This policy explains what personal information Llety Bodfor collects, why we hold it, and the control you have over it. We have tried to write it in plain English rather than legal fog.

Who is responsible for your data

Llety Bodfor is the data controller. You can reach us by post at 1–2 Bodfor Terrace, Aberdovey, Gwynedd, LL35 0EA, by phone on 01654 767475, or by email at [email protected]. We handle personal data in line with UK GDPR and the Data Protection Act 2018.

What we collect, and when

We do not gather information for its own sake. In practice it comes from three places: when you make an enquiry, when you book a stay, and when you simply browse the site.

  • When you enquire or book — your name, the contact details you give us, your dates, the number and ages of your party, and anything you choose to tell us about dietary needs, access requirements or a vehicle for parking.
  • When you pay — a deposit or balance is handled by our payment provider. We see that a payment succeeded; we do not see or store your full card number.
  • When you visit the website — basic technical information such as your approximate location, browser and the pages you view, used to keep the site working and secure. The detail sits in our cookie policy.

Why we are allowed to hold it

UK GDPR asks us to name a lawful basis for each use. Ours are straightforward:

  • To perform a contract — we need your details to take and honour a booking.
  • Legitimate interests — replying to enquiries, keeping the website secure and improving it, where this does not override your rights.
  • Consent — for any non-essential cookies, and for the rare occasion we might email you news, which you can withdraw at any time.
  • Legal obligation — we must keep certain booking and financial records for tax purposes.

Who else sees it

Almost nobody. We share data only with the handful of services that make the business run — our payment processor, our email and website hosts, and our accountant — and only with what they need to do their job. We will disclose information if the law genuinely requires it. We never sell your data, and we do not pass it to advertisers.

Card payments are processed by Stripe (or our bank's provider), whose own privacy terms then apply to that transaction.

How long we keep it

Enquiry emails that don't turn into a booking are cleared after about twelve months. Booking and financial records are kept for six years, because HMRC requires it. After that, we delete or anonymise what we no longer need.

Your rights

The law gives you real control, and we will help you use it. You can ask to see the data we hold, to correct it, to have it deleted, to restrict how we use it, to receive a copy in a portable form, or to object to a particular use. Write to us and we will respond within one month.

If you believe we have mishandled your data, please tell us first so we can put it right. You also have the right to complain to the Information Commissioner's Office, the UK's data protection regulator.

Keeping it safe

The site runs over HTTPS, access to guest information is limited to the two of us, and we review what we hold from time to time and throw out what we don't need. No system is perfect, but we treat your details the way we would want ours treated.

Changes to this policy

If the way we handle data changes, we will update this page and the date below. For anything to do with your information, the quickest route is to contact us directly.

Related

Cookie policyWhat the website stores on your device. Booking termsDeposits, cancellations and house rules. Contact usExercise your rights or ask a question.