Web design for business and holiday property websites in the UK and Europe

Holiday property privacy policy template (GDPR)

The laws concerning data protection changed significantly in Europe when the GDPR (General Data Protection Regulation) comes/came into force on 25 May 2018. The official EU GDPR information portal has a nice, brief summary of the most important changes. For small businesses doing business mainly in the UK, Brexit hasn't changed the situation since GDPR has been included in UK law (from the gov.uk website: "The General Data Protection Regulation (GDPR) has been retained in UK law and will continue to be read alongside the Data Protection Act 2018").

Also worth reading is the similarly brief summary of how the GDPR changes things from the UK's "independent authority set up to uphold information rights in the public interest", the ICO (Information Commissioner's Office) . Read it here.

Points worth highlighting seem to be these:

1. The privacy policy must be easy to find.

2. All privacy information must be clearly written and easy to understand (no legalese).

3. The policy must be very clear about what data is being collected, how and why.

4. If data is being obtained somewhere for non-obvious purposes, people must be notified then and there, and positive consent must be sought (e.g. instead of automatically adding the details of mere enquirers to a mailing list, consent for that must be sought on the contact form with a clear indication of what exactly the person is consenting to).

5. Someone must be responsible for data handling, and that person must be clearly identified in the privacy policy.

6. Any sharing of data with third parties must be described.

7. There must be information about the person's rights (especially the rights to access - free of charge - and to rectification, the right to withdraw consent, the right to erasure - the "right to be forgotten" - and the right to be notified of any data breach within 72 hours).

8. You are supposed to have procedures in place to maximise the security of data stored on your system, and to ensure that data is deleted when there is no longer a good reason for retaining it.

Disclaimer: Handcrafted Websites claims no expertise in the area, but we have read what seems to be enough of the official information and advice to compile the following template for an updated privacy policy which we believe to be compliant with the requirements of the GDPR legislation. The privacy policy template is intended for UK businesses, such as holiday accommodation providers, that primarily collect data via contact forms, online bookings, mailing list sign-up forms, and via cookies. However, do consult the official guidance yourself and only take what follows as a non-authoritative suggestion based on research that may or may not be sufficient.

To adapt the template for your business's privacy policy you need to read it through carefully and add the details indicated in brackets. Also make sure that the clauses accurately match your situation and how you will actually handle data. The template assumes you will NOT share personal data with third parties for marketing purposes. If that is not the case, you need to rewrite that section.

To save and work with a copy of the template that has HTML tags (so it is ready to be pasted into a web page) press CTRL-U to see the code for this page, then scroll down until you see the beginning of the template wording. You can then copy the text and the tags together, then paste it into a blank text document on your PC and save it as a plain .txt file. You can then edit it before pasting it onto your web page.

A note about cookies: Current regulations continue to require you to provide information about what cookies are being used on your website and what you are using them for. Your easy-to-find privacy policy should include that information about cookies. Visitors also need to be given an initial warning that cookies are in use (the fun fact there being that those warnings involve using yet another cookie to store the data about the acceptance of the warning).

Handcrafted Websites can do the analysis and add the popup warning for you, but if you want to check for yourself what cookies are being used on your site, one easy way to do that is to install a browser extension. The Firefox browser, for instance, has an extension called Cookie Editor. That puts an icon in your toolbar, and if you click that when viewing your site, you see a list of the cookies being used.

Website privacy policy template

At [business name] we respect your privacy, and aim to comply with the latest data protection regulations. This policy explains how we collect and handle data relating to website visitors. Please note that this policy may be altered in the future. It was last updated on [date].

Who collects the information?

The information is being collected by [business name], and the person responsible for handling data is [name], who can be contacted via email at [email address], or by writing to [postal address]. Alternatively, phone: [phone].

How do we collect information?

Information can be collected in the following ways:

  • If you contact us via our enquiry form.
  • If you sign up to our mailing list.
  • If you make an online booking.

Anonymous data (relating to your computer/device, not to you personally) is also collected whenever someone merely visits one of our web pages. This uses the Google Analytics service (see below), and it involves the use of cookies (see below).

What information is collected?

For enquiries and/or bookings we will only collect the minimum information required for the purposes of being able to contact you and make an accurate record of the booking and process any payments relating to it.

The anonymous data relating to website traffic is limited to details of the device or connection being used to access our website (including the IP address of your computer, the country the connection is made from, the browser, etc.) and a record of the pages visited, plus the time spent on each page.

How is your data used?

When you contact us, make a booking or sign up for our newsletter, your data is only used for the corresponding purposes. We will not pass your contact details and other personal data to a third party.

Some data will also be used for internal record keeping (e.g. for the accounts that we are legally obliged to maintain), and to help us assess how to improve the services that we offer.

Anonymous data collected from cookies is used purely to compile statistics regarding the website traffic so that we can judge how well the website is performing. The data is collected and the statistics are compiled using the Google Analytics service. Click for general information about how Google's services impact your privacy, or click for the Google Analytics privacy policy.

Who has access to your information?

We will not sell or rent your information to third parties.

We will not share your personal information with third parties for marketing purposes. Personal information will only be given to a third party when we are legally obliged to do so.

Anonymous data derived from cookies may be shared with third parties, but only for technical purposes, not marketing ones.

Your consent

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email: [email] or telephone on [phone].

How you can access and update your information

The accuracy of your information is important. If you change your email address, or if you believe any of the other information we hold is inaccurate or out of date, please email us at: [email], or write to us at: [address]. Alternatively, you can telephone [phone]. We will promptly correct any information found to be incorrect.

You have the right to ask for a copy of the information we hold about you, and this will be sent to you in electronic format free of charge.

Your right to restriction

You may choose to restrict the collection or use of your personal information in the following ways:

  • Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for marketing purposes;
  • If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at [email address];
  • If you do not want Google Analytics to compile anonymous statistics about the interaction between your device and our website, you can download and install the Google Analytics Opt-Out Browser Add On.

Your right to be forgotten

Data will only be stored for as long as it is needed. Unnecessary data will be erased.

The security of your information

When details such as your name and email address are submitted via a contact form or email, this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Payment security

We provide an online service that allows you to pay for your booking using your credit card details or debit card details. We do not store or process credit card details or debit card details on any of our systems; instead we use PayPal, which is a secure online payment gateway to process credit card payments and debit card payments on our behalf.

Breach notification

If we hold records of your personal data and we become aware of a data breach, we will endeavour to inform you of this within 72 hours.

Links to other websites

Our website contains links to other websites of interest. You should note that we do not have any control over those websites, and so cannot be responsible for the protection and privacy of any information which you provide whilst visiting them.

Users under 18 years of age

Any user under 18 years of age must have their parents'/guardians' consent to use our website. Users without this consent are not allowed to provide us with personal information.


A cookie is a small file sent to your computer's hard drive by a web page that you visit. Cookies allow web applications to recognise your device (not you personally) as you move from one page on the site to another, or if you revisit the site within a certain period of time. If you express a preference on a web page, for instance, that preference can then be recalled in the future. A cookie in no way gives us access to other files on your computer or to any other of your device's functions.

We use traffic log cookies to compile statistics about the popularity of pages on our site and about how people have arrived here. This helps us improve our website. We only use this information for statistical purposes.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, however, you can usually modify your browser settings to decline or block cookies if you prefer.

The following table indicates which cookies we are using and what they do.

Google Analytics_utma
These cookies are used to collect information about how visitors use our site, which we use to help improve it. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
CMSPHPSESSIDThis stores information anonymously merely to note whether visitors to the website are logged into the content management system or not.
Cookie warningcc_cookie_acceptThis simply stores your acceptance of the warning about cookies on the website home page.
CalendarABCProThis enables the calendar system to display the correct month. It stores no information about the visitor.

What to do if you don’t want cookies to be set

If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that some functions of the website might become inoperable. If you use the Internet Explorer browser, find out more info HERE. If you use Firefox, see the information HERE. If you are using Safari, see HERE.

Acceptance of these terms

By using our website, you signify your acceptance of the terms of our privacy policy. If you do not agree to the terms of our privacy policy, please do not use our website. Your continued use of our website following the posting of any changes to our privacy policy will mean that you accept those changes.



Professional service at a fair price. What you see is what you get - no hidden extras and lots of flexibility.

Penywaun House

Professional, affordable and fast, with exceptional support and impressive knowledge. Any queries are answered and dealt with quickly and solutions always found. Our website was up and running within days - it looks great and generates lots of enquiries! We are so pleased we found them and highly recommend them.

Teal Cottage

Need web design advice or a quote? Email us or use our contact form.

Contact form


Follow Handcrafted Websites

Follow Handcrafted Websites Follow Handcrafted Websites

© 2021  Handcrafted Websites, Hall Hills, Raughtonhead, Dalston, Cumbria, CA5 7AN, UK ― | ― Web design for business and holiday property (cottage, villa, guest house, holiday home) websites in the UK and Europe
Privacy & Cookie Policy

To top