Effective Date: 8 January 2026
- Data Controller:
- Park Cliffe Ltd (Windermere Stays)
- ICO Registration:
- Z6736627
Windermere Stays (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy.
This Privacy Notice explains what information we collect, why we collect it, how it is used, and your rights under UK data protection law.
Who We Are (Data Controller)
Park Cliffe Ltd (Windermere Stays)
📍 Address: Birks Road, Windermere, LA23 3PG
📧 Email:
This email address is being protected from spambots. You need JavaScript enabled to view it. 📞 Telephone: 07919 361454
We are the data controller, meaning we decide how and why your personal data is used.
For any data protection enquiries, you can contact us at the above email address.
What Personal Data We Collect
Information you provide when making a booking
- Full name
- Contact details (email address, phone number, postal address)
- Names of guests staying in the property
- Booking details (dates, payment status, preferences)
- Age confirmation (e.g., verifying you are over 18)
Payment information
- Payment method
- Partial/limited card details processed securely by our payment provider
(We do not store full card details.)
Pet information (if applicable)
- Confirmation if bringing a dog
- Relevant behaviour information or assistance-dog information
Communications
- Emails, messages, and telephone correspondence
- Feedback or reviews you provide
Website usage information
- IP address
- Browser type
- Pages visited
- Cookies and tracking technologies (refer to "Cookies Policy")
Property management information
- Reports of damage, incidents or complaints
- Access logs (e.g. key safe)
CCTV
If in use, CCTV is limited to external areas such as driveways or parking areas.
We do not operate CCTV inside any accommodation.
Children’s data
We do not intentionally collect information about children except where necessary for a booking (e.g. names of guests).
We do not use children’s data for any other purpose.
How We Use Your Personal Data (Purposes)
We use your data for the following purposes:
- To process and manage bookings
- To verify identity and age
- To take payment and process refunds
- To communicate with you before, during and after your stay
- To manage your stay and provide customer service
- To comply with legal obligations (e.g. tax and accounting rules)
- To maintain safety and security (including CCTV if used)
- To protect the property, detect fraud or manage incidents
- To send important updates about your booking or our terms
- To resolve disputes, claims or debt recovery
We do not use your data for automated decision-making or profiling.
Our Legal Bases for Processing (UK GDPR)
We process your personal data under the following lawful bases:
- ✔ Contract (Article 6(1)(b))
- To process your booking and provide accommodation.
- ✔ Legal Obligation (Article 6(1)(c))
- To comply with accounting, tax, safety and regulatory duties.
- ✔ Legitimate Interests (Article 6(1)(f))
-
For:
- Responding to enquiries
- Protecting property from damage
- Managing security and fraud prevention
- Operating external CCTV for crime prevention and safety
- Managing customer service and general communication
- ✔ Consent (Article 6(1)(a))
- For optional marketing emails or newsletters. You may withdraw consent at any time.
Sharing Your Personal Data
We only share your data when necessary and only with trusted third parties.
Service providers (processors)
Examples may include:
- Booking management platforms
- Payment processors
- Property management or housekeeping software
- Email communication tools
- Marketing partners working under our instructions
- Professional cleaners or maintenance contractors (where required for your stay)
All processors are contractually required to protect your data and act only on our instructions.
Legal and regulatory bodies
Where required by law (e.g., HMRC, police).
Insurance or legal advisors
If handling a claim, incident, complaint, or dispute.
We never sell your personal data.
International Transfers
If any service provider stores data outside the UK (e.g., in the EU/EEA or USA), we ensure appropriate safeguards are in place, such as:
- UK adequacy decisions
- Standard Contractual Clauses (SCCs)
You may request further details at any time.
Data Retention
We keep personal data only for as long as necessary:
- Booking records: 7 years (legal requirement for tax/accounting)
- Communications & queries: 12–24 months
- CCTV footage: normally 30 days, unless required for an investigation
- Damage or incident reports: up to 6 years (limitation period for claims)
- Marketing data: until you withdraw consent
After these periods, data is securely deleted or anonymised.
Your Data Protection Rights
Under UK GDPR, you have the right to:
- Access – Request a copy of your personal data
- Rectification – Correct inaccurate or incomplete information
- Erasure – Request deletion of your data (where lawful)
- Restriction – Ask us to limit how your data is used
- Objection – Object to processing based on legitimate interests
- Data portability – Request your data in a machine-readable format
- Withdraw consent – For marketing or other consent-based processing
To exercise any of these rights, contact
This email address is being protected from spambots. You need JavaScript enabled to view it. We may need to verify your identity before responding.
Data Security
We use appropriate technical and organisational measures to protect your data, including:
- Secure payment processing
- Restricted access to systems
- Encryption and firewall protection
- Staff training on data protection
- Secure data storage and disposal procedures
Complaints
If you have concerns about your personal data, please contact us first at: 📧
This email address is being protected from spambots. You need JavaScript enabled to view it. You also have the right to complain to the UK supervisory authority: Information Commissioner’s Office (ICO) www.ico.org.uk