Privacy Policy

Who We Are

Waterside Holiday Group owns and operates family holiday parks in the United Kingdom, providing holiday accommodation, associated leisure facilities, and caravans and lodges for sale.

For simplicity throughout this Privacy Policy, references to “we,” “us,” or “our” mean Waterside Holiday Group Ltd and its business units, unless stated otherwise.

We are the Data Controller for the personal data collected through our websites, mobile applications, and holiday parks.

We have a legal duty to protect personal information that we collect under applicable privacy legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (the “DPA”), as amended by the Data Use and Access Act 2025 (the “DUAA”), and the Privacy and Electronic Communications Regulations 2003 (PECR).

Waterside Holiday Group is a trading name used by the following companies:

• Waterside Holiday Group Ltd
  Registered in England & Wales (Company No. 02328741)
  Registered Office: 10 Bridge Street, Christchurch, Dorset, BH23 1EF
  Head Office: Bowleaze Cove, Weymouth, Dorset, DT3 6PP
• Osmington Holiday Park Ltd
  Registered in England & Wales (Company No. 12220187)
  Registered Office: 10 Bridge Street, Christchurch, Dorset, BH23 1EF
  Head Office: Bowleaze Cove, Weymouth, Dorset, DT3 6PP

For the purposes of data protection law, the relevant company will act as the Data Controller depending on which park, service or booking you interact with.

Scope of This Privacy Policy

This Privacy Policy applies when you:

• Visit our websites.
• Use our mobile applications.
• Make enquiries, bookings, or purchases.
• Stay at or visit one of our holiday parks.
• Purchase or enquire about a holiday home.
• Contact us by email, phone, or other communication channels.
• Receive marketing communications from us.

This policy does not apply to employee or contractor data, which is covered separately.

Personal Data We Collect

a) Information you provide directly

• Name, address, email address, and telephone number.
• Booking, stay, and party details.
• Holiday home enquiry or ownership details.
• Payment information (processed securely via PCI‑compliant providers – we do not store full card details).
• Communications with us, including complaints or feedback.

b) Information collected automatically

• IP address, device identifiers, and browser information.
• Website usage data and analytics.
• Cookie data.

c) Children’s personal data

Bookings are made by adults aged 18 or over. We may process limited personal data relating to children included in a booking (for example names, ages, or activity participation) as supplied by the lead booker, where necessary to deliver the holiday, activities or ensure safety and safeguarding.

d) Special category data

We do not routinely collect special category data. However, guests may voluntarily provide health, dietary or accessibility information to allow us to make reasonable adjustments. Where provided, this information is handled with appropriate safeguards and only used for that purpose.

How We Use Your Personal Data

We use your personal data to:

• Process bookings, reservations, and payments.
• Communicate with you before, during, and after your stay.
• Provide guest services, activities, and facilities.
• Manage complaints, incidents, and safeguarding matters.
• Improve our websites, services, and guest experience.
• Prevent fraud and misuse of our facilities.
• Meet legal, regulatory, and safety obligations.

We do not sell your personal data

Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:

• Contract – Where processing is necessary to fulfil a booking or agreement.
• Legal obligation – Where we are required to process or disclose personal data to comply with legal or regulatory obligations, including accounting, health and safety, safeguarding, and insurance requirements. This may include, where appropriate, sharing personal data with law enforcement or regulatory authorities in order to prevent, investigate, report suspected fraud, or other criminal activity affecting Waterside Holiday Group, where required or permitted by law.
• Legitimate interests – To operate our holiday parks safely and effectively, protect our guests, visitors and Team Members, prevent fraud and misuse of our facilities, improve services, and ensure site and asset security.
• Consent – Where required, particularly in relation to certain marketing communications.

Where consent is relied upon, you may withdraw it at any time.

Marketing Communications

We may send you marketing communications about our parks, services and offers where:

• You have given consent, or
• We are permitted to do so under the Privacy and Electronic Communications Regulations (PECR) based on our legitimate interests (for example following a stay with us).

You can opt out of marketing communications at any time by using unsubscribe links or contacting us.

CCTV, ANPR & Body-Worn Cameras

We operate CCTV systems, Automatic Number Plate Recognition (ANPR) systems and body‑worn cameras across our holiday parks.

These systems may record images, vehicle registration details, audio‑visual footage, and are used for:

• The safety and security of guests, visitors, and Team Members.
• Crime prevention, detection, and investigation.
• Management of vehicle access and parking.
• Investigation of incidents, complaints, or safety concerns.

Processing is carried out based on our legitimate interests and legal obligations. Where appropriate, information obtained through these systems may be disclosed to law enforcement or regulatory authorities, in line with the lawful bases set out in Section 5 (Lawful Bases for Processing).

Clear signage is displayed on site. Footage is retained for limited periods unless required for investigation, legal proceedings, or regulatory purposes.

Mobile App, Push Notifications & Digital Services

We operate a guest mobile application which may collect usage information and send push notifications relating to your stay, facilities, or services.

You can manage notification settings through your device preferences. Information collected via the app is processed in accordance with this Privacy Policy and any in‑app notices.

Use of Automated Tools and AI-Assisted Features

Our websites, mobile applications and marketing platforms may use automated tools and, in limited cases, artificial intelligence (AI)‑assisted technologies to help improve your experience and tailor certain content or communications to you.

These tools may analyse information such as your interactions with our websites or app, booking history, or stated preferences to help present relevant content, offers or recommendations, or to support service improvement, statistical analysis, and business planning.

Any such technologies are used in a supportive and assistive manner only and do not involve automated decision‑making that produces legal or similarly significant effects. Where profiling is used, it is carried out in line with the safeguards described in Section 15 (Automated Decision‑Making), and you have the right to object where applicable.

Guest Wi-Fi

We offer guest Wi‑Fi across our holiday parks via an open‑access network. Limited technical data (such as device and connection information) may be processed to maintain network security, performance, and availability.

Browsing activity is not routinely monitored.

Holiday Home Sales & Owners

If you enquire about, purchase or own a holiday home with us, we will process personal data relating to sales enquiries, contracts, ownership administration, site communications, and support services.

This processing is carried out on the basis of contractual necessity, legal obligations, and legitimate interests.

Sharing Your Personal Data

We may share personal data with trusted third parties including:

• Suppliers or service providers who support our business operations (such as maintenance, security, or customer support services).
• Payment service providers.
• Booking platform, IT, and system providers.
• Marketing and communications platforms (where permitted).
• Professional advisers, insurers, and auditors.
• Regulators, local authorities, or law enforcement where legally required.

We may also share limited personal data with third parties where necessary to administer competitions, prize draws, surveys, or promotions, or to arrange activities or services provided by third‑party partners at our holiday parks.

Where you contact us by telephone, calls may be monitored or recorded for training, quality assurance, and security purposes, in line with applicable law. Where recording takes place, this will be communicated to you.

We only share personal data where necessary and provide third‑party suppliers with access only to the personal data required to perform their specific services. All suppliers and service providers are required to process personal data solely in accordance with our instructions, to keep it secure, and not to use it for their own purposes.

We may, from time to time, combine personal data collected from different interactions (for example booking history, website usage, or communications preferences) to help us improve our services, personalise communications where permitted, and support business reporting and planning. Where data is used for analysis, it may be aggregated or anonymised so that individuals are no longer identifiable.

In the event that Waterside Holiday Group experiences a business reorganisation, merger, acquisition or sale of assets, personal data may be shared with relevant third parties (such as prospective purchasers or professional advisers) subject to appropriate confidentiality and data protection safeguards.

International Transfers

We do not routinely transfer personal data outside the United Kingdom. Your personal data may occasionally be processed by suppliers or service providers located outside the UK or European Economic Area (EEA); where this occurs, appropriate contractual and technical safeguards are put in place to ensure your data remains protected in accordance with UK data protection law.

Data Retention

We retain personal data only for as long as necessary, taking into account:

• The purpose for which it was collected.
• Legal, accounting, and regulatory requirements.
• Safety, safeguarding, and complaint handling obligations.

Retention periods vary by data type and purpose.

At the end of the applicable retention period, your personal data will either be deleted securely or anonymised, for example by being aggregated with other data so that it can no longer be used to identify you and may be used in a non‑identifiable way for statistical analysis, trend reporting and business planning.

Automated Decision Making

We do not use automated decision‑making that produces legal or similarly significant effects. Limited profiling may be used for marketing or service improvement where permitted and appropriate safeguards are in place.

Your Rights

You have the right to:

• Access your personal data.
• Request correction of inaccurate or incomplete data.
• Request erasure of personal data in certain circumstances.
• Restrict or object to processing.
• Data portability.
• Withdraw consent at any time.

Complain to the Information Commissioner’s Office (ICO).

Data Subject Access Requests (DSAR)

You have the right to access to your personal information. Also known as a Data Subject Access Request (DSAR). This means you are entitled to obtain the following information about yourself:

• Confirmation that we are processing their personal data;
• A copy of their personal data; and
• Other supplementary information;

A third party may make a request on your behalf. We will require evidence from the third party as to evidence this entitlement.

How do we provide you with the data you have requested?

If you make a request electronically (via electronic means), we will provide the information in a commonly used electronic format unless you have specified otherwise. Please note, we may extend the time to respond by a further two months if the request is complex or you have made multiple requests. As you have the right to be informed, we will always ensure you are notified within one month of receiving the request, accompanied by an explanation.

How Long do we have to comply with a request?

We must act on your subject access request without undue delay and at the latest within one month of receipt. This is calculated as beginning from the day following receipt of the request until the corresponding calendar data the following month. We may request your identity to satisfy the request, however this will be proportionate to the request itself and if we have doubts of the authenticity of identification.

Will it cost you anything?

For the vast majority of requests, we cannot charge you a fee. Where the request is manifestly unfounded or excessive, we may charge a reasonable fee to cover the administrative costs of complying with the request. This also applies in the event that you request further additional copies of data following your initial request. This will again be charged as an administrative cost.

Cookies

Our websites use cookies and similar technologies. Please refer to our Cookie Policy for full details of the cookies we use and how to manage your preferences.

Contact Us & Complaints

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: dataprotection@watersideholidays.co.uk
Address: Waterside Holiday Group, Bowleaze Cove, Weymouth, Dorset, DT3 6PP

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.