Create Cornwall Privacy Policy

When you shop online at Create Cornwall, we collect your information. This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure. Whilst we will keep all of your personal information confidential, we reserve the right to disclose this information in the circumstances as set out within this policy. We confirm that we will keep the information on secure servers and that we will comply fully with all applicable UK Data Protection legislation and regulations in force from time to time.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to [email protected] or by writing to Marketing Team, Bedruthan Hotel & Spa, Mawgan Porth, Cornwall TR8 4BU. Alternatively, you can telephone 01637 861200.

How we collect your data

We collect your data in several ways including when you choose to share it with us and when you shop on-line.

Your email or phone number

· When you shop in person at Create Cornwall, we may ask for your email or phone number to contact you about your purchase

· When you shop our website, or call our Create Cornwall to make a purchase, we ask you for your contact information

· You may choose to receive marketing messages from us

Why we collect and how we use this info

· If you agree, we may use it to contact you about your purchase (e.g. to send you an e-receipt).

· We need your contact information to give you updates about your order (e.g. to confirm your order, give you delivery information, etc.)

· If you choose to receive marketing from us, we use your data to send you information about new products and services, like sales and competitions. You can choose to stop talking to us any time, by unsubscribing.

Other information about you

How we obtain other info about you:

· When you buy items from our website, in person or by calling us we ask for your name, address, payment details, and contact information.

· When you create an account, we ask for your name, address and contact information.

· When you contact us with a comment, question, or complaint, we’ll ask for information that identifies you.

· If you post to our digital channels (such as reviews or pictures) we get the information on you from your post.

Why we collect and how to use this info:

· We need this information to: Process your order, deliver goods and services to you, process payments and communicate with you about the status of your order.

· We need this to promptly respond to you. We may also use your feedback (in an anonymised form) to improve our products and services.

· We use your feedback to improve your experience on our channels and to improve our products and services.

· We use your information to send to you by email things we think you will like.

Your IP address and browser information

· When you visit our website, we collect technical information such as: IP address, your browser type, your operating system and how your browse or use our website.

· We need this info to protect your data and our website. We also use it to improve your experience and to improve our products and services.

· We also use ‘cookies’ and similar technology to collect data about the pages you access or visit.

· For more about ‘cookies’ and how we use them (including for web-analysis purposes), please see our ‘cookies’ policy.

Third Parties

We may share your data within the Red Hotels family of brands, the Scarlet Hotel and the Bedruthan Hotel. We may also share it with others business partners who help us fulfil our commitments to you. These companies help us process data, host our digital websites and apps, process payments, send communications, fulfil orders, or provide us or you services.

We require our service providers to protect your data and use it only as the law allows. They cannot use your data except in helping us provide you products and services or as allowed by the privacy law and our contracts.

Protecting your data

The privacy and security of your data is important to us. We encrypt and anonymise data where we can and limit access to personnel within the company to your data .

Working with third parties

From time-to-time we work with third parties to host competitions. If we believe there is a good fit between our offering and theirs and we think you may be interested in receiving emails from us, we may ask, at the point of entry, if you would like to join our newsletter. This entry, if hosted by the third party, will be on their site and therefore will be subject to their privacy policy. In these situations we will make it explicitly clear (in partnership with the third party) that:

· Any data collected must have consent to sign up for Create Cornwall emails specifically

· Our privacy policy must be shown

· Our reasons for asking for your data must be shown

We will also carry out our own audit of their privacy practices to ensure they are GDPR compliant and that this is publicly stated in their privacy policy.

Third Party Processing

Create Cornwall utilises the services of third party organisations to process your personal data. As the data controller, Red Hotels determines the purposes and means of the processing of your personal data. Where your data is processed by any third party on behalf of Red Hotels, that third party is a processor under the GDPR. We confirm that we take steps in order to ensure that this data is processed lawfully under the law in accordance with each agreement that we have in place with each processor.

If you wish to see all third-party processors, please email [email protected] and we will promptly send you a current list.

How do I opt out?

You have a choice about whether or not you wish to receive information from us. We will not make contact with you for marketing purposes unless you have previously opted in or you are a previous guest and we are entitled to rely on legitimate interests as the lawful ground for processing your data. If you no longer want to receive direct marketing communications from us you can change your preferences or completely unsubscribe in one of two ways:

· Click the ‘unsubscribe’ or ‘change preferences’ link at the bottom of marketing emails sent to you · Email [email protected] or telephone 01637 861200 and we will process your request within 7 working days.

Your Rights

The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: [email protected], or write to us at: Marketing Team, Bedruthan Hotel & Spa, Mawgan Porth, Cornwall TR8 4BU. Alternatively, you can telephone 01637 861200.

Under certain circumstances, you have rights under data protection laws in relation to your personal data as follows:

· Request access to your personal data.

· Request correction of your personal data.

· Request erasure of your personal data.

· Object to processing of your personal data.

· Request restriction of processing your personal data.

· Request transfer of your personal data.

· Right to withdraw consent.

If you wish to exercise any of the rights set out above, please Contact us.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with 128 Bit encryption on SSL across the entire website. When you are on a secure page, a lock icon will appear in the address bar of modern web browsers such as Microsoft Edge and Google Chrome.

Once we receive your information, we make every effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.


We or our third party service providers may analyse your personal information to create a profile of your interests and preferences so that we can try to make all our communications as relevant as possible. This automated processing is intended to evaluate certain personal aspects of an individual. We may also use your personal information to detect and reduce fraud and credit risk.

If you do not want us to use profiling in this way please let us know by contacting [email protected] or by telephoning 01637 861200 and we will process your request within 7 days

Use of ‘cookies’

Like many other websites, the Create Cornwall website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. Cookies are sometimes used to improve the website experience of a visitor to a website. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to pre-fill some information on forms and to enable us to see what people view on the website and for how long. The use of cookies enables us to improve our website, deliver effective marketing and offer a more personalised service.

We may also use the cookies to gather information about your general internet use to further assist us in developing our website. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive and then stored there and transferred to us where appropriate to help us to improve our website and the service that we provide to you.

It is possible to switch off cookies by adjusting your browser preferences or using a dedicated browser extension.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you were referred to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.

Those aged 16 or under

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Transferring your information outside of Europe

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken to ensure that your privacy rights continue to be protected to a similar degree as detailed in this policy.

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Retention of data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our Data Cleansing and Retention policy which you can request from us by Contacting us.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Review of this Policy

We keep this Policy under regular review. This Privacy Policy is v1 and was last updated in February 2021.