Privacy Policy


The Middleham House, referred to throughout this policy as “us”, take the privacy of your personal information very seriously. This policy explains how and for what purposes we use the information collected about you via this site.

If you have any queries about the policy, please get in touch with us using our contact details and we will do our best to answer your questions.

This notice applies to personal data provided by our users, including guests and those making enquiries. In this notice “you” refers to any individual whose personal data we hold or process.

Personal information collected

We will collect the following personal information from you:

Certain information required to make a provisional booking with us, including first and last name, your address and date of birth (“Contact Information”);

Details of any bookings you make or receive through our site including ID information (either (“Booking Information”);

Billing information such as your credit card number and expiry date (“Billing Information”);

A record and details of any correspondence or communication between you and us or relating to any complaint submitted to us (“Communication Information”)

Information we may hold for marketing purposes such as email addresses and some information about your personal circumstances (e.g. your location) (“Marketing Information”)

Other technical information you generate as a result of site interactions including your visits to the Site, the resources and pages you access and any searches you make (“Technical Information”).

In collecting information we abide by the following principles.

Transparency When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.

Legitimacy We will collect and process your personal data only for the purposes described in this policy.

Relevance and accuracy We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.

Storage We will hold your personal data for the period necessary for processing the same in compliance with the provisions of the law.

Access, rectification, opposition You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. This is done by sending an email to

Confidentiality and security We will ensure reasonable technical and organisational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorised use, disclosure or access.

Sharing and international transfer We may share your personal data with third parties (such as commercial partners and/or service providers) for the purposes set out in this policy. We will take appropriate measures to guarantee security when sharing or transferring such data.

Although it is not compulsory to give us this information, if you do not then you cannot make a booking for accommodation with us.

Basis on which we process personal data

Personal data we hold about you will be processed because the processing is necessary in pursuit of a “legitimate interest”, a legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security; or because you have consented to the processing for the specific purposes described in this policy; or because the processing is necessary in order for us to comply with our obligations under a contract between you and us.
Use of this information

The table below sets out how we process your data and the lawful basis for the processing:

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
When you register interest with the us Contact Information Performance of a contract with you.

Necessary for our legitimate interests (to obtain necessary information in order to provide our services).

When we assist with a booking for accommodation Contact Information

Booking Information

Communication Information

Payment Information

Performance of a contract with you.

Necessary for our legitimate interests (for running our business and to provide you with products and services requested).

When you seek to amend or change a booking or make an enquiry in relation to a booking Contact Information

Booking Information

Communication Information

Payment Information

Performance of a contract with you

Necessary for our legitimate interests (for running our business and to provide you with products and services requested and to fulfil our statutory obligations).

Necessary to comply with legal obligation.

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy notice

(b) Asking you to leave a review or take a survey

(c) When you submit a complaint

(d) Sending relevant information about our products and services to you.

Contact Information

Booking Information

Payment Information

Communication Information

Technical Information

Performance of a contract with you.

Necessary to comply with a legal obligation.

Necessary for our legitimate interests (to keep our records updated and to study how customers use the services we provide).

To administer and protect our business, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data Contact Information

Technical Information

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation).

Necessary to comply with a legal obligation.

To use data analytics to improve the Site, services, marketing, customer relationships and experiences Technical Information

Communication Information

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy).
To store your contact information for marketing purposes and sending marketing and other promotional communications to you. Contact Information

Marketing Information

Necessary for our legitimate interests in promoting our services.

Sharing this information

Credit or debit card payments will be collected by our payment processor.

In order for payments to be processed you may need to provide some necessary details to our agent. We tell you about this at the point we collect that information on the Site.

We may share customer information with third parties to perform services on our behalf in order to improve our services and you hereby consent to us sharing such customer information.

Other than as set out above, we will not disclose any of your personal information without your permission unless we are required by law to do so (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime).

Information automatically collected from your computer

Log files/IP addresses When you visit the Site our web server automatically records your IP address. This IP address is not linked to any of your personal information. We may also gather other non-personal information (from which we cannot identify you) such as the type of your internet browser which we use to provide you with a more effective service.

Cookies When you visit the Site we may store some information (commonly known as a “cookie”) on your computer. Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Cookies are specific to the server that created them and cannot be accessed by other servers, which means that they cannot be used to track your movements around the web. Credit and debit card numbers are not stored in cookies. A cookie helps you get the best out of the Site and helps us to provide you with a more customised service. We use cookies for the following purposes:
Storing details about your site preferences (for instance which language you wish to view pages in);
Enabling our web server to track your session between pages of the site and provide a continuity of experience.

You can block or erase cookies from your computer if you want to (your browser’s help screen or manual should tell you how to do this), but certain parts of the Site are reliant on the use of cookies to operate correctly and may not work correctly if you set your browser not to accept cookies.


We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage. These measures may include (as necessary):
protecting our servers with software firewalls;
locating our data processing storage facilities in secure locations;
encrypting all data stored on our server with an industry standard encryption method that encrypts the data between your computer and our server so that in the event of your network being insecure no data is passed in a format that could easily be deciphered;
when necessary, disposing of or deleting your data so it is done so securely;
regularly backing up and encrypting all data we hold.

We will ensure that our employees are aware of their privacy and data security obligations. We will take reasonable steps to ensure that the employees of third parties working on our behalf are aware of their privacy and data security obligations.

This notice and our procedures for handling personal data will be reviewed as necessary.

Your privacy rights

The GDPR gives you the following rights in respect of personal data we hold about you. You have the right to:

Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Ask us to correct any information that we hold about you which is incorrect, incomplete or inaccurate.

Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it.

Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes.

Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it.

Ask us to transfer your personal information to another person or organisation.

If you have given your consent to us processing your personal information for marketing purposes, you have the right to withdraw your consent at any time. To withdraw your consent, please contact Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely (although we may in some circumstances need to continue to process your data, if so then we will confirm the reasons for this).


We will retain your personal information for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations.

  • We may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention.
  • We may retain and use your personal information to the extent necessary to comply with our legal obligations, including,information for tax, legal reporting and auditing obligations.

We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this data as may be required.

If you wish to request that data we hold about you is amended or deleted, please refer to the Your Privacy Rights section above, which explains your privacy rights.

Other Sites

We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our Site and recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

In addition, if you linked to this Site from a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.

Transferring your information outside of Europe

As part of the services offered to you through the Site, the information you provide to us may be transferred to countries outside of the European Union (“EU”). If we transfer your information outside of the EU in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy.

If you use the Site while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Further questions

If at any time you would like to contact us to exercise any of your rights, or with any enquiry relating to your personal information, you can do so by emailing us at

We will take every effort to respond and resolve your request within 30 days, however, there may be instances where processing your request will exceed that timeframe. If this is the case we will inform you directly.

If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting for further assistance.