Privacy Policy

This privacy policy explains how Portbahn Islay (“we”, “us”) collects, uses and protects your personal data when you visit portbahnislay.co.uk or enquire about a stay at one of our properties.

We aim to use only the personal data we genuinely need to run a small holiday-let business, to keep it secure, and to be straightforward about what we do.

Who we are

Portbahn Islay is operated by Lynton Davidson, sole trader, trading from Arturas, Knockrome, Isle of Jura, PA60 7XZ.

We are the data controller for personal data collected through this website and our booking enquiries. We are registered with the UK Information Commissioner’s Office (ICO); our application reference is C1923703. This page will be updated with the formal registration number once the ICO issues the certificate.

Contact for data and privacy queries: info@portbahnislay.co.uk.

What personal data we collect

When you contact us or enquire about a stay

• Your name
• Your email address
• Your phone number (if you choose to share it)
• The dates and property you’re asking about
• Anything else you tell us in your message

When you make a booking

Our booking calendar and checkout are operated by Lodgify (our booking-platform provider). Bookings are processed on Lodgify’s servers, not ours. You will receive a separate Lodgify privacy notice when you proceed to checkout. We see only the booking details Lodgify shares back with us as the property owner: guest names, dates, contact details, and any notes you provide.

When you visit the website

We use cookies and similar technologies for analytics if you accept the cookie banner. Without your consent we don’t set analytics cookies and we don’t track behavioural data. The full list is on the Cookies page.

We also use first-party performance and reliability tools (Vercel Analytics and Speed Insights) that aggregate anonymous data without setting cookies — these run regardless of consent because they don’t identify individual users.

How we use your data and our lawful basis

Who we share your data with

We only share data with service providers we need to run the business. These are:

• Lodgify — booking and availability platform. Receives booking enquiries and payments. Lodgify privacy policy.
• Sanity — content management system. Stores the editorial content of the site. Doesn’t process booking or guest data. Sanity privacy policy.
• Vercel — website hosting and analytics. Sees server logs (page views, user agents, IP addresses anonymised at edge). Vercel privacy policy.
• Google (Analytics 4 + Search Console) — only if you accept analytics cookies. Aggregate site-usage data; we don’t share booking or guest data with Google. Google privacy policy.
• Microsoft Clarity — only if you accept analytics cookies. Anonymous heatmaps and session replays; sensitive form fields are masked by default. Microsoft privacy statement.
• Airbnb and Booking.com— only if you click through to one of those platforms from review widgets on the site. From that point Airbnb / Booking’s own privacy policies apply.
• Our accountant / HMRC — for tax and book-keeping purposes, where legally required.

We never sell your personal data. We never use it for advertising or behavioural retargeting.

International transfers

Some of the providers above are based outside the UK (notably the US). Where we transfer personal data outside the UK we rely on safeguards required under UK GDPR — typically the UK’s International Data Transfer Agreement (IDTA), the EU Standard Contractual Clauses, or an adequacy regulation where one applies. Each of the providers above has published documentation describing the safeguards they use.

How long we keep your data

• Booking enquiries that don’t convert — kept for up to 12 months in case you come back, then deleted.
• Booking records — kept for 6 years after the stay ends, in line with HMRC record-keeping requirements.
• Email correspondence — kept while it’s relevant to the booking or business relationship, then deleted on a rolling basis.
• Analytics data (if you consented) — Google Analytics retains user-level data for up to 14 months; Microsoft Clarity for up to 13 months.
• Server logs — Vercel retains for up to 30 days for operational and security purposes.

Your rights

Under UK GDPR you have the right to:

• Be told what data we hold about you (subject access request)
• Have inaccurate data corrected
• Have data deleted, where we don’t need it any more (right to erasure)
• Restrict or object to how we use your data
• Receive your data in a portable format
• Withdraw consent for analytics cookies at any time — use the “Update preferences” button on the Cookies page

To exercise any of these rights, email us at info@portbahnislay.co.uk. We’ll respond within one calendar month, as required by law.

If you’re not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO):

• Website: ico.org.uk/concerns
• Phone: 0303 123 1113

We’d always prefer the chance to put things right ourselves first — please contact us before going to the ICO if you can.

Security

We take reasonable technical and organisational measures to protect your personal data: HTTPS site-wide, secure passwords on all admin accounts, two-factor authentication where available, and minimal data collection. No internet-based service can be 100% secure, but we work with reputable providers and review our practices periodically.

Children

This website is not aimed at children. We don’t knowingly collect personal data from anyone under 13. If a parent or guardian becomes aware that a child has provided us with personal data without consent, please contact us and we’ll delete it.

Changes to this policy

We may update this policy from time to time — most often when we add or change a service we use. The “Last updated” date at the top tells you when. Material changes will also be flagged via the cookie banner so you have a chance to review.