Privacy Policy

Last updated: 7 April 2026

1. Introduction

Coed Llydan (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal data when you visit our website, make an enquiry, or book a stay with us.

We understand that your privacy is important and we take every reasonable precaution to safeguard your personal information.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website or services, you acknowledge the terms of this Privacy Policy.

2. Who We Are

Coed Llydan is a provider of holiday accommodation.

For the purposes of data protection law, we are the data controller in relation to personal data you provide directly to us.

3. Information We Collect

We may collect and process the following categories of personal data:

3.1 Information you provide to us

You may provide personal data by filling in forms on our website, corresponding with us, or making a booking. This includes:

Full name
Email address
Telephone number (if provided voluntarily)
Postal address
Booking details (arrival/departure dates, number of guests, preferences)
Guest information (including additional guests where provided)
Special requirements (including dietary, accessibility or health-related needs where relevant to your stay)
Any other information you choose to provide

3.2 Booking and payment information

When making a booking, we may collect:

Transaction details
Payment confirmation information

All payments are processed securely by third-party providers. We do not store full card details.

3.3 Information we collect automatically

When you visit our website, we may automatically collect:

IP address
Browser type and version
Device type and operating system
Time zone setting
Pages viewed and navigation paths
Time spent on pages
Referral source (e.g. search engine or external website)

3.4 Information received from third parties

We may receive your personal data from third-party booking platforms (for example, Airbnb and similar online travel agents).

These platforms typically act as independent data controllers, meaning they determine how your personal data is collected and shared under their own privacy policies.

The information shared with us may include:

Name and contact details
Booking and reservation details
Guest information
Communications relevant to your stay

We recommend reviewing the privacy policies of any third-party platform you use.

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 To fulfil bookings and contracts

To process and manage your reservation
To communicate with you about your booking
To provide services during your stay

4.2 To communicate with you

To respond to enquiries
To send booking confirmations and updates
To provide customer support

4.3 To manage deposits and property protection

To take and administer damage deposits where applicable
To assess, investigate, and resolve any damage, loss, or breach of booking terms
To communicate with you regarding any issues arising during or after your stay
To recover costs where damage or loss has occurred, where necessary

4.4 To improve our services

To analyse website usage and trends
To improve our website functionality and user experience
To develop and enhance our services

4.5 For administrative and legal purposes

To maintain business records
To comply with legal and regulatory obligations
To prevent fraud or misuse of our services

4.6 For marketing (where permitted)

To send newsletters or offers (only if you have opted in)
To inform you of similar services you may be interested in

You may opt out of marketing communications at any time.

5. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

Contractual necessity – to fulfil bookings, including handling deposits and potential damages
Legal obligation – to comply with legal requirements
Legitimate interests – to operate, protect and improve our business and property
Consent – for marketing communications and certain optional data uses

6. Payments

Payments are processed securely via third-party providers such as Stripe or PayPal.

These providers act as independent data controllers for payment processing. We recommend reviewing their privacy policies.

We do not store or have access to your full payment card details.

We do not sell or rent your personal data.

We may share your data with trusted third parties where necessary, including:

Payment processors
Property service providers (e.g. cleaners, maintenance contractors)
IT service providers and website hosts
Marketing platforms (where consent has been given)
Professional advisers (e.g. accountants, legal advisers)
Law enforcement or regulatory bodies where required

All third parties are required to respect the security of your personal data and process it lawfully.

8. Use of Data Processors

We use third-party service providers to process personal data on our behalf.

For example, we use property management software such as Bookster to manage bookings, guest communications, and operational processes.

In this context, such providers act as data processors and only process personal data:

On our instructions
For specified purposes
In accordance with contractual obligations

We endeavour to ensure that all processors implement appropriate technical and organisational measures to protect your data.

9. International Transfers

Some of our service providers may transfer or store personal data outside the UK.

Where this occurs, we endeavour to ensure appropriate safeguards are in place, such as:

Adequacy regulations
Standard contractual clauses

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements.

Typically:

Booking and financial records are retained for up to 6 years
Marketing data is retained until you withdraw consent

11. Your Rights

Under UK GDPR, you have the right to:

Request access to your personal data
Request correction of inaccurate or incomplete data
Request erasure of your data (where applicable)
Object to processing
Request restriction of processing
Withdraw consent at any time
Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact: [email protected]

12. Cookies

Our website uses cookies to distinguish you from other users and improve your experience.

Types of cookies we use:

Strictly necessary cookies – essential for website operation
Analytical/performance cookies – help us understand usage (e.g. Google Analytics)
Functionality cookies – remember your preferences
Targeting cookies – used for relevant marketing (where applicable)

You can control or disable cookies through your browser settings. Disabling cookies may affect website functionality.