Privacy Policy

Last updated: 17 June 2026

This policy explains how Atlantic Bays Holiday Park collects and uses your personal data, the lawful bases we rely on, who we share it with, how long we keep it, and the rights you have under UK data protection law. It is written in plain British English. Where a legal specific still needs sign-off by our solicitor or data protection adviser, it is marked [to confirm].

1. Who we are (data controller)

The data controller responsible for your personal data is Atlantic Bays Holiday Park Limited(“we”, “us”, “our”), a company registered in England and Wales under company number 14223817.

• Registered office: 28-30 Wilbraham Road, Manchester, M14 7DW.
• Park address: Atlantic Bays Holiday Park, St Merryn, Padstow, Cornwall, PL28 8PY.
• Email: info@atlanticbaysholidaypark.co.uk
• Telephone: 01841 520 855
• ICO registration number: [to confirm]

We are registered with the Information Commissioner’s Office (ICO), the UK’s data protection regulator. We have not appointed a statutory Data Protection Officer, as one is not legally required for our processing [to confirm]; you can raise any data protection query using the contact details above.

2. The data we collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

• Identity and contact data — your name, postal address, email address and telephone number.
• Booking and enquiry data — the dates, accommodation type and party details for your stay, holiday-home ownership enquiries, special requests and any correspondence with us.
• Payment data— card payments are handled securely within our booking engine’s payment provider. We do not see or store your full card number on this website (see section 5).
• Technical and usage data — your IP address, browser type, device information and how you use our website, collected through cookies and similar technologies where you have consented (see our Cookie Policy).
• CCTV footage — the park operates CCTV and a security barrier for the safety of guests and property; images may capture you while on site.

We do not knowingly collect special category data, and we do not collect personal data from children directly; bookings are made by a responsible adult on behalf of their party.

3. How and why we use your data (lawful bases)

We only use your personal data where the law allows. The lawful bases under UK GDPR that we rely on are:

• Contract — to take and manage your booking, provide your stay, process payments and handle ownership transactions.
• Legitimate interests — to respond to enquiries, keep our records accurate, improve our services and protect the park (including CCTV), where these interests are not overridden by your rights.
• Consent — to send you marketing by email where you have opted in, and to set non-essential cookies. You may withdraw consent at any time.
• Legal obligation — to meet our accounting, tax, health and safety and other legal duties.

We send marketing communications only with your consent or, where permitted, on a soft opt-in basis to existing guests about similar holidays — and every message includes an easy unsubscribe. This is in line with the Privacy and Electronic Communications Regulations (PECR) as updated by the Data (Use and Access) Act 2025 [to confirm].

4. Cookies and analytics

Our website uses essential cookies to function, and — only with your consent — analytics and similar technologies to understand how the site is used. No non-essential cookies are set before you give consent, and you can change your choices at any time. For full details, the cookies we use, and how to manage them, please see our Cookie Policy.

5. Who we share your data with (processors)

We do not sell your personal data. We share it only with trusted service providers who process it on our behalf under written contracts, and only as needed to run our business:

• Booking system — our online booking and availability is provided by the Prophet Booking System (Backcourt Computers), integrated by Barsbank, which processes your booking details.
• Payments — card payments are processed within the booking engine by Sage Pay (Opayo). The marketing website never receives your full card details (our PCI scope is SAQ A).
• Enquiry form — when you send us an enquiry through the website, your form details are processed by Netlify Forms (Netlify, Inc.), which records the submission and forwards it to our team by email.
• Website analytics — where you consent, anonymised usage statistics are collected by Plausible Analytics, a cookieless, privacy-friendly analytics service that does not track you across websites.

We may also disclose data where required by law, to protect our rights or safety, or in connection with a sale or reorganisation of the business. Where any provider processes data outside the UK, we ensure appropriate safeguards (such as adequacy regulations or standard contractual clauses) are in place [to confirm].

6. How long we keep your data

We keep personal data only for as long as necessary for the purposes set out in this policy, and to meet our legal, accounting and reporting obligations. As a guide, booking and financial records are retained for the period required by tax law (currently six years) [to confirm], marketing consents are kept until you withdraw them, enquiry records are held for a reasonable period and then deleted [to confirm], and CCTV footage is retained for a short period before being overwritten [to confirm]. When data is no longer needed, it is securely deleted or anonymised.

7. Your rights

Under UK data protection law you have the right to:

• be informed about how your data is used;
• request access to a copy of the personal data we hold about you;
• have inaccurate data corrected;
• request erasure of your data in certain circumstances;
• restrict or object to our processing, including direct marketing;
• data portability, where the processing is by consent or contract and carried out by automated means;
• withdraw consent at any time, without affecting earlier lawful processing.

To exercise any of these rights, please contact us at info@atlanticbaysholidaypark.co.uk. We will respond within one month. There is normally no charge.

8. How we protect your data

We use appropriate technical and organisational measures to keep your data secure, including encrypted connections, access controls and contracts with our processors. While no online transmission is ever completely secure, we take reasonable steps to protect your information and to notify you and the ICO of any qualifying breach.

9. Complaints

We hope to resolve any concern you have about your data directly. If you remain unhappy, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority, at ico.org.uk. We would, however, appreciate the chance to address your concerns first.

10. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or the law. Any changes will be posted on this page with a revised “last updated” date.