Gift Vouchers Book Now
Menu
Facebook Instagram

Privacy Policy

Last updated: 23rd December 2025

1. Who We Are

Castle Lodge Ludlow Limited (“we,” “us,” or “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller:
Castle Lodge Ludlow Limited
Castle Lodge

Castle Square

Ludlow

Shropshire

United Kingdom

SY8 1AY
info@castlelodgeludlow.co.uk

 
2. Personal Data We Collect

We may collect and process the following personal data:

Name, address, email address, and phone number
Reservation and stay details
Payment and billing information
Identification details (such as passport or ID, where legally required)
Special requests or accessibility needs
CCTV images in public areas of the hotel
Website usage data (if you book or browse online)
 
3. How We Collect Your Data

We collect personal data when you:

Make a booking (online, by phone, or in person)
Stay at or visit our hotel
Contact us by email, phone, or in person
Use our website or Wi-Fi services
 
4. Lawful Basis for Processing

Under UK GDPR, we process your personal data based on:

Contract: to manage your booking and stay
Legal obligation: to comply with UK laws (e.g. guest registration)
Legitimate interests: to operate and improve our services safely
Consent: where you have given clear permission (e.g. marketing emails)
 
5. How We Use Your Data

We use your personal data to:

Manage reservations and provide accommodation
Process payments and invoices
Communicate with you about your stay
Meet legal and regulatory requirements
Maintain safety and security on our premises
Improve our services and guest experience
 
6. Sharing Your Data

We do not sell your personal data. We may share it with:

Payment providers and booking platforms
IT and hotel management system providers
Professional advisers (accountants, legal advisers)
Law enforcement or authorities where legally required
All third parties are required to keep your data secure and confidential.

 
7. Data Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, or disclosure.

 
8. Data Retention

We keep your personal data only for as long as necessary for the purposes outlined in this policy, or as required by UK law (e.g. tax or legal obligations).

 
9. Your Data Protection Rights

Under UK GDPR, you have the right to:

Access your personal data
Request correction of inaccurate data
Request erasure of your data
Restrict or object to processing
Data portability (where applicable)
Withdraw consent at any time
To exercise your rights, please contact us using the details above.

 
10. Cookies and Website Use

Our website may use cookies to improve functionality and user experience. You can manage cookie settings through your browser or our cookie banner.

 
11. CCTV

CCTV operates in public areas of the hotel for safety and security. Footage is retained only for a limited period unless required for investigation purposes.

 
12. Marketing Communications and Consent

We may use your personal data (such as your name and email address) to send you marketing communications about offers, promotions, and updates related to Castle Lodge.

Lawful Basis

We will only send marketing communications where:

You have explicitly opted in to receive them, or
We have a legitimate interest to contact you about similar services, and you have not opted out (in line with the Privacy and Electronic Communications Regulations – PECR).
How We Obtain Consent

Consent may be obtained when you:

Make a booking online or in person
Tick a marketing consent box on a form or website
Subscribe to our mailing list
Consent is optional and is not required to complete a booking.

Opting Out / Withdrawing Consent

You can withdraw your consent or opt out of marketing communications at any time by:

Clicking the “unsubscribe” link in our emails, or
Contacting us directly using the details in this Privacy Policy
Once you opt out, we will stop sending marketing communications, but we may still contact you for service-related or legal reasons (e.g. booking confirmations).

Third-Party Marketing

We do not share your personal data with third parties for their own marketing purposes.

 
13. Complaints

If you are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Website: www.ico.org.uk

 
14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.