GDPR policy - how your personal data is used and stored

Personal information that this website collects and why we collect it.
This website collects and uses personal information for the following reasons:

Contact forms and email links

Should you choose to contact us using the contact form on our contact us page or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any third party data processor.

Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet.

The email content is then decrypted by our local computers and devices.

We retain emails on our local computers containing the information you provide us with on our contact forms or email links indefinitely unless the removal of the data is requested. Emails may also be kept on our mail servers online and accessed using web mail. Google mail using Google Apps is an example of this.

We do this in order to reply to your enquiry. We may also send you emails using this information for the purposes of ,marketing or keeping you informed of matters relating to you.

If you do not want us to keep any of your details on file locally or on our mail servers you can contact us and request this data to be removed. We will need to know which email address to remove data for. We will remove your data within 48 hours.

We do not exchange, sell, rent or give away your email address or any other details we hold about you to other companies.

Third party data processors

We use the following third parties to process personal data on our behalf.  Any third parties we use have been carefully chosen . These third parties are based in the USA and are EU-U.S Privacy Shield compliant.
Google (Privacy policy)

Mailchimp (Privacy policy)

Data breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Data controller

The data controller of this website is: Esgair Wen Holiday Cottage,C A Hughes and should be contacted at post@stayatesgairwen.co.uk if you wish any / all of your data to be removed.

SSL encryption

All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS

Data storage

Contact us to ask us anything else about our data protection systems.