PRIVACY NOTICE

This Privacy Notice is issued to you, as you are an individual about whom we control personal data. It provides you with information about what personal data we hold and process and what we do with that personal data.

This Privacy Notice explains clearly how we collect, process, store and share your personal data in line with our legal obligations under the UK GDPR.

If you have any questions about this notice, or the way in which we process your personal data, please do not hesitate to contact us using the details in the ‘How To Contact Us’ section.

Our obligations to you in respect of the fair and transparent processing of your data.

Section

Your Right To Be Informed

What it tells you

Our details as the data controller.

Who We Are

Our full contact details.

How To Contact Us

What types of personal data we collect from you.

Data We Hold

How we may process your personal data in different ways, and how we will use the personal data you provide.

What We Do With Your Data

Under the GDPR, we are required to have a lawful basis for processing your personal data. We may have more than one lawful basis so this section explains which bases may be used.

Lawful Basis For Processing

This section contains information about how we will market our services to you and our lawful basis for doing so.

Marketing

It may be necessary for us to share your personal data, for us to provide our services and facilities to you. This section explains if we share your personal data, and who with.

Sharing Your Information

The obligations which apply if we need to transfer your personal data outside the UK.

Transfer of Personal Data Outside the UK

The retention period for the personal data we hold will depend on the type of personal data and how it has been processed. In all cases, we will not retain personal data for longer than is necessary. This section outlines our retention periods.

How Long We Retain Data

The GDPR enshrines the rights of the data subject into law. This section outlines what rights you have as a data subject.

Your Data Protection Rights

If you are unhappy with the way in which we process your personal data, please refer to this section as it outlines how you can make a complaint.

How To Make A Complaint

Our website uses cookies. This means that certain data is collected by us about you when you visit our website. Please refer to the separate policy covering Cookies.

Cookies

Your Right To Be Informed

The GDPR requires that we inform you about how we use the personal data we collect from/about you. We aim to process your personal data in a way which is lawful, fair and transparent.

Who We Are

Ampney Park Ltd, whose registered office is 10 John Street, London, United Kingdom, WC1N 2EB with registered no. 12885753 (referred to hereafter as We or Us).

For the purposes of the GDPR and the Data Protection Act 2018, we are data controllers. We are registered with the Information Commissioner’s Office.

Contact Us

If you have any queries about this Privacy Notice, or wish to exercise your rights, please contact us at:

Email - dataprotection@ampneypark.co.uk 

Website - https://ampneypark.co.uk/

Data We Hold

We collect personal data which is any information that may identify a living individual.

Types of personal data

We collect the following personal data about you:

  • Name

  • Address

  • E-Mail address

  • Identification (e.g. passport, driving licence with images of you) to show proof of age

  • Telephone number

  • Bank details

We will not process any special category data about you.

What we do with your data

All the personal data we hold about our guests will be processed for the purposes of making reservations, taking payment and potentially providing them with services and facilities.

We may store your personal data to pre-populate fields to make it easier for you to provide information.

We may also use your personal data to keep you informed about the services and facilities we offer.  Please refer to the Marketing section below.

In addition, this personal data may be used for our own general business purposes to facilitate:

  • General administration for our guests, including reservations, payment and confirmation of identity

  • Advertising and marketing (where necessary your consent to receive marketing will be obtained)

  • Management information which is necessary to assess how we are performing as a business and guest satisfaction with our services

  • Health and safety requirements to ensure the safety and security of our guests and premises

  • Disclosure of information to our professional advisors

  • Complying with our general legal obligations

Lawful basis for processing

It is a requirement of the GDPR that personal data is only processed when there is a lawful basis for doing so.

Our legal basis for processing personal data will include one or more of the following:

  • Processing is necessary for the performance of the contract you enter into when you stay with us, including when we take initial steps in order to enter into a contract at your request

  • Processing is necessary for our compliance with our legal obligations

  • Processing is necessary for the purposes of pursuing our legitimate interest and pursuing our general business interest

  • Processing is necessary for the establishment, exercise or defence of legal claims

  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person (for example, in the case of a medical emergency)

Additionally, in some circumstances we may process personal data on the basis that an individual guest has provided their express consent, for example, for marketing to a guest by email or SMS.

Please note that consent provided by an individual may be withdrawn by that individual at any time by contacting us using the contact details above.

Marketing

We may wish to send marketing materials to you on the basis of our legitimate interests or, where necessary, having obtained your prior consent, provided it is permissible for us to do so by law. It is the right of individuals to opt-out of or unsubscribe from any marketing materials. Full details of how this can be done will be included within each marketing communication. You may also opt-out of all or any marketing materials by contacting us at the above address.  

Sharing your information

In order to provide our services to you we may need to share your data with third parties we engage as Data Processors. These will be suppliers  who provide facilities and services to us and our guests.

Please Note

It may be necessary for us to share the personal data we hold, insofar as we are obliged or allowed by law to do so, with third parties including the following:

  • financial organisations, debt collection, credit reference and tracing agencies

  • suppliers and service providers used by us in order to fulfil reservations and deliver our services and facilities to you. This may include, providers to collect payments or to provide systems to us

  • our own professional advisors

  • government agencies, regulators, the police/law enforcement agencies and other authorities (including the Information Commissioner and HMRC)

It may also be necessary to share personal data to comply with our legal obligations or for the establishment, exercise or defence of legal claims.

With your consent, we may also share your personal data with anyone you have authorised to deal with us on your behalf.

Transfer of personal data outside the UK

Where possible, we seek to ensure personal data we collect is stored securely within the UK. However, some personal data we collect may be transferred to, stored at, or processed in a country outside of the UK, particularly if we need to transfer your personal data to third parties. This means it might be processed by suppliers operating outside of the UK.

Where personal data is provided to a third party, either in or outside the UK we will ensure that it and any of its agents and/or suppliers take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice.

How Long We Retain Personal Data

In line with the requirements of GDPR we will retain any personal data we hold for no longer than is necessary for the purpose for which it was provided, unless we are required by law, or  have another legitimate reason to keep it for longer (for example, if necessary for any legal proceedings).

Guest information: 18 months after the stay has been completed

Accounts data: 6 years from the end of the financial year in which payment was collected

Marketing information: 18 months after the stay has been completed

Your data protection rights

UK law seeks to protect your rights as follows:

  • The right to be informed. Individuals have the right to be told what personal data is collected about them, why, who is collecting the personal data, how long it will be held, how they can file a complaint and with whom your personal data will be shared.

  • The right of access. Individuals have the right to access the personal data an organisation holds about them.

  • The right of rectification. Individuals may ask an organisation to correct any inaccurate or incomplete personal data within one month.

  • The right to erasure. Individuals have the right to have personal data erased and to prevent processing except where we have a legal obligation to process your personal data.

  • Right to restrict processing. Individuals can request that an organisation limits the way it uses their personal data. This means that an organisation is not obligated to delete the personal data, but they have to refrain from processing it.

  • The right to data portability. On your request, we will provide you with your personal data in a structured format.

  • The right to object. Allows individuals to object to the processing of personal data at any time, in certain situations and will depend on the purpose of processing and the lawful basis for processing.

  • Rights in relation to automated decision making and profiling. You have particular rights in relation to automated decision making and profiling to reduce the risk that a potentially damaging decision is taken without human intervention. You can object to your personal data being used for profiling, direct marketing or research purposes.

You should bear in mind that by exercising any of these rights you may hinder or prevent our ability to provide you with reservations, and other facilities and services.

You may invoke any of these rights at any time by contacting us  using the contact details given at the beginning of this Privacy Notice.

How to make a complaint

In addition to the rights listed above, any person about whom we hold personal data, also known as data subjects, have the right to make a complaint about how we have processed their personal data, or a data breach. In the first instance, we invite you to contact us using the contact details given at the beginning of this Privacy Notice.

Alternatively, data subjects can raise a complaint directly with the Information Commissioner. Information of how you can complain can be found at www.ico.org.uk/for-the-public/

Our website and cookies

Cookies are small files downloaded to your computer or other devices when you view or access certain websites. Please refer to the separate policy on our website for more information.

We may modify this Privacy Notice from time to time, so please review it regularly.

This Privacy Notice was last updated in November 2025.