Your Privacy Is Very Important To Us

This Privacy Policy sets out how Merlewood Holiday Apartments uses and protects any information that you give when you use this website.

Merlewood Holiday Apartments is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

We have a few fundamental principles:

  • We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services
  • We store personal information for only as long as we have a reason to keep it
  • We aim to make it as simple as possible for you to control what information is shared publicly (or kept private), indexed by search engines, and permanently deleted. We presently do not share your information publicly
  • We aim for full transparency on how we gather, use, and share your personal information
  • We do not sell your data
  • We do not share data unless compelled by law
  • We only ask for personal information if it’s needed to provide a service

Merlewood Holiday Apartments may change this Policy by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

This Policy is effective from 25 May 2018

Who We Are

We are Merlewood Holiday Apartments.

You can find more information about us, including our full address on this website.

What Personal Data We Collect & Why We Collect It

Merlewood Holiday Apartments may collect the following information:

  1. Name, postal address and/or company name and address
  2. Contact information including telephone and email address
  3. Demographic information such as location, postcode, preferences and interests
  4. Other information relevant to customer surveys and (or) offers
  5. Relevant notes that enable us to better support to our visitors

Data is collected by Merlewood Holiday Apartments and its employees and occasionally it may be collected for branding and marketing.

Booking Forms

We collect the names of all guests who will be staying, the home address, email and telephone number of the person making the booking.   We are required by law to collect this information on all guests and do this by asking you to complete a booking form.

When supplied, contact email addresses are used to send you confirmation of your booking and to acknowledge receipt of deposit payments and booking forms.  Your telephone number will only be used to contact you in the case of an emergency and/or we have not been able to contact you by email.

Comments on Blog Articles

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


We will avoid uploading images with embedded location data (EXIF GPS) included and we ask you to do the same. Visitors to the website can download and extract any location data from images on the website.

Contact Forms

We use Contact Form 7 plugin, their Privacy Policy can be found here:

Information submitted through the contact forms on our website are sent to our email address. This plugin, in itself, does not:

  • track users by stealth
  • write any user personal data to the database
  • send any data to external servers
  • use cookies

We keep these form submissions for customer service purposes. They are never shared with third parties.


To serve you faster and with better quality, we use “cookies” technology. Cookies are small bits of code, usually stored on a user’s computer hard drive, which enable a Website or service to “personalize” itself for each user by uniquely identifying your browser.

We generally use cookies to improve the quality of our service, optimize your experience, reduce the time it takes for pages to load on your computer, storing user preferences, and tracking user trends, such as how people use our website in order to help us improve our service for you.

A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Further guidance on how to control cookies in your browser can be found on the Information Commissioner’s Office website.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Our Site Uses The Following Cookies:

  • Google Analytics Cookies: these are set for monitoring and tracking visitors behaviour on the site. Google Analytics cookie usage on websites can be found here:
  • Shareaholic Cookies: Shareaholic is compatible with the European General Data Protection Regulation (GDPR). Their Privacy Promise containing further details can be found on their website:
  • Limit Login Attempts Cookies: This is used by the Limit login attempts plugin to provide brute force security in logins by monitoring user cookies
  • WordFence Security Cookies: uses cookies for analysing trends, site administration, tracking user movement, and to gather demographic information. To meet GDPR compliance & for a list of cookies, please see here:
  • WordPress Cookies: these are used by WordPress as tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters to authenticate logged-in visitors, password authentication and user verification.

Embedded Content From Other Websites

Articles on this site may include embedded content, e.g. YouTube videos, images, articles, etc. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By using this website, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy and for the purposes set out above.

You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

What Is The Legal Basis For Processing The Data?

Data collected is done so on the basis of legitimate interest for the business activities of Merlewood Holiday Apartments, included also Recital 47 of the GDPR, “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

Who We Share Your Data With & How It Will Be Used

We will share your data with GDPR compliant Data Controllers for the legitimate business interests of Merlewood Holiday Apartments.

Data will be processed for the legitimate business interests of  Merlewood Holiday Apartments.

We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. However, some data is transferred and/or stored with third-party services we use, such as cloud-based services. This is done to provide you with a better overall service and user experience.

How Long We Retain Your Data

Data will be stored for the duration of a clients life with Merlewood Holiday Apartments and where data must be stored longer to fulfill duties of care and within the law.

We are required to keep data submitted via a booking form for 12 months.   These forms will be destroyed 12 months after your stay

If you leave a comment on our website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

How We Protect Your Data

Data is stored on GDPR compliant servers with GDPR compliant Data Controllers.

We protect customer data with the following site features:

  • We are entirely using SSL/HTTPS (displaying a secure green padlock) throughout our website. This encrypts our user communications with the servers so personal identifiable information is never captured by third parties without authorization
  • Databases are sanitized (actual user personal details are removed) before deploying to development or testing environment

What Data Breach Procedures We Have In Place

In case of a data breach, System administrators will immediately go through affected users and will attempt to reset passwords if needed after informing the user.

What Rights You Have Over Your Data

All data subjects have the right of portability and disclosure of the data held by Merlewood Holiday Apartments upon submission of a Subject Access Request and the right of erasure if outside of the legitimate business interest of Merlewood Holiday Apartments. 

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

For such requests, please email us here: /contact-us.

How Can You, The Data Subject, Raise A Complaint?

We suggest all complaints are forwarded to the ICO:

Where We Send Your Data

Unless stated otherwise elsewhere in this policy, your data remains in the UK.

Visitor comments may be checked through an automated spam detection service which may be outside of the UK.

Our Contact Information

Merlewood Holiday Apartments
383 Clifton Drive North
St. Annes on Sea

01253 726082

Your Acceptance of These Terms

By using this website, you signify your acceptance of this Policy.

Your continued use of the website following the posting of changes to this Policy will be deemed your acceptance of those changes.

This document was last updated on 16 October 2018