The Grange Estate

Privacy Policy

Last updated: 16th March, 2026

1. Introduction

This Privacy Policy explains how The Grange Estate (NIW Promotions Ltd T/A The Grange Estate) collects, uses, and protects your personal information when you visit our website or contact us regarding stays, events, or enquiries.

We are committed to protecting your privacy and handling your data transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

The Grange Estate
Heriot, Scotland
EH38 5YB
United Kingdom

If you have any questions regarding this policy, you can contact us at:

Email: louise@nicola-williams.co.uk

3. Information We Collect

We may collect and process the following types of personal information:

Information you provide directly

When you:

  • Submit an enquiry
  • Request a brochure
  • Subscribe to our newsletter
  • Contact us via email or contact forms

We may collect:

  • Name
  • Email address
  • Phone number
  • Event or stay details
  • Any information included in your message
  • Information collected automatically

When you visit our website, we may collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited
  • Time and date of visit
  • Referral source

This information helps us understand how visitors use our website.

4. How We Use Your Information

We process personal information for the following purposes:

  • Responding to enquiries
  • Providing requested brochures or information
  • Managing bookings or event enquiries
  • Sending newsletters (if you opt-in)
  • Improving our website and services
  • Maintaining website security
  • Complying with legal obligations

5. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

Legitimate interests
To respond to enquiries and operate our business.

Consent
For email marketing and newsletters.

Contractual necessity
When processing information relating to bookings or services.

Legal obligation
To comply with legal or regulatory requirements.

6. Sharing Your Information

We do not sell or rent your personal data.

However, we may share data with trusted service providers such as:

  • Website hosting providers
  • Email marketing services
  • IT support providers
  • Payment processors (if applicable)

These providers are required to protect your data and only process it for agreed purposes.

7. Data Retention

We retain personal information only as long as necessary:

  • Enquiries: typically up to 12–24 months
  • Newsletter subscriptions: until you unsubscribe
  • Booking records: as required for accounting and legal purposes

After this period, data is securely deleted or anonymised.

8. Your Data Protection Rights

Under UK GDPR you have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your data
  • Restrict processing
  • Object to processing
  • Withdraw consent at any time
  • Request data portability

To exercise these rights, please contact us using the details above.

9. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Secure website hosting
  • SSL encryption
  • Restricted access to personal information

However, no internet transmission can be guaranteed completely secure.

10. Third-Party Links

Our website may contain links to external websites.
We are not responsible for the privacy practices of those websites.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
Updates will be posted on this page with the revised date.

12. Complaints

If you believe your data has been misused, you may contact the UK supervisory authority:

Information Commissioner’s Office (ICO)
https://ico.org.uk