Privacy Policy

Dornie Croft are two a short-let, self-catering holiday properties owned and operated by Duncan and Shona.

This Privacy Notice explains how we use, store and destroy any personal information we collect about you. We will never share your information with any third party unless there is a legal obligation to do so. We believe that we are compliant with the General Data Protections Regulations (GDPR) which came into force 25th May, 2018.

Data controller contact:

If you want to amend or delete data held by Lusa Bothy, please get in touch by using the following details:

What information we collect about you:

The data we collect is provided to us by you or an agent/representative acting on your behalf. It is collected either when you complete forms on our website or our online booking system, send us an email, contact us by telephone or letter or it is provided in person. We are required by law to collect Visitor Registrations and hold them for a period of 12 month.

Information required to complete a booking:
  • The full name and address of the person making the booking.
  • The email address of the person making the booking.
  • Credit/Debit card details (which are stored securely by STRIPE – and we can only view the last-4 digits and the expiry date.
The following information can also be provided but it is not mandatory:
  • The telephone numbers of the persons making the booking.
  • The names of all guests as part of the booking.
  • Any additional information you wish to provide that you feel is pertinent to your stay (e.g. special requirements, etc.).
  • If you provide Credit/Debit card details over the telephone or in persons these will be entered into our secure payment system. We will not hold your card details other than within the secure payment system.
Usage Data

We may also collect information how our website is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

You can find out more about Cookies in our Cookie Policy page.

How we use the information we hold on you:

  • Process your booking and providing confirmation details.
  • Obtain payments for our services via credit/debit card.
  • Respond to any question or comments via email, telephone or post.
  • Provide information that may be use for you.
  • Request feedback about your stay with us, the booking experience and our website. This is sometimes done in conjunction with Trip Advisor, Social Media pages and Google reviews.
  • Return any items that you may forget to take with you on check-out.

How we process and store your data:

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to United Kingdom and process it here.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Dornie Croft will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

Personal information provided will only be used for the purpose stated and will not be sold, licensed or traded to third parties unless required by law.

Legal Requirements

Lusa Bothy may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or properties of Dornie Croft
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

Your choices & rights:

  • You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent.
  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.


Our website contains links to third party sites, we have no responsibility for, or knowledge of, the privacy and data holding policies of these third party websites, nor of their compliance, or otherwise, with GDPR.

How we protect your data & data breach procedures

We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way, for the duration of your use of our Services. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website, therefore any transmission remains at your own risk. Once we have received your information, we will use strict procedures and security features in order to prevent unauthorised access.

This policy is effective from the 30th October 2023.

If you have any questions about it or concerning your data please contact Duncan or Shona on +44 (0) 781 843 8577 or at