Privacy Policy
Last updated: August 2025
We respect your privacy and are committed to protecting your personal information (“personal data”). This notice explains how we look after your personal data, your rights, and how the law protects you.
If you have any questions, please contact us at: The Bedford Hotel, Esplanade, Sidmouth, Devon, EX10 8NR, call 01395 513047 or email reservations@bedfordhotelsidmouth.co.uk
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO): www.ico.org.uk.
1. How we collect personal data
We may collect personal data when you:
- Book or enquire about a stay with us
- Contact us by phone, email, post, or in person
- Request marketing or sign up for offers
- Enter competitions or surveys
- Leave feedback or reviews
We may also receive personal data from trusted partners (e.g. booking providers, travel agents) or public sources.
2. How we use your personal data
We only use your personal data where the law allows. Examples include:
Purpose | Lawful Basis |
Registering and managing your booking | Performance of a contract |
Processing payments, fees and charges | Performance of a contract |
Debt recovery, fraud prevention | Legitimate interests |
Notifying you about changes to services, policies, or terms | Legal obligation / Legitimate interests |
Administering our website, IT and security | Legitimate interests / Legal obligation |
Marketing relevant offers and services | Legitimate interests / Consent (where required) |
We will not sell your data to third parties.
3. Marketing
- You may receive marketing communications from us if you have booked with us, requested information, or opted in.
- We will ask for your explicit consent before sharing your data with third parties for marketing.
- You can opt out anytime by contacting us.
4. Cookies
We use cookies to improve your browsing experience. For details, please see our Cookie Policy.
5. Sharing your personal data
We may share your personal data with:
- MiHi Digital – website, marketing support
- Wilde Marketing – marketing support
- Mews – online booking system
- Klaviyo – email marketing (data may be transferred outside the UK/EU with appropriate safeguards)
- Professional advisers (lawyers, auditors, insurers, banks)
- HMRC and regulatory authorities where required by law
We require all third parties to respect your data and use it only in accordance with our instructions.
6. International transfers
If we transfer data outside the UK/EEA (e.g. via Klaviyo in the USA), we ensure it is protected through approved safeguards such as UK/EU Standard Contractual Clauses.
7. Data security
We have measures in place to protect your data from loss, misuse, or unauthorised access. Access is limited to staff and trusted partners with a genuine business need.
If a data breach occurs, we will notify you and the ICO where legally required.
8. Data retention
We will only keep your data for as long as necessary, considering:
- Legal, tax, and accounting requirements
- The purpose of collection (e.g. bookings, contracts)
In some cases, we may anonymise your data for research or statistical use.
9. Your rights
You have the right to:
- Access your personal data (a “data subject access request”)
- Correct inaccurate or incomplete data
- Request erasure of your data (where legally possible)
- Object to processing based on legitimate interests or marketing
- Restrict processing in certain circumstances
- Request transfer of your data to you or a third party
- Withdraw consent (where processing is based on consent)
We aim to respond within one month. No fee is required unless requests are unfounded, excessive, or repetitive.
10. Third-party links
Our website may include links to external sites. We are not responsible for their content or privacy practices.