Lyme CottageGorgeous self catering holiday home in Lyme Regis
Privacy Policy
Lyme Cottage | www.lymecottage.com
Last udpated: April 2026
Who We Are
This website is operated by Sam Milford, trading as Lyme Cottage, a sole trader based in England. Our website address is www.lymecottage.com.
For all data protection matters, Sam Milford is the Data Controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Contact: sam@lymecottage.com
What Personal Data We Collect and Why
We collect personal data only where we have a lawful basis to do so, and only to the extent necessary for the stated purpose.
Booking Enquiries and Reservations
When you submit a booking enquiry or reservation request through our website, we collect the following information:
- First name and last name
- Email address
- Home address
- Phone number
- Arrival and departure dates
- Number of guests
- Any optional message you choose to include
Why we collect this: This data is necessary to process and manage your booking, communicate with you about your stay, and fulfil our obligations to you as a guest. The lawful basis for processing is contract performance (Article 6(1)(b) UK GDPR).
Guest Reviews
We may collect written reviews or feedback from guests following their stay. Where a review is submitted for publication on this website, only your first name and the content of your review will be published.
Marketing Emails (Optional)
During the booking process, you may opt in to receiving occasional marketing emails from us — such as special offers or news about Lyme Cottage. This is entirely voluntary.
Why we collect this: With your explicit consent (Article 6(1)(a) UK GDPR), we may send you marketing communications via our email platform, Brevo (Sendinblue SAS). Brevo acts as a data processor on our behalf and is fully GDPR-compliant.
You can withdraw your consent and unsubscribe at any time by clicking the unsubscribe link in any email we send, or by contacting us at sam@lymecottage.com.
Website Analytics
We use Google Analytics to understand how visitors use our website — for example, which pages are most popular and where visitors come from. Google Analytics collects anonymised data about your browsing behaviour, including approximate location derived from your IP address.
Why we collect this: This is based on our legitimate interest (Article 6(1)(f) UK GDPR) in understanding and improving our website. IP address anonymisation is enabled, meaning your full IP address is never stored or sent to Google.
For more information, see [Google’s Privacy Policy](https://policies.google.com/privacy).
Cookies
Our website uses cookies to help it function properly and to analyse site usage. Cookies are small text files placed on your device when you visit our site.
We use the following types of cookies:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Session | Required for the website to function correctly | Session (deleted when you close your browser) |
| Analytics (Google Analytics) | Anonymised website usage statistics | Up to 2 years |
We do not use advertising, profiling, or marketing cookies.
You can control and/or delete cookies through your browser settings at any time. Restricting analytics cookies will not affect your ability to use the website.
Contact and Enquiry Forms
If you contact us via any form or email on the website, we collect the information you provide (typically your name, email address, and message) in order to respond to your enquiry.
How Long We Retain Your Data
We retain personal data only for as long as necessary:
- Booking data: (name, contact details, stay information): Retained for a period of 7 years from your stay in accordance with HMRC record-keeping requirements for sole traders.
- Marketing email consent and contact data: Retained until you unsubscribe or withdraw consent. Upon unsubscribing, your details will be removed from our active mailing list.
- Guest reviews: Retained indefinitely while published on the website. You may request removal at any time.
- Analytics data: Retained by Google Analytics per their standard retention settings (up to 26 months by default).
- General enquiry emails: Retained for up to 2 years, then securely deleted.
Who We Share Your Data With
We share personal data only with trusted service providers who act as data processors on our behalf, and only to the extent necessary to deliver our services:
| Service Provider | Purpose | Privacy Policy |
|---|---|---|
| Brevo (Sendinblue SAS) | Marketing email delivery | brevo.com/legal/privacypolicy |
| Google Analytics (Google LLC) | Anonymised website analytics | policies.google.com/privacy |
|We do not sell, rent, or trade your personal data with any third parties. We do not share guest personal data with any third-party booking platforms.[^3]
How We Protect Your Data
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These measures include:
- Secure HTTPS connections on this website
- Password-protected access to booking systems and databases
- Use of reputable, GDPR-compliant third-party processors (Brevo, Google)
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware, and will contact affected individuals where required.
Your Rights Under UK GDPR
Under the UK General Data Protection Regulation, you have the following rights:
- Right of access – You can request a copy of the personal data we hold about you.
- Right to rectification – You can ask us to correct inaccurate or incomplete data.
- Right to erasure – You can ask us to delete your personal data, subject to any legal obligations we have to retain it.
- Right to restrict processing – You can ask us to limit how we use your data in certain circumstances.
- Right to data portability – You can request your data in a portable format.
- Right to object – You can object to processing based on legitimate interests or for direct marketing at any time.
- Right to withdraw consent – Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at sam@lymecottage.com. We will respond within one calendar month.
Complaints
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the UK’s data protection authority:
Information Commissioner’s Office (ICO)
🌐 ico.org.uk
📞 0303 123 1113
We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO — please reach out to us first at sam@lymecottage.com.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the Last updated date at the top of this page. We encourage you to review this policy periodically.
Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact:
Sam Milford
Trading as Lyme Cottage
📧 sam@lymecottage.com
🌐 lymecottage.com