Privacy Notice for Sunnybrook Guest House
This page provides an overview of how we handle personal information.
Please review it with your legal adviser to ensure it reflects the exact services used on this website
(such as booking systems, email providers, analytics, CCTV, or payment processors).
Who we are
Sunnybrook Guest House, owned and operated by Marian Rogers, is the data controller for personal information processed through this website and in connection with our bed and breakfast services. Our contact details can be found on the Contact page.
Information we may collect
The information we collect depends on how you use our website and services. This may include:
- Name and contact details
- Booking information and payment details
- Emails, messages, and other correspondence
- Technical data such as IP address, browser type, and pages visited
- Information provided during your stay or when making enquiries
How we use your information
We use personal information to:
- Process and manage bookings
- Respond to enquiries and provide customer service
- Meet legal and regulatory obligations
- Improve our website and services
- Send relevant communications where you have agreed to receive them
Legal bases (UK GDPR)
Where UK GDPR applies, we rely on the following legal bases:
- Contract – to take steps at your request or fulfil a booking
- Legal obligation – for example, record‑keeping or tax requirements
- Legitimate interests – such as website security and service improvement, balanced against your rights
- Consent – where required, for example certain marketing or non‑essential cookies
Retention
We keep personal information only for as long as necessary for the purposes described above, including any period required by law or for legitimate business records (such as accounting).
Sharing information
We do not sell your personal information. We may share it with trusted service providers who help us operate the business (for example website hosting, email services, booking platforms, or payment processors), always under appropriate safeguards. We may also share information where required by law.
International transfers
If any personal information is transferred outside the UK, we will ensure appropriate safeguards are in place as required by data protection law.
Your rights
Under UK data protection law, you may have rights including: access, rectification, erasure, restriction of processing, data portability, objection, and rights relating to automated decision‑making. You may also raise concerns with the Information Commissioner’s Office (ICO). For a simple overview, please see our GDPR / your data rights page.
Security
We take reasonable technical and organisational measures to protect personal information. However, no method of transmitting data over the internet is completely secure.
Changes
We may update this Privacy Notice from time to time. The “last updated” date can be added to your admin area whenever changes are made.