Lighthouse Holiday Cottages Privacy Policy

Who are we?

The Mull of Galloway Trust is a community organisation that owns and manages 30 acres of land at Scotland’s most southerly point. Registered as a Scottish Charitable Incorporated Organisation (Charity Number: SC043557), the Trust also manages and operates three former Lighthouse Keepers’ holiday cottages, an RSPB information centre and the Lighthouse foghorn.

Our website is:

What personal data we collect and why we collect it

Contact forms

We collect your name, email address and the message that you wish to send through the contact form. We use contact form submissions to communicate with you and to respond to your enquiry. We will retain this data for administrative purposes, but do not use the information for marketing purposes without your explicit consent.

Holiday Bookings

We collect the information necessary to process your booking, such as your name, address, telephone number, email address and the details of your holiday party. This information is needed in order to process your booking and to provide our services to you. Again, this information is not used for marketing purposes without your explicit consent.  You can grant consent when you complete the digital registration form which you will receive a few days before arrival.


Our website may use Google Analytics in order to help gather information about how the site is used, how many visitors it receives and where they may be located in the world.  To do this, Google Analytics uses cookies and collects data such as visitors’ IP addresses.  This data is only used to analyse the usage and performance of the website and is not shared with any other third party.

Further information about Google Analytics, your data and privacy can be found here:

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if you had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


What are cookies?

Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help make the website function properly, make it more secure, provide better user experience and help in understanding how the website performs and analyzing what works and where it needs improvement.

How are cookies used?

Cookies can be used for a number of different purposes. The common types of cookie are:

Essential: Some cookies are essential for you to be able to experience the full functionality of the site. They allow the site to maintain user sessions and prevent any security threats. They do not generally collect or store personal information. For example, cookies that allow you to log-in to your account and add products to your basket and checkout securely. Essential cookies cannot usually be blocked as this would typically cause the website to fail to work properly.

Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit, etc. This data helps in understanding and analyzing how well the website performs and where it needs improvement.

Functional: These are the cookies that support certain non-essential functions on the website. These functions include embedding content like videos or sharing content from the website to social media platforms.

Preferences: These cookies help store your settings and browsing preferences (e.g. language preferences) so that you have a better and more efficient experience on future visits to the website.

Cookies can also be grouped into first-party cookies and third-party cookies.

First-party cookies are directly related to the website itself and are usually needed for the website to function the right way. Most first-party cookies do not collect personally identifiable data. However, some may contain your email address or login ID if you have registered with the site and are currently logged in. These are used to maintain your session while logged in to the site

Third-party cookies are usually associated with another business that provides services upon which the website relies. For example, payment services, search engines, mail service providers, etc. The third-party cookies used on this website are mainly for understanding how the website performs, how you interact with the website, keeping our services secure and generally providing you with a better and improved user experience. Cookies also help speed up your interactions with the website. Most third-party cookies do not collect personally identifiable data, although those associated with email services may contain your email address.

What cookies are used on this site?

When you visit the site, it sets temporary cookies to determine if your browser accepts cookies, to record your chosen language (as set by your browser) and to identify your current browsing session. These cookies contain no personal data and are discarded when you close your browser.

A cookie is also set to record your cookie preferences for the site. This cookie does not contain personally identifiable information and lasts for one year.

The site also uses Goolgle analytics cookies to track usage of the website. These expire after one or two years

How can I control cookie preferences ?

When you first visit this site, you will have seen a cookie consent message that allows you to control which types of cookies are used. Once you have made your selection, the information is itself stored in cookies. Should you decide to change your preferences later, you can click on the “Manage your consent” icon which appears at the bottom of each page.

This will display the consent notice again enabling you to change your preferences or withdraw your consent entirely.

As well as being able to choose your cookie preferences on this site, web browsers also provide their own methods to block and delete cookies. Consult the documentation for your particular browser to find out how to manage cookies in the brower itself. You can also find out more about cookies online, for example on Wikipedia

Who we share your data with

We only share your data with companies that we use to provide this website or additional services upon which we rely.  We do not share data with third party advertising networks or other organisations that are not directly involved in providing our services.

We currently use services provided by:

Freetobook Privacy Statement

Freetobook is booking software used by accommodation providers to enable their customers to make online bookings and manage those bookings.

This document applies to the processing by freetobook of personal data collected by properties using freetobook online booking system in relation to the provision of accommodation by those properties.

  1. Your Personal Data

Properties using freetobook as their booking engine, collect and store information that you give when you make a booking. You are asked for your name, address, telephone number and email along with payment information and “the names of any guests travelling with you”. This may also include your IP address. This information is stored in the freetobook System in order to process your booking. You may be contacted by the Property you have booked with in relation to your booking.

Your data is also stored after you have stayed but will be kept no longer than necessary in order to comply with legal obligations and for properties to welcome your repeat business.

  1. Data processed directly by third parties

If you provide payment information, this will be processed directly by secure PCI Level 1 compliant payment gateway providers.

  1. Joint Controllers

In the context of providing booking software to accommodation providers to facilitate online booking, freetobook and the accommodation provider shall together operate as joint data controllers for the processing of your personal data.

  1. Security Procedures

In accordance with General Data Protection Regulation (GDPR), freetobook observes reasonable procedures to prevent unauthorised access and misuse of personal information. We use appropriate business systems and procedures to protect and safeguard any personal information given to us. We also use security procedures and technical and physical restrictions for accessing and using the personal information on our servers. Only authorised personnel are permitted to access personal information in the course of their work.

  1. Control of your Personal Data

You have the right to access data that is stored on behalf of properties taking bookings via freetobook system. You need to email or write to the property you booked with to request an overview of your personal data.

You can also contact the property you booked with on freetobook System if you believe that the personal information they have for you is incorrect, if you believe that they are no longer entitled to use your personal data or if you have any other questions about how your personal information is used or about the Privacy Statement. You need to email or write to the property you booked with.

  1. Reviews

You may also be asked to send feedback after your stay in order for the property to further improve their service. Your email address will be used for this purpose. If you complete a review it may be posted on the property website, facebook page, twitter or google plus. However, no identifying details will ever be attached to a review posting.

To Process your information as described above, we rely on the following legal bases:

Performance of a contract. The storage of your information may be necessary to perform the contract that you have with the accommodation provider you are booking with.

Legitimate Interests.We may use your information for our legitimate interests, such as for administrative, fraud detection and legal purposes.


A cookie is a small amount of data that is placed in the browser of your computer or on your mobile device. These cookies are used only to help you make a smooth booking and contain information like the date searched and language of booking. There is a difference between session cookies and persistent cookies. Session cookies will only exist until you close your browser. Persistent cookies have a longer lifespan and are not automatically deleted once you close your browser. We use persistent cookies in Google Analytics to analyse visitor traffic and behaviour.

By using freetobook website or proceeding with a booking you are consenting to the above use of cookies.

How long we retain your data

Your information is only stored for as long as it is needed to provide our services to you or as long as specified by legal or regulatory requirements. For example, HMRC (the UK tax authorities) specify that financial records must be held for at least seven years.

What rights you have over your data

You can request to receive an exported file of the personal data we hold about you, including any data you have provided. You can also request that your personal data be erased. However, data that we are obliged to keep for administrative, legal, or security purposes will not be deleted until such time as the relevant laws or regulations or allow.

Where we send your data

Website analytics are provided by Google Analytics.

Online bookings are handled using FreetoBook system.

For further details see “Who we share your data with” above.

Contact information

If you have any concerns about your privacy, you can contact the current Chair of the Mull of Galloway Trust, by emailing

Additional information

How we protect your data

Data held by this website or its service providers is maintained in secure commercial data centres with regular backups and security audits. Only users or personnel with a legitimate need to access such data are permitted to do so and user access is limited by measures such as secure passwords and two-factor authentication systems.

What data breach procedures we have in place

In the unlikely event of a data breach, system and access logs will allow the extent and nature of the breach to be determined and any further data loss to be blocked. Anyone affected by such a data breach will be kept fully informed as to the nature and extent of any data that may have been released.

What third parties we receive data from

We do not receive identifiable personal data from any third parties.

What automated decision making and/or profiling we do with user data

We do not carry out any user profiling.

The Antispam Bee spam filtering service provides an automated indication of whether information received from a contact form may be spam, rather than a legitimate message, however these indications are then reviewed by a person before being acted upon.

Industry regulatory disclosure requirements