Privacy & GDPR Policy The European regulation No. 2016/679 of 27 April 2016, or General Data Protection Regulation (GDPR), came into force on 25 May 2018 and replaced the Data Protection Act. This is a Europe-wide law and affects how we use and store the information we receive from guests and enquirers. It covers all data, whether electronic or paper based. Cookies We use cookies on our website. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitors' use of the website and to compile statistical reports on website activity. You can set your browser not to accept cookies. See www.aboutcookies.org for more information on this. Information we collect from you When you make a booking with us, we collect the names and ages of all the guests who will be staying, and the home address, email address and telephone number of the person making the booking. In order to repay security deposits, we will also request bank details (account name, account number and sort code). How this information is used We use your email address to communicate with you, to send you a booking confirmation and answer any queries you send us. We will also contact you after your stay to confirm the details for returning your security deposit, to thank you for your custom and to ask you for a review. At the time of booking, we may also provide details of how you can keep in touch with us on social media, should you wish to do so. We will not use your telephone number unless we need to contact you urgently or if we cannot reach you by email. Marketing We don’t send newsletters or Mailchimp. We use Instagram and Facebook to market the cottages and our own website. We never pass your details to any third party. Access to your information You have the right to request a copy of the information we hold about you. If you would like a copy of this, please email us through the Contact page on this website. Right to be forgotten All customers have the right to ask us to remove their details from our records. However, this does not override French and UK legislative requirements. Legally, we are required to complete identity information for aliens, which we must keep for 6 months from your date of arrival. Only the local police can ask for these details. This information is removed from our files and/or anonymised after this time. We are also required by law to keep financial records for 7 years. Whilst most sensitive data is removed from this information, we will retain your name, the dates of your stay and the fees paid by you. Guests cannot ask to be erased from these financial records. Data Security If you book to stay directly with us and complete a booking form, your details will be kept secure on our system via password controlled entry and will not used for any other purpose or shared with any other person or business. We need your email address to communicate with you about your booking and we will send a follow-up email after your stay to advise you of the return of a damage deposit, to thank you for staying, ask you to leave a review or feedback and to provide details of how to stay in contact with us. We don’t need explicit consent for this. We will NOT add you to a marketing mailing list. If you book via one of our booking partners, for example HomeAway or Gites.eu, they have also to comply with GDPR regulations and will have their own safeguards and policies. Similarly, if you choose to follow us on social media (eg Facebook or Instagram), we don’t need consent as you will have already accepted the terms & conditions on that platform. Again, we will not ask you for your email address in order to send you newsletters etc. Notification of Data Breaches The GDPR will require us to notify the Information Commissioner’s’ Office within 72 hours of first having become aware of the breach where that breach is likely to “result in a risk for the rights and freedoms of individuals”. For any breach, we are required to notify the customers “without undue delay” after first becoming aware of a data breach.