Privacy Policy

Last updated: November 2, 2025

Pinetum Gardens ("we", "us", or "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

Pinetum Gardens
St Austell, Cornwall
United Kingdom

Contact Us

For privacy inquiries:
Contact Form

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you:

  • Book tickets or accommodation
  • Create an account or check in as a guest
  • Sign up for our newsletter
  • Contact us via our contact form
  • Participate in surveys or promotions

This may include:

  • Personal identifiers: Name, email address, phone number
  • Payment information: Processed securely through Stripe (we do not store card details)
  • Booking details: Visit dates, ticket types, accommodation preferences
  • Vehicle information: Car registration (for parking/security)
  • Communications: Messages sent through our contact forms

1.2 Information We Collect Automatically

When you visit our website, we may automatically collect:

  • Device information: IP address, browser type, operating system
  • Usage data: Pages visited, time spent, click patterns
  • Location data: Approximate location based on IP address
  • Cookies and similar technologies: See our Cookie Policy

2. How We Use Your Information

We use your information for the following purposes:

Service Delivery (Legal Basis: Contract)

  • β€’ Process bookings and payments
  • β€’ Provide customer support
  • β€’ Send booking confirmations and updates
  • β€’ Manage check-ins and check-outs

Legitimate Interests

  • β€’ Improve our website and services
  • β€’ Analyze visitor trends and behavior
  • β€’ Prevent fraud and enhance security
  • β€’ Maintain business records

Consent

  • β€’ Send marketing emails (you can opt-out anytime)
  • β€’ Use analytics cookies (manageable via preferences)
  • β€’ Share promotional content

Legal Obligations

  • β€’ Comply with tax and accounting requirements
  • β€’ Respond to legal requests
  • β€’ Maintain safety and security

3. Who We Share Your Data With

We may share your information with trusted third parties:

Payment Processors

Stripe: Securely processes payments. See Stripe's Privacy Policy

Email Marketing

Mailchimp: Manages our newsletter subscribers. See Mailchimp's Privacy Policy

Analytics Services

Google Analytics & Ahrefs: Help us understand website usage (only with your consent)

Hosting & Infrastructure

Netlify: Hosts our website securely

βš–οΈ We ensure all third parties comply with UK GDPR and have appropriate data protection measures in place.

4. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

βœ… Right to Access

Request a copy of the personal data we hold about you

✏️ Right to Rectification

Correct inaccurate or incomplete data

πŸ—‘οΈ Right to Erasure

Request deletion of your data (subject to legal obligations)

⏸️ Right to Restriction

Limit how we use your data

πŸ“¦ Right to Portability

Receive your data in a portable format

🚫 Right to Object

Object to processing based on legitimate interests

To exercise your rights: Contact us via our contact form. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • β€’ Encryption: All data transmitted via HTTPS/SSL
  • β€’ Access controls: Limited staff access on a need-to-know basis
  • β€’ Secure servers: Data stored on secure, reputable hosting platforms
  • β€’ Regular updates: Software and security patches applied promptly
  • β€’ Payment security: PCI DSS compliant payment processing through Stripe

6. How Long We Keep Your Data

We retain personal data only as long as necessary:

β€’
Booking data: 7 years (tax/accounting requirements)
β€’
Marketing data: Until you unsubscribe or 3 years of inactivity
β€’
Analytics data: 26 months (Google Analytics default)
β€’
CCTV footage: 30 days (security purposes)

7. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

8. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top indicates when changes were made. We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance.

Questions About Privacy?

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Contact Us

Uw privacy is belangrijk

We gebruiken cookies om uw browse-ervaring te verbeteren, siteverkeer te analyseren en inhoud te personaliseren. U kunt hieronder kiezen welke cookies u wilt accepteren.

Essentieel

Vereist voor sitefunctionaliteit

Analytisch

Helpen ons onze website te verbeteren

Marketing

Nieuwsbrieftracking

PrivacybeleidCookiebeleidAlgemene voorwaarden