Corfe Castle: The dramatic ruins of a medieval stone fortress on a grassy hill, with a path leading up to the broken towers and walls under a cloudy sky.

Castle Journeys – Privacy Policy

Castle Journeys
Effective Date: 16/08/2025
Last Revised: 17/08/2025

Castle Journeys (“we,” “our,” or “us”) values your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit https://castlejourneys.com (the “Website”).

By using this Website, you consent to the practices described in this Privacy Policy.

1. Data Controller

Castle Journeys is the data controller responsible for this Website.

You can contact us using the details provided in the Contact Information section below.

2. Categories of Data Collected

We may collect the following categories of personal and non-personal data:

  • Identifiers: name, email address, postal address, IP address, online identifiers.
  • Contact Information: correspondence via email or contact forms.
  • Usage Data: browser type, operating system, pages viewed, time spent, referring websites.
  • Cookies & Tracking Data: collected via cookies and similar technologies.
  • Voluntary Data: information you provide when signing up for newsletters, leaving comments, or participating in surveys.

We process personal data under the UK GDPR on the following legal bases:

  • Consent: where you have given clear consent (e.g., newsletters, non-essential cookies).
  • Contractual necessity: to respond to enquiries or deliver a service requested.
  • Legitimate interests: to maintain website security, improve content, and prevent fraud.
  • Legal obligations: where processing is required under UK law.

4. Cookies & Similar Technologies

We use essential and non-essential cookies. Non-essential cookies (e.g., analytics, marketing) will only be set with your consent.

You may manage or disable cookies in your browser settings. Further details are set out in our Cookie Policy.

5. Third-Party Sharing

We may share personal data with:

  • Service Providers (e.g., web hosting, analytics, email delivery platforms).
  • Legal/regulatory authorities where disclosure is required by law.
  • Business transfers such as a merger or sale of assets.

We do not sell personal information to third parties.

6. Marketing Communications (PECR)

In compliance with the UK Privacy and Electronic Communications Regulations (PECR), we will only send you marketing emails if you have opted in. You may withdraw your consent at any time by clicking the unsubscribe link in our emails or contacting us.

7. Your Rights (UK GDPR)

You have the following rights under the UK GDPR:

  • Access – request a copy of the personal data we hold about you.
  • Correction – request corrections to inaccurate or incomplete data.
  • Erasure – request deletion of your personal data (“right to be forgotten”).
  • Restriction – request that we limit the processing of your personal data.
  • Data Portability – request a machine-readable copy of your data.
  • Objection – object to processing based on legitimate interests, including direct marketing.

To exercise these rights, please contact us at contact@castlejourneys.com.

8. Right to Complain

If you are unhappy with how we have collected or used your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://www.ico.org.uk.

9. Data Retention

We retain personal data only as long as reasonably necessary for the purposes set out in this Policy, or as required by law. For example:

  • Contact form enquiries: generally up to 24 months.
  • Newsletter subscription data: until you unsubscribe.
  • Analytics data: in line with service provider retention defaults (e.g., Google Analytics).

10. Security Measures

We implement technical and organisational measures, including:

  • Encrypted transmission (HTTPS).
  • Password-protected systems and access controls.
  • Periodic hosting environment monitoring.

While we take appropriate precautions, no method of transmission or storage is 100% secure.

11. Data Breach Notification

If a data breach occurs that may pose a risk to your rights and freedoms, we will:

  • Notify the ICO within 72 hours, where required.
  • Notify affected individuals without undue delay if required by law.

12. International Data Transfers

If your data is transferred outside the UK (for example, where we use an overseas service provider), appropriate safeguards such as Standard Contractual Clauses are implemented to ensure your personal data is protected.

13. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of England and Wales, and disputes will be subject to the exclusive jurisdiction of the courts of England and Wales.

14. Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a new “Last Revised” date.

15. Contact Information

Castle Journeys (Data Controller)
Email: contact@castlejourneys.com