Langdale logo
Book Your Hotel Room
Langdale logo
BOOK

The Langdale Estate
Privacy Policy

Effective Date: [August 2025]

Last Updated: [August 2025]

  1. About Us

Langdale Leisure Limited is a wholly owned subsidiary of Langdale Owners PLC. We operate The Langdale Estate, which includes hotel accommodation, spa services, dining, leisure facilities and management company operations.

Company Number: 2060782
Registered Office: The Langdale Estate, Great Langdale, Ambleside, Cumbria, LA22 9JD
Data Protection Registration: Z6918681
Contact Email: [email protected]
Data Protection Officer: [email protected]

  1. What Personal Data We Collect

Identity and Contact Data
- Full name
- Email address, phone number, postal address

Booking and Transaction Data
- Reservation details
- Payment information (tokenized for security)
- Purchase history

Marketing and Communication Data
- Preferences for receiving marketing
- Responses to surveys, competitions, or promotions

Recruitment Data
- Applications and CVs and other relevant employer information from successful applicants only

CCTV
- Used for safety and crime prevention

  1. How We Collect Your Data

We collect data through:

Direct interactions (e.g. bookings, contact forms, phone calls, successful job applicants)

Automated technologies (e.g. cookies, analytics tools)

Third-party sources (e.g. booking platforms, marketing partners)

CCTV cameras

  1. How We Use Your Data

We use your personal data for the following purposes:

Purpose: To process bookings and manage your stay
Legal Basis: Contractual necessity

Purpose: To respond to enquiries and provide customer service
Legal Basis: Legitimate interest

Purpose: To send marketing communications
Legal Basis: Consent, implied consent

Purpose: To personalise your experience
Legal Basis: Legitimate interest, implied consent

Purpose: To manage our business operations
Legal Basis: Legitimate interest

Purpose: To comply with legal and regulatory obligations
Legal Basis: Legal obligation

  1. Marketing Communications

We may send you promotional emails or offers if you have opted in. You can unsubscribe at any time by:
- Clicking the “unsubscribe” link in our emails
- Contacting us at [email protected]

We do not sell or rent your data to third parties for marketing purposes.

  1. Sharing Your Data

We may share your data with:
- Internal staff who need access to fulfil your request
- Service providers (e.g. booking engines, payment processors, IT support)
- Legal and regulatory authorities when required

All third parties are required to respect the security of your data and process it in accordance with the law.

  1. International Data Transfers

Some of our service providers may be located outside the UK or EEA. In such cases, we ensure appropriate safeguards are in place, such as:

- Standard Contractual Clauses (SCCs)
- Data processing agreements
- Adequacy decisions by the UK government

  1. Data Security

We implement appropriate technical and organisational measures to protect your data, including:
- SSL encryption on our website
- Secure payment gateways
- Access controls and staff training
- Regular security audits

  1. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, including:
- Booking and transaction data: 7 years (for accounting/legal purposes)
- Marketing data: Until you withdraw consent
- Website analytics: 26 months (Google Analytics default)

  1. Your Rights

Under UK GDPR, you have the right to:
- Access your personal data
- Request correction or deletion
- Object to or restrict processing
- Withdraw consent at any time
- Data portability (in certain cases)
- Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact: [email protected]

  1. Cookies and Tracking Technologies

We use cookies to:
- Enable website functionality
- Analyse traffic and usage patterns
- Personalise content and ads

You can manage your cookie preferences via your browser settings. For more details, see our Cookie Policy.

  1. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

  1. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available at www.langdale.co.uk/privacy-policy. We recommend reviewing it periodically. Your continued use of this website and any services after any modifications indicates your acceptance of the updated policy.

  • CCTV

Images are monitored and captured for safety and crime prevention. Images are retained for up to 15 days unless needed for an investigation. This is likely to be around 7 days dependant on server capacity.

  1. Data Breaches

We take data security seriously and have procedures in place to detect, report, and investigate a personal data breach.

a What is a Data Breach?
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This can include:
- Loss or theft of data or equipment
- Unauthorised access by a third party
- Human error (e.g. sending data to the wrong recipient)
- Cyberattacks such as ransomware or phishing

b. Our Response Plan
In the event of a data breach, we will:
- Identify and contain the breach immediately.
- Assess the risk to individuals and the business.
- Notify the Information Commissioner’s Office (ICO) within 72 hours if the breach is likely to result in a risk to the rights and freedoms of individuals.
- Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
- Document all breaches, regardless of whether they are reportable.
- Your Role

If you suspect that your personal data has been compromised while interacting with us, please contact our Data Protection Officer immediately at [email protected].