Privacy Policy

GDPR Overview


We never pass on any details to 3rd parties or share your details in any way.

We only Send out Newsletters which you can safely unsubscribe from. Only those who have requested to be on our Newsletter Lists will receive Newsletters when GDPR comes into effect.

Your Data

We operate a Secure Socket Layer to our Online booking system. This is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

When guests book online all financial data is actually carried out on our Internet Banking Gateway page and therefore not on our website. We do this to eliminate all problems of transaction security.

We are Security Compliant and Certified IPS- DSS as safe and Secure Internet Merchants

We are registered with The Information Commissioner's Office (ICO) and follow their guidelines.

We only hold your data in relation to bookings that you have made, we are required to hold bookings data by law for a minimum of one year and financial data for 7 years.

When GDPR comes into effect you will be able to request that we delete your data from the system but bookings information will be archived and financial data held securely by the Bank – we do not see or hold any card details on any of our systems. We are allowed one month to do this work and are allowed to charge £10

We will be creating a ‘Forget Me’ tick box for registered customers who wish to have their details completely removed and we will respond to this on a case by case basis and in accordance with government laws and HMRC demands – we are allowed one month to by GDPR rules to resolve such requests and are entitled to charge £10. Please note that overiding legislation requires us to keep all booking information one year and also that HMRC requires full financial data for 7 years: which basically covers the extent of the information we hold on you.

We will be reviewing our policies to be GDPR Compliant as rules change and evolve.

We will always respond personally to anyone who is worried or has a specific request about their Data.

The Cottage Agency Ltd (registered number 04851720) & Mark Scott trading as The Grove 8193662213 whose both registered offices are at 61 Station Road, Sudbury, Suffolk CO10 2SP, knows that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly. This notice describes our privacy policy and forms part of our website terms and conditions ('Website Terms').

By accepting our Website Terms or by visiting ('the Website') you are accepting and consenting to the practices described in this Privacy Policy.

The Website is brought to you by The Cottage Agency LTD. The Cottage Agency LTD believes it is important to protect your Personal Data (as defined in the Data Protection Act 1998) and we are committed to giving you a personalised service that meets your needs in a way that also protects your privacy. This policy explains how we may collect Personal Data about you. It also explains some of the security measures we take to protect your Personal Data, and tells you certain things we will do and not do. You should read this policy in conjunction with the Website Terms.

When we first obtain Personal Data from you, or when you take a new service or product from us, we will give you the opportunity to tell us if you do or do not want to receive information from us about other services or products (as applicable). You can normally do this by ticking a box on an application form or contract. You may change your mind at any time by emailing us at the address below.

Privacy Policy

This privacy policy applies to The Grove Cottages’s website at We at The Grove Cottages take your privacy very seriously. This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998. By using The Grove Cottages’s website you consent to the policy. We are registered with the Information Commissioner’s Office for this purpose.

Information we collect

We will collect personal data on this website only if it is directly provided to us by you the user, e.g. your e-mail address, name, home or work address and telephone number, and therefore has been provided by you with your consent. Normally you will only provide such details if you are making a purchase from us. We also use analytical and statistical tools that anonymously monitor details of visits to our website and the resources that are accessed, including, but not limited to, traffic data, location data, weblogs and other communication data - this data will cannot identify you personally and is used to improve our site.

Your payment information (e.g. credit card details) provided when you make a purchase from our website is not received or stored by us: That information is processed securely and privately by third party payment processors that we use who are one of the UK’s biggest Secure Internet Payment Gateways: ‘Worldpay’ – we do not have access to that information at any time. We may share your personal data with our payment processors, but only for the purpose of completing the relevant payment transaction. Such payment processors are banned from using your personal data, except to provide these necessary payment services to us, and they are required to maintain the confidentiality of your personal data and payment information.

Use, storage and disclosure of your information

We may hold and process this personal data in accordance with the Data Protection Act 1998 and send you our e-newsletters from time to time if you have signed up to such email marketing, but we will not transfer, share, sell, rent or lease your personal data to third parties. We may share your personal data within our group of companies, but it will still be subject to these terms if we do.

The information that we collect and store relating to you is primarily used to enable us to provide our services to you. In addition, we may use the information for the following purposes if you have signed up for our Newsletters:

To provide you with information requested from us, relating to our products or services. To provide information on other products which we feel may be of interest to you, where you have consented to receive such information;

To meet our contractual commitments to you;

To notify you about any changes to our website, such as improvements or service/product changes, that may affect our service;

If you are an existing customer, we may contact you with information about goods and services similar to those which were the subject of a previous sale to you;

To assist fraud protection and minimise credit risk.

If you do not want us to send you Newsletters you may unsubscribe from your members Area on our site or do it safely from the Newsletter itself.

Please be advised that we do not reveal information about identifiable individuals to our advertisers like Google but we may, on occasion, provide them with aggregate statistical information about our visitors.

As part of the services offered to you, for example through our website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA - this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA. A transfer of your personal data may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with the Data Protection Act 1998. If you use our service while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with these services.

We do not require, hold or use sensitive personal data, such as race, religion, or political affiliations.

We may disclose your personal data outside of our group: (a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and (b) if The Grove Cottages business is bought by a third party, in which case personal data held by it about its customers will be one of the assets to transfer to the buyer. However any such transfer will only be on terms that the confidentiality of your personal data is protected and that the terms of this privacy policy will continue to be complied with by the recipient.

Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.

You have the right to opt out of our processing your personal data for marketing purposes by contacting us at or unsubscribing in your Members Area on our website or by Unsubscribing from any unwanted Newsletter you receive from us.


Secure Website: We operate a Secure Socket Layer to our website and Online booking system. This is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Where you have set a password so that you can access certain parts of our site, you are responsible for keeping this password confidential. You should choose a password it is not easy for someone to guess.

Third party links

You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

Use of cookies
A booking relies on carrying information from one page to another, this can only be done by the use of cookies and so we may gather information about your computer for completing bookings and to provide statistical information regarding the use of our website. Such statistical information will not identify you personally - it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. Similarly to the above, we may gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer's hard drive. They help us to improve our website and the service that we provide to you. All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you will be unable to access particular parts of our website such as the quote and booking process.

Access to information

The Data Protection Act 1998 gives you the right to access information held about you by us. This right can be exercised by you in accordance with the Act - an access request will be subject to a fee of £10 towards our costs of complying with your request for the information we hold about you.Should you wish to receive details that we hold about you, please contact us

GDPR also gives you the right to be forgotten; but this is has to take into account overriding legislation covering accommodation whereby we have to keep booking details one year and also by HMRC requiring sales details are kept 7 years

Changes to this policy

We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.

We welcome any queries, comments or requests you may have regarding this Privacy Policy. Please do not hesitate to contact us at the Grove, Priory Green, Edwardstone, Suffolk, CO10 5PP or

Version: 30.04.2018