Your Privacy at Lodge Coppice Holiday Park
We Respect Your Data & Keep It Secure
Customer Privacy Notice
Last Updated: 28-3-2025
At Lodge Coppice Holiday Park, we are committed to protecting the privacy and security of your personal information. This Privacy Notice describes how we collect, use, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This notice does not form part of any agreement or contract and may be updated at any time. We encourage you to review this notice periodically to stay informed about how we are protecting your data.
- Identity of the Data Controller
Bank Farm Properties and Leisure Ltd, trading as Lodge Coppice Holiday Park, is the data controller responsible for your personal information.
Our contact details are:
Data Protection Officer Lodge Coppice Holiday Park, Bank Farm Properties & Leisure Ltd, Upper Arley Bewdley DY12 3ND
- Categories of Personal Data We Process
We may collect, store, and use the following categories of personal information about you:
- Identity Data: Your full name, title.
- Contact Data: Your address, email address, telephone numbers.
- Marketing and Communications Data: Your preferences for receiving marketing communications from us and your communication preferences.
- Usage Data: Information about how you use our website, products, and services.
- Special Categories of Personal Data (Sensitive Personal Data): We may collect information about your health or accessibility requirements if you provide it to us to ensure we can meet your specific needs during your stay. We will only process this data with your explicit consent.
- Sources of Personal Data
We primarily collect personal information directly from you when you:
- Make a booking/Sale through our website, by phone, or in person.
- Enquire about our services.
- Subscribe to our newsletters or marketing communications.
- Provide feedback or participate in surveys.
- Contact us with enquiries or complaints.
In some limited cases, we may receive your personal information from third-party booking agents, but we will ensure they have the appropriate legal basis to share that information with us.
- Lawful Bases for Processing Your Data
We will only process your personal information when we have a lawful basis to do so. These bases include:
- Performance of a Contract: Processing is necessary for us to fulfil our contractual obligations to you, such as providing you with the accommodation and services you have booked/purchased.
- Legitimate Interests: Processing is necessary for our legitimate interests (or those of a third party), provided your interests and fundamental rights do not override those interests. Our legitimate interests include:
- Managing and administering our business.
- Marketing our products and services (where you haven’t objected).
- Improving our website and services.
- Preventing fraud.
- Ensuring the security of our premises and systems.
- Legal Obligation: Processing is necessary for us to comply with legal and regulatory obligations.
- Consent: We may rely on your explicit consent to process special categories of personal data (e.g., health information) or for certain marketing communications. You have the right to withdraw your consent at any time.
- Purposes for Processing Your Data
We process your personal data for the following purposes:
- To manage your purchase and provide you with services you have requested.
- To communicate with you regarding your enquiries, or any issues.
- To process payments for your purchase.
- To provide you with quotes and information about our products and services.
- To send you marketing communications about our offers and promotions (where you have consented, or we have a legitimate interest to do so).
- To administer and protect our business and website, including for security and fraud prevention.
- To analyse website usage and improve our services.
- To comply with legal and regulatory requirements.
- To handle complaints and resolve disputes.
- Who Has Access to Your Data
We may share your personal information with the following categories of third parties:
- Service Providers: Third-party providers who provide services on our behalf, such as payment processing, website hosting, marketing services, and IT support. We ensure these providers have appropriate security measures in place and are contractually obligated to protect your data.
- Other Related Business Entities: For administrative purposes within our group of companies.
- Regulatory Authorities: If required by law, we may share your information with government or regulatory bodies.
- Legal Advisors: In the event of a legal claim or dispute.
We will only share your personal information with third parties where it is necessary for the purposes set out in this notice, where required by law, or where we have a legitimate interest in doing so.
- Security of Your Data
We have implemented appropriate technical and organisational security measures to protect your personal information from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way. These measures include:
- Encryption of sensitive data.
- Access controls and restrictions on who can access your data.
- Regular security assessments and updates to our systems.
- Staff training on data protection best practices.
We have procedures in place to deal with any suspected data security breach and will notify you and the Information Commissioner’s Office (ICO) where we are legally required to do so.
- How Long We Decide to Retain Your Data
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and any applicable legal or contractual requirements.
- Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Right to Access: You have the right to request access to and a copy of the personal information we hold about you.
- Right to Rectification: You have the right to request that we correct any incomplete or inaccurate personal information we hold about you.
- Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete or remove your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
- Right to Object to Processing: You have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party).
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances, such as while we are verifying the accuracy of your data.
- Right to Data Portability: In certain circumstances, you have the right to request that your personal information be transferred to you or another organisation in a structured, commonly used, and machine-readable format.
- Right to Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw that consent at any time.
- Right to Complain to the ICO: If you believe we have not complied with your data protection rights, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. You can contact the ICO at https://ico.org.uk/.
- Automated Decision-Making & Profiling
We do not currently conduct any automated decision-making or profiling activities that significantly affect you. If this changes in the future, we will update this privacy notice and inform you.
- Changes to This Privacy Notice
We reserve the right to update this privacy notice at any time. We will notify you of any significant changes by posting the new privacy notice on our website and, where appropriate, by contacting you directly. We encourage you to review this notice periodically.
- Contacting Us
If you have any questions about this privacy notice or would like to exercise any of your data protection rights, please contact our Data Protection Officer at:
Data Protection Officer Lodge Coppice Holiday Park, Bank Farm Properties and Leisure Ltd, Upper Arley Bewdley DY12 3ND
- Analytics and Visitor Tracking
We use various methods, including third-party analytics tools and our own log file analysis, to analyse and track website visitors. This information helps us understand how our website is used and improve its functionality.
All visitor tracking we use is generally anonymous and does not directly identify you.