Privacy Policy
How Hilston Park collects, uses, and protects personal information under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Privacy Policy
Hilston Park respects the privacy of the people who contact us, stay with us, or visit our website. When someone books accommodation, arranges a school residential, sends an enquiry, or attends an organised visit, they share information with us so we can manage that booking properly and communicate clearly. This Privacy Policy explains what information we collect, how we use it, and the responsibilities we follow under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy applies to the Hilston Park website, our booking systems, enquiry forms, and direct communication with guests, schools, organisations, and group organisers. Please read this policy alongside our Terms & Conditions and Safeguarding Policy.
Who We Are
Hilston Park operates as an outdoor learning and residential venue near Monmouth, Wales. The business operates under HILSTON PARK LIMITED, registered in England and Wales under company number 12944054. The property, including the wider estate used for residential stays and visits, is registered with HM Land Registry under the title numbers CYM828361 and WA708717.
To reach us: Email: privacy@hilstonpark.com | Phone: +44 (0) 1600 240033
Information We Collect
We only request information that supports the safe and practical delivery of our services.
Personal information: name, email address, phone number, postal address, organisation or school name, and information submitted through enquiry or booking forms.
Booking and operational information: arrival and departure dates, group size and participant details, room or accommodation preferences, dietary requirements, accessibility needs, and emergency contact details.
Technical data: the page where a form was submitted, submission date and time, referral source, traffic medium, browser type, device information, and technical IP-related data.
For educational and youth group bookings, we may collect additional information required for safeguarding, SEN support planning, accommodation arrangements, or activity coordination.
How We Collect Your Information
We may collect your information:
- When you contact us by email or telephone
- When you submit an enquiry through our website
- When you make a booking request for accommodation, a residential stay, or a group visit
- When you confirm a booking with us
- When you provide details needed to manage your stay, including group size, rooming, or arrival information
- When you share dietary requirements, accessibility requirements, or emergency contact details for group bookings
- When you contact us before, during, or after your visit
For school groups, youth organisations, and under-18 bookings, we may also collect additional information from group leaders where it is required for safeguarding and supervision.
Our Lawful Basis for Using Personal Information
Contractual necessity: We process information when it is necessary to manage bookings, arrange accommodation, coordinate residential visits, process payments, communicate about bookings or enquiries, or provide customer support. Without this information, we may not be able to provide the services requested.
Legitimate interests: We may process information where it supports the normal operation of Hilston Park, including improving website performance, preventing misuse of our forms and systems, managing internal administration, maintaining security, and reviewing booking activity and visitor trends.
Consent: We rely on consent for activities such as optional marketing communications. People can withdraw consent at any time by contacting us or using the unsubscribe option included in marketing emails.
Legal obligations: We may process personal information where required to meet legal, financial, regulatory, safeguarding, or health and safety obligations.
Data Relating to Children and Under-18 Groups
Hilston Park works closely with schools, youth organisations, and colleges, and supervises under-18 groups. We do not allow guests under 18 to make independent bookings. A parent, legal guardian, school, organisation, or authorised group leader must manage the booking.
Where schools or organisations provide participant information, they remain responsible for ensuring they have the permissions, parental consents, and lawful basis for sharing that information with Hilston Park. Further information about supervision, safeguarding responsibilities, and child protection arrangements is available in our Safeguarding Policy.
Cookies and Tracking Technologies
We use cookies and similar technologies to support website functionality and understand how visitors use our site. Cookies may be used to maintain website performance, analyse visitor behaviour, improve navigation and content, and support security and spam prevention.
| Type | Purpose |
|---|---|
| Essential Cookies | Required for website functionality |
| Analytics Cookies | Help us understand website usage |
| Preference Cookies | Remember user settings |
| Third-Party Cookies | Set by external services such as analytics tools |
You can control or disable cookies through your browser settings. Some parts of the website may not function properly if cookies are disabled.
Sharing Your Information
We do not sell or rent personal data. We may share information with trusted third parties who support our operations, including booking systems, payment processors, website hosting providers, analytics providers, and communication tools. We may also disclose information where required by law, to protect safety and security, in response to lawful requests from authorities, or during business restructuring or system changes.
Data Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. Access to personal data is restricted to staff and providers who need it to perform their role.
No system connected to the internet can be guaranteed completely secure, but we apply reasonable safeguards to reduce risk.
How We Store and Retain Information
We keep information for different lengths of time depending on the purpose for which it was collected.
| Type of Information | Typical Retention Period |
|---|---|
| General enquiries | Up to 12 months |
| Booking and invoice records | Up to 7 years |
| Marketing preferences | Until consent is withdrawn |
| Website analytics data | Based on analytics platform settings |
| Safeguarding-related records | Retained according to legal and operational requirements |
We retain personal information only for as long as necessary for operational, legal, safeguarding, financial, or administrative purposes.
Third-Party Booking Platforms and Service Providers
Some bookings may be made through third-party platforms such as Booking.com or Airbnb. Bookings made through those services remain subject to their own terms, policies, and processing practices.
Hilston Park may also work with third-party providers that support website hosting, enquiry forms, booking systems, payment processing (PCI DSS compliant), analytics, and email communication. These providers may include Web3Forms, Q-Book, Google Analytics, Google Tag Manager, and Webflow. We only work with providers that support appropriate data protection and security standards relevant to their services.
Marketing Communications
Hilston Park may occasionally send updates on residential stays, events, educational visits, accommodation, or venue-related news to those who have chosen to receive them. We do not send marketing emails to people who have not opted in, where consent is required by law. People can unsubscribe from marketing communications at any time.
Your Rights
Under data protection law, you have the following rights:
- Right to be informed: you have the right to know how we use your data
- Right of access: you can request a copy of your personal data (Subject Access Request)
- Right to rectification: you can ask us to correct inaccurate or incomplete data
- Right to erasure: you can request deletion of your personal data where applicable
- Right to restrict processing: you can ask us to limit how we use your data
- Right to object: you can object to certain types of processing, including marketing
- Right to data portability: you can request the transfer of your data to another provider where applicable
To exercise these rights, contact: privacy@hilstonpark.com. We may request proof of identity before processing your request.
Changes to This Privacy Policy
We may update this Privacy Policy when necessary to reflect legal, operational, or service changes. We recommend reviewing this page periodically. Last updated: 14th May 2026.
See also: Safeguarding Policy | Terms & Conditions | Contact Hilston Park