Data Protection & Privacy Policy

Data Protection and Privacy Policy

Who We Are

Garleton Lodge Limited (‘The Company’) operates Garleton Lodge Hotel & Restaurant in East Lothian

The Company stores and uses Guest Data as follows:

Guest Data is restricted to basic details provided by the guest – name, address, phone number, email address and guest specific requests.

Guest Data is held securely in paper form on-site and electronically by our software and service providers.

We have data sharing agreements in place with each of our service providers.

Guest Data is held purely for the purposes of managing Garleton Lodge bookings and for contacting guests on legitimate and necessary Garleton Lodge business. This will include the occasional newsletter email with Garleton Lodge specific news and offers. Each newsletter will contain an ‘Unsubscribe’ button which can be activated at any time.

Guest Data is not used by, or sold to, any third party.

Guest Data will be held until the January following the 5th anniversary of the guest’s most recent visit to Garleton Lodge. Email addresses in the marketing database that have not opened a newsletter in the previous 12 months will deleted from the database each January.

For completeness, an annual audit of electronic Guest Data is carried out to ensure old data is removed and destroyed. Old electronic data is deleted from the relevant database and related emails are deleted.  

Access to and rectification or erasure of personal information

Our guests have the right to access, rectify or request erasure or restriction of processing of any information The Company may have collected, at any time, subject to the prevailing Data Protection legislation in force at that time.

If you would like to do so, or if you have any other queries about this policy, please contact our Data Compliance Officer, David Cockerton at Any comments or complaints should also be directed to David Cockerton at the same address.

Training of Data Processors and Data Breaches

Data Processor numbers are kept to a minimum. They include the owners of Garleton Lodge, David Cockerton and Angela Cockerton as well as their son, Mark Richardson.

Each Data Processor has a personal, secure login and password for the Hotel Management System and only Data Processors can access paper-based Guest Data.

Data Processors receive training on an annual and ongoing basis regarding The Company’s policies and, changes to policies, regarding the handling of Guest Data.

The Company’s Data Breach Policy follows the protocols defined by the GDPR legislation.

Website Compliance

The Company regularly reviews the Garleton Lodge website for GDPR compliance and makes updates as appropriate. The website uses the HTTPS protocol and is in addition otherwise currently compliant.

Internet Security

The Internet is inherently insecure. Personal information submitted by means of the Internet may be vulnerable to unauthorised access by third parties. Submission of personal information using the Internet is at the guest’s own risk. We will take reasonable and appropriate technical measures to ensure that your personal information is stored in a secure manner. However, we shall have no liability for disclosure of data due to errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as ‘Hacking’. Any transmission of personal information on or through the use of our website is at the guest’s own risk.


Like most websites, we use cookies.

Cookies are small pieces of data that websites store in their visitors’ web browsers. Other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, are used for similar purposes. In this policy, we refer to all of these technologies as “cookies”.

Cookies help to improve our services and give you a better experience. For example, they can show us which pages people visit most often, and which are not getting as much attention

If you wish to block cookies you can do this in your browser settings.


If you provide us with your email address we may send you emails, either in reply to specific enquiries (such as one made using a booking or contact form) or if you have opted in to our email newsletters. You have the ability to opt out of any of this communication at any time.

We will never provide your personal information or email address to any third parties except where they are specifically employed to help deliver our own services.

Facebook, Twitter and other social networks

These services provide social buttons and similar features which we use on our website – such as the “Like” and “Tweet” buttons.

To do so we embed code that they provide and we do not control ourselves. To function, their buttons generally know if you’re logged in; for example Facebook uses this to say “x of your friends like this”. We do not have any access to that information, nor can we control how those networks use it.

Social networks therefore could know that you’re viewing this website, if you use their services (that isn’t to say they do, but their policies may change). As our website is remarkably inoffensive we imagine this is not a concern for most users.

Google Analytics

We measure visitors to our website using Google Analytics. This records what pages you view within our site, how you arrived at our site and some basic information about your computer, such as the web browser you use and the screen resolution. All of that information is anonymous – so we don’t know who you are; just that somebody visited our site.

The information we collect from Google Analytics helps us understand what parts of our site is doing well, how people arrive at our site and so on. Like most websites, we use this information to make our website better.

Any data collected by Google Analytics that is associated with cookies, user identifiers or advertising identifiers is retained for a period of up to 26 months.

Booking engine

We use FreeToBook to take bookings through our website. We do this to provide a reliable and secure booking process while concentrating on our real business of hospitality. Any personal information you share when making a booking will be shared with FreeToBook in order to process it.

Buying gift vouchers

When you order a gift voucher on our website we will record specific personal information about you, such as your name and email address.

We also log account and transaction history for accounting purposes, and to monitor our business activities. Your information whether public or private, will not be sold, exchanged, transferred or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.