Treetop Lodge

Privacy Policy


Kirkcudbright Cottages operates Treetop Lodge, our website address is:

We are committed to protecting your privacy and maintaining the security of any personal information received from you. We adhere to the requirements of the applicable data protection laws, including the General Data Protection Regulation and the UK Data Protection Act 2018.

The purpose of this statement is to explain to you what personal information Kirkcudbright Cottages (“we”, “us” or “our”) collect, how we may use it and will look after it, as well as tell you about your privacy rights in relation to the processing of your personal data.

Changes to the privacy policy 

This privacy policy is effective as of 1 August 2021 and will be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws. Any updates will be posted on this page so that you are aware of the information we collect and how we use it at all times. Continued use of the Website and communication with us will constitute your agreement to any such changes.

Changes in your personal data

It is important that the personal data we hold about you is accurate and current. Please therefore keep us informed if your personal data changes (or if you wish to verify or remove your personal details) during your relationship with us by contacting us at the contact details published on this website.

How we get the personal information

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

When we interact with you, we may collect, use, store and transfer the following types of personal data:

• Personal Identifiers: including first name, last name and contact details including address, email address and telephone number;

• Technical identifiers: including IP address used to connect your computer or mobile device to the internet, browser type and version, operating system and platform and other technologies on the devices you use to access this Website.

This personal data may be collected via different methods, including:

• Direct interactions with you: For example, when you make an enquiry you will be asked to provide certain information including name, email address and telephone number. We will also need to hold personal data to be able work with you and our work may also require us to collect personal data.

• Indirect interactions with you:  e.g. automated interactions when you interact with our website, we may automatically collect information about your equipment, browsing action and patterns through cookies (an element of data that our Website sends to your browser which is then stored on your system). You can set your browser to prevent this happening. Any information collected in this way can be used to identify you unless you change your browser settings.

We do not collect sensitive data about you without your express consent and would only do so in accordance with data privacy laws.

“Sensitive data” refers to the various categories of personal data identified by data privacy laws as requiring special treatment including racial or ethnic origin, political opinions, biometric and genetic data, criminal records, religious beliefs and physical and mental health.

How your personal data is used

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

• Your consent. You are able to remove your consent at any time.

• We have a contractual or legal obligation.

• We need it to perform a public task.

• We have a legitimate interest.

Unless we consider that we have a legitimate business reason for contacting you, we will only contact you with your consent, and you have the right to withdraw your consent at any time.

Your personal information will never be sold, rented or exchanged with any third party for commercial reasons.

How we store your personal information

Your information is securely stored to prevent accidental loss, use, or access of your personal data in an unauthorised way, it’s altering or disclosure. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We will only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those through other means, and the applicable legal requirements.

Your Data Protection Rights

Under certain circumstances, by law, you have the following rights in relation to your personal data:

• Your right of access: to receive a copy of any personal data we hold via a “data subject access request” 

• Your right to rectification: you have the right to ask us to rectify personal information you think is inaccurate or to complete information you think is incomplete

• Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances. 

• Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

• Your right to object to processing: You have the the right to object to the processing of your personal information in certain circumstances.

• Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us using the contact details published elsewhere on this website if you wish to make such a request, or wish to make a complaint about our use of your data or have any questions about privacy or this particular statement.

How to complain

If, despite our commitment and efforts to safeguard your personal data, you have any concerns or complaints about our privacy activities, you can contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.