Effective Date: [August 2025]
Last Updated: [August 2025]
Langdale Leisure Limited is a wholly owned subsidiary of Langdale Owners PLC. We operate The Langdale Estate, which includes hotel accommodation, spa services, dining, leisure facilities and management company operations.
Company Number: 2060782
Registered Office: The Langdale Estate, Great Langdale, Ambleside, Cumbria, LA22 9JD
Data Protection Registration: Z6918681
Contact Email: [email protected]
Data Protection Officer: [email protected]
Identity and Contact Data
– Full name
– Email address, phone number, postal address
Booking and Transaction Data
– Reservation details
– Payment information (tokenized for security)
– Purchase history
Marketing and Communication Data
– Preferences for receiving marketing
– Responses to surveys, competitions, or promotions
Recruitment Data
– Applications and CVs and other relevant employer information from successful applicants only
CCTV
– Used for safety and crime prevention
We collect data through:
Direct interactions (e.g. bookings, contact forms, phone calls, successful job applicants)
Automated technologies (e.g. cookies, analytics tools)
Third-party sources (e.g. booking platforms, marketing partners)
CCTV cameras
We use your personal data for the following purposes:
Purpose: To process bookings and manage your stay
Legal Basis: Contractual necessity
Purpose: To respond to enquiries and provide customer service
Legal Basis: Legitimate interest
Purpose: To send marketing communications
Legal Basis: Consent, implied consent
Purpose: To personalise your experience
Legal Basis: Legitimate interest, implied consent
Purpose: To manage our business operations
Legal Basis: Legitimate interest
Purpose: To comply with legal and regulatory obligations
Legal Basis: Legal obligation
We may send you promotional emails or offers if you have opted in. You can unsubscribe at any time by:
– Clicking the “unsubscribe” link in our emails
– Contacting us at [email protected]
We do not sell or rent your data to third parties for marketing purposes.
We may share your data with:
– Internal staff who need access to fulfil your request
– Service providers (e.g. booking engines, payment processors, IT support)
– Legal and regulatory authorities when required
All third parties are required to respect the security of your data and process it in accordance with the law.
Some of our service providers may be located outside the UK or EEA. In such cases, we ensure appropriate safeguards are in place, such as:
– Standard Contractual Clauses (SCCs)
– Data processing agreements
– Adequacy decisions by the UK government
We implement appropriate technical and organisational measures to protect your data, including:
– SSL encryption on our website
– Secure payment gateways
– Access controls and staff training
– Regular security audits
We retain your personal data only as long as necessary for the purposes outlined in this policy, including:
– Booking and transaction data: 7 years (for accounting/legal purposes)
– Marketing data: Until you withdraw consent
– Website analytics: 26 months (Google Analytics default)
Under UK GDPR, you have the right to:
– Access your personal data
– Request correction or deletion
– Object to or restrict processing
– Withdraw consent at any time
– Data portability (in certain cases)
– Lodge a complaint with the Information Commissioner’s Office (ICO)
To exercise your rights, contact: [email protected]
We use cookies to:
– Enable website functionality
– Analyse traffic and usage patterns
– Personalise content and ads
You can manage your cookie preferences via your browser settings. For more details, see our Cookie Policy.
Our website may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.
We may update this Privacy Policy from time to time. The latest version will always be available at www.langdale.co.uk/privacy-policy. We recommend reviewing it periodically. Your continued use of this website and any services after any modifications indicates your acceptance of the updated policy.
Images are monitored and captured for safety and crime prevention. Images are retained for no longer than 30 days unless needed for an investigation.
We take data security seriously and have procedures in place to detect, report, and investigate a personal data breach.
a What is a Data Breach?
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This can include:
– Loss or theft of data or equipment
– Unauthorised access by a third party
– Human error (e.g. sending data to the wrong recipient)
– Cyberattacks such as ransomware or phishing
b. Our Response Plan
In the event of a data breach, we will:
– Identify and contain the breach immediately.
– Assess the risk to individuals and the business.
– Notify the Information Commissioner’s Office (ICO) within 72 hours if the breach is likely to result in a risk to the rights and freedoms of individuals.
– Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
– Document all breaches, regardless of whether they are reportable.
– Your Role
If you suspect that your personal data has been compromised while interacting with us, please contact our Data Protection Officer immediately at [email protected].
*Terms & Conditions Apply. Booking essential, subject to availability
We all like to keep updated on what’s new and what’s hot … don’t we?
