Book

Privacy Policy

1.  INTRODUCTION

Welcome to the Privacy Policy of The PIG Hotels. Home Grown Hotels Limited (we, us, our or PIG) respects your privacy and is committed to protecting your personal data.

This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It describes

  • how and why we use your personal information;
  • who we share your personal information with; and
  • the rights you have in connection with the information we use.

Home Grown Hotels Limited is the data controller and responsible for your personal data.

Any changes we may make to this Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.  Our Privacy Policy was last reviewed in April 2025.

2. PERSONAL INFORMATION WE COLLECT ABOUT YOU

Personal information you give to us:

This is personal information you give to us when you:

  • visit our website;
  • visit or stay at one of our hotels; and
  • every time you correspond with us by phone, e-mail, on social media or otherwise.

This includes information you provide when you register to use our website, subscribe to our newsletter, enquire about an event, make a booking through our website or use the chat function to contact our reservations team, engage with social media functions on our website or enter a competition, promotion or survey, if you report a problem with our website, when you give us feedback and when you attend one of our hotels.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data: includes billing address, delivery address, email address and telephone numbers.
  • Financial Data: includes bank account and payment card details via our third-party provider Adyen https://www.adyen.com/en_GB/privacy-policy
  • Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties, your communications with us (for example chat/message room or via social media) or your communication preferences.

 

By accessing or browsing our website, currently https://www.thepighotel.com (regardless of where you visit it from), contacting us on social media, by phone, e-mail or otherwise, working with or for us, offering your goods or services to us, using any of the goods and services that we provide, or otherwise providing your data to us (including when visiting or staying at one of our hotels), you acknowledge that we may process your data as described in this privacy policy, including sending you marketing and promotional communications where permitted by applicable law (such as on a soft opt-in basis), unless you opt out.

Personal information we collect about you:

We may automatically collect information about your use of the PIG Site(s), such as the number and duration of visits and details of which particular pages have been visited. The information which may be attributable to you includes:

  • Technical Data: includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage Data: includes information about how you use our website, products and services via our third-party Google Analytics https://policies.google.com/privacy?gl=GB&hl=en.

 

Anonymised Information such as statistical or demographic data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Anonymised Information with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. 

Special Category Data

In certain circumstances, we may need to collect and process special category data, such as information about your dietary requirements, health-related needs (e.g., special assistance or accessibility requirements), or details about your ethnicity or religion where relevant to your stay or experience with us.

We will only collect and process this information with your explicit consent, which we will request at the time of collection. You have the right to withdraw your consent at any time by contacting us using the details provided in this privacy policy. 

If you fail to provide personal data  

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time. 

Information we collect about you from other sources:

We may obtain the following personal information about you from the following sources, which we use in the ways described in the section below:

Third Party Category

Categories of Data Collected

Competition and Events Partners

Identity Data and Contact Data used to enable you to enter our events and competitions.

Payment service providers such as PayPal and Adyen

We integrate with third-party service providers to facilitate payments between you and us. These service providers share payment information so we can administer and handle your purchase.

Analytics providers

Technical and Usage Data to assist us to understand how our users interact with our Site(s). This data will usually be Anonymised Information.

Advertising networks such as Google

We may also receive information about you in order to show you more relevant ads, such as the additional cookie data from social media partners.

 

Third Party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Policy of every website you visit. 

3.  HOW AND WHY WE USE YOUR PERSONAL INFORMATION

In relation to your personal information that we process as a controller, data protection law requires us to have a valid reason to process it for each of the different purposes for which we use that information. The law refers to each reason as a ‘lawful basis’. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.

Lawful basis

Activities covered

Contract - We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract.

• To provide and manage bookings, reservations and events.

• To fulfil your order, take payments from you, deal with your order queries and manage your account.

• Carry out other obligations arising from any contracts entered into between you and us, including meeting any dietary or special assistance request you have made.

• To enable you to partake in a prize draw or competition and for us to administer the competition.

Consent - We may use and process your personal information where you have consented for us to do so.

• Contacting you via email with marketing information about PIG products:

◦ when you register for an account with us online and indicate that you would like to receive such marketing from us; or

◦ when you refresh your marketing preferences when responding to a request from us to do so; and

• To conduct processing using cookies (please see our Cookies Policy for more information).

You may withdraw your consent for us to use your information in any of these ways at any time. Please see paragraph 10 (Your Rights) for further details.

Legal Obligations - We will use your personal information to comply with our legal obligations.

• To keep a record relating to the exercise of any of your rights relating to our processing of your personal information.

• To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request).

• To anonymise or delete your personal information when it is no longer required for the purposes described in this Privacy Policy.

• To comply with court orders or other notices where failure to do so would result in us breaking the law; and

• To handle and resolve any complaints we receive relating to our processing of your personal information as described in this Privacy Policy.

Legitimate Interest - We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes.

Processing is necessary to provide customer services in relation to an order you have made:

• To send reminders about your itinerary.

• To process and deal with any complaints or enquiries made by you.

Processing necessary for us to promote our business and measure the reach and effectiveness of our campaigns

• to contact you with marketing information by post, by phone (if you are not registered with the Telephone Preference Service), or by email where you have not chosen to opt-out of these communications;

• for analysis and insight conducted to inform our marketing and business strategies, and to enhance your user experience;

• to identify and record when you have received, opened or engaged with our website or our electronic communications;

Processing necessary for us to respond to changing market conditions and the needs of our users

• to analyse, evaluate and improve our website so that your use of our website and social media pages are more useful and enjoyable (we will generally use data amalgamated from many people so that it does not identify you personally);

• to undertake market analysis and research (including contacting you with customer surveys and to define types of customers for our products and services) so that we can tailor our services to your requirements and preferences;

• to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy;

Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively

• to administer our website and social media pages and for internal operations, including troubleshooting, testing, statistical purposes;

• for the prevention of fraud and other criminal activities;

• for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;

• for the purposes of corporate restructure or reorganisation or sale of our business or assets;

• for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;

• to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;

• to inform you of updates to our terms and conditions and policies; and

• for other general administration including managing any reports you make, your queries, complaints, or claims, and to send service messages to you.

 

4.  DISCLOSURE OF YOUR PERSONAL INFORMATION BY US

We may have to share your personal data with the parties set out below: 

  • Group companies. Other companies in our group which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. 
  • Cloud software providers. Including service providers acting as processors or hosts who provide IT and system administration services.
  • Vendors supporting to host and maintain our website including website and data analytics platform providers.
  • Social media platforms. Including Google, Facebook, Instagram, TikTok, YouTube, X (formerly Twitter) to assist us to understand our customer base and personalise marketing where you have consented to this.
  • Distribution and logistics providers. Service agents for support and delivery companies for the transportation of products. 
  • Professional advisers acting as processors or joint controllers including solicitors, barristers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • Government Agencies for example for fraud or illegal activities.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

We may disclose your personal information to other third parties as follows:

  • any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event; and

·       if we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police, tribunals, regulators, the government or related agencies.

5. WHERE WE STORE YOUR PERSONAL INFORMATION

Where permitted by applicable law, we may transfer your personal information to jurisdictions outside the UK for the purposes set out in this Privacy Policy. For example, some of our external third parties such as PayPal and Google are based outside the UK and so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • relying on declarations made by regulators or governments (e.g. adequacy decisions/regulations);
  • where the third country where data is being sent is not subject to such declaration, the standard contractual clauses approved by relevant regulators or governments, as applicable;
  • ensuring that the recipients are subscribed to international frameworks; or
  • such alternative measures as are valid and appropriate at the time.

Please contact us using the details at the end of this Privacy Policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.

If you use our services whilst you are outside the UK, your information may be transferred outside those territories in order to receive those services.

6.  THE PERIOD FOR WHICH WE KEEP YOUR PERSONAL INFORMATION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

We may need your personal information to establish, bring or defend legal claims.  For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under paragraph 3 (How and why we use your personal information) above.

The only exceptions to this are where:

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see paragraph 10 (Your Rights) below); or
  • you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see paragraph 10 (Your Rights) below).

7.  SECURITY AND LINKS TO OTHER SITES

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and are subject to a duty of confidentiality. 

When we have provided (or you have chosen) a password allowing you access to certain parts of the Site(s), you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

In addition, if you linked to the Site(s) from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.

8.  COOKIES

We use cookies to obtain an overall view of visitor habits and visitor and user volumes to our website. For more information on how we use cookies and how to switch them off, please visit our Cookies Policy.

9.  AUTOMATED DECISION MAKING

We do not envisage that any decisions that have a legal or significant effect on you will be taken about you using purely automated means, however we will update this Privacy Policy and inform you if this position changes.

10.  YOUR LEGAL RIGHTS 

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Except in rare cases, we will respond to you within 1 calendar month from either:

  • the date that we have confirmed your identity; or
  • where we do not need to do this because we already have this information, from the date we received your request.

You have the following rights, some of which may only apply in certain circumstances:

Your Rights

Further Information

To have your information corrected if it is inaccurate and to have incomplete personal information completed

If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us using any of the details described at the end of this Privacy Policy.

To object to processing of your personal information

Where we rely on our legitimate interests as the lawful basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this Privacy Policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.

To withdraw your consent to processing your personal information

Where we rely on your consent as the lawful basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

To restrict processing of your personal information

You may ask us to restrict the processing of your personal information in the following situations:

·      where you believe it is unlawful for us to do so; or

·      you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.

 

In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

To have your personal information erased

In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this Privacy Policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.

To request access to your personal information and how we process it

You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this Privacy Policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

To electronically move, copy or destroy your personal information in a standard, machine-readable form

Where we rely on your consent as the lawful basis for processing your personal information or need to process it in connection with a contract in place directly with you, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.

 

You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

Rights relating to automated decision making, including profiling

You may also contest a decision made about you based purely on automated processing by contacting us using the information at the bottom of this Privacy Policy.

To complain to a data protection regulator

You have the right to complain to a data protection regulator (which in the UK is the Information Commissioner’s Office (ICO)) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.

 

11.   CONTACT DETAILS

Questions, comments and requests regarding the exercise of any rights under this privacy policy are welcomed and should be addressed to dataprotection@thepighotel.com