Data Protection Policy

Last updated: January 2026

Merley House Holiday Park is committed to protecting personal data and handling it responsibly, transparently, and in accordance with data protection legislation.

This Data Protection Policy outlines how we collect, use, store, and protect personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

  1. Purpose of This Policy

The purpose of this policy is to:

  • Ensure personal data is handled lawfully and fairly
  • Protect the rights of individuals whose data we process
  • Provide guidance on how personal data should be managed
  • Demonstrate our commitment to data protection compliance

This policy applies to all personal data processed by Merley House Holiday Park, whether collected via the website, email, telephone, or in person.

  1. Data Controller

For the purposes of data protection legislation, Merley House Holiday Park is the data controller.

We are responsible for determining how and why personal data is processed.

  1. Personal Data We Process

We may process the following categories of personal data:

  • Names and contact details (e.g. email address, telephone number, postal address)
  • Enquiry and correspondence information
  • Property ownership or sales-related information
  • Website usage data (e.g. IP address, browser type, pages visited)
  • Marketing preferences

We do not intentionally collect special category (sensitive) personal data.

  1. Lawful Basis for Processing

We process personal data only where a lawful basis applies, including:

  • Consent – where an individual has given clear permission
  • Contract – where processing is necessary for a contract or to take steps before entering into a contract
  • Legitimate interests – for operating, managing, and improving the holiday park and its services
  • Legal obligation – where processing is required by law
  1. Data Protection Principles

We adhere to the core data protection principles. Personal data shall be:

  • Processed lawfully, fairly, and transparently
  • Collected for specified, explicit, and legitimate purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and kept up to date
  • Kept only for as long as necessary
  • Processed securely to protect against unauthorised access, loss, or damage
  1. Data Security

We take appropriate technical and organisational measures to safeguard personal data, including:

  • Secure storage of digital and physical records
  • Restricted access to personal data
  • Use of reputable third-party systems and service providers
  • Procedures to prevent unauthorised access, loss, or misuse
  1. Data Sharing

We do not sell personal data.

Personal data may be shared with trusted third parties only where necessary, including:

  • Website hosting and IT providers
  • Marketing and analytics service providers
  • Professional advisers where required

All third parties are required to handle data securely and in accordance with data protection laws.

  1. Data Retention

Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, including legal, contractual, and operational requirements.

When data is no longer required, it is securely deleted or destroyed.

  1. Individual Rights

Individuals have the right to:

  • Access their personal data
  • Request correction of inaccurate or incomplete data
  • Request deletion of personal data (where applicable)
  • Restrict or object to processing
  • Withdraw consent at any time (where consent is the lawful basis)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests relating to data protection rights should be made using the contact details on our website.

  1. Data Breaches

In the event of a personal data breach, we will:

  • Investigate the incident promptly
  • Take steps to minimise any risk or impact
  • Notify the ICO and affected individuals where legally required
  1. Training and Awareness

We ensure that anyone handling personal data on behalf of Merley House Holiday Park understands their responsibilities under data protection law.

  1. Policy Review

This Data Protection Policy will be reviewed periodically and updated where necessary to ensure ongoing compliance with data protection legislation.

  1. Contact

If you have any questions about this Data Protection Policy or how personal data is handled, please contact us via the details provided on the website.

If you believe your data protection rights have been infringed, you may complain to the Information Commissioner’s Office (ICO) at https://ico.org.uk.

 

Newsletter Sign-up

Signup to our mailing list to be the first to hear about new holiday homes for sale.
We’ll also keep you updated with park news!

This field is for validation purposes and should be left unchanged.