10% repeat guest discount added automatically to all prices. Save more with weekly and early bird discounts.

Booking Enquiry

Privacy Policy for Irton Manor and Associated Properties

Last updated: 6 October 2025

1. Who we are

Irton Manor (“we”, “our”, “us”) operates the website https://irtonmanor.co.uk and manages holiday accommodation at Irton Manor and associated properties in North Yorkshire.

For privacy-related enquiries, please contact us at:

Postal address: Irton Manor, Moor Lane, Irton, Scarborough, YO12 4RW

We are registered with the Information Commissioner’s Office (ICO) in the United Kingdom.

2. Information we collect

We collect and process information you provide directly to us, or that is necessary to provide our services, including:

  • Booking and enquiry forms: name, contact details, stay dates, property, message, and any special requests.
  • Guest check-in details: names of all staying guests (including children over 2 years old), contact numbers, arrival and departure times, and emergency information required for safety and insurance.
  • Payment processing: handled by Stripe, our secure payment provider. Stripe processes your payment details in accordance with PCI-DSS standards. We do not store or have access to your full card information.
  • Third-party bookings: where you book via Airbnb, we receive only the information necessary to manage your reservation under Airbnb’s privacy terms.
  • Technical and security data: IP address, browser type, and device information collected automatically for security, maintenance, and performance monitoring.
  • Local storage data: temporary form drafts saved in your browser to prevent data loss when filling forms.

We do not use analytics, tracking cookies, or advertising technologies.

3. How we use your information

Your information is used for:

  • Managing enquiries, bookings, and guest check-ins;
  • Communicating before, during, and after your stay;
  • Processing payments and refundable deposits via Stripe;
  • Meeting legal, insurance, and safety obligations;
  • Maintaining security, preventing fraud, and protecting the property.

We do not sell or share your information for marketing purposes.

4. Legal bases for processing

Under the UK GDPR, we rely on the following lawful bases:

  • Contract: to provide accommodation and related services;
  • Legitimate interests: to maintain security, respond to enquiries, and improve services;
  • Legal obligation: to meet safety, tax, or insurance requirements;
  • Consent: only if we explicitly ask for and receive it.

5. Data sharing

We may share information with:

  • Stripe, for secure payment processing (we never see or store card numbers);
  • Airbnb, if your booking is made via their platform;
  • Authorised staff, contractors, or representatives, where required to manage bookings or maintenance;
  • Law enforcement or regulatory bodies, if required by law.

We do not transfer your personal data outside the UK, except as required by third-party service providers who ensure equivalent data protection safeguards.

6. Cookies, Local Storage and Embedded Content

No tracking cookies are used on this website.

However, some technologies function similarly to cookies and are covered here for transparency:

  • Cloudflare Turnstile: used to verify human visitors and protect forms from spam. It may set short-lived, strictly necessary cookies. These are essential for site security and do not track users.
  • Form drafts: saved locally in your browser using window.localStorage so you don’t lose information if a page refreshes. This data never leaves your device.
  • OpenStreetMap embeds: maps displayed via iframe. These do not set cookies or collect personal data. If OpenStreetMap changes its policy to include tracking technologies, this section will be updated.

As these are strictly necessary for security and functionality, no banner or consent mechanism is required.

7. Data retention

  • Enquiries and bookings: retained for as long as required to manage the booking and comply with legal obligations (typically up to 6 years for accounting purposes).
  • Guest registration forms: retained securely for the period required by insurance and public-safety regulations.
  • Local storage drafts: remain only on your browser and can be cleared manually at any time.
  • Payment data: held by Stripe in accordance with financial-regulation requirements.

8. Your rights

Under UK GDPR, you have the right to:

  • Access a copy of your personal data;
  • Request correction or erasure of inaccurate information;
  • Object to or restrict processing;
  • Request portability of data you have provided;
  • Lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been mishandled.

To exercise your rights, please contact us at the address listed above.

9. Security

We use technical and organisational measures to protect your information, including encrypted connections (SSL/TLS), secure hosting, and restricted access to booking systems. No system can be guaranteed fully secure, but we take all reasonable steps to prevent unauthorised access or disclosure.

10. Children

We do not market or provide services directly to minors. We may collect names and ages of children over 2 years old onlyfor guest registration and safety compliance, and this information is used solely for that purpose.

11. External links

Our website contains links to Airbnb listings. When you leave our site to use Airbnb or any other third-party platform, their own privacy policies and practices will apply. We are not responsible for their data collection or cookie practices.

12. Changes to this policy

We may update this Privacy Policy from time to time. The most recent version will always be available on our website, with the “Last updated” date shown above.