: Name, phone number, email address, and the content of your message.

  • Purpose: To respond to your enquiries, provide information, and communicate with you about your questions or requests.

  • Legal Basis: Legitimate interests (to respond to direct communications from potential or current customers) and/or to take steps at your request prior to entering into a contract (if your enquiry relates to a booking).

• Data collected via the Gift Cards Pro Plugin:

  • Types of Data: Your email address (as the sender) and the recipient’s email address. Payment details are processed via Stripe.

  • Purpose: To facilitate the purchase and delivery of gift cards.

  • Legal Basis: Performance of a contract (to provide the gift card service you have purchased).

• Data collected via Google Analytics 4 (GA4):

  • Types of Data: Information about your website usage, such as pages visited, time on site, clicks, and general geographical location (not precise IP addresses as GA4 anonymises these). GA4 uses cookies (like _ga and _ga_<container-id>).

  • Purpose: To analyse website traffic, understand user behaviour, and improve our website’s functionality and content.

  • Legal Basis: Consent (obtained via our CookieYes consent banner).

• Data collected by embedded content and plugins:

  • Google Maps: When you view the embedded Google Map on our contact page, Google may collect data about your interaction with the map. This is governed by Google’s Privacy Policy.

  • Google Reviews Plugin: This plugin displays reviews and provides a link to leave a review on Google. Your interaction with the plugin and any review submission is subject to Google’s terms and privacy policies.

  • Social Media Icons (Facebook, Instagram): Clicking on these icons will take you to our social media profiles. While we don’t directly collect data from these actions, the social media platforms themselves will collect data according to their own privacy policies if you interact with them or are logged in.

We do not collect any special categories of personal data (e.g., health information, racial or ethnic origin) unless you voluntarily provide it in a special request related to your booking (e.g., dietary requirements or accessibility needs). If you do provide such data, we will only use it to fulfil your request during your stay.

4. How We Share Your Personal Data

We may share your personal data with the following third parties for the purposes outlined above:

• Freetobook: Our online booking system provider, for processing and managing your reservations.

• Stripe: Our payment processor for gift card purchases. Stripe handles your payment card details securely and is a PCI DSS compliant service. We do not directly store your full payment card information.

• Google (Analytics, Maps, Reviews): For website analytics, displaying maps, and managing reviews. Google’s privacy policy governs how they process data.

• IT Service Providers: Companies that provide us with IT and system administration services (e.g., website hosting, maintenance).

• Professional Advisors: Including lawyers, bankers, auditors, and insurers who provide professional services.

• Law Enforcement or Regulatory Authorities: If legally required to do so.

We only share personal data with third parties who are committed to protecting data privacy and are compliant with relevant data protection laws. We have data processing agreements in place where required.

5. International Data Transfers

Some of our third-party service providers (e.g., Google, Stripe, Facebook, Instagram) are based outside the UK and European Economic Area (EEA). This means your personal data may be processed in countries where data protection laws might not be as stringent as in the UK.

Whenever your personal data is transferred outside the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• The transfer is to a country that has been deemed to provide an adequate level of protection for personal data by the UK government.

• We use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (e.g., Standard Contractual Clauses).

• Where applicable, the transfer is to an organisation certified under the UK Extension to the EU-U.S. Data Privacy Framework.

6. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Our recommended retention periods are:

• Booking Data: We retain data related to your bookings for 7 years after your last stay. This period aligns with typical UK tax and accounting requirements and allows us to manage repeat bookings and address potential disputes.

• Contact Form Inquiries: We retain contact form data for 12-24 months after the last communication, unless the inquiry leads to a booking, in which case it becomes part of the booking data.

• Gift Card Data (Sender/Recipient Emails): Retained for 7 years after the gift card’s validity period expires or it has been redeemed, for financial record-keeping and customer service.

• Google Analytics Data (GA4): User and event data is retained for a maximum of 14 months within Google Analytics, as per our GA4 settings.

After the retention period, your personal data will be securely deleted or anonymised.

8. Your Legal Rights

Under UK GDPR, you have the following rights concerning your personal data:

• Right to be Informed: To be informed about how your data is collected and used (this Privacy Policy).

• Right of Access: To request a copy of the personal data we hold about you.

• Right to Rectification: To request that we correct any inaccurate or incomplete data we hold about you.

• Right to Erasure (‘Right to be Forgotten’): To request that we delete your personal data, under certain conditions. Please note that this right is not absolute and we may be legally required to retain certain information (e.g., for tax purposes).

• Right to Restrict Processing: To request that we limit the way we use your personal data, under certain conditions.

• Right to Data Portability: To request that we transfer your personal data to another organisation, or to you, in a structured, commonly used, machine-readable format.

• Right to Object: To object to our processing of your personal data, particularly in cases where we rely on legitimate interests or for direct marketing.

• Rights in relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not use automated decision-making or profiling that would have such an effect.

• Right to Withdraw Consent: Where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of these rights, please contact us at: info@cornerbeech.co.uk

We will respond to your request within one month.

9. Complaints

If you have any concerns about our use of your personal data, please contact us at info@cornerbeech.co.uk so that we can try to resolve it for you.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can find their contact details on the ICO website: www.ico.org.uk.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on our website, and we will update the “Last Updated” date at the top of this policy. We encourage you to review this policy periodically.