Privacy Policy

Privacy Policy

Last updated: October 31st 2025

1. Who We Are

Wren Farm Ltd (“we”, “us”, “our”) operates Wren Farm Retreats, a countryside lodge and retreat business based in the United Kingdom.
Registered address: Corner House, Helsey Lane, Helsey, Hogsthorpe, Skegness, PE24 5PE, United Kingdom.
Company number: 13256991
Email: andrew@wrenfarmretreats.co.uk
Data Protection Officer: Andrew Lowes

We act as the data controller for the personal information you provide through our website and bookings. We are committed to protecting your privacy and handling your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect

When you interact with us through our website, third-party booking platforms, or by direct contact, we may collect the following personal information:

  • Your name and contact details (email address, telephone number)
  • Booking details such as date of stay, number of guests, lodge booked
  • Messages, enquiries or feedback submitted through our website or by email
  • Reviews you post publicly on third-party platforms which we may display on our website
  • Your name and email address if you sign up for updates or newsletters

We do not process any special category data (such as health or biometric information).

3. How We Collect Your Personal Data

We collect your personal data in one or more of the following ways:

  • Directly from you, when you submit a contact form, send an email, book with us, or sign up for updates.
  • From third-party booking platforms (such as Lodgify or partner sites) when you make a booking or enquiry.
  • Via our website, which uses cookies and tracking tools for bookings, analytics and reviews, subject to your consent.

4. How We Use Your Personal Data

We use your information to:

  • Respond to enquiries and provide customer support.
  • Manage and fulfil bookings made via our website or booking partners.
  • Display reviews and feedback that you have posted publicly.
  • Send updates or newsletters if you have opted in to receive them.
  • Maintain business, accounting and legal records as required.

The lawful bases for our processing are:

  • Article 6(1)(b) – Contractual necessity (to provide accommodation and related services you’ve requested).
  • Article 6(1)(c) – Legal obligation (to maintain accounting and business records).
  • Article 6(1)(f) – Legitimate interests (to communicate with guests, manage bookings, and improve our services).

5. Payment Processing

All payments made through our website or booking partners are handled securely via Lodgify, which uses Stripe as its payment gateway.
We do not store or have access to any credit or debit card details. All payment data is encrypted and processed under recognised PCI-DSS security standards.

6. Cookies, Tracking Tools and Consent

Our website uses essential cookies, analytics, and review-widget cookies:

  • Necessary cookies – enable core functions such as lodge bookings.
  • Analytics cookies – used through Google Analytics 4 (via Google Tag Manager with Consent Mode v2) to help us understand how visitors use our site and improve user experience.
  • Review-widget cookies – used to display client feedback and enhance site functionality.

We use CookieHub to manage consent preferences. You can set, update, or withdraw your cookie preferences at any time using the banner on our website. Non-essential cookies are only activated after you have provided consent.

7. Data Sharing and International Transfers

We share your personal data only when necessary to provide our services. This may include:

  • Lodgify (our booking management system), which acts as a processor on our behalf. Lodgify operates within the European Economic Area (EEA).
  • Airbnb or other booking platforms where you make a booking through their system.
  • Webflow, which hosts our website.

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as recognised data transfer mechanisms under the UK GDPR.
We do not sell or share your personal data with third parties for marketing purposes.

8. Retention of Your Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected.

  • Booking and payment data may be kept as required by tax and legal obligations.
  • Enquiry or contact-form data is reviewed periodically and deleted when no longer needed.

If you would like details about specific retention periods, please contact us.

9. Security of Your Data

We take data security seriously and use appropriate technical and organisational measures to protect your personal information.
These include:

  • Secure (HTTPS) encryption across our website.
  • Password protection and restricted access for staff.
  • Regular updates to our website platform and hosting environment.
  • Use of trusted third-party processors such as Lodgify and Stripe.

Although we take every reasonable precaution, no online system is completely secure. We encourage you to take care when sharing personal information online.

10. Your Data Protection Rights

Under the UK GDPR, you have the following rights:

  • Access – request a copy of the personal data we hold about you.
  • Rectification – correct inaccurate or incomplete data.
  • Erasure – request deletion of your data in certain circumstances.
  • Restriction – request that we limit how we process your data.
  • Objection – object to processing carried out on the basis of legitimate interests.
  • Portability – request transfer of your data to another service provider.
  • Withdraw consent – where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please email andrew@wrenfarmretreats.co.uk. We will respond within one month, as required by law.

11. Marketing Communications

We do not currently send marketing emails or newsletters unless you have opted in to receive them.
If you sign up to our updates or mailing list, we will send occasional information about new lodges, offers, or farm updates.
You can unsubscribe at any time by following the link in the message or contacting us directly.

12. Children’s Data

Our services are intended for adults. We do not knowingly collect personal data from children under 16, except where it is provided by a parent or guardian as part of a family booking.

13. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or significant effects for individuals.

14. Complaints

If you have any concerns about how we process your personal data, please contact us at andrew@wrenfarmretreats.co.uk.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which oversees data protection in the UK.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, and the “Last updated” date at the top reflects the most recent revision.

16. Contact Us

If you have any questions about this policy or how we handle your data, please contact:
Email: andrew@wrenfarmretreats.co.uk
Address: Corner House, Helsey Lane, Helsey, Hogsthorpe, Skegness, PE24 5PE