LITTLE FISH ESCAPES
Privacy Policy
This Privacy Policy explains how Little Fish Lifestyle Limited (trading as Little Fish Escapes) collects, uses, stores and protects your personal information when you book or enquire about a stay at one of our properties on Anglesey (Cil-y-Gwynt, Llain-y-Brenin, and the Shepherd's Hut). We are committed to protecting your privacy and handling your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who We Are
Data Controller: Little Fish Lifestyle Limited (trading as Little Fish Escapes)
Registered office: 107 Glebe Road, Cambridge CB1 7TE
Company number: 10646581
Contact: Sarah Cross · bookings@littlefishescapes.com
What Information We Collect
We collect the following categories of personal information when you enquire about, book, or stay at one of our properties:
Identity and contact details — name, email address, postal address, phone number, and (for verification purposes only) a photograph of photo ID where required.
​
Booking details — dates, property selected, number and ages of guests, dietary requirements, accessibility needs, dog details, and any special requests.
Payment information — payment is processed via secure third-party providers (SuperControl payment processor, GoCardless, or by bank transfer). We do not store full card details on our own systems. We retain transaction references and amounts paid for accounting purposes.
Stay information — arrival / departure times, supplier details (chef, caterer, etc.) where you have authorised these to come on-site, and any incidents or damage reports.
​
Marketing preferences — only where you have opted in. We do not add guests to marketing lists by default.
​
Communications — emails, messages and call notes relating to your booking.
Security footage — video footage from external CCTV cameras and smart video doorbells installed at certain entry points around our properties, for security purposes. Audio recording is disabled on these devices.
How We Collect Your Information
Directly from you, when you make an enquiry, complete a booking form, or correspond with us by email, phone or message.
From booking platforms (Airbnb, Booking.com, Vrbo, etc.) when you book through these channels.
From our property management system (SuperControl), which stores booking data on our behalf.
Why We Process Your Information (Lawful Basis)
To perform our contract with you (managing your booking, taking payment, handling check-in and check-out, providing services during your stay).
To comply with our legal obligations (HMRC accounting requirements, health and safety, fire safety records, insurance).
For our legitimate interests (responding to enquiries, improving the guest experience, managing supplier relationships, debt recovery if necessary).
For the protection of our property, our team and our guests (legitimate interest) — by maintaining external CCTV and smart video doorbells at certain entry points around our properties.
​
With your explicit consent (marketing communications only).
Who We Share Your Information With
We share only the minimum necessary information with the following parties:
Our in-house management team (House Manager, Housekeeping, Maintenance, Grounds) — to deliver your stay.
External suppliers you have authorised to come on-site (private chefs, florists, photographers, etc.) — limited to what they need to deliver their service.
Payment processors (SuperControl payment partner, GoCardless, our bank) — for payment processing.
Our accountants (PEM Accountants) — for financial reporting.
Our insurers — only where there is a claim or incident.
Third-party booking platforms — where you have booked through them.
Police or other regulatory bodies — only where required by law or to investigate a security incident at the property.
HMRC and other regulatory bodies — where legally required.
We do not sell your personal information to anyone.
International Transfers
Most of our processing takes place within the UK. Where any of our suppliers process data outside the UK (for example, certain payment processors), we ensure that appropriate safeguards are in place under UK GDPR.
How Long We Keep Your Information
Booking and financial records: 7 years from the end of the relevant tax year, in line with HMRC requirements.
Marketing preferences: until you withdraw consent.
Enquiries that do not result in bookings: 24 months.
Incident records: 7 years (for insurance purposes).
CCTV and video doorbell footage: 30 days from recording, after which it is automatically deleted (or sooner if not required for an active incident).
Your Rights
Under UK GDPR you have the right to:
• Request access to the personal information we hold about you (subject access request)
• Have inaccurate information corrected
• Have your information erased where there is no legal basis to retain it
• Restrict our processing of your information in certain circumstances
• Object to processing based on legitimate interests
• Receive your information in a portable format
• Withdraw consent at any time (where consent is the lawful basis)
To exercise any of these rights, please contact bookings@littlefishescapes.com.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have mishandled your personal information.
Security
We take appropriate technical and organisational measures to protect your information against unauthorised access, loss or disclosure. These include access controls, encrypted storage and regular review of our processes.
Changes To This Policy
We may update this Privacy Policy from time to time. The most recent version will always be available on our website at littlefishescapes.com.
