Privacy Policy

Privacy Policy

Last updated: October 2025

1. Who We Are

Wren Farm Ltd (“we”, “us”, “our”) operates Wren Farm Retreats, a countryside lodge and retreat business based in the United Kingdom.
Registered address: Corner House, Helsey Lane, Helsey, Hogsthorpe, Skegness, PE24 5PE, United Kingdom.
Company number: 13256991
Email: help@wrenfarmretreats.co.uk
Data Protection Officer: Andrew Lowes

We are the controller of personal data collected through our website wrenfarmretreats.co.uk and are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect

We collect and process personal information that you provide when interacting with us, such as:

• Your name and contact details (email, phone number)
• Booking details (date of stay, number of guests, lodge booked)
• Messages or enquiries submitted via our website contact form
• Reviews that you post on third-party platforms (such as Airbnb or Lodgify) which we may display on our website

We do not collect or process any special category data (such as health or biometric information).

3. How We Collect Personal Data

We collect personal data in the following ways:

• Directly from you, when you submit a contact form or send us an email.
• Through third-party booking platforms such as Lodgify (our property management system) or Airbnb, when you make a booking or enquiry.

Our website itself does not currently use cookies or tracking tools.

4. How We Use Your Personal Data

We use your information for the following purposes:

• To respond to enquiries and provide customer support
• To manage and fulfil bookings via Lodgify and Airbnb
• To display reviews and feedback that you’ve posted publicly
• To maintain business and financial records for legal and tax purposes

We rely on the following lawful bases for processing:

• Contractual necessity: to provide the accommodation and related services you’ve requested.
• Legitimate interests: to manage communication, handle enquiries, and improve our services.
• Legal obligation: to maintain records as required by law.

5. Payment Processing

Payments for bookings are handled securely through Lodgify, which uses Stripe as its payment gateway.
We do not store or have access to any credit or debit card details.
All payment data is encrypted and processed under PCI-DSS security standards.

6. Data Sharing and International Transfers

We share your personal data only when necessary to deliver our services. This may include:

• Lodgify, based in Spain, which manages bookings and stores customer data securely on our behalf.
• Airbnb, when bookings are made via their platform.
• Our web hosting provider, which securely hosts our website within the UK/EU.

Where data is transferred outside the UK/EU (for example, to Lodgify servers in Spain), appropriate safeguards are in place under the UK GDPR and EU adequacy decision for data transfers.

We do not sell or share your data with any third parties for marketing or advertising purposes.

7. Data Retention

We retain contact form messages indefinitely to maintain context for future customer communications.
Booking and related transaction data are kept only for as long as necessary for accounting, legal, or business purposes.
You may request deletion of your personal data at any time (see Section 9).

8. Security of Your Data

We take data security seriously and have implemented measures to protect your information, including:

• Secure (HTTPS) encryption across our website
• Password protection and role-based access for staff systems
• Regular security updates to our website and hosting platform
• Use of secure third-party processors (Lodgify and Stripe)
• Limited access to personal data only by authorised staff

While we take all reasonable precautions, no online system is completely secure, so we encourage users to take care when sharing personal information.

9. Your Data Protection Rights

Under the UK GDPR, you have the following rights:

• Access: request a copy of your personal data we hold.
• Rectification: correct inaccurate or incomplete information.
• Erasure: request deletion of your personal data.
• Restriction: limit how we process your data.
• Objection: object to certain types of processing.
• Portability: request transfer of your data to another service provider.

To exercise any of these rights, please email help@wrenfarmretreats.co.uk.
We will respond within one month as required by law.

10. Marketing

We do not send marketing emails or newsletters, and we will never use your contact details for marketing purposes without your explicit consent.

11. Children’s Data

Our website and services are not intended for children under the age of 16, and we do not knowingly collect their personal data.

12. Changes to This Policy

We may update this privacy policy from time to time. The latest version will always be available on our website, and the “Last updated” date will reflect the most recent revision.

13. Contact Us

If you have any questions about this policy or how your data is handled, please contact:
Email: help@wrenfarmretreats.co.uk
Address: Corner House, Helsey Lane, Helsey, Hogsthorpe, Skegness, PE24 5PE

If you’re unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk.